Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Linux Operating System

Published byRosalyn Green Modified over 6 years ago

Similar presentations

Presentation on theme: "The Linux Operating System"— Presentation transcript:

1 The Linux Operating System
Tonga Institute of Higher Education The Linux Operating System Lecture 8: Security

2 Security in Linux Anyone who has a server that is connected full-time to the Internet has to be concerned with security. There are many aspects to having a secure network and a system. But a well-maintained Linux system is the first line of defence to stop hackers (people who want to break into computers and get root access). The most important thing you can run to protect your computer and network is a firewall. If you do not have dedicated hardware for a firewall (which can sometimes be expensive), then a Linux server is a good alternative . It can act as a firewall for you and your network

3 Linux Firewalls: Iptables
Iptables are a way to control how your computer deals with network data. It is built into the Linux kernel and is a replacement for an older firewall program called ipchains. Iptables can work as more than just a firewall, it is actually a way to handle data packets that come in. It can also limit how fast connections are made. It can log all network activity and it can also work as a router, connecting your private network to the Internet.

4 Iptables For Iptables to work as a firewall, we will be most concerned with 'packet filtering' or how iptables can handle different packets that come into the computer All traffic through a network is sent in the form of packets, so that whatever you are getting is broken into smaller pieces The start of each packet says where it's going, where it came from, the type of the packet, and other details. Some protocols, such as TCP, which is used for web traffic, mail, and remote logins, use the concept of a `connection' -- before any data packets are actually sent, various setup packets (with special headers) are exchanged saying `I want to connect', `OK' and `Thanks'. Then normal packets are exchanged.

5 Packet Filtering A packet filter is a piece of software which looks at the header of packets as they pass through, and decides the fate of the entire packet. It might decide to deny the packet (discard the packet and pretend it had never received it), accept the packet ( let the packet go through), or reject the packet (like deny, but tell the source of the packet that it has done so). Linux does all this with Iptables, a program that works inside the kernel to look at all packets coming in and out and deciding, based on rules you tell it, what to do with the packet

6 Iptables The Iptables packet filters are set up to look at three types of packets, ones that are FORWARDED, ones that are INPUT and ones that are OUTPUT. Forwarded – these are for packets from your local network that want to be sent to the Internet. This is when Linux will work like a router (sending data from one network to another) Input – these are packets that are coming into your computer from the outside world to do something. They might be dangerous Output – these are packets that are made from your computer and are being sent to the Internet

7 Iptables Iptables should be running when you start the computer. To see the rules currently inside of it, type root]# iptables -L Iptables doesn't save it's rules, which means if you make a change to it, you'll have to save it yourself. There are two programs that help you do this, first is iptables-save. This program will output all the rules that you can save to a file Then there is a program called iptables-restore which will take rules from a file. Examples: root]# iptables-save > table.rules root]# cat table.rules | iptables-restore

8 Looking at a rule Rules are the most important part of packet filtering. Most commonly, you will use the append (-A) and delete (- D) commands when you add new rules Each rule specifies a set of conditions the packet must meet, and what to do if it meets them (a `target'). For example, you might want to drop all ICMP packets coming from the IP address So in this case our conditions are that the protocol must be ICMP and that the source address must be Our target is `DROP'. root]# iptables -A INPUT -s p icmp -j DROP

9 Looking at a Rule root]# iptables -A INPUT -s p icmp -j DROP -A INPUT - says to look at packets coming into the computer. -s – says if the packets come from this IP address -p icmp – says if the packet is using the ICMP protocol -j DROP – says then drop this packet if it matches the other criteria You can also delete this rule if you want by changing - A INPUT to -D INPUT root]# iptables -D INPUT -s p icmp -j DROP

10 Rule Specifics Source and Destination – You can filter packets based on where they come from and where they are going. Use the option '-s source' where 'source' is an IP address or hostname root]# iptables -A INPUT -s j DROP Use the option '-d destination' where 'destination' is an IP address or hostname root]# iptables -A INPUT -d j ACCEPT

11 Rule Specifics Protocol – You can filter packets based on what protocol they are using (TCP,ICMP,UDP, etc) Use the option '-p protocol' where 'protocol' is tcp, icmp, udp root]# iptables -A INPUT -d p tcp -j DROP If you're using the 'tcp' protocol, you can even block based on port (that means you can stop people from using ftp or your webserver if you don't want them to). Example below drops packets from that are coming to port 80 (webserver) and using TCP root]# iptables -A INPUT -s p tcp -dport 80 -j DROP

12 Rule Specifics You also have three choices with what to do with the packet of data. ACCEPT – This will allow the packet to go through your computer Example: iptables -A INPUT -s j ACCEPT DROP – This will stop the packet from coming through and pretend it never saw it. It will not notify the sender that the packet was dropped. So the computer trying to send the data will not think the computer is on the network Example: iptables -A INPUT -s j DROP REJECT – This will stop the packet and tell the sender they were rejected.

