Linux+ Guide to Linux Certification, Second Edition Chapter 15 Configuring Network Services and Security.

Slides:



Advertisements
Similar presentations
Enabling Secure Internet Access with ISA Server
Advertisements

1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.
Linux+ Guide to Linux Certification, Second Edition
SYSTEM ADMINISTRATION Chapter 19
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
Nassau Community College
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.
Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.
Linux+ Guide to Linux Certification, Second Edition Chapter 3 Linux Installation and Usage.
Layer 7- Application Layer
Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.
Hands-On Microsoft Windows Server 2003 Administration Chapter 9 Administering DNS.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.
Click to edit Master subtitle style Chapter 17: Troubleshooting Tools Instructor:
1 Enabling Secure Internet Access with ISA Server.
Windows Server 2008 Chapter 8 Last Update
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Installing Samba Vicki Insixiengmay Jonathan Krieger.
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 7 Connect the SUSE Linux Enterprise Server to the Network.
Linux+ Guide to Linux Certification, Third Edition
Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.
11 NETWORK PROTOCOLS AND SERVICES Chapter 10. Chapter 10: Network Protocols and Services2 NETWORK PROTOCOLS AND SERVICES  Identify how computers on TCP/IP.
Module 7: Configuring TCP/IP Addressing and Name Resolution.
Linux+ Guide to Linux Certification Chapter Three Linux Installation and Usage.
Name Resolution Domain Name System.
Linux+ Guide to Linux Certification, Third Edition
Chapter 10 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain how the functions of the application layer,
Windows Server 2008 R2 Domain Name System Chapter 5.
1 Network File Sharing. 2 Module - Network File Sharing ♦ Overview This module focuses on configuring Network File System (NFS) for servers and clients.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 12: Routing.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 7: Domain Name System.
1 Linux Basics for Networking. 2 Module - Linux Basics for Networking ♦ Overview This module focuses on the basics of networking using Redhat Enterprise.
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
SUSE Linux Enterprise Desktop Administration Chapter 12 Administer Printing.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 6: Name Resolution.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 6: Name Resolution.
Samba Advanced System Administration Course James Lwali University computing Centre Ltd, University of Dar es salaam,
Linux+ Guide to Linux Certification Chapter Fifteen Linux Networking.
Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.
Guide to Linux Installation and Administration, 2e1 Chapter 2 Planning Your System.
Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.
Hour 7 The Application Layer 1. What Is the Application Layer? The Application layer is the top layer in TCP/IP's protocol suite Some of the components.
Linux Networking Security Sunil Manhapra & Ling Wang Project Report for CS691X July 15, 1998.
1 Linux Networking and Security Chapter 5. 2 Configuring File Sharing Services Configure an FTP server for anonymous or regular users Set up NFS file.
Linux Security. Module 13 – Linux Security ♦ Overview Linux is more prone today to security loopholes and attacks, both inside and outside the network.
1 Linux Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise.
Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
Module 10: Windows Firewall and Caching Fundamentals.
Linux Operations and Administration
Sample DNS configurations. Example 1: Master 'master' DNS and is authoritative for this zone for example.com provides 'caching' services for all other.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Application Layer Functionality and Protocols.
Linux Operations and Administration
Web Server Administration Chapter 4 Name Resolution.
Address Resolution Protocol Yasir Jan 20 th March 2008 Future Internet.
Chapter 4: server services. The Complete Guide to Linux System Administration2 Objectives Configure network interfaces using command- line and graphical.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
Module 3: Enabling Access to Internet Resources
SUBMITTED BY: NAIMISHYA ATRI(7TH SEM) IT BRANCH
IS3440 Linux Security Unit 6 Using Layered Security for Access Control
IIS.
Linux+ Guide to Linux Certification, Third Edition
Windows Name Resolution
Presentation transcript:

Linux+ Guide to Linux Certification, Second Edition Chapter 15 Configuring Network Services and Security

Linux+ Guide to Linux Certification, 2e2 Objectives Identify and configure common network services Configure routing and firewalls Describe the different facets of Linux security Increase the security of a Linux computer Outline measures that can be used to detect a Linux security breach

Linux+ Guide to Linux Certification, 2e3 Network Services Processes that provide some type of valuable service for client computers on network Must identify types and features of network services before they can be configured Important to configure network-related services, such as routing and firewalls

Linux+ Guide to Linux Certification, 2e4 Identifying Network Services Port: Number uniquely identifying a network service –Ensure that packets delivered to proper service –Range from 0 to /etc/services file: Lists ports and associated protocol Well-known port: Ports from 0 to 1024 –Used by common networking services

Linux+ Guide to Linux Certification, 2e5 Identifying Network Services (continued) Table 15-1: Common well-known ports

