Linux Security. Module 13 – Linux Security ♦ Overview Linux is more prone today to security loopholes and attacks, both inside and outside the network.

Slides:

Advertisements

Similar presentations

1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.

Advertisements

Linux Boot Loaders. ♦ Overview A boot loader is a small program that exists in the system and loads the operating system into the system’s memory at system.

Chapter 9: Understanding System Initialization The Complete Guide To Linux System Administration.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.

Linux+ Guide to Linux Certification, Second Edition Chapter 15 Configuring Network Services and Security.

Linux Boot Up Process Bootstrapping –Bootstrapping is the standard term for “ starting up a computer”. During bootstrapping, the kernel is loaded into.

Layer 7- Application Layer

Security Awareness: Applying Practical Security in Your World

1 Web Server Administration Chapter 3 Installing the Server.

Lesson 4-Installing Network Operating Systems. Overview Installing and configuring Novell NetWare 6.0. Installing and configuring Windows 2000 Server.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

Lesson 19: Configuring Windows Firewall

Beyond Security Ltd. Port Knocking Beyond Security Noam Rathaus CTO Sunday, July 11, 2004 Presentation on.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.

Managing Software using RPM. ♦ Overview In Linux, Red Hat Package Manager referred as RPM is a tool used for managing software packages and its main function.

Linux+ Guide to Linux Certification Chapter Three Linux Installation and Usage.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Guide to Linux Installation and Administration, 2e1 Chapter 3 Installing Linux.

Connecting to Network. ♦ Overview ► A network connection is required to communicate with other computers when they are in a network. Network interface.

Chapter 6: Packet Filtering

1 Network File Sharing. 2 Module - Network File Sharing ♦ Overview This module focuses on configuring Network File System (NFS) for servers and clients.

By : Himanshu Mishra Nimish Agarwal CPSC 624.  A system designed to prevent unauthorized access to or from a private network.  It must have at least.

Chapter 9: Novell NetWare

1 Linux Basics for Networking. 2 Module - Linux Basics for Networking ♦ Overview This module focuses on the basics of networking using Redhat Enterprise.

Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.

1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.

Linux Services Muhammad Amer. 2 xinetd Programs  In computer networking, xinetd, the eXtended InterNET Daemon, is an open-source super-server daemon.

1 Electronic Messaging Module - Electronic Messaging ♦ Overview Electronic messaging helps you exchange messages with other computer users anywhere in.

1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.

(c) University of Technology, Sydney Firewall Architectures.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.

Kickstart Installation

Linux Kernel Management. Module 9 – Kernel Administration ♦ Overview The innermost layer of Linux operating system is the kernel, which is a thin layer.

Creating and Managing File Systems. Module 5 – Creating and Managing File Systems ♦ Overview This module deals with the structure of the file system,

Core System Services. INIT Daemon The init process is the patron of all processes. first process that gets started in any Linux/ UNIX -based system.

1 Linux Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise.

1 Chapter 34 Internet Applications (Telnet, FTP).

Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.

Installing Linux. Module 1 – Installing Linux ♦ Overview This module introduces you to the hardware and software terminology necessary to install a Linux.

1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.

Operating Systems Proj.. Background A firewall is an information technology (IT) security device which is configured to permit, deny or proxy data connections.

Phil Hurvitz Securing UNIX Servers with the Secure.

1 Network Information System (NIS). 2 Module – Network Information System (NIS) ♦ Overview This module focuses on configuring and managing Network Information.

Firewalls Group 11Group 12 Bryan Chapman Richard Dillard Rohan Bansal Huang Chen Peijie Shen.

Module 10: Windows Firewall and Caching Fundamentals.

Unix network Services. Configuring a network interface In Unix there are essentially two commands that are used to enable TCP/IP. ifconfig route.

Linux Operations and Administration

System initialization Unit objectives A.Outline steps necessary to boot a Linux system, configure LILO and GRUB boot loaders, and dual boot Linux with.

SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.

Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.

Using Networks. Assignment Issues find syntax Permissions HW4 3c /proc vs /tmp vs /var.

Setting up a Printer. ♦ Overview Linux servers can be used in many different roles on a LAN. File and print servers are the most common roles played by.

PRESENTED BY ALI NASIR BITF13M040 AMMAR HAIDER BITF13M016 SHOIAB BAJWA BITF13M040 AKHTAR YOUNAS BITF13M019.

Advanced Network Labs & Remote Network Agent

Ssh: secure shell.

