Presentation is loading. Please wait.

Presentation is loading. Please wait.

CIS 290 LINUX Security Basic Network Security “Chroot Jail”

Published byAlyson Bell Modified over 9 years ago

Similar presentations

Presentation on theme: "CIS 290 LINUX Security Basic Network Security “Chroot Jail”"— Presentation transcript:

1 CIS 290 LINUX Security Basic Network Security “Chroot Jail”

2 Network services Determine open services: netstat –tulpn -OR- nmap -sT -O localhost Disable with chkconfig. And/or remove software. Use TCP_WRAPPERS (xinetd) Configure iptables Remove Xwindows: yum groupremove "X Window System“ Set initdefault to runlevel 3 No cleartext services HTTP, TELNET, FTP, rcmd, (see gov’t requirements) - use SSH, SSL, SFTP. Restrict NFS/CIFS to local networks only. Basic tools: ping, traceroute, netstat, nmap, netcat (nc) telnet

3 Chroot jail Isolate user process within a “virtual” root file system. Similar to web “virtual document root” or vsftpd “chroot_local_user=YES”. As root: chroot Trick is to automate the process for user login, file transfer (sftp) or specific applications. Most daemon processes have their own “chroot” methodology. Not as secure, less isolating as LINUX containers or Solaris zones (CIS 228) for specific application environnments.

4 Google Hacking We can use a standard Google search to find interesting pages such as indexes. - “index of /etc” - “index of /etc” passwd - “index of /etc” shadow Google allows us to do more than just simple searching using advanced operators E.g. – filetype: – inanchor: – intext: – intitle: – inurl: – site:

5 Using Advanced Operators We can now search in the Title field for indexed pages: intitle:index.of./etc passwd intitle:index.of./etc shadow We can use the filetype: operator: password filetype:xls filetype:config web.config -CVS filetype:mdb users.mdb Combining Operators filetype:eml eml +intext:"Subject" +intext:"From" +intext:"To“ "# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-" inurl:service.pwd

6 Google Hacking Database (GHDB) Thousands of search URL’s Javascript: entries very powerful Enter Wikto – Web Server Assessment Tool - Back-end Miner - Nikto-like functionality - Googler file searcher - GoogleHacks GHDB tester

Download ppt "CIS 290 LINUX Security Basic Network Security “Chroot Jail”"

Similar presentations

Google hacking & optimizing search results Faris Aloul November 2011.

Google hacking & optimizing search results Faris Aloul November 2011.
Linux Security An overview notes from Linux Network Security HowTO.

Linux Security An overview notes from Linux Network Security HowTO.
Design Aspects. User Type the URL address on the cell phone or web browser Not required to login.

Design Aspects. User Type the URL address on the cell phone or web browser Not required to login.
07 December 2009Slide 1 of 1207 December 2009Slide 1 of 12 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.

07 December 2009Slide 1 of 1207 December 2009Slide 1 of 12 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.
07 December 2009Slide 1 of 9 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.

07 December 2009Slide 1 of 9 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Hacking Unix/Linux.

Hacking Unix/Linux.
Voyager Server Security and Monitoring Best practices and tools.

Voyager Server Security and Monitoring Best practices and tools.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Strategies in Linux Platforms and.

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.
Linux System Administration LINUX SYSTEM ADMINISTRATION.

Linux System Administration LINUX SYSTEM ADMINISTRATION.
Getting on the Web CCSD Technology Team. Post a page to the Web using a simple file transfer process Goal: Process: Create a Web page using Microsoft.

Getting on the Web CCSD Technology Team. Post a page to the Web using a simple file transfer process Goal: Process: Create a Web page using Microsoft.
Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.

Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.
Penetration Testing Training Day Capture the Flag Training.

Penetration Testing Training Day Capture the Flag Training.
Www.TASK.to GOOGLE HACKING FOR PENETRATION TESTERS Chris Chromiak SentryMetrics March 27 th, 2007.

GOOGLE HACKING FOR PENETRATION TESTERS Chris Chromiak SentryMetrics March 27 th, 2007.
Computation for Physics 計算物理概論 Introduction to Linux.

Computation for Physics 計算物理概論 Introduction to Linux.
An introduction to Apache. Different Types of Web Servers Apache is the default web server for may Unix servers. IIS is Microsoft’s default web server.

An introduction to Apache. Different Types of Web Servers Apache is the default web server for may Unix servers. IIS is Microsoft’s default web server.
Copyright Security-Assessment.com 2005 Exposing Web Vulnerabilities The State of Web Application Security by Nick von Dadelszen.

Copyright Security-Assessment.com 2005 Exposing Web Vulnerabilities The State of Web Application Security by Nick von Dadelszen.
VsFTP in Linux. Introduction to FTP The File Transfer Protocol (FTP) is used as one of the most common means of copying files between servers over the.

VsFTP in Linux. Introduction to FTP The File Transfer Protocol (FTP) is used as one of the most common means of copying files between servers over the.
Course code: ABI 204 Introduction to E-Commerce Chapter 3: WEB BASED TOOLS FOR E-COMMERCE AMA University.

Course code: ABI 204 Introduction to E-Commerce Chapter 3: WEB BASED TOOLS FOR E-COMMERCE AMA University.
SAMBA Integrating Linux and Window. What is Samba? Free suite of programs that enables flavors of UNIX to work with other operating systems such as OS/2.

SAMBA Integrating Linux and Window. What is Samba? Free suite of programs that enables flavors of UNIX to work with other operating systems such as OS/2.

Similar presentations

Ads by Google