CIS 290 LINUX Security Basic Network Security “Chroot Jail”

Slides:

Advertisements

Similar presentations

Google hacking & optimizing search results Faris Aloul November 2011.

Advertisements

Linux Security An overview notes from Linux Network Security HowTO.

Design Aspects. User Type the URL address on the cell phone or web browser Not required to login.

07 December 2009Slide 1 of 1207 December 2009Slide 1 of 12 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.

07 December 2009Slide 1 of 9 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

Hacking Unix/Linux.

Voyager Server Security and Monitoring Best practices and tools.

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.

Linux System Administration LINUX SYSTEM ADMINISTRATION.

Getting on the Web CCSD Technology Team. Post a page to the Web using a simple file transfer process Goal: Process: Create a Web page using Microsoft.

Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.

Penetration Testing Training Day Capture the Flag Training.

GOOGLE HACKING FOR PENETRATION TESTERS Chris Chromiak SentryMetrics March 27 th, 2007.

Computation for Physics 計算物理概論 Introduction to Linux.

An introduction to Apache. Different Types of Web Servers Apache is the default web server for may Unix servers. IIS is Microsoft’s default web server.

Copyright Security-Assessment.com 2005 Exposing Web Vulnerabilities The State of Web Application Security by Nick von Dadelszen.

VsFTP in Linux. Introduction to FTP The File Transfer Protocol (FTP) is used as one of the most common means of copying files between servers over the.

Course code: ABI 204 Introduction to E-Commerce Chapter 3: WEB BASED TOOLS FOR E-COMMERCE AMA University.

SAMBA Integrating Linux and Window. What is Samba? Free suite of programs that enables flavors of UNIX to work with other operating systems such as OS/2.

2/19/2003 Lecture 3 Computer System Administration Lecture 3 Setup (continued)

Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.

ITI-481: Unix Administration Meeting 3. Today’s Agenda Hands-on exercises with booting and software installation. Account Management Basic Network Configuration.

Network Security: Lab#3 Transport-Level Security Tools J. H. Wang May 12, 2011.

Hour 7 The Application Layer 1. What Is the Application Layer? The Application layer is the top layer in TCP/IP's protocol suite Some of the components.

FTP for Windows How to get ftp to work in Windows -Navigate to control panel -> programs and features -On the left side click on Turn Windows features.

Advanced Unix Chapter 14. Network Tools There are many, many network tools that come with a standard Linux installation. There are many, many network.

Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.

Copyright Security-Assessment.com 2005 GoogleMonster Using The Google Search Engine For Underhand Purposes by Nick von Dadelszen.

Website Development & Management Going Live with Web Pages (a) CIT Fall Instructor: John Seydel, Ph.D.

CIS 193A – Lesson4 Bastille Hardening a System. CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden.

Linux Security. Module 13 – Linux Security ♦ Overview Linux is more prone today to security loopholes and attacks, both inside and outside the network.

Core System Services. INIT Daemon The init process is the patron of all processes. first process that gets started in any Linux/ UNIX -based system.

Secure Authentication A Brief Overview PacNOG I Workshop June 22, 2005 Nadi, Fiji Hervey Allen.

HTML, Third Edition--Illustrated Brief 1 HTML, Third Edition Illustrated Brief Unit A Creating an HTML Document.

Internet Services.  Basically, an Internet Service can be defined as any service that can be accessed through TCP/IP based networks, whether an internal.

Host Security Overview Onion concept of security Defense in depth How secure do you need to be? You can only reduce risk Tradeoffs - more security means:

Database Security David Nguyen. Dangers of Internet  Web based applications open up new threats to a corporation security  Protection of information.

Organisations and Data Management 1 Data Collection: Why organisations & individuals acquire data & supply data via websites 2Techniques used by organisations.

Unix network Services. Configuring a network interface In Unix there are essentially two commands that are used to enable TCP/IP. ifconfig route.

WEB SERVER SOFTWARE FEATURE SETS

Configuring and Deploying Web Applications Lesson 7.

