Presentation is loading. Please wait.

Presentation is loading. Please wait.

Linux Networking and Security

Published byClemence Walsh Modified over 8 years ago

Similar presentations

Presentation on theme: "Linux Networking and Security"— Presentation transcript:

1 Linux Networking and Security
Chapter 12 Network Intrusion Detection

2 Network Intrusion Detection
Use network scanning and packet-sniffing utilities Understand basic intrusion detection systems Perform automated security audits of your Linux system

3 Scanners and Sniffers Cracker can employ the following techniques in order to gain access to a Linux system: Port scanning, in which packets are sent to a host to gain information about it based on its response Packet sniffing, in which every packet on the network has its header and data examined Network administrators also use these techniques to check for security weaknesses, and though some feel their use is illegitimate, it is important to stay ahead of crackers

4 Port Scanning A port scan enables someone to identify a network’s operating system and any services that could potentially allow greater access Port scans typically use the TCP protocol and its associated flags to gather information about the host and its network services Some port scanners use ICMP and UDP packets, which do not provide as much data as TCP, but can offer some information that TCP cannot

5 Port Scanning

6 Port Scanning The most widely used port-scanning utility is nmap, the network mapper nmap is a command-line utility that uses a variety of scanning methods nmap allows for fingerprinting hosts, greater output, and configuration of timing policy nmap can also perform a Ping scan, which reports hosts that are reachable using ICMP echo packets

7 Port Scanning

8 Port Scanning

9 Port Scanning

10 Packet Sniffing A packet sniffer allows for the examination of any or all of the traffic passing through a network cable or wireless space An Ethernet card can enable packet sniffing only if it is operating in promiscuous mode Users must be logged in as root to use this mode, so packet sniffers require root access If encryption technologies such as SSH, GPG, and stunnel are used, packet data is more secure

11 Packet Sniffing Three popular Linux utilities are:
IPTraf displays individual network connections, with protocol and other data for each one, and it also displays statistics by protocols, certain host names, or certain IP addresses tcpdump provides information similar to IPTraf, but it also includes more detailed information about network packets Ethereal takes tcpdump a step farther in that it is a graphical network analysis tool

12 Packet Sniffing

13 Packet Sniffing

14 Packet Sniffing

15 Packet Sniffing

16 Packet Sniffing

17 Packet Sniffing

18 Packet Sniffing

19 Packet Sniffing

20 Packet Sniffing

21 Packet Sniffing

22 Using Intrusion Detection Software
Intrusion detection is the process of noticing when someone is trying to break into (or has already broken into) a system This category of software is called intrusion detection systems (IDS) PortSentry, by Psionic, watches network ports for packets that appear to be port scans A more complex tool than PortSentry is Linux IDS, or LIDS, which can alter the Linux kernel

23 Using Intrusion Detection Software
Big Brother provides a different level of intrusion detection than LIDS and it uses a client/server model similar to SNMP Big Brother includes a server that gathers data from clients on each network host and displays that data as a Web page Some of the 26 standard services Big Brother will manage are DNS, FTP, HTTP, POP3, SSH, Telnet, disk space and memory usage

24 Using Intrusion Detection Software

25 Using Intrusion Detection Software
Suggested use of intrusion detection tools: Use nmap to scan the system after configuration to check for security holes Next use PortSentry to watch for outside hosts trying to port scan the server Use LIDS to secure your file system and processes so that anyone who is able to gain unauthorized access will have very limited power Use Big Brother to keep a constant eye on services that are provided on network servers

26 System Security Audits
The best way to test confidence in the security of a Linux system is to perform a security audit Security audits are reviews or tests of how secure the system is and what needs to be done to improve its security A security audit could take the form of: A careful review of the security policy Use of special security-auditing software

27 System Security Audits
One of the first security-auditing programs was called Security Administrator Tool for Analyzing Networks (SATAN) The Security Administrator’s Integrated Network Tool (SAINT) replaced SATAN SAINT uses a Web browser interface to manage an “attack” on a network and report vulnerabilities found Other security audit tools are Tiger and SARA

28 System Security Audits

29 System Security Audits

30 System Security Audits

31 Chapter Summary Port-scanning software lets anyone learn about the potentially vulnerable network access points on any networked computer Port scanners use various combinations of TCP flags, UDP packets, and Ping packets to elicit responses that inform the scanner about the services running on the targeted host When a host detects that someone is using a port scanner, software such as PortSentry can take action to prevent the completion of the port scan and block all future access by the host performing the scan

32 Chapter Summary The most used port-scanning software is nmap and graphical utilities are available as nmap front ends Packet sniffers use the promiscuous mode of a NIC to capture all data passing through that node of the network, including all headers and payloads; Ethereal is a powerful and popular graphical packet sniffer Packet sniffing is just one type - though the most comprehensive - of network traffic analysis; other programs such as IPTraf help network administrators analyze network traffic patterns based on protocol, point of origin or destination, and other factors

33 Chapter Summary The tcpdump program is a very popular network traffic analysis program that captures detailed information about network packets Intrusion detection systems (IDS) are an important part of modern network security and they watch for signs of intruders trying to access your servers and help you respond appropriately PortSentry is one piece of IDS software that detects port scans from programs like nmap; A more comprehensive package is LIDS, which alters the Linux kernel so that the root user has limited access

34 Chapter Summary Big Brother is a simpler IDS that watches the status of network services on multiple servers through a Web page interface Security audits using security policies or specialized software can help network administrators see potential security problems and fix them before someone else finds them One popular security-auditing software tool is SAINT and many others are available

Download ppt "Linux Networking and Security"

Similar presentations

Ethical Hacking Module VII Sniffers.

Ethical Hacking Module VII Sniffers.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
1 Linux Networking and Security Chapter 2. 2 Configuring Basic Networking Describe how networking devices differ from other Linux devices Configure Linux.

1 Linux Networking and Security Chapter 2. 2 Configuring Basic Networking Describe how networking devices differ from other Linux devices Configure Linux.
Essential NetTools Pranay Kumar. Essential NetTools  This tool is a set of network tools useful in diagnosing networks and monitoring your computer's.

Essential NetTools Pranay Kumar. Essential NetTools  This tool is a set of network tools useful in diagnosing networks and monitoring your computer's.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.

Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Port Scanning.

Port Scanning.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 7 Connect the SUSE Linux Enterprise Server to the Network.

SUSE Linux Enterprise Server Administration (Course 3037) Chapter 7 Connect the SUSE Linux Enterprise Server to the Network.

Similar presentations

Ads by Google