E0: Unix System Administration AfNOG 2006 Nairobi, Kenya Security introduction Brian Candler Presented by Hervey Allen.

Slides:

Advertisements

Similar presentations

Module X Session Hijacking

Advertisements

Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

System Security Scanning and Discovery Chapter 14.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.

How (not) to use your firewall Jurjen N.E. Bos Information Security Consultant.

Raw Sockets CS-480b Dick Steflik Raw Sockets Raw Sockets let you program at just above the network (IP) layer You could program at the IP level using.

James Tam Computer Security Concepts covered Malicious computer programs Malicious computer use Security measures.

Firewalls and Intrusion Detection Systems

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.

Privacy - not readable Permanent - not alterable (can't edit, delete) Reliable - (changes detectable) But the data must be accessible to persons authorized.

Web server security Dr Jim Briggs WEBP security1.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

Information Security Information Technology and Computing Services Information Technology and Computing Services

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

FIREWALL Mạng máy tính nâng cao-V1.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

COEN 252 Computer Forensics

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

The Truth About Protecting Passwords COEN 150: Intro to Information Security Mary Le Carol Reiley.

CERN’s Computer Security Challenge

Some Practical Security AfNOG 2004 Workshop Hervey Allen May 2004 Liberal borrowing from Brian Candler.

COEN 252 Computer Forensics Collecting Network-based Evidence.

Honeypot and Intrusion Detection System

Software Security Testing Vinay Srinivasan cell:

CIS 450 – Network Security Chapter 3 – Information Gathering.

CHAPTER 10 Session Hijacking. INTRODUCTION The act of taking over a connection of some sort, for examples, network connection, a modem connection or other.

1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.

1 CHAPTER 2 LAWS OF SECURITY. 2 What Are the Laws of Security Client side security doesn’t work Client side security doesn’t work You can’t exchange encryption.

Linux Networking and Security

Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.

1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.

CIS 450 – Network Security Chapter 14 – Specific Exploits for UNIX.

CIS 450 – Network Security Chapter 4 - Spoofing. Definition - To fool. In networking, the term is used to describe a variety of ways in which hardware.

Security CS Introduction to Operating Systems.

Topic 5: Basic Security.

BY SYDNEY FERNANDES T.E COMP ROLL NO: INTRODUCTION Networks are used as a medium inorder to exchange data packets between the server and clients.

1 Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise your system.

Security AFNOG 3 Workshop. Main Security Concerns ● Confidentiality ● Keeping our data safe from prying eyes ● Integrity ● Protecting our data from loss.

Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.

Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:

Role Of Network IDS in Network Perimeter Defense.

Intro to Network Security. Vocabulary Vulnerability Weakness that can be compromised Threat A method to exploit a vulnerability Attack Use of one or more.

Chapter 14.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems.

By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.

Lecture 9 Page 1 CS 236 Online Firewalls What is a firewall? A machine to protect a network from malicious external attacks Typically a machine that sits.

Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.

Unix System Administration Based on AfNOG Notes Security Brian Candler Hervey Allen.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Working at a Small-to-Medium Business or ISP – Chapter 8

Instructor Materials Chapter 7 Network Security

Some Practical Security

Secure Software Confidentiality Integrity Data Security Authentication

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

Security introduction

Security in Networking

Firewalls Purpose of a Firewall Characteristic of a firewall

Network hardening Chapter 14.

Session 20 INST 346 Technologies, Infrastructure and Architecture

6. Application Software Security

Presentation transcript:

E0: Unix System Administration AfNOG 2006 Nairobi, Kenya Security introduction Brian Candler Presented by Hervey Allen

Main Security Concerns Confidentiality Keeping our data safe from prying eyes Integrity Protecting our data from loss or unauthorised alteration Authentication and Authorisation Is this person who they claim to be? Is this person allowed to do this? Availability Are our systems working when we need them? (Denial of Service, backups, proper configs)

Security Implications of connecting to the Internet The Internet lets you connect to millions of hosts but they can also connect to you! Many points of access (e.g. telephone, cybercafes, wireless nets, university, work...) Even if you can trace an attack to a point on the Internet, the real source may be untraceable Many "0wned" machines or "bots" from which further attacks are launched Your host runs many Internet services Many potential points of vulnerability Many servers run as "root"! (buffer overflows)

Network-based attacks Passive attacks e.g. packet sniffers, traffic analysis Active attacks e.g. connection hijacking, IP source spoofing, exploitation of weaknesses in IP stack or applications (e.g. Internet Explorer) Denial of Service attacks e.g. synflood Attacks against the network itself e.g. smurf

Other common attacks Brute-force and Dictionary attacks (password guessing, password too complex) Viruses Spyware Trojan horses Humans are often the weakest link "Hi, this is Bob, what's the root password?" Opening infected s

Authentication: Passwords Can be guessed If too complex, users tend to write them down If sent unencrypted, can be "sniffed" from the network and re-used (pop, imap, telnet, webmail)

$40&yc4f "Money for nothing and your chicks for free" wsR!vst? "workshop students aRe not very sleepy today ?" Choosing good passwords Combinations of upper and lower-case letters, numbers and symbols 'brute force' attacker has to try many more combinations Not in any dictionary, including hackers dictionaries

Authentication: Source IP address Not verified by the network (since not used in datagram delivery) Datagrams are easily forged TCP 3-way handshake gives some degree of protection, as long as you can't guess TCP sequence numbers Legitimate example: controlling SMTP relaying by source IP address Any UDP protocol is completely vulnerable e.g. NFS

Authentication: Host name Very weak DNS is easily attacked (e.g. by loading false information into cache) Slight protection by ensuring that reverse and forward DNS matches e.g. Connection received from Lookup > noc.ws.afnog.org Lookup noc.ws.afnog.org -> This is why many sites won't let you connect unless your forward and reverse matches

Cryptographic methods Can provide REALLY SECURE solutions to authentication, privacy and integrity Some are hard to implement, many different tools, usually requires special clients Export and usage restrictions (less of a problem these days) Take care to understand where the weaknesses lie

Simple combinations The lock on your front door can be picked Two locks are better than one The thief is more likely to try somewhere else

IP source address AND password authentication Most applications have password authentication, but some also include their own IP-based access controls Some applications link to "libwrap" (also known as "tcp wrappers") /etc/hosts.allow All services which are started by inetd are covered For info and examples: man 5 hosts_access

Most essential steps Disable all services which are not needed Apply security patches promptly; join the announcement mailing lists Good password management Take special care with 'root' access Combine passwords with IP access controls where appropriate Use cryptographic tools where possible

And don't forget these... Make sure you have current backups! How else will you recover from a break-in? Make sure your machine is physically secure! If someone can walk off with the machine, they can walk off with your data Log files are valuable! May want to consider software which watches them, e.g. swatch, logwatch, logsurfer: tail -f /var/log/messages

More advanced steps Scan your machines from outside nmap, nessus Firewalls apply policy at the network edge assert control at a small number of places very difficult to build a really GOOD firewall of your own not effective if your own users violate security (by downloading viruses, for example) Intrusion Detection Systems (IDS) Token-based authentication

UNDERSTAND what you're doing A bad security solution is worse than no security at all Know what you're doing Read all the documentation Read sample configurations Build test machines Ask questions Join the announcements mailing list for your O/S and applications Test what you've done Try connecting from outside your network Try circumventing your own rules

Some helpful guides The FreeBSD handbook at Chapter 14 on security "Practical Unix & Internet Security" (O'Reilly) Security alert mailing lists, including: ("Bugtraq")