Presentation is loading. Please wait.

Presentation is loading. Please wait.

153 Configuring and Securing ARPA/Berkeley Services Version A.01 H3065S Module 13 Slides.

Published byPatricia Crawford Modified over 9 years ago

Similar presentations

Presentation on theme: "153 Configuring and Securing ARPA/Berkeley Services Version A.01 H3065S Module 13 Slides."— Presentation transcript:

1 153 Configuring and Securing ARPA/Berkeley Services Version A.01 H3065S Module 13 Slides

2 © 1999 Hewlett-Packard Co. H3065S A.01 154 Internet Services Overview a673141 Capability ARPA Berkeley Dynamic routing gated Time synchronizationNTP Remote bootBOOTP Terminal access telnetrlogin File transfer ftp, tftprcp Remote command execution remsh, rexec Electronic mailSMTPsendmail (uses SMTP) Interprocess communicationSockets Network information rwho, ruptime, finger Name serviceBIND Remote printing printer ( rlpdaemon )

3 © 1999 Hewlett-Packard Co. H3065S A.01 155 Internet Service Clients and Servers a673142 Servers provide a service. Clients use a service. # rlogin gary roger gary rlogind

4 © 1999 Hewlett-Packard Co. H3065S A.01 156 Starting Internet Services via /sbin/rc a673143 /sbin/init.d/* /sbin/rc2.d/S* Execution Scripts gated inetd named rwhod xntpd sendmail Configuration Files /etc/rc.config.d/netconf /etc/rc.config.d/netdaemons Linked to /sbin/rc /sbin/init /etc/rc.config.d/mailservs /etc/rc.config.d/namesvrs

5 © 1999 Hewlett-Packard Co. H3065S A.01 157 Starting Internet Services via inetd a673144 inetd $ telnet gary inetd telnetd telnet /etc/inetd.conf /etc/services /var/adm/inetd.sec roger gary

6 © 1999 Hewlett-Packard Co. H3065S A.01 158 Configuring /etc/inetd.conf a673145 # inetd -c : ftp stream tcp nowait root /usr/lbin/ftpd ftpd -l telnet stream tcp nowait root /usr/lbin/telnetd telnetd # login stream tcp nowait root /usr/lbin/rlogind rlogind shell stream tcp nowait root /usr/lbin/remshd remshd : Q: Should I provide FTP service? Q: How do I start an ftp daemon? inetd /etc/inetd.conf has the answer!

7 © 1999 Hewlett-Packard Co. H3065S A.01 159 Configuring /etc/services a673146 /etc/services has the answer! ftp 21/tcp # File Transfer Protocol (Control) telnet 23/tcp # Virtual Terminal Protocol login 513/tcp # remote login shell 514/tcp # remote command, no passwd used : : Q: Which port should I monitor for FTP requests? inetd

8 © 1999 Hewlett-Packard Co. H3065S A.01 160 Configuring /var/adm/inetd.sec a69815 Q: Which clients are allowed FTP access? inetd /var/adm/inetd.sec has the answer! telnet deny 128.1.*.* shell allow 192.1.1.* 192.1.3.* login allow 192.1.1-3.* host1 host2 : : ftp deny 128.1.1.1

9 © 1999 Hewlett-Packard Co. H3065S A.01 161 Configuring inetd Logging a673148 inetd -l /var/adm/syslog/syslog.log has the answer! Edit Sep 5 15:51:10 host1 inetd[2234]: telnet/tcp: Connection from host1 Sep 5 15:51:27 host2 inetd[2251]: login/tcp: Connection from host2 syslogd /etc/rc.config.d/netdaemons export INETD_ARGS=“-l” # Enable inetd logging at every boot by # setting the INETD_ARGS variable here! Which clients have requested which internet services from my server?

10 © 1999 Hewlett-Packard Co. H3065S A.01 162 System and User Equivalency a673149 # rlogin gary Password: ****** Welcome to gary! # rlogin gary Welcome to gary! Without Equivalency: With Equivalency: System and user equivalency: allows some or all users password-free access to a host only apply to Berkeley services ( rlogin, remsh, rcp ) configured via: /etc/hosts.equiv and ~/.rhosts

11 © 1999 Hewlett-Packard Co. H3065S A.01 163 Configuring /etc/hosts.equiv a673150 login: leo /etc/hosts.equiv 1 $ rlogin host2 2 3 4 $ rlogin host2 -l tom $ remsh host3 ll $ remsh host3 -l tom ll 5 rcp host2:.profile. host1 -sue host1 host1 tom login: sue host1 host2 host3 Which command succeeds?