Linux+ Guide to Linux Certification, 2e6 Identifying Network Services (continued) Internet Super Daemon (xinetd): Initializes and configures many networking services Standalone daemons: Daemons normally started at boot-up –e.g., Apache Web server –Configure themselves without assistance –ntsysv utility can configure most standalone daemons to start in various runlevels

Linux+ Guide to Linux Certification, 2e7 Identifying Network Services (continued) Figure 15-1: Interacting with network services

Linux+ Guide to Linux Certification, 2e8 Configuring Common Network Services Table 15-2: Common network services

Linux+ Guide to Linux Certification, 2e9 Configuring Common Network Services (continued) Table 15-2 (continued): Common network services

Linux+ Guide to Linux Certification, 2e10 Configuring Common Network Services (continued) Table 15-2 (continued): Common network services

Linux+ Guide to Linux Certification, 2e11 Configuring Common Network Services (continued) Table 15-2 (continued): Common network services

Linux+ Guide to Linux Certification, 2e12 Configuring Common Network Services (continued) Table 15-2 (continued): Common network services

Linux+ Guide to Linux Certification, 2e13 Configuring DNS Zone: Portion of DNS administered by one or more DNS servers Forward lookup: FQDN resolved to IP address Reverse lookup: IP address resolved to FQDN

Linux+ Guide to Linux Certification, 2e14 Configuring DNS (continued) Figure 15-2: The DNS lookup process

Linux+ Guide to Linux Certification, 2e15 Configuring DNS (continued) Iterative query: Resolved without use of top-level DNS servers Recursive query: Resolved with the use of top-level DNS servers DNS cache file: Contains IP addresses of top-level DNS servers

Linux+ Guide to Linux Certification, 2e16 Configuring DNS (continued) Master or primary DNS server: Contains read/write copy of zone Slave or secondary DNS server: Contains read- only copy of zone Zone transfer: Copying zone resource records from master to slave DNS server

Linux+ Guide to Linux Certification, 2e17 Configuring DNS (continued) Table 15-3: Common zone configuration files

Linux+ Guide to Linux Certification, 2e18 Configuring DNS (continued) Table 15-3 (continued): Common zone configuration files

Linux+ Guide to Linux Certification, 2e19 Configuring DHCP Send DHCP broadcast on network –Request IP configuration information DHCP server leases IP address to client computer for a period of time –Ensures each client has unique IP address /etc/dhcpd.conf file: Configure computer as a DHCP server –List appropriate IP address range for network

Linux+ Guide to Linux Certification, 2e20 Configuring Apache Most common Web server Document root directory: Stores default HTML content for a Web server –/var/www/html on Fedora Linux –Default document is index.html /etc/httpd/conf/httpd.conf: Default configuration file Directive: Line within a configuration file

Linux+ Guide to Linux Certification, 2e21 Configuring Apache (continued) Table 15-4: Common httpd.conf directives

Linux+ Guide to Linux Certification, 2e22 Configuring Samba SaMBa daemon: Emulates SMB protocol Windows computers advertise computer names using NetBIOS protocol –Can use NetBIOS name daemon to create and advertise NetBIOS name Connect Windows computers to Linux server smbpasswd command: Generate Samba passwords

Linux+ Guide to Linux Certification, 2e23 Configuring Samba (continued) /etc/samba/smb.conf: Default Samba configuration file /etc/rc.d/init.d/smb start: Start Samba and NetBIOS name daemons –Restart if smb.conf changed

Linux+ Guide to Linux Certification, 2e24 Configuring NFS Create directory containing information to share Edit /etc/exports file: –Add line listing directory to be shared and options Run exportfs –a –Update list of exported filesystems Restart the NFS processes

Linux+ Guide to Linux Certification, 2e25 Configuring FTP Very secure FTP daemon (vsftpd): Packaged with Fedora Linux To configure (assuming logon as “user1”): –Create directory below user1’s home directory to host the files Ensure user1 owns directory –Run /etc/rc.d/init.d/vsftpd start Start vsftpd daemon

Linux+ Guide to Linux Certification, 2e26 Configuring NIS Network Information Service (NIS): Coordinate common configuration files across several computers –Computers belong to a NIS domain, use NIS map to access configuration information –Most commonly used for password databases

Linux+ Guide to Linux Certification, 2e27 Configuring NIS (continued) Define the NIS domain via domainname command Add “ NISDOMAIN=‘NIS_domain’ ” to /etc/sysconfig/network file –Configure NIS domain at boot time Add “domain server ” to /etc/yp.conf file –Query specific NIS server

