Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.

Slides:

Advertisements

Similar presentations

IUT– Network Security Course 1 Network Security Firewalls.

Advertisements

Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

Linux Security An overview notes from Linux Network Security HowTO.

Chapter 21 Security. Computer Center, CS, NCTU 2 Firewall (1)  Using ipfw 1.Add these options in kernel configuration file and recompile the kernel 2.Edit.

Linux Security 資管研究生劉順德. Outline General Security –Account –Local –Network –Patch Services Security –Sendmail –BIND/DNS –Apache –FTP Recent Linux security.

1 Firewall & IP Tables. 2 Firewall IP Tables FIREWALLS All previous security measures cannot prevent Eve from sending a harmful message to a system.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

Lesson 19: Configuring Windows Firewall

Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.

NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.

07/11/ L10/1/63 COM342 Networks and Data Communications Ian McCrumRoom 5B18 Tel: voice.

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

Chapter 6: Packet Filtering

Csci5233 Computer Security1 Bishop: Chapter 27 System Security.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

Chapter 13 – Network Security

Cosc 4750 Networking. The basics Machine A and Machine B have a connection to a network When Machine A wants to “talk” to machine B, it creates a packet.

SCSC 455 Computer Security Network Security. Control access to system Access control mechanisms in specific network programs  e.g. 1, wu-FTP server support.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

1 The Firewall Menu. 2 Firewall Overview The GD eSeries appliance provides multiple pre-defined firewall components/sections which you can configure uniquely.

CSCE 815 Network Security Lecture 23 Jails and such April 15, 2003.

Access Control List (ACL)

Linux Services Muhammad Amer. 2 xinetd Programs  In computer networking, xinetd, the eXtended InterNET Daemon, is an open-source super-server daemon.

1 Firewalls G53ACC Chris Greenhalgh. 2 Contents l Attacks l Principles l Simple filters l Full firewall l Books: Comer ch

NETWORK SECURITY USING IPTABLES. TOPICS OF DISCUSSION NETWORK TRAFFIC IN PRESENT SCENARIO !! WHY WE NEED SECURITY ? T TYPE OF ATTACKS & WAYS TO TACKLE.

Firewalling With Netfilter/Iptables. What Is Netfilter/Iptables? Improved successor to ipchains available in linux kernel 2.4/2.6. Netfilter is a set.

IPtables Objectives Contents Practicals Summary

Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.

Advanced Unix Chapter 14. Network Tools There are many, many network tools that come with a standard Linux installation. There are many, many network.

Firewall Tutorial Hyukjae Jang Nc lab, CS dept, Kaist.

 FreeBSD firewalls › ipfw -- IP firewall and traffic shaper control program  ipfw(8) › ipf (IP Filter) - alters packet filtering lists for IP packet.

CSN09101 Networked Services Week 6 : Firewalls + Security Module Leader: Dr Gordon Russell Lecturers: G. Russell.

Linux Security. Module 13 – Linux Security ♦ Overview Linux is more prone today to security loopholes and attacks, both inside and outside the network.

1 Linux Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise.

1 Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise your system.

1 OFF SYMB - 12/7/2015 Firewalls Basics. 2 OFF SYMB - 12/7/2015 Overview Why we have firewalls What a firewall does Why is the firewall configured the.

1 Firewalls. ECE Internetwork Security 2 Overview Background General Firewall setup Iptables Introduction Iptables commands “Limit” Function Explanation.

Unit - III. Providing a Caching Proxy Server (1) A caching proxy server is software that stores (caches) frequently requested internet objects such as.

Firewalls Group 11Group 12 Bryan Chapman Richard Dillard Rohan Bansal Huang Chen Peijie Shen.

CITA 310 Section 9 Securing the Web Environment (Textbook Chapter 10)

Firewall C. Edward Chow CS691 – Chapter 26.3 of Matt Bishop Linux Iptables Tutorial by Oskar Andreasson.

Unix network Services. Configuring a network interface In Unix there are essentially two commands that are used to enable TCP/IP. ifconfig route.

Firewalls Priyanka Verma & Jessica Wong. What is it? n A firewall is a collection of security measures designed to prevent unauthorised electronic access.

Access Control List (ACL) W.lilakiatsakun. Transport Layer Review (1) TCP (Transmission Control Protocol) – HTTP (Web) – SMTP (Mail) UDP (User Datagram.

