1 Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise your system.

Slides:



Advertisements
Similar presentations
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Advertisements

Mr C Johnston ICT Teacher
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.
Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN
Web Server Administration TEC 236 Securing the Web Environment.
Linux’ Security Haifa Linux Club Orr Dunkelman.
Linux Security An overview notes from Linux Network Security HowTO.
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
System and Network Security Practices COEN 351 E-Commerce Security.
Chapter 7 HARDENING SERVERS.
Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Web server security Dr Jim Briggs WEBP security1.
TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
SSH Secure Login Connections over the Internet
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
APA of Isfahan University of Technology In the name of God.
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Computer Security An overview of terms and key concepts.
E0: Unix System Administration AfNOG 2006 Nairobi, Kenya Security introduction Brian Candler Presented by Hervey Allen.
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
Network Security Introduction Some of these slides have been modified from slides of Michael I. Shamos COPYRIGHT © 2003 MICHAEL I. SHAMOS.
Linux Security Chapter 21 (section 1-7) By Yanjun Zuo.
Some Practical Security AfNOG 2004 Workshop Hervey Allen May 2004 Liberal borrowing from Brian Candler.
CMSC 414 Computer (and Network) Security Lecture 14 Jonathan Katz.
Software Security Testing Vinay Srinivasan cell:
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
Attacks On systems And Networks To understand how we can protect our system and network we need to know about what kind of attacks a hacker/cracker would.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Network Security Techniques by Bruce Roy Millard Division of Computing Studies Arizona State University
1 Firewalls G53ACC Chris Greenhalgh. 2 Contents l Attacks l Principles l Simple filters l Full firewall l Books: Comer ch
Linux Networking Security Sunil Manhapra & Ling Wang Project Report for CS691X July 15, 1998.
CHAPTER 3 Classes of Attack. INTRODUCTION Network attacks come from both inside and outside firewall. Kinds of attacks: 1. Denial-of-service 2. Information.
Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.
CIS 450 – Network Security Chapter 14 – Specific Exploits for UNIX.
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
OV Copyright © 2005 Element K Content LLC. All rights reserved. Hardening Internetwork Devices and Services  Harden Internetwork Connection Devices.
Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.
1 Security Bo Ye, Quanhua Lu 2 Overview 4 Unix vs. Security 4 Basic Unix Security Issues 4 How to Secure Linux Box 4 Other Security Issues 4 Security.
Attack and Malicious Code Andrew Anaruk. Security Threats Denial of Service (DoS) Attacks Spoofing Social Engineering Attacks on Encrypted Data Software.
1 Linux Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise.
SECURITY - HARIPRIYA PURUSHOTHAMAN. SEVEN COMMON – SENSE RULES OF SECURITY Avoid putting files on the system that are likely to be interesting to hackers.
Quality of Information System (IS) reflecting local correctness and reliability of the operating system; the logical completeness of the hardware and software.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Security in Networks Single point of failure Resillence or fault tolerance CS model.
Ingredients of Security
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
Mr C Johnston ICT Teacher BTEC IT Unit 09 - Lesson 11 Network Security.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
Securing your network But still be able to access it Hugh Mahon.
© SYBEX Inc All Rights Reserved. CompTIA Security+ Study Guide (SY0-201) “Chapter 2: Identifying Potential Risks”
Working at a Small-to-Medium Business or ISP – Chapter 8
Chapter 21 (section 1-7) By Yanjun Zuo
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Security introduction
Haifa Linux Club Orr Dunkelman
What Makes a Network Vulnerable?
– Chapter 3 – Device Security (B)
Threats in Networks Jagdish S. Gangolly School of Business
Operating System Security
Linux Security.
Presentation transcript:

1 Security

2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise your system. The more secure your system, the more miserable you and your users will tend to be Security = 1/(1.072 * Convenience)

3 Example of Attacks Program Level Security –Non-malicious Program Errors: Buffer Overflow, Format String… –Malicious Codes: Trojan Horse, Logic Bomb, Virus, Worm… Network Attacks –Threat Precursors: Port Scan, Social Engineering, Reconnaissance, OS and App. Fingerprinting –Protocol Flaws: Impersonation –Spoofing: Session Hijacking, Man-in-the-Middle –Message Confidentiality Threat –Message Integrity Threats –Denial of Service: Connection Flooding (Ping of Death, Smurf), Syn Flood, DNS attack –Distributed Denial of Service

4 Security Attacks

5 Security Mechanisms Access Control

6 Linux Security What level of threat the system needs to be protected against? –Analyze the system Packet Filtering Turn off unnecessary services –Be aware of what is happening on your system –Keep track the vulnerabilities - Software patches Backups –Recover effectively from a security incident User accounts –Minimal amount of privilege they need –Remove inactive accounts –The use of the same user-ID on all computers and networks is desirable for the purpose of account maintenance –User account provides accountability

7 Linux Security Root Security –Only become root to do single specific tasks –Never use the rlogin/rsh/rexec suite of tools (called the r- utilities) as root –Always be slow and deliberate running as root. Your actions could affect a lot of things. Think before you type!

8 Password security and encryption Use shadow password Password checking and selection Pluggable Authentication Modules – PAM –man pam.d

9 Restricting access Control access to your system –TCP wrappers allows you to restrict access to some services on your system p_wrapper.txt –/etc/hosts.deny man hosts.deny –/etc/hosts.allow man hosts.allow

10 Miscellaneous Security Issues Remote event logging hosts.equiv and ~/.rhosts –Rshd, rlogind should be disabled fingerd Security and NIS –/etc/group, /etc/passwd, /etc/hosts… Security and NFS Security and sendmail

11 Security of NFS A client request will include the client user-id of the process making the request The server must decide whether to believe the client's user-ids. NFS provides a means to authenticate users and machines Recommend the use of globally unique UID and the root_squash Use /etc/hosts.deny and /etc/hosts.allow to grant access

12 Security Tools nmap nessus tripwire tcpd crack Other powerful tools

13 Security Preparation Make a full backup of your machine Keep track of your system accounting data Apply all new system updates Subscribe to mailing lists to get information about potential problems

14 Cryptographic Security Tools Kerberos –A secret key based service for providing authentication in a network –Improve traditional Linux password security: Never transmit unencrypted passwords on the network Users do not have to type passwords repeatedly –For more information: SSH –The secure shell to replace rlogin, rcp, and telnet – –Server side: sshd –Client side: ssh, scp –ssh-keygen

15 Firewall Filter-based Should arriving packet be allowed in? Departing packet let out? Proxy-based

16 How iptables work

17 One iptables Example

18 Useful Websites – 

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.