Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Linux Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise.

Published byMarshall Ball Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Linux Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise."— Presentation transcript:

1 1 Linux Security

2 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise your system. The more secure your system, the more miserable you and your users will tend to be Security = 1/(1.072 * Convenience)

3 3 Linux Security What level of threat the system needs to be protected against? –Analyze the system Packet Filtering Turn off unnecessary services –Be aware of what is happening on your system –Keep track the vulnerabilities - Software patches Backups –Recover effectively from a security incident User accounts –Minimal amount of privilege they need –Remove inactive accounts –The use of the same user-ID on all computers and networks is desirable for the purpose of account maintenance –User account provides accountability

4 4 Linux Security Root Security –Only become root to do single specific tasks –Never use the rlogin/rsh/rexec suite of tools (called the r- utilities) as root –Always be slow and deliberate running as root. Your actions could affect a lot of things. Think before you type!

5 5 Password security and encryption Use shadow password Password checking and selection Pluggable Authentication Modules – PAM –man pam.d

6 Linux-PAM Linux Pluggable Authentication Modules –Login, ftp, su, sudo, etc. Modules: /lib/security Configurations file: /etc/pam.d –Determine the method to authenticate –Contain a list (i.e., stack) of calls to the modules Pluggable: it is easy to add/remove modules from an authentication stack 6

7 PAM example auth requisite pam_securetty.so –To make sure the root user logs in from an allowed terminal session required pam_limits.so –Set up user limits according to /etc/security/limits.conf 7

8 8 Restricting access Control access to your system –/etc/hosts.deny man hosts.deny –/etc/hosts.allow man hosts.allow

9 9 Miscellaneous Security Issues Remote event logging hosts.equiv and ~/.rhosts –Rshd, rlogind should be disabled fingerd Security and NIS –/etc/group, /etc/passwd, /etc/hosts… Security and NFS Security and sendmail

10 10 Security of NFS A client request will include the client user-id of the process making the request The server must decide whether to believe the client's user-ids. NFS provides a means to authenticate users and machines Recommend the use of globally unique UID and the root_squash Use /etc/hosts.deny and /etc/hosts.allow to grant access

11 11 Security Tools nmap nessus tripwire crack Other powerful tools

12 12 Security Preparation Make a full backup of your machine Keep track of your system accounting data Apply all new system updates Subscribe to mailing lists to get information about potential problems

13 OpenSSH OpenSSH: http://www.openssh.com/http://www.openssh.com/ –Secure Network Communication –A suite of secure tools that replaces telnet, rcp, ftp, etc. SSH protocol version 2 (SSH2) –Not compatible with SSH protocol version 1 When OpenSSH starts –Establish an encrypted connection –Authenticate the user –Client and server send information back and forth 13

14 SSH Use two key pairs –Host key pair: a set of public/private keys that is established when you install openssh-server package /etc/ssh –Session key pair: a set of public/private keys that change hourly./ssh 14

15 SSH First time when SSH client connects with SSH server –After verification, the client makes a copy of the server’s public host key The client then generates a random key, which is encrypted and sent to the server 15

16 Set up a Firewall under Ubuntu firestarter: a sophisticated, graphical tool for building and maintaining a firewall ufw –uncomplicated firewall –Command-line intrface to iptables gufw (gufw.tuxfamily.org): a graphical interface to ufw firestarter and gufw utilities are graphical front-ends for iptables Iptables: Build and manipulate network packet filtering rules in the Linux kernel 16

17 A Typical Firewall Setup 17

18 Ufw: the uncomplicated firewall sudo ufw allow ssh sudo ufw enable –to turn on ufw –By default, ufw starts with a default policy that blocks all inbound traffic and allows outbound traffic sudo ufw status verbose gufw 18

19 iptables Two components –Netfilter Run in the kernel space A set of tables that hold rules that the kernel uses to control network packet filtering –Iptables Run in the user space Set up, maintain, and display the rules by netfilter 19

20 iptables First rule: test whether a packet destination is port 23 and drops the packet if it is Second rule: tests whether a packet is received from the IP address 192.168.1.1 and alter the packet destination if it was 20

21 21 How iptables work

22 22 One iptables Example

23 23 Useful Websites http://www.cert.org http://www.sans.org/ –http://www.sans.org/rr http://www.securityfocus.com/  http://www.phrack.org/ http://www.phrack.org/

Download ppt "1 Linux Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise."

Similar presentations

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Linux Security An overview notes from Linux Network Security HowTO.

Linux Security An overview notes from Linux Network Security HowTO.
Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.

Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.
Linux+ Guide to Linux Certification, Second Edition Chapter 15 Configuring Network Services and Security.

Linux+ Guide to Linux Certification, Second Edition Chapter 15 Configuring Network Services and Security.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.

Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.

Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Firewalls, Perimeter Protection, and VPNs - SANS ©2001 1 SSH Operation The Swiss Army Knife of encryption tools…

Firewalls, Perimeter Protection, and VPNs - SANS © SSH Operation The Swiss Army Knife of encryption tools…
Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.

Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040)

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Similar presentations

Ads by Google