IP packet filtering Breno de Medeiros. Florida State University Fall 2005 Packet filtering Packet filtering is a network security mechanism that works.

LINUX® Netfilter The Linux Firewall Engine. Overview LINUX® Netfilter is a firewall engine built into the Linux kernel Sometimes called “iptables” for.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

1 CNLab/University of Ulsan Chapter 19 Firewalls  Packet Filtering Firewall  Application Gateway Firewall  Firewall Architecture.

Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.

Linux Firewall Iptables.

Lecture 9 Page 1 CS 236 Online Firewalls What is a firewall? A machine to protect a network from malicious external attacks Typically a machine that sits.

Firewalls. A Firewall is: a) Device that interconnects two networks b) Network device that regulates the access to an internal network c) Program that.

Module 3: Enabling Access to Internet Resources

FIREWALL configuration in linux

The Linux Operating System

LINUX ADMINISTRATION

Packet Filtering Dick Steflik.

Introduction to Networking

IS3440 Linux Security Unit 6 Using Layered Security for Access Control

Lab 7 - Topics Establishing SSH Connection Install SSH Configure SSH

Setting Up Firewall using Netfilter and Iptables

OPS235: Configuring a Network Using Virtual Machines – Part 2

COP 4343 Unix System Administration

Firewalls By conventional definition, a firewall is a partition made

Presentation transcript:

Securing Network using Linux

Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos

Types of Security Threats Denial of Service (DoS) –This attack disrupts a service on the system Intrusion –Unauthorised access by compromising a service or logging in by stealing a password Snooping –This attack involves interception of the data of another user, listening to all sensitive information transmitted Viruses, worms and Trojan Horses

Setting up a Secure System There are some very basic things that you have to do in order to secure your system Shutting down the redundant services –You have to disable all network daemons (services) that are not needed by the system –Any network port that is listening for connections can be vulnerable to attacks due to probable exploits against running daemon –To find out the ports that are opened type: # netstat -an

Setting up a secure system (cont.) Looking in /etc/services or by passing -p to netstat we can tell which service is running per port Check each port that looks like unnecessary Examples vulnerable services: –telnetd, sendmail, ftpd: Send clear passwords through the web. Instead of telnet use ssh Shutting down services involves editing the appropriate files on your system

Setting up a Secure System (cont.) On RedHat based systems daemons are started by scripts in the /etc/rc.d/init.d directory Depending on the runlevel each daemon/services in linked to the appropriate rcX.d directory where 0<X<6

Setting up a secure system What to have in mind all the time: –Never use simple passwords. Try to make them complex by mixing letters,symbols and numbers –Do NOT work on the root account unless absolutely necessary –Do not ignore the log files –Update your system in a regular basis

TCP Wrapper Configuration A simple and effective way to protect the system TCP Wrappers “wrap” a service access (e.g. apache web server)monitoring the connections to it and refusing unauthorised sites It is used in conjunction with inetd and xinetd It's a good way to control the access to services that do not provide any native access control mechanism

TCP Wrapper Configuration (cont.) TCP Wrapper is the first thing encounter when a connection is established with a service protected by the wrapper TCP Wrapper is responsible for determining whether the connection comes from a source host that it is allowed to do so Depending on whether you are using TCP Wrappers with inetd or xinetd there are two different approaches

TCP Wrapper Configuration (cont.) with inetd If the system is using the inetd daemon you have to edit the /etc/inetd.conf file to use the TCP wrapper Using TCP wrappers requires just a small change to /etc/inetd.conf E.g. for the finger daemon finger stream tcp nowait root /usr/sbin/in.fingerd in.fingerd has to be changed to: finger stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.fingerd This cause the tcpd command, representing the TCP wrapper, to be executed instead of the in.fingerd and protect the daemon

TCP Wrapper Configuration (cont.) with xinetd xinetd is the replacement of inetd adopted by some distros In most cases xinetd has built-in support for TCP wrappers You need to modify the TCP wrapper configuration files (/etc/hosts.allow, /etc/hosts.deny)