Chap-I Network and System Configuration in Linux

Chapter 4 – Introduction to Operating System Concepts

SUBMITTED BY: NAIMISHYA ATRI(7TH SEM) IT BRANCH

IS3440 Linux Security Unit 6 Using Layered Security for Access Control

Setting Up Firewall using Netfilter and Iptables

SUSE Linux Enterprise Desktop Administration

Lecture9: Embedded Network Operating System: cisco IOS

Internet Applications (Telnet, FTP)

Lecture9: Embedded Network Operating System: cisco IOS

Presentation transcript:

Linux Security

Module 13 – Linux Security ♦ Overview Linux is more prone today to security loopholes and attacks, both inside and outside the network. In this module we learn about the various services and their role in Linux booting process. This module deals with iptables and TCP Wrappers. ♦ Lessons covered in this module ► Introduction to System Service ► Securing Network

Linux Security Lesson 1 – Introduction to System Service ♦ Introduction In Linux, system initialization i.e. starting up the system processes whenever system boots, is controlled and maintained by several files and directories. All the processes run as they are indicated in the files and certain things can be manipulated to meet requirements. ♦ Topics covered in this lesson ► System Initialization ► Chkconfig

Linux Security ♦ The following three main steps happen each time a system boots up to run Linux: ► Boot hardware – On the basis of information in the system’s read only memory, i.e. BIOS, the system examines and starts up the hardware. ► Start boot loader – Ideally, the BIOS examines the master boot record on the primary hard disk to view what to load next. ► Boot the kernel – With an assumption that Linux is selected to be booted, the Linux kernel will be loaded. Topic 1 - System Initialization

Linux Security System RunLevels ♦ The Linux system is brought to a predefined working condition when the Linux kernel runs /sbin/init. ♦ /sbin/init reads its configuration file and begins all programs listed in the configuration file. This predefined working condition is known as runlevel. ♦ Two styles of init programs, BSD-derived init programs and System V- derived init programs are usually used ► BSD-derived init programs have only one predefined runlevel ► System V-style init programs are more flexible

Linux Security ♦ Red Hat comes with many predefined runlevels as listed in this table Predefined Runlevels

Linux Security System Startup Files ♦ The system startup files control and manage the tasks after the system gets booted up by the boot loader. ♦ These files are essential for successful operation of the computer since they regulate the processes at system boot up. ♦ There are several system startup files and scripts as listed below: ► The rc.sysinit script ► The /etc/init.d and /etc/rcX.d directories ► The /etc/rc script ► The /etc/rc.local file

Linux Security ♦ The chkconfig command offers the capability to inquire the configurations existing or to customize configuration currently on the system. ~]#chkconfig –level 345 sendmail on ► The above command would configure the system to start sendmail in runlevels 3, 4 and 5. ► The present configuration of a particular daemon can be found out by running the below command, ~]# chkconfig –list daemon Topic 2 - Chkconfig

Linux Security ♦ Introduction In Linux, to make a network environment safe, security has to be provided. TCP Wrapper is a tool usually used on Linux systems to regulate and filter connections to network services. iptables, a firewall product also restricts unauthorized access from accessing a network. ♦ Topics covered in this lesson ► Iptables ► TCP Wrappers Lesson 2 – Securing Network

Linux Security ♦ Firewall is a system designed to limit unauthorized access to or from a private network. ♦ Firewalls can be applied in both hardware and software or a combination of both. ♦ Firewalls are often used to avoid unauthorized Internet users from accessing private networks connected to the Internet and Intranet. ♦ Earlier, a firewall package called ipchains that is now replaced by iptables Topic 1 - iptables

Linux Security ♦ Iptables can be started, stopped and restarted after system boot by running the following commands: ~]# service iptables start ~]# service iptables stop ~]# service iptables restart ♦ The iptables can be made to get configured to start at system boot by using the chkconfig command as given below. ~]# chkconfig iptables on Starting iptables

Linux Security ♦ The table given below gives an overview of the procedure for packets transmitted by the firewall Packet Processing in iptables

Linux Security Packet Processing in iptables ♦ Illustration of a TCP packet from the Internet passing through the interface of the firewall on Network A

Linux Security Targets ♦ The way, the rules are added to the chains of the firewall are done using Targets Targets in iptables

Linux Security ♦ TCP Wrapper is a tool usually used on Linux systems to regulate and filter connections to network services. ♦ TCP Wrappers offer wrapper daemons, which can be installed without making changes in existing software. ♦ Most of the TCP/IP applications depend on the client and server model. ♦ The TCP wrapper configurations are stored in two files /etc/hosts.allow and /etc/hosts.deny. Permissions are stored in /etc/hosts.allow and denials in /etc/hosts.deny. Topic 2 – TCP Wrappers

Linux Security Topic 2 – TCP Wrappers ♦ Example for Blocking ssh (Secure shell) sshd: ALL (for all) sshd: ALL EXCEPT ♦ Example for Blocking FTP (file transfer protocol) vsftpd: ALL (for all) vsftpd: ALL EXCEPT ♦ Example for Allowing Telnet in.telnetd, sshd:.india.com

Linux Security Lab Exercise ♦ iptables and TCP Wrappers In this lab we have to restrict access to the service using iptables and TCP_wrappers. You want to block the telnet service so that HOSTA will not be able to telnet HOSTB. Assume that HOSTA and HOSTB have IP address and respectively.

Linux Security ♦ Summary ► A Linux system can be brought into a pre-defined working condition called runlevel that signify a particular function ► There are several system startup files that control and regulate startup processes whenever a system boots up ► There are different ways to secure Linux, through Security services, Firewall and TCP Wrapper. ♦ Question and Answer Session Conclusion