Linux Security 資管研究生劉順德. Outline General Security –Account –Local –Network –Patch Services Security –Sendmail –BIND/DNS –Apache –FTP Recent Linux security.

Slides:

Advertisements

Similar presentations

Michelle J. Gosselin, Jennifer Schommer Guanzhong Wang.

Advertisements

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

Linux’ Security Haifa Linux Club Orr Dunkelman.

Linux Security An overview notes from Linux Network Security HowTO.

Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 實驗十：以 Linux 架設 Internet/Intranet 伺服器教師：助教：. 2 Outline  Background  Linux system  Popular Internet services  Internet services  Internet  HTTP.

Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.

Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.

Enterprise Network Security Accessing the WAN Lecture week 4.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Intrusion Prevention System Group 6 Mu-Hsin Wei Renaud Moussounda Group 6 Mu-Hsin Wei Renaud Moussounda.

Computer Security for Student-Administered Computers.

1 COP 4343 Unix System Administration Unit 16: file server – samba.

Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.

2440: 141 Web Site Administration Remote Web Server Access Tools Instructor: Enoch E. Damson.

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.

1 Web Server Administration Chapter 9 Extending the Web Environment.

Copyright© 2003 Avaya Inc. All rights reserved Upgrade to Communication Manager 2.0 with Migration to Linux 8.0 Purpose: This presentation was prepared.

Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.

SAMBA Integrating Linux and Window. What is Samba? Free suite of programs that enables flavors of UNIX to work with other operating systems such as OS/2.

OS Hardening Justin Whitehead Francisco Robles. ECE Internetwork Security OS Hardening Installing kernel/software patches and configuring a system.

Linux Services Muhammad Amer. 2 xinetd Programs  In computer networking, xinetd, the eXtended InterNET Daemon, is an open-source super-server daemon.

Dr. Mustafa Cem Kasapbaşı Security in ASP.NET. Determining Security Requirements Restricted File Types.

Linux Networking Security Sunil Manhapra & Ling Wang Project Report for CS691X July 15, 1998.

Linux Networking and Security

Internet Business Foundations © 2004 ProsoftTraining All rights reserved.

IT Audit 2006 Deborah Joyner, Marjorie Tucker, Kay Simpson, Dawn Rountree, Kathy Jones.

File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.

Internet Services.  Basically, an Internet Service can be defined as any service that can be accessed through TCP/IP based networks, whether an internal.

Linux Services Configuration

Host Security Overview Onion concept of security Defense in depth How secure do you need to be? You can only reduce risk Tradeoffs - more security means:

Unix network Services. Configuring a network interface In Unix there are essentially two commands that are used to enable TCP/IP. ifconfig route.

Web Technology – Web Server Setup : Chris Uriarte Meeting 4: Advanced Topics, Continued: Securing the Apache Server and Apache Performance Tuning Rutgers.

Basic Service & Settings xclin. Computer Center, CS, NCTU 2 If you want to transfer a file…

Remote Access Usages. Remote Desktop Remote desktop technology makes it possible to view another computer's desktop on your computer. This means you can.

VIRTUAL HOSTING WITH PureFTPd And MYSQL (Quota And Bandwidth Management) BY Odoh Kenneth Emeka Sun Yu Patrick Appiah.

Unit – 5 FTP Server. FTP Introduction One of the oldest and most commonly used protocols The original specification for the File Transfer Protocol was.

Enumeration. Definition Scanning identifies live hosts and running services Enumeration probes the identified services more fully for known weaknesses.

Windows Administration How to protect your computer.

Day 15 Apache. Being a web server Once your system is correctly connected to the network, you could be a web server. –When you go to a web site such as.

Web Server Security: Protecting Your Pages NOAA OAR WebShop 2001 August 2 nd, 2001 Jeremy Warren.

IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

NETWORK SECURITY LAB 1170 REHAB ALFALLAJ CT1406. Introduction There are a number of technologies that exist for the sole purpose of ensuring that the.

Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.

PRESENTED BY ALI NASIR BITF13M040 AMMAR HAIDER BITF13M016 SHOIAB BAJWA BITF13M040 AKHTAR YOUNAS BITF13M019.

Ssh: secure shell.

Introduction to Operating Systems

Working at a Small-to-Medium Business or ISP – Chapter 8

COP 4343 Unix System Administration

LINUX ADMINISTRATION

Hacking Unix/Linux.

IBM Software Group | Tivoli Brand Software

Managing Software.

FTP - File Transfer Protocol

Web Server Administration

IS3440 Linux Security Unit 6 Using Layered Security for Access Control

Information Security Session October 24, 2005

Haifa Linux Club Orr Dunkelman

Configuring Internet-related services

Information Security Awareness

Linux Security.

Designing IIS Security (IIS – Internet Information Service)

Test 3 review FTP & Cybersecurity

Presentation transcript:

Linux Security 資管研究生劉順德

Outline General Security –Account –Local –Network –Patch Services Security –Sendmail –BIND/DNS –Apache –FTP Recent Linux security information –Linux worm

General Security Account –The password length –Set login time out for root account –Special account –Blocking anyone to su to root

General Security Local –Find all files with SUID/SGID bit enabled –Local login access control –More control on mounting a file system –Fix the permissions under “/etc/rc.d/init.d” –Resource limits –Integrity Checking

General Security Network –Use xinetd An program to replace inetd and tcp wrapper –Routing Protocol Disable source routing –Enable TCP SYN Cookie Protection Echo 1> /proc/sys/net/ipv4/tcp_syncookies –Clear issue file

Patch –Patch information : –Download ftp://updates.redhat.com/ –Integrity Check rpm –checksig –Install : Rpm –Uvh General Security

Securing Sendmail The Sendmail restricted shell “smrsh” The “/etc/aliases” file Prevent your sendmail being abused by unauthorized users Restrict who may examine the queue’s contents Set the immutable bit on important sendmail files

Securing BIND/DNS Running BIND/DNS in a chroot jail

Securing Apache Change some inportant permission file and directories of your web server Automatic indexing Create the.dbmpasswd password file for users authentication Immunize important configuration file like “httpd.conf” Running apache in a chroot jail Configuration of the new “/etc/logrotate.d/apache” file

Securing FTP server The ftpusers file The anonymous FTP program The upload command The special file “.notar” The noretrieve command

Recent Linux security information Linux worm –Radmen (infect Redhat6.2 & 7.0) –Lion (infect Bind 8.2.x ) The Same features –According an Vulnerability to attack –The same work flow

Syn scan Logging ip attack ftp

Reference Securing and Optimizing RedHat Linux Maximum Linux security Linux security How-To