12 © 1999 Hewlett-Packard Co. H3065S A.01 164 Configuring ~/.rhosts a673151 login: leo 1 rlogin host2 -l root 2 3 remsh host2 ll remsh host2 -l sue ll 4 rlogin host2 Question: Which command succeeds? host1 host2 login: sue 5 rcp leo@host2:.profile. ~root/.rhosts host1 ~sue/.rhosts host1 sue host1 joe ~leo/.rhosts host1 -sue host1 +

13 © 1999 Hewlett-Packard Co. H3065S A.01 165 FTP Configuration Issues a69816 Clients: Configuring FTP autologin machine host2 login user1 password abcde12 machine host3 login user1 password 12abcde ~/. netrc (rw-------) Servers: Using /etc/ftpusers to deny FTP access to selected users guest orderentry /etc/ftpusers (r--r--r--) Servers: Configuring anonymous FTP access ftp:*:500:10:Anon FTP:/home/ftp:/usr/bin/false /etc/passwd (r--r--r--)

14 © 1999 Hewlett-Packard Co. H3065S A.01 166 ARPA/Berkeley Services Review a69817 inetd ftpd telnetd /etc/inetd.conf /etc/services /var/adm/inetd.sec remshd & rlogind /etc/hosts.equiv ~/.rhosts /etc/passwd syslog.log ~/.netrc /etc/ftpusers

Download ppt "153 Configuring and Securing ARPA/Berkeley Services Version A.01 H3065S Module 13 Slides."

Similar presentations

6 UNIX Network Utilities Mauro Jaskelioff. Introduction Overview of computer networks Network related utilities –Accessing a remote computer –Transferring.

6 UNIX Network Utilities Mauro Jaskelioff. Introduction Overview of computer networks Network related utilities –Accessing a remote computer –Transferring.
Unix Refresher This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.

Unix Refresher This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.
Chapter 21 Security. Computer Center, CS, NCTU 2 Firewall (1)  Using ipfw 1.Add these options in kernel configuration file and recompile the kernel 2.Edit.

Chapter 21 Security. Computer Center, CS, NCTU 2 Firewall (1)  Using ipfw 1.Add these options in kernel configuration file and recompile the kernel 2.Edit.
Netprog: daemons and inetd1 Daemons & inetd Refs: Chapter 13.

Netprog: daemons and inetd1 Daemons & inetd Refs: Chapter 13.
Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.

Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.
Lesson 20 – OTHER WINDOWS 2000 SERVER SERVICES. DHCP server DNS RAS and RRAS Internet Information Server Cluster services Windows terminal services OVERVIEW.

Lesson 20 – OTHER WINDOWS 2000 SERVER SERVICES. DHCP server DNS RAS and RRAS Internet Information Server Cluster services Windows terminal services OVERVIEW.
2000 Copyrights, Danielle S. Lahmani UNIX Tools G22.2245-001, Fall 2000 Danielle S. Lahmani Lecture 10.

2000 Copyrights, Danielle S. Lahmani UNIX Tools G , Fall 2000 Danielle S. Lahmani Lecture 10.
TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.

TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.
Chapter 3 Unix Overview. Figure 3.1 Unix file system.

Chapter 3 Unix Overview. Figure 3.1 Unix file system.
CS 497C – Introduction to UNIX Lecture 35: - TCP/IP Networking Tools Chin-Chih Chang

CS 497C – Introduction to UNIX Lecture 35: - TCP/IP Networking Tools Chin-Chih Chang
1.  The Linux system of permissions is much more difficult than that of Windows  System administrators are given more control with the use of three.

1.  The Linux system of permissions is much more difficult than that of Windows  System administrators are given more control with the use of three.
176 Introduction to Network Time Protocol (NTP) Version A.01 H3065S Module 15 Slides.

176 Introduction to Network Time Protocol (NTP) Version A.01 H3065S Module 15 Slides.
Guide to MCSE 70-270, Second Edition, Enhanced1 Windows XP Network Overview Most versatile Windows operating system Supports local area network (LAN) connections.

Guide to MCSE , Second Edition, Enhanced1 Windows XP Network Overview Most versatile Windows operating system Supports local area network (LAN) connections.
Computation for Physics 計算物理概論 Introduction to Linux.

Computation for Physics 計算物理概論 Introduction to Linux.
Mid 1960 ’ s - Multics - proposed by AT&T, Honeywell, GE & MIT; funded by DARPA 1969 - Thompson & Ritchie create Unix 1978 to 84 - Bill Joy & Chuck Haley.

Mid 1960 ’ s - Multics - proposed by AT&T, Honeywell, GE & MIT; funded by DARPA Thompson & Ritchie create Unix 1978 to 84 - Bill Joy & Chuck Haley.
Linux Security Chapter 21 (section 1-7) By Yanjun Zuo.

Linux Security Chapter 21 (section 1-7) By Yanjun Zuo.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols.
Network Services CSCI N321 – System and Network Administration Copyright © 2000, 2007 by Scott Orr and the Trustees of Indiana University.

Network Services CSCI N321 – System and Network Administration Copyright © 2000, 2007 by Scott Orr and the Trustees of Indiana University.
The Saigon CTT Chapter 16 Remote Connectivity. The Saigon CTT  Objectives  Explain : telnet rsh ssh  Configure FTP.

The Saigon CTT Chapter 16 Remote Connectivity. The Saigon CTT  Objectives  Explain : telnet rsh ssh  Configure FTP.
Secure Shell for Computer Science Nick Czebiniak Sung-Ho Maeung.

Secure Shell for Computer Science Nick Czebiniak Sung-Ho Maeung.

Similar presentations

Ads by Google