Presentation is loading. Please wait.

Presentation is loading. Please wait.

Some Practical Security

Published byTeresa Wells Modified over 6 years ago

Similar presentations

Presentation on theme: "Some Practical Security"— Presentation transcript:

1 Some Practical Security
ngNOG 07 Workshop

2 Main Security Concerns
Confidentiality Keeping our data safe from prying eyes Integrity Protecting our data from loss or unauthorised alteration Authentication and Authorisation Is this person who they claim to be? Is this person allowed to do this? Availability Are our systems working when we need them? (Denial of Service)

3 Basic steps to securing a server
Run only the services you plan on using. Use only the services that are necessary. Stay up-to-date and patch services as needed. Use secure passwords and force your users to use them. Restrict root access to a minimal set of services. Restrict access to services via tcpwrappers if appropriate. Restrict access to your box using IP Firewall services (ipfw). Log events and understand your logs. Install intrusion detection software. Back up your server's data! Think about physical security. Don't forget about your clients.

4 Some useful web links The FreeBSD Handbook Security Section
FreeBSD Website “intrusion detection” Software FreeBSD Security Notifications Mailing List Security Documents from nsrc.org and CERT (Coordinated Emergency Response Team) and SANS Computer Security and Mailing Lists and Nice List of Security Resources for Linux/UNIX Nessus Security Auditing Package

5 Security implications of connecting to the Internet
The Internet lets you connect to millions of hosts but they can also connect to you! Many points of access (e.g. telephone, cyber-cafe) even if you can trace an attack to a point on the Internet, the real source may be untraceable Your host runs many Internet services many potential points of vulnerability many servers run as "root" !

6 Network-based attacks
Passive attacks e.g. packet sniffers, traffic analysis (dsniff) Active attacks e.g. connection hijacking, IP source spoofing, exploitation of weaknesses in IP stack or applications Denial of Service attacks e.g. synflood “Man in the middle” attacks Hijacking services Attacks against the network itself e.g. smurf

7 Other common attacks Brute-force and Dictionary attacks (password guessing) Viruses Trojan horses (in the form of s). Humans are often the weakest link "Hi, this is Bob, what's the root password?"

8 Authentication: Passwords
Can be guessed If too complex, users tend to write them down If sent unencrypted, can be "sniffed" from the network and re-used

9 Choosing good passwords
Combinations of upper and lower-case letters, numbers and symbols 'brute force' attacker has to try many more combinations Not in any dictionary, including hackers dictionaries $40&yc4f "Money for nothing and your chicks for free" wsR!vst? "workshop students aRe not very sleepy today ?"

10 Authentication: Host name
Very weak DNS is easily attacked (e.g. by loading false information into cache) Slight protection by ensuring that reverse and forward DNS matches e.g. Connection received from Lookup > noc.ws.afnog.org Lookup noc.ws.afnog.org -> This is why many sites won't let you connect unless your forward and reverse matches

11 Cryptographic methods
Can provide REALLY SECURE solutions to authentication, privacy and integrity Some are hard to implement, many different tools, usually requires special clients, but becoming much more widespread. Export and usage restrictions (less of a problem these days) Take care to understand where weaknesses lie, like “Man in the Middle”, “entropy with random numbers”, etc.

12 Simple combinations The lock on your front door can be picked
Two locks are better than one The thief is more likely to try somewhere else

13 IP source address AND password authentication
You can use "tcp wrappers" (/etc/hosts.allow) to add IP source authentication to any service run from inetd For info and examples: man 5 hosts_access The application also typically has password authentication

14 Exercise Enable telnet (note: bad idea!)
Uncomment telnet ... tcp line in /etc/inetd.conf killall -1 inetd Check other people can telnet to your machine Now restrict access to only yourself and your neighbour Add two lines to top of /etc/hosts.allow telnetd : , : allow telnetd : ALL : deny Get someone on a different row to try to telnet to you What happens if you telnet to ?

15 UNDERSTAND what you're doing
A bad security solution is worse than no security at all Know what you're doing Read all the documentation Read sample configurations Build test machines Ask questions Join the announcements mailing list for your O/S and applications Test what you've done Try connecting from outside your network Try circumventing your own rules For instance: Windows vs. UNIX. Securing a box.

16 Practical UNIX security
As part of the books for this class you've been given: Practical Unix & Internet Security, 3rd Edition There are many other useful publications at: Be sure to take advantage of this book to learn about the philosophy of security, particularly in the UNIX world.

17 Summary Disable all services which are not needed
Apply security patches promptly; join the announcement mailing lists Good password management Combine passwords with IP access controls where possible Use cryptographic methods where possible Understand what it is that you are doing!

Download ppt "Some Practical Security"

Similar presentations

Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.

Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.
Winter 20021 CMPE 155 Week 7. Winter 20022 Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.

Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Raw Sockets CS-480b Dick Steflik Raw Sockets Raw Sockets let you program at just above the network (IP) layer You could program at the IP level using.

Raw Sockets CS-480b Dick Steflik Raw Sockets Raw Sockets let you program at just above the network (IP) layer You could program at the IP level using.
James Tam Computer Security Concepts covered Malicious computer programs Malicious computer use Security measures.

James Tam Computer Security Concepts covered Malicious computer programs Malicious computer use Security measures.
Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.

Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.

Assessing the Threat How much money is lost due to cyber crimes? –Estimates range from $100 million to $100s billions –Why the discrepancy? Companies don’t.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Threats to I.T Internet security By Cameron Mundy.

Threats to I.T Internet security By Cameron Mundy.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj

Kittiphan Techakittiroj (04/09/58 19:56 น. 04/09/58 19:56 น. 04/09/58 19:56 น.) Network Security (the Internet Security) Kittiphan Techakittiroj
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
E0: Unix System Administration AfNOG 2006 Nairobi, Kenya Security introduction Brian Candler Presented by Hervey Allen.

E0: Unix System Administration AfNOG 2006 Nairobi, Kenya Security introduction Brian Candler Presented by Hervey Allen.
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

Similar presentations

Ads by Google