Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security’s Final Fantasy Virtual Networks with User Mode Linux.

Published byGladys Malone Modified over 8 years ago

Similar presentations

Presentation on theme: "Security’s Final Fantasy Virtual Networks with User Mode Linux."— Presentation transcript:

1 Security’s Final Fantasy Virtual Networks with User Mode Linux

2 Computer Security Is Trying A Large part of computer security is trying  New versions of the kernel  New kernel features  New firewall rules  New intrusion detection rules  New exploits  Old exploits in new settings  Regression testing  New security programs  And lots more…

3 Computer Security is Trying How do you about trying these things out?

4 A Maze of Twisty Little Passages One way is to use the live production network for trying things out. This technique is guaranteed to increase your notoriety within the company. This may not be a desirable thing.

5 A Maze of Twisty Little Passages Another less-intrusive way is the Sandbox or Iconic Method. The complexity of the network is reduced to just a few key systems and hardware and software components. This approach may be very useful and produce significant results, it has several drawbacks

6 A Maze of Twisty Little Passages  All those pieces of hardware, software, and infrastructure components can get expensive.  All those pieces/parts can take up a lot of physical space.  The pieces/parts of the Sandbox are frequently scavenged and put into production thus rendering the Sandbox less effective.

7 A Maze of Twisty Little Passages  Connecting all the parts together can be a real drag if not a nightmare.  Even scamming cheap laptops at First Saturday gets to be consumptive of both space and dollars.

8 A Maze of Twisty Little Passages Virtualization is an old concept in computing. It’s been done on mainframes and now is available for x86 architectures. VMware can run multiple x86 operatings systems at a time. VMware is expensive both in terms of system resources and $$$.

9 Enter User Mode Linux Another way to do virtualization is with UML (User Mode Linux). UML is a Linux kernel that has been constructed to run as a program under Linux. UML gives you a virtual machine that may have more hardware and software virtual resources than your actual, physical computer.

10 UML Hardware Support  Block devices  Console and serial lines  Network devices  SCSI devices  USB devices  PCI hardware

11 Where To Get It Jeff Dike is the originator and driving influence behind UML. The UML web site is located at http://user- mode-linux.sourceforge.net.http://user- mode-linux.sourceforge.net The UML community site is located at http://usermodelinux.org. http://usermodelinux.org

12 What is UML Good For? Virtual hosting Kernel development and debugging Process debugging Safely experimenting with the latest kernels Trying out new distributions Education, yours or somebody else’s Experimental development Poking around inside the guts of a running system Virtual networking All sorts of security-related things

13 Fun On The Network Test firewall rule sets Test sendmail rules Test alternatives to sendmail, e.g., Postfix, exim Test Apache configurations Run exploit code (Many possibilities here) Set up and Intrusion Detection System Test new IDS signatures Analyze network protocols with tcpdump and Ethereal Experiment with cryptography Set up a VPN (Virtual Private Network)

14 Conclusion User Mode Linux is an excellent application for testing new kernels and programs. It also has many security related uses that the security maven might not be able to do on a live, production network. Many things are possible with different kernels and configurations.

Download ppt "Security’s Final Fantasy Virtual Networks with User Mode Linux."

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
Applications of Feather-Weight Virtual Machines (FVMs) Hadi Salimi Distributed Systems Lab, School of Computer Engineering, Iran University of Science.

Applications of Feather-Weight Virtual Machines (FVMs) Hadi Salimi Distributed Systems Lab, School of Computer Engineering, Iran University of Science.
Mobile Application Architectures

Mobile Application Architectures
By : Versha Thakur Shravani Aishwarya

By : Versha Thakur Shravani Aishwarya
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Jonas Lippuner. Overview IPCop  Introduction  Network Structure  Services  Addons Installing IPCop on a SD card  Hardware  Installation.

Jonas Lippuner. Overview IPCop  Introduction  Network Structure  Services  Addons Installing IPCop on a SD card  Hardware  Installation.
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
CS-3013 & CS-502, Summer 2006 Virtual Machine Systems1 CS-502 Operating Systems Slides excerpted from Silbershatz, Ch. 2.

CS-3013 & CS-502, Summer 2006 Virtual Machine Systems1 CS-502 Operating Systems Slides excerpted from Silbershatz, Ch. 2.
CS533 Concepts of Operating Systems Class 14 Virtualization.

CS533 Concepts of Operating Systems Class 14 Virtualization.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
FIT5037 Advanced Network Security --- Modern Computing and Security --- Lecture 1.

FIT5037 Advanced Network Security --- Modern Computing and Security --- Lecture 1.
1 Securing the Net: Where the Holes Are Steven M. Bellovin AT&T Labs – Research

1 Securing the Net: Where the Holes Are Steven M. Bellovin AT&T Labs – Research
Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 6.

Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 6.
Cambodia-India Entrepreneurship Development Centre - : :.... :-:-

Cambodia-India Entrepreneurship Development Centre - : :.... :-:-
Terminal Services Terminal Services is the modern equivalent of mainframe computing, in which servers perform most of the processing and clients are relatively.

Terminal Services Terminal Services is the modern equivalent of mainframe computing, in which servers perform most of the processing and clients are relatively.
Installing software on personal computer

Installing software on personal computer
Department Of Computer Engineering

Department Of Computer Engineering
Virtual Network Servers. What is a Server? 1. A software application that provides a specific one or more services to other computers  Example: Apache.

Virtual Network Servers. What is a Server? 1. A software application that provides a specific one or more services to other computers  Example: Apache.
5205 – IT Service Delivery and Support

5205 – IT Service Delivery and Support

Similar presentations

Ads by Google