Environmental Genomics Thematic Programme Data Centre Advanced Bio-Linux Dan Swan: Linux Security 101.

Slides:



Advertisements
Similar presentations
Thank you to IT Training at Indiana University Computer Malware.
Advertisements

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
System Security Scanning and Discovery Chapter 14.
Aktueller Status How Hackers Cover Their Tracks ECE 4112 May 1st, 2007 Group 1 Chris Garyet Christopher Smith Introduction Lab Content Conclusions Questions.
How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.
Vulnerability Analysis Borrowed from the CLICS group.
Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.
TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Linux System Administration LINUX SYSTEM ADMINISTRATION.
1.  The Linux system of permissions is much more difficult than that of Windows  System administrators are given more control with the use of three.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Chapter 7: Using Windows Servers to Share Information.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
Environmental Genomics Thematic Programme Data Centre Advanced Bio-Linux Dan Swan: Setting up your printer.
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.
Honeypot and Intrusion Detection System
CIS 450 – Network Security Chapter 16 – Covering the Tracks.
Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
Environmental Genomics Thematic Programme Data Centre Advanced Bio-Linux Dan Swan: Log files and log monitoring.
Postfix Mail Server Postfix is used frequently and handle thousands of messages. compatible with sendmail at command level. high performance program easier-
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Linux Networking Security Sunil Manhapra & Ling Wang Project Report for CS691X July 15, 1998.
Linux Networking and Security
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.
1 Security Penetration Testing Angela Davis Mrinmoy Ghosh ECE4112 – Internetwork Security Georgia Institute of Technology.
CHAPTER 9 Sniffing.
Cracking Techniques Onno W. Purbo
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
Topics Network topology Virtual LAN Port scanners and utilities Packet sniffers Weak protocols Practical exercise.
Linux Security. Module 13 – Linux Security ♦ Overview Linux is more prone today to security loopholes and attacks, both inside and outside the network.
1 Linux Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise.
Computer security By Isabelle Cooper.
XWN740 X-Windows Configuring and Using Remote Access (Chapter 13: Pages )‏
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
Computer Security By Duncan Hall.
Software - Utilities Objectives Understand what is meant by utility software and application software Look at common utilities – Security – Disk organisation.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Windows Administration How to protect your computer.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
Computer Security Sample security policy Dr Alexei Vernitski.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Chapter 7: Using Windows Servers
Malware and Computer Maintenance
Introduction to Operating Systems
Working at a Small-to-Medium Business or ISP – Chapter 8
The Linux Operating System
Lesson Objectives Aims You should be able to:
Answer the questions to reveal the blocks and guess the picture.
Spoofing Basics Presentation developed by A.F.M Bakabillah Cyber Security and Networking Consultant MCSA: Messaging, MCSE RHCE ITIL CEH.
Lab 7 - Topics Establishing SSH Connection Install SSH Configure SSH
CS580 Special Project: IOS Firewall Setup using CISCO 1600 router
LINUX SYSTEM ADMINISTRATION
Linux Security.
Remote Computing Services Cloud connection Distributed system
Test 3 review FTP & Cybersecurity
Convergence IT Services Pvt. Ltd
G061 - Network Security.
IP Addresses & Ports IP Addresses – identify a device on a network
Presentation transcript:

Environmental Genomics Thematic Programme Data Centre Advanced Bio-Linux Dan Swan: Linux Security 101

Environmental Genomics Thematic Programme Data Centre Why care about security? Any machine on the internet is vulnerable to attack from a malicious individual. It doesn't matter what OS the machine is running, how fast the computer is, if it's a desktop or a mainframe, a good hacker will find a use for it. Your data is stored on these machines. Work data and personal data. You do not wish to compromise your personal security, nor jeapordise the integrity of your binary data. Anyone attempting to hack your machine is already lacking scruples, so don't expect them to play nice if they get in.

Environmental Genomics Thematic Programme Data Centre Why do people hack? There are three main types of hackers: –The 'elite' - a few individuals you simply are not going to stop. Fortunately for you they're probably more interested in banks, oil companies, governments and big business to worry about getting into your machine. They have a deep knowledge of network technologies and internet protocols. –The 'curious' - for who hacking machines is an intellectual challenge and the misappropriation of data is not a big pull. Many of these will be part of the 'white hat' community. – The 'script kiddies' - This is by far and away the largest and most active group of hackers. They leech from the curious and elite hackers and wantonly rip their way through the internet with little skill, and no idea exactly how they are doing it. They are most likely to be found on IRC bragging about their latest exploits. They are very dangerous simply because they are the most likely to cause data loss.

Environmental Genomics Thematic Programme Data Centre The sysadmin vs the hacker Some hackers see the fight as a challenge. They pit their latest techniques in intrusion of computer systems against the latest preventative measures of the worlds sysadmins. It becomes a game. There are some simple rules to follow to maintain the integrity of your machine. We have tried to make Bio-Linux as secure as possible. Any changes you make to the system have the potential to compromise the security of the machine. Think about what you are doing when you use the machine. Try to develop some idea of what the hacker is thinking.

