Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advanced Unix Chapter 14. Network Tools There are many, many network tools that come with a standard Linux installation. There are many, many network.

Published byAnastasia Millicent Sparks Modified over 9 years ago

Similar presentations

Presentation on theme: "Advanced Unix Chapter 14. Network Tools There are many, many network tools that come with a standard Linux installation. There are many, many network."— Presentation transcript:

1 Advanced Unix Chapter 14

2 Network Tools There are many, many network tools that come with a standard Linux installation. There are many, many network tools that come with a standard Linux installation. They can be used for network troubleshooting, for cause network trouble and for detecting the same. They can be used for network troubleshooting, for cause network trouble and for detecting the same. Chapter 14 discusses a few of them Chapter 14 discusses a few of them

3 Network Tools The netstat command is one such tool The netstat command is one such tool It will show you the number of tcp/udp connections and the services that are listening on your system It will show you the number of tcp/udp connections and the services that are listening on your system Demo netstat Demo netstat

4 Network Tools One tool often overlooked by the book is lsof One tool often overlooked by the book is lsof lsof or "list open files" is one of the systems administrator's number one tools lsof or "list open files" is one of the systems administrator's number one tools You trace what processes are using which services as well as which files are open and by which processes You trace what processes are using which services as well as which files are open and by which processes Demo lsof Demo lsof

5 Network Tools Many “root kits” deployed by vandals replace the tools an SA would use to detect the attack Many “root kits” deployed by vandals replace the tools an SA would use to detect the attack ps, ls, netstat, lsof, etc.ps, ls, netstat, lsof, etc. Always have original binaries and/or the tool source code available Always have original binaries and/or the tool source code available See lecture I gave to Rose Cyber Security Club: See lecture I gave to Rose Cyber Security Club: http://www.wildbill.org/rosehttp://www.wildbill.org/rose

6 Network Services Each Network Service is a Point of Attack Each Network Service is a Point of Attack Remove/Disable all unneeded services Remove/Disable all unneeded services /etc/services – a text file that relates the ports to the services/etc/services – a text file that relates the ports to the services /etc/init.d/etc/init.d chkconfigchkconfig

7 TCP Wrappers For the services that you need to have running consider using tcp_wrappers For the services that you need to have running consider using tcp_wrappers Provides for added access controlProvides for added access control /etc/host.allow/etc/host.allow /etc/host.deny/etc/host.deny Note: many services now hav wrapper support programmed into the source codeNote: many services now hav wrapper support programmed into the source code The Super Daemon xinetd now has tcp wrappers built in so any service using xinetd can take advantage of tcp wrappers if it is not already encoded The Super Daemon xinetd now has tcp wrappers built in so any service using xinetd can take advantage of tcp wrappers if it is not already encoded

8 TCP Wrappers Other services also use tcp wrappers such as “Very Secure FTP” Other services also use tcp wrappers such as “Very Secure FTP” vsftpd FTP servervsftpd FTP server Controlled in the vsftpd configuration fileControlled in the vsftpd configuration file Access to rsync can be controlled by TCP Wrappers via xinetd Access to rsync can be controlled by TCP Wrappers via xinetd

9 TCP Wrappers Uses two files to define the access to the services Uses two files to define the access to the services /etc/hosts.allow/etc/hosts.allow /etc/hosts.deny/etc/hosts.deny You can create a deny-by-default to all services that use tcp wrappers You can create a deny-by-default to all services that use tcp wrappers Don’t be misled into thinking this can secure you server 100% Don’t be misled into thinking this can secure you server 100% Understand that not all services can or do use tcp wrappersUnderstand that not all services can or do use tcp wrappers tcp wrappers is not a Firewall but an access control processtcp wrappers is not a Firewall but an access control process

10 TCP Wrappers Good Example in the book Good Example in the book Demo: tcp wrappers Demo: tcp wrappers hosts.allowhosts.allow hosts.denyhosts.deny

11 Firewalls Several types of Firewalls: Several types of Firewalls: Packet filterPacket filter Iptables – layer 2 network Iptables – layer 2 network Stateful filterStateful filter Cisco PIX – layer 3 and 4 Cisco PIX – layer 3 and 4 Stateful inspectionStateful inspection Checkpoint Firewall-1 Checkpoint Firewall-1 Application proxyApplication proxy Sidewinder – layers 5 thru 7 Sidewinder – layers 5 thru 7 Good reference for firewalls:Good reference for firewalls: http://www.interhack.net/pubs/fwfaq/

12 Introduction to iptables 3 rd generation firewall on Linux 3 rd generation firewall on Linux Supports basic packet filtering as well as connection state tracking Supports basic packet filtering as well as connection state tracking For our needs for this course, we will use simple/basic packet filtering For our needs for this course, we will use simple/basic packet filtering