13 Testing out your network
Now that you have a firewall installed, you should test it, to see if it is vulnerable at all There are many programs available that will test check your computer for weaknesses. One of the most popular ways to check is through a “port scanner.” This is a program that will check all the ports on your computer to see what is open. If it finds that port 80 is open, then it knows you are running a webserver. The most popular of these is called “nmap” and it will provide a lot of useful information about the computer you are testing

14 Nmap You may need to download and install nmap, because it is not always included Example port scan of google.com root]# nmap -sS -O google.com Interesting ports on (The 1622 ports scanned but not shown below are in state: closed) Port State Service 80/tcp open http This means that port 80 is open and it is running a webserver, but that is it. All other ports are closed. Thus, unless there is a problem with their webserver, they will be pretty safe from hackers

15 Security Scanners A “port-scanner” is a good first step to test your network, but a security scanner will really test out things. The most popular security scanner is called Nessus. It will look at whatever computer you tell it to check out and find out everything about it. It will look at what version of what service you have running to see if there are vulnerabilities for that. It will also tell you what to do to fix the problem and often times tell you how to exploit a security hole These tools are often used by hackers themselves to find if a computer is vulnerable

16 Watching your network If something is happening to your computer, it's good to have a few tools that can help tell you where data is coming from and where it is going One program, called “iptraf” will show all incoming and outgoing data and the ports they are using. Can be helpful to determine which computer on a network is acting up Another program called “etherape” shows graphically all the data on your network and so you can see who is using the most

17 Keeping up to date If you are in charge of a system that is on the internet all the time, it is important to keep your programs and services up to date Vulnerabilities to different programs come out fairly regularly and the companies that make the products will release security fixes. Falling behind for too long will leave your system open to attacks from hackers There are a few good websites to look at to stay up-to-date with security problems

18 Encryption Most network activity happens unencrypted. That means if someone got the data that was being sent, they could see what is inside. Since your data is usually sent over the Internet and around the world, there is a lot of opportunity to see what is happening. To protect yourself from anyone seeing what is happening, you need to use encryption for your data. This means everything will look like garbage to whoever tries to look at it. Encryption in Linux is done through SSL, or Secure- Sockets Layer, which can sit on top of a protocol and change all the data being sent into something no one else can read

19 Using encryption To use encryption, you'll need different programs.
For example, instead of using telnet to log into a server, you should use a protocol called SSH, which gives you the same effect as telnet, but it is secure, because it is encrypted. You need to download a special program to use SSH. The most popular is called PuTTy (if you are using windows. Linux has ssh built in [ ssh tihe.org –l username ] For browsing the web, you can see if it is secure by looking at the URL in the browser. If it contains “ then it is insecure If it contains “ then you know it is secure because it is using a secure version of the HTTP protocol

20 Packet Sniffing To get a better idea of how network communication works, you can use a packet sniffer, which will examine all the packets that come into the computer and also some other packets that are floating around on the network The best packet sniffer is called Ethereal. It is a graphical program that lets you capture packets and then analyze the data that has come in. This means you can see what web pages a person was looking at, or you can see FTP data they sent, or any network data that is being sent. If you are logging in with telnet, someone will be able to see your password and your username right away because it is unecrypted

21 Intrusion Detection There are also programs that help figure out when an attack is happening on your system. These are called IDS, or intrusion detection systems. A popular one is called Snort. It basically examines packets that come in and has a big database of rules that can determine if a special exploit or attack is coming in It will then alert the administrator and take some action You can actually watch a hack in progress with an IDS system set. You'll have to install Snort yourself if you want it, although there is a lot of documentation available

22 Summary Linux security is an ongoing project for all the developers of Linux over the world. Exploits for products are released daily, so keeping your computers safe is challenging Most of the time today, people will not care who the computer belongs to, but they will use it as a launching point to attack other computers. That it way, the computer really being attacked will not know for real, where the attack is coming from Other times, hackers can set up programs that run on your computer and wait for their instructions. For more information about Linux security:

Download ppt "The Linux Operating System"

Similar presentations

1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?

1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?
Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.

Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.

How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.
Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.

Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
A Brief Taxonomy of Firewalls

A Brief Taxonomy of Firewalls
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040)

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
1 Figure 5-4: Drivers of Performance Requirements: Traffic Volume and Complexity of Filtering Performance Requirements Traffic Volume (Packets per Second)

1 Figure 5-4: Drivers of Performance Requirements: Traffic Volume and Complexity of Filtering Performance Requirements Traffic Volume (Packets per Second)
NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.

NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.
The Linux Operating System Lecture 7: Email Tonga Institute of Higher Education.

The Linux Operating System Lecture 7: Tonga Institute of Higher Education.
07/11/2012 www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10.ppt L10/1/63 COM342 Networks and Data Communications Ian McCrumRoom 5B18 Tel: 90 366364 voice.

07/11/ L10/1/63 COM342 Networks and Data Communications Ian McCrumRoom 5B18 Tel: voice.
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
Port Scanning 0x470~0x480 Presenter SangDuk Seo 1.

Port Scanning 0x470~0x480 Presenter SangDuk Seo 1.
SCSC 455 Computer Security Network Security. Control access to system Access control mechanisms in specific network programs  e.g. 1, wu-FTP server support.

SCSC 455 Computer Security Network Security. Control access to system Access control mechanisms in specific network programs  e.g. 1, wu-FTP server support.
Honeypot and Intrusion Detection System

Honeypot and Intrusion Detection System
0Gold 11 0Gold 11 LapLink Gold 11 Firewall Service How Connections are Created A Detailed Overview for the IT Manager.

0Gold 11 0Gold 11 LapLink Gold 11 Firewall Service How Connections are Created A Detailed Overview for the IT Manager.
Linux Networking and Security

Linux Networking and Security

Similar presentations

Ads by Google