Environmental Genomics Thematic Programme Data Centre RULE 1 PICK GOOD PASSWORDS! Why? Scenario 1: A computer hacker breaks into your machine and steals the password file (/etc/password and /etc/shadow) as well as a list of machines that you have recently accessed. Using a dictionary based approach a hacker can test every word in a dictionary against your stolen password file. If your password is 'rainbow' - and being human, you re-use that password across multiple machines/accounts - you're technically 'owned'. r4inb0w is not a good password, it is based on well known number/letter substitutions and does not mix case. A good password is Ls1TmIl1L (Linux security 1s The most Important lesson 1 Learned).

Environmental Genomics Thematic Programme Data Centre Rules 2 and 3 Change your password frequently. Once a month should do it. Get into the habit of doing this on all systems you have accounts on, this is maximising your personal security. Never write your password down or give your password out. No post-it notes with passwords stuck to your monitor, if a hacker was to visit your institution one day it might be the kind of thing they would pay attention to. You do not divulge it to your friends, family, colleagues. If you can't remain tight lipped about your passwords, you can't expect them to either.

Environmental Genomics Thematic Programme Data Centre Rule 4 Don't run unnecessary services on your machine. sudo /usr/sbin/setup Services running are: atd (handles timed commands), autofs (so you can mount NFS at boot), crond (already discussed), gpm (mouse services), ip(chains|tables) (firewalls), keytable (loads local keyboard settings and default font), kudzu (hardware detection), lpd (printing), mysqld (database), network (network interface control), portsentry (anti-hacker measure), random (makes random numbers), rawdevices (for support of raw devices), rcd (red carpet updates), rhnsd (RedHat updates), sendmail (mail), sgi_fam (monitors file alterations), sshd (secure shell), syslog (logs system events), wine (windows compatibility layer), xfs (X windows font server).

Environmental Genomics Thematic Programme Data Centre Not all services face the internet Some of the services are local to the machine. Not all of them present a danger from the point of view of an internet attacker. How can you find out what is open to attack on your machine? Use the same tools the hackers do! Run nmap against your machine. Do not wield this tool in anger, or curiousity against any machine you do not have explicit permission to scan. You will likely breach the Computer Misuse Act and potentially anti- terrorist legislation too. nmap -sT localhost

Environmental Genomics Thematic Programme Data Centre

Environmental Genomics Thematic Programme Data Centre

Environmental Genomics Thematic Programme Data Centre Getting sneaky with nmap With nmap we can do a lot more interesting things with machines that appear to be down, or are blocking our probes.

Environmental Genomics Thematic Programme Data Centre Take home message To the casual observer Bio-Linux does not appear on the network. To the determined hacker, the machine only shows an sshd port open. We will discuss sshd in more detail later. The upshot of this is that your local MySQL database and your local installation of apache (the webserver) are only available to your local host (localhost/ ). The hiding of ports such as X-windows, printer, smtp etc means they are not available for exploitation by hackers. The question is - how is this all done?

Environmental Genomics Thematic Programme Data Centre Narc firewalls Bio-Linux has a built in firewall which allows fine grained control of who can access what on your system. Currently the setup is (basically): –Deny all incoming connections. –Allow incoming ssh. Firewall rules are set up using iptables (or ipchains for older versions of Linux). We use Narc to make generating iptables rules simpler. Narc configuration is in /etc/narc/narc.conf Narc is run at boot to generate iptables rules based on the conf. If you want to make firewall changes edit narc.conf.

Environmental Genomics Thematic Programme Data Centre Portsentry If ever you can't connect to a machine that you can usuall access, and the machine is not down it may be that someone has run nmap against the machine from your own machine. You have most likely been blocked by 'portsentry'. If a machine scans you then further attempts to connect to it will be blocked. Permanently. If this happens in error: /sbin/route (any address with !H as a flag is blocked) /sbin/route del reject This can also be checked in: /etc/portsentry/portsentry.blocked.atcp

Environmental Genomics Thematic Programme Data Centre Portsentry is

Environmental Genomics Thematic Programme Data Centre Rule 5 You do not set up telnetd or ftpd on the machine. In fact if you're really security concious you don't EVER use telnet or ftp to access ANYTHING! FTP and telnet are from the days when the internet was a safer place. Importantly they transmit all their doings in plain text, across the network. Example: You are sat on your Bio-Linux machine and you telnet/ftp to a machine in the USA. Each keystroke passes through dozens of machines, any one of which could be compromised by a hacker, who is monitoring all traffic. You have re-used your password on both machines. Hacker intercepts your username and password, sees where you are coming from, logs into your machine and you are owned. Simple.

Environmental Genomics Thematic Programme Data Centre Your alternative is SSH SSH = secure shell Replaces telnet with a secure, 2 way encrypted channel. No plain text is ever passed between the machines. SSH also allows file transfer using scp. You can get 'ftp-like' scp clients if you really can't deal with the command line. ssh is even clever enough to tunnel X-Windows connections! We use OpenSSH a non-commercial implementation of SSH. sshd (the program which allows you to connect to Bio-Linux via ssh) is the only point of entry to the Bio-Linux system and is currently considered secure.

Environmental Genomics Thematic Programme Data Centre More security To see who is logged onto your system and where from : w To see what connections are currently being made to and from your machine : netstat | more tail -f /var/log/messages (hint try the above and then ssh localhost to see what happens) Read: Don't forget to physically secure the machine. Padlock the case, chain it to a desk. Universities are soft targets for thieves. Keep the machine patched and up to date. This, and not fiddling with the firewall is the best way to keep your machine secure.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.