TCP Wrapper Configuration (cont.) with xinetd /etc/hosts.allow and /etc/hosts.deny specify the access rules that are applied in daemon protection When a TCP wrapper is invoked it obtains the IP address of the connecting host and its hostname If the IP of the host is specified in the /etc/hosts.allow then access is permitted to the daemon/service If no match is found, the /etc/hosts.deny is consulted. If the IP is described there then the connection is closed If no much exists both of the files then access is granted

TCP Wrapper Configuration (cont.) with xinetd The syntax of those two files is simple Each file contains a set of rules General rule form: daemon_list : client_list : shell_command where daemon_list is comma separated list of daemons to which the rule applies, the client_list is comma separated list of the hostnames or IP addresses where the rule applies and shell_command is optional, specifying the command to be executed when rule matches

TCP Wrapper Configuration (cont.) with xinetd Example rules: 1. /etc/hosts.deny ALL:ALL # Deny everything from everywhere In case that nothing is specified in the /etc/hosts.allow then this rule will refuse connection to any service by anyone 2. /etc/hosts.deny ALL: ALL EXCEPT localhost 3. /etc/hosts.allow in.fingerd: ALL

Firewalls in Linux It is the case that TCP Wrappers work with services configured using xinetd For stand-alone services another tool has to be used to control access In modern systems is common place to get protection by IP filtering In IP filtering kernel inspects each network packet transmitted or received by the host machine

Firewalls in Linux (cont.) Kernel IP filtering mechanism decides whether to allow or deny the access of a certain packet IP filtering though does not provide protection from DoS attacks, Trojan’s and viruses IP filters take their decision according to packet headers which contain information like: –Protocol Type (TCP,UDP) –Source and Destination Port Numbers E.g. Web Servers like Apache use port 80 on TCP protocol

Firewalls in Linux (cont.) IP filtering in Linux is implemented by the kernel There are three IP filtering/firewall generations in Linux: –ipfw (IP firewall) for kernel versions 2.0.X –ipchains in kernel versions 2.2.x –netfilter/iptables in kernel versions 2.4.x netfilter is the kernel module while iptables is the user space configuration tool

Firewalls in Linux (cont.) We are going to describe netfilter/iptables that refers to the modern kernel versions 2.4.x Iptables command allows a rich and complex IP filtering rule definition E.g. iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT This command install an IP filter that accepts new incoming connections to TCP port 22 (the ssh service) on our local system.

Firewalls in Linux (cont.) A set of rules defined by iptables is called chain and is applied to all packets transmitted or received There are three system chains defined by kernel: –INPUT: Applies to packets received –OUTPUT: Applies to packets send –FORWARD: Applies to all the packets that are routed from one network interface (net card) of the system to an other. Helpful when system works as router or gateway

Firewalls in Linux (cont.) Actions that can be performed from rules include: –ACCEPT: Accepts the packet –DROP: Drops the packet, i.e. refusing transmitting or receiving it –The default action can be configured to be either ACCEPT or DROP netfilter also allows performing: –Packet Logging –Network Address Translation (NAT) aka IP masquerading

Firewalls in Linux (cont.) Each Linux Distribution takes a slightly different approach on managing firewall In RedHat-based distros all the rules are stored in /etc/sysconfig/iptables You first specify the rules using the iptables command and the you save them typing as root: –/sbin/service iptables save

Firewalls in Linux (cont.) # Set default policy on the INPUT chain to DROP. # -P sets the default action of the specified chain, so here #DROP the packets of INPUT chain iptables -P INPUT DROP # ACCEPT all packets that have come from the loopback interface, that # is, from the local host. '-i lo' identifies the loopback interface. iptables -A INPUT -i lo -j ACCEPT -j here stands for “jump” meaning that if a packet matches the rules then processing will jump to what follows. The options after –j are: ACCEPT: Allow the transmission of the packet DROP: Drop the packet QUEUE: Pass the packet to a program for processing RETURN: Returns the packet to the end of rule chain

Firewalls in Linux (cont.) # ACCEPT packets belonging to an existing (ESTABLISHED,RELATED) connection.'-A INPUT' is used to append to the INPUT chain. '-m state' uses the stateful inspection module. iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # ACCEPT new incoming FTP connections from /24. iptables -A INPUT -m state --state NEW -m tcp -p tcp -s /24 \ --dport 21 -j ACCEPT

Firewalls in Linux (cont.) You can see the list of rule currently applied on the system by typing: –iptalbes –L -v

Reference – Using the iptables