Linux+ Guide to Linux Certification, 2e28 Configuring the Secure Shell Daemon Secure Shell daemon (sshd): Allows use of ssh utility to log in to network servers /etc/ssh/sshd_config file: Contains configuration options Uses challenge-response authentication by default

Linux+ Guide to Linux Certification, 2e29 Configuring the Secure Shell Daemon (continued) Supported encryption standards: –Triple Data Encryption Standard (3DES) –Advanced Encryption Standard (AES) –Blowfish –Carlisle Adams Stafford Tavares (CAST) –ARCfour

Linux+ Guide to Linux Certification, 2e30 Routing and Firewall Services Network services not provided entirely by network daemons –Provided by Linux kernel –Do not listen to a particular port

Linux+ Guide to Linux Certification, 2e31 Routing Route table: Indicates which networks are connected to network interfaces Route command: Manipulate the route table Multihomed hosts: Computers with multiple network interfaces IP forwarding: Forwarding TCP/IP packets between networks Routing: Forwarding data packets between networks

Linux+ Guide to Linux Certification, 2e32 Routing (continued) Enabling routing: –Place number 1 in /proc/sys/net/ipv4/ip_forward file –Place “net.ipv4.ip_forward = 1” in /etc/sysctl.conf file

Linux+ Guide to Linux Certification, 2e33 Routing (continued) Large networks may have several routers route add command: Add entries to route table route del command: Remove entries from route table Can use ip command to add entries to route table

Linux+ Guide to Linux Certification, 2e34 Routing (continued) Figure 15-3: A sample routed network

Linux+ Guide to Linux Certification, 2e35 Routing (continued) Contents of route table lost when computer powered off –Add to /etc/rc.d/rc.local file Most routers configured with a default gateway –For packets addressed to destinations not in route table traceroute command: Troubleshoot routing –Displays routers between current and remote computer

Linux+ Guide to Linux Certification, 2e36 Firewall Services netfilter/iptables: Used to create a firewall –Discard network packets according to chains of rules Chains: Specify general type of network traffic to apply rules to Rules: Match network traffic to be allowed or dropped

Linux+ Guide to Linux Certification, 2e37 Firewall Services (continued) Three chain types: –INPUT chain: Incoming packets –FORWARD chain: Packets passing through computer –OUTPUT chain: Outgoing packets iptables command: Creates rules for a chain

Linux+ Guide to Linux Certification, 2e38 Firewall Services (continued) Table 15-5: Common iptables commands

Linux+ Guide to Linux Certification, 2e39 Security Linux systems typically available across networks such as the Internet Should improve local and network security Understand how to detect intruders who breach the system

Linux+ Guide to Linux Certification, 2e40 Securing the Local Computer Limit access to computer itself –Prevent malicious users from accessing files Server closet: Secured room to store servers Remove floppy and CD-ROM devices from workstations Ensure BIOS prevents booting from USB ports

Linux+ Guide to Linux Certification, 2e41 Securing the Local Computer (continued) Ensure BIOS password is set Set boot loader password in LILO or GRUB configuration file Limit access to graphical desktops and shells Minimize root user’s time logged in

Linux+ Guide to Linux Certification, 2e42 Securing the Local Computer (continued) nohup command: Prevents other commands from exiting when parent process killed su (switch user) command: Switch current user account to another sudo command: Perform commands as another user via entries in /etc/sudoers file

Linux+ Guide to Linux Certification, 2e43 Protecting Against Network Attacks Always a possibility that crackers can manipulate a network service Buffer overrun: Network service altered in memory Minimize number of running network services nmap (network mapper) command: Scan ports on network computers –See what network services are running

Linux+ Guide to Linux Certification, 2e44 Protecting Against Network Attacks (continued) Enable encryption on essential network services Ensure network service daemons not run as root user when possible New network service versions usually include fixes for known network attacks –Keep network services up-to-date

Linux+ Guide to Linux Certification, 2e45 Protecting Against Network Attacks (continued) TCP wrapper: Run network daemon with additional security via /etc/hosts.allow and /etc/hosts.deny files Examine permissions for files and directories associated with system and network services

Linux+ Guide to Linux Certification, 2e46 Detecting Intrusion Log files can contain information or irregularities indicating an intrusion Review system log files associated with authentication Pluggable Authentication Module (PAM): Handles authentication requests by daemons –Log file in /var/log/secure

Linux+ Guide to Linux Certification, 2e47 Detecting Intrusion (continued) Check /var/log/wtmp log file –Lists users who receive BASH shells Tripwire: Monitors files and directories Intrusion Detection System (IDS): Detect unauthorized access

Linux+ Guide to Linux Certification, 2e48 Detecting Intrusion (continued) Table 15-6: Common Linux intrusion detection systems