13 Iptables iptables is a filtering firewall iptables is a filtering firewall Comes standard as part of Linux Comes standard as part of Linux Older versions of Linux have ipchainsOlder versions of Linux have ipchains FC comes with a relatively good initial configuration FC comes with a relatively good initial configuration Use chkconfig check to see if your iptables is configured to start on boot Use chkconfig check to see if your iptables is configured to start on boot chkconfig --list iptables

14 Iptables If is not then enabled it via the following command: If is not then enabled it via the following command: chkconfig –levels 235 iptables on To start iptables enter: To start iptables enter: /etc/init.d/iptables start Or service iptables start

15 Introduction to iptables # Sample firewall – incomplete… do not use. For discussion only IPTABLES=/sbin/iptables ANY=“0.0.0.0/0” ETHIP=“10.10.1.1” ADMINNOC=“10.10.1.250” # Flush chains $IPTABLES --flush # Set default policies $IPTABLES -P INPUT ACCEPT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -P FORWARD ACCEPT # Allow SSH from admin NOC $IPTABLES -A INPUT -p tcp -s $ADMINNOC --sport 1024:65534 --dport 22 -j ACCEPT $IPTABLES -A OUTPUT -p tcp -d $ADMINNOC -sport 22 --dport 1024:65534 -j ACCEPT # Allow Web access $IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT # Allows secure web access $IPTABLES -A INPUT -p tcp --dport 443 -j ACCEPT $IPTABLES -A INPUT -j DROP

16 Dropping vs Rejecting Packets Rejecting packets COULD resource starve your system Rejecting packets COULD resource starve your system Dropping packets could cause network diagnostic hell for the other end if you don’t respond ‘nicely’ Dropping packets could cause network diagnostic hell for the other end if you don’t respond ‘nicely’ Dana’s Law: It is better to DROP packets and buy your favorite network admin a beer than to REJECT and have alarms go off at 2 in the morning during a DoS, waking you up. Dana’s Law: It is better to DROP packets and buy your favorite network admin a beer than to REJECT and have alarms go off at 2 in the morning during a DoS, waking you up.

17 Iptables Many ways to implement iptables Many ways to implement iptables Demo ShorewallDemo Shorewall See: http://www.linuxguruz.com/iptables/ See: http://www.linuxguruz.com/iptables/ http://www.linuxguruz.com/iptables/ IPTables Packet Filtering HOWTO: http://netfilter.org/documentation/HOWTO/packet- filtering-HOWTO.html IPTables Packet Filtering HOWTO: http://netfilter.org/documentation/HOWTO/packet- filtering-HOWTO.html

18 Good reading Building Internet Firewalls ISBN:1-56592-124-0 Building Internet Firewalls ISBN:1-56592-124-0 Linux Firewalls ISBN: 0-7357-0900-9 Linux Firewalls ISBN: 0-7357-0900-9 Threat Modeling ISBN: 0-7356-1991-3 Threat Modeling ISBN: 0-7356-1991-3

19 Iptables To be continued next class… To be continued next class…

Download ppt "Advanced Unix Chapter 14. Network Tools There are many, many network tools that come with a standard Linux installation. There are many, many network."

Similar presentations

Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.

Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Advanced Network Security – Firewall Implementation and Design Term: January 2005 Dana Epp COMP.

Advanced Network Security – Firewall Implementation and Design Term: January 2005 Dana Epp COMP.
Web Server Administration Chapter 10 Securing the Web Environment.

Web Server Administration Chapter 10 Securing the Web Environment.
Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.

Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.
TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.

TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.
Click to edit Master subtitle style Chapter 17: Troubleshooting Tools Instructor:

Click to edit Master subtitle style Chapter 17: Troubleshooting Tools Instructor:
1 Network File System. 2 Network Services A Linux system starts some services at boot time and allow other services to be started up when necessary. These.

1 Network File System. 2 Network Services A Linux system starts some services at boot time and allow other services to be started up when necessary. These.
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.
Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.

Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.
1 Guide to Network Defense and Countermeasures Chapter 6.

1 Guide to Network Defense and Countermeasures Chapter 6.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau (20086034) Lee Shirly (20095815) Ong Ivy (20095040)

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.

LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Chapter 2: Installing and Upgrading to Windows Server 2008 R2 BAI617.

Chapter 2: Installing and Upgrading to Windows Server 2008 R2 BAI617.
1 Web Server Administration Chapter 9 Extending the Web Environment.

1 Web Server Administration Chapter 9 Extending the Web Environment.
NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.

NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.
Web Server Administration Chapter 10 Securing the Web Environment.

Web Server Administration Chapter 10 Securing the Web Environment.
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
Advanced Unix Mid-Term Review Part 1 Oct 11, 2005.

Advanced Unix Mid-Term Review Part 1 Oct 11, 2005.

Similar presentations

Ads by Google