IS3440 Linux Security Unit 2 Securing a Linux Platform―Core Components

Slides:



Advertisements
Similar presentations
Planning and Administering Windows Server® 2008 Servers
Advertisements

INSTALLING LINUX.  Identify the proper Hardware  Methods for installing Linux  Determine a purpose for the Linux Machine  Linux File Systems  Linux.
Linux+ Guide to Linux Certification, Second Edition
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Module 5: Configuring Access for Remote Clients and Networks.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
History DHCP was first defined as a standards track protocol in RFC 1531 in October 1993, as an extension to the Bootstrap Protocol (BOOTP). The motivation.
Chapter 7 HARDENING SERVERS.
Linux+ Guide to Linux Certification, Second Edition Chapter 3 Linux Installation and Usage.
Lesson 4-Installing Network Operating Systems. Overview Installing and configuring Novell NetWare 6.0. Installing and configuring Windows 2000 Server.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Linux Security.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.
© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.
Chapter 11: Dial-Up Connectivity in Remote Access Designs
Module 8: Implementing Administrative Templates and Audit Policy.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
Securing a Wireless Network
Introducing Kerio Control Unified Threat Management Solution Release date: June 1, 2010 Kerio Technologies, Inc.
Windows Security Mechanisms Al Bento - University of Baltimore.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
Linux+ Guide to Linux Certification Chapter Three Linux Installation and Usage.
A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 15 Installing and Using Windows XP Professional.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.
1 Linux Basics for Networking. 2 Module - Linux Basics for Networking ♦ Overview This module focuses on the basics of networking using Redhat Enterprise.
01/03/11 Centre for Development of Advanced Computing Chennai BOSS Desktop Security.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Module 14: Configuring Server Security Compliance
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 6 Implementing Infrastructure Controls.
Module 7: Implementing Security Using Group Policy.
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements.
Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►
The Perfect Linux Security Firewalls. Introduction of Linux Firewall Security Linux Firewall is very stable, protect our system from malware, system performance.
1 COP 4343 Unix System Administration Unit 1: –Linux OS structure –Distributions –Hardware inventory –Disks and partitions –Installation steps –Boot loader.
“Enterprise Network Design and Implementation for Airports” Master’s Thesis - Ashraf Ali Department of Computing and Information Sciences This project.
VMware ESX and ESXi Module 3.
Chapter Objectives In this chapter, you will learn:
Operating System & Application Software
Working at a Small-to-Medium Business or ISP – Chapter 8
Configuring Windows Firewall with Advanced Security
Chapter 5 : Designing Windows Server-Level Security Processes
HARDENING CLIENT COMPUTERS
Securing the Network Perimeter with ISA 2004
Ch 3: Obtaining Help and Support
IS4550 Security Policies and Implementation
IS3440 Linux Security Unit 3 User Account Management
Lesson #10 MCTS Cert Guide Microsoft Windows 7, Configuring Chapter 10 Configuring Network and Firewall Settings.
IS3440 Linux Security Unit 6 Using Layered Security for Access Control
Unit 8 NT1330 Client-Server Networking II Date: 8/2/2016
IS3440 Linux Security Unit 9 Linux System Logging and Monitoring
LINUX SECURITY Dongmei Wu ID: /25/00.
IS3440 Linux Security Unit 4 Securing the Linux Filesystem
IS4680 Security Auditing for Compliance
IS3440 Linux Security Unit 7 Securing the Linux Kernel
IS4680 Security Auditing for Compliance
SECURITY IN THE LINUX OPERATING SYSTEM
Securing Windows 7 Lesson 10.
IS4680 Security Auditing for Compliance
NSA Security-Enhanced Linux (SELinux)
Convergence IT Services Pvt. Ltd
Presentation transcript:

IS3440 Linux Security Unit 2 Securing a Linux Platform―Core Components

Class Agenda 3/23/16 Covers Chapter 2 and 3 Learning Objectives Lesson Presentation and Discussions. Discussion on Assignments. Discussion on Lab Activities. Lab will be perform in class. Break Times as per School Regulations. Quiz 3.1 will be held in the next class. It will cover chapter 1 to 3

Learning Objective Configure the basic settings to secure a Linux platform.

Key Concepts Secure boot loaders Security considerations while using kernel and user space components Discretionary access control (DAC) and access control lists (ACLs) Mandatory access control (MAC) with Security Enhanced Linux (SELinux) Concepts of a packet filtering firewall

Linux Kernel more robust-Monolithic and modular. Open source-source code available Developers are mostly volunteers. The Kernel can be customized-recompiled Is Multi-User Operating System Can be configured as a Domain Controller for Windows

Full function Linux can be booted from CD or a USB Security challenges Full function Linux can be booted from CD or a USB Linux can be booted with admin privilege without a password Security issued of booting from CDs or USB. Students should explore. The GUI pose security risk Many distribution with variety of desktop.

Common Boot Loaders Grand Unified Bootloader (GRUB) Linux Loader (LILO) Loadlin Universal Bootloader (U-Boot)

GRUB need to be hardened.

GRUB Configuration Options Comments default=0 This option is for default kernel to boot. When multiple kernels are listed, the first one in the list will start at zero. timeout=0 This option sets the time out to zero. color green/blue This option specifies the color for the GRUB screen. In this case, green is the foreground color and blue is the background color. password – md5 <encrypted password> This option is for the encrypted password. splashimage=(hd0,0)/grub/splash.xpm.gz This option is for “splash” image that shows when you access the GRUB menu.

Enable firewall

The Linux Firewall Location of netfilter Location of iptables User Kernel Space User Space Hardware User

Sudo Access

Access control mechanisms Layered Security Physical security Firewall Access control mechanisms Encryption Monitoring Backups

SELinux

Common Linux Access Controls MAC allows the file sharing service to interact with the shared filesystem. DAC provides the required permissions to access files. The firewall allows user access based on the file service port and user’s Internet Protocol address.

Immutable permission

Special Permission

Access Control Mechanisms 11/27/2018 Access Control Mechanisms DAC Defines the access control for objects in the filesystem ACLs Grants “special” permissions to users or groups for an object in the filesystem that are not specified in the DAC permissions MAC Adds additional categories to objects in the filesystem DAC: For example, user Joe owns the file “readme.txt” and gives read access permission to everyone but only Joe has the write permissions. MAC: Any user or process accessing the object must have proper access before interacting with it. (c) ITT Educational Services, Inc.

Kernel Space Kernel Space has access and can control all aspects of a Linux system. Loadable kernel modules (LKMs) are a common avenue for rootkits.

User Space User space is the most likely avenue that black-hat hackers attempt to exploit the Linux system. It is common for black-hat hackers to gain unauthorized access simply by guessing an easy password from a user account.

Importance of a Firewall Firewall on each host server provides an additional layer of security: If the network perimeter firewall allows unauthorized traffic into the network, firewall protects servers from the unauthorized traffic. Firewall provides additional protection to host servers if a rogue program infects the local area network (LAN).

Importance of Securing Core Components Default settings, improper file permissions, and insecure user accounts are common methods used by black-hat hackers to gain unauthorized access. Best practices and compliance standards require basic security and can result in hefty fines, if not followed.

Summary In this presentation, the following concepts were covered: Common boot loaders The process of Linux access control Access control mechanisms such as DAC, ACL, and MAC Considerations for using kernel space and user space Importance of firewall and securing core components

Discussion 2.1 Identifying Layers of Access Control in Linux Discussions and Lab Discussion 2.1 Identifying Layers of Access Control in Linux Lab 2.2 Configure Basic Security Controls on a Fedora Linux Server

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.