Website Design:. Once you have created a website on your hard drive you need to get it up on to the Web. This is called "uploading“ or “publishing” or.

Google Hacking University of Sunderland CSEM02 Harry R Erwin, PhD Peter Dunne, PhD.

Application of the Internet 1998/12/09 KEIO University, JAPAN Mikiyo

Unit – 5 FTP Server. FTP Introduction One of the oldest and most commonly used protocols The original specification for the File Transfer Protocol was.

Enumeration. Definition Scanning identifies live hosts and running services Enumeration probes the identified services more fully for known weaknesses.

Web Design Terminology Unit 2 STEM. 1. Accessibility – a web page or site that address the users limitations or disabilities 2. Active server page (ASP)

Using Networks. Assignment Issues find syntax Permissions HW4 3c /proc vs /tmp vs /var.

Modern information gathering Dave van Stein 9 april 2009.

Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.

Google Hacking: Tame the internet Information Assurance Group 2011.

Why Invest in FTP? Shipping Out-of-Band What FTP 7 Provides What FTP 7 Doesn't Provide Demonstrations Other FTP 7 Improvements.

Company LOGO Search Engine Hacking Steve at SnakeOilLabs dot com.

Tools We Are Going To Use

PRESENTED BY ALI NASIR BITF13M040 AMMAR HAIDER BITF13M016 SHOIAB BAJWA BITF13M040 AKHTAR YOUNAS BITF13M019.

Linux Security Tools Keeping your servers safe Ubuntu NY Local Community Team Carl Schmidtmann Faultline Network Solutions, Inc.

Linux Basics Part 2. VIM Editor vi improved Installed on most Linux machines Can be a bit confusing at first... o Cheat sheets FTW Other popular editors:

Web Technology Seminar

Chapter 9 Router Configuration (Ospf, Rip) Webmin, usermin Team viewer

Linux Networking Tools

Hacking Unix/Linux.

FTP - File Transfer Protocol

Aplikasi Jaringan.

CompTIA Server+ Certification (Exam SK0-004)

The Linux Command Line Chapter 16

IS 4506 Server Configuration (HTTP Server)

LINUX SYSTEM ADMINISTRATION

Welcome to all Participants

Google Hacking Damian Gordon.

Presentation transcript:

CIS 290 LINUX Security Basic Network Security “Chroot Jail”

Network services Determine open services: netstat –tulpn -OR- nmap -sT -O localhost Disable with chkconfig. And/or remove software. Use TCP_WRAPPERS (xinetd) Configure iptables Remove Xwindows: yum groupremove "X Window System“ Set initdefault to runlevel 3 No cleartext services HTTP, TELNET, FTP, rcmd, (see gov’t requirements) - use SSH, SSL, SFTP. Restrict NFS/CIFS to local networks only. Basic tools: ping, traceroute, netstat, nmap, netcat (nc) telnet

Chroot jail Isolate user process within a “virtual” root file system. Similar to web “virtual document root” or vsftpd “chroot_local_user=YES”. As root: chroot Trick is to automate the process for user login, file transfer (sftp) or specific applications. Most daemon processes have their own “chroot” methodology. Not as secure, less isolating as LINUX containers or Solaris zones (CIS 228) for specific application environnments.

Google Hacking We can use a standard Google search to find interesting pages such as indexes. - “index of /etc” - “index of /etc” passwd - “index of /etc” shadow Google allows us to do more than just simple searching using advanced operators E.g. – filetype: – inanchor: – intext: – intitle: – inurl: – site:

Using Advanced Operators We can now search in the Title field for indexed pages: intitle:index.of./etc passwd intitle:index.of./etc shadow We can use the filetype: operator: password filetype:xls filetype:config web.config -CVS filetype:mdb users.mdb Combining Operators filetype:eml eml +intext:"Subject" +intext:"From" +intext:"To“ "# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-" inurl:service.pwd

Google Hacking Database (GHDB) Thousands of search URL’s Javascript: entries very powerful Enter Wikto – Web Server Assessment Tool - Back-end Miner - Nikto-like functionality - Googler file searcher - GoogleHacks GHDB tester