Advanced Unix - PowerPoint PPT Presentation

1 / 15
About This Presentation
Title:

Advanced Unix

Description:

There are many, many network tools that come with a standard Linux installation. ... Application proxy. Sidewinder layers 5 thru 7. Good reference for firewalls: ... – PowerPoint PPT presentation

Number of Views:21
Avg rating:3.0/5.0
Slides: 16
Provided by: bilbob
Learn more at: http://www.wildbill.org
Category:

less

Transcript and Presenter's Notes

Title: Advanced Unix


1
Advanced Unix 22 Sep 2005
  • Chapter 14
  • Computer Security Issues

2
Network Tools
  • There are many, many network tools that come with
    a standard Linux installation.
  • They can be used for network troubleshooting, for
    cause network trouble and fer detecting the same.
  • Chapter 14 discusses a few of them

3
Network Tools
  • The netstat command (Page 521) is one such tool
  • It will show you the number of tcp/udp
    connections and the services that are listening
    on your system
  • Demo netstat

4
Network Tools
  • One tool overlooked by the book is lsof
  • lsof or "list open files" is one of the systems
    administrator's number one tools
  • You trace what processes are using which services
    as well as which files are open and by which
    processes
  • Demo lsof

5
Network Tools
  • Many root kits deployed by vandals replace the
    tools an SA would use to detect the attack
  • ps, ls, netstat, lsof, etc.
  • Always have original binaries and/or the tool
    source code available

6
Network Services
  • They are the Points of Attack
  • Remove/Disable all unneeded services
  • /etc/services a test file that relates the
    ports to the services (page 523)

7
TCP Wrappers
  • For the services that you need to have running
    (Page 525)
  • Provides for added access control
  • The Super Daemon xinetd now has tcp wrappers
    built in so any service using xinetd can take
    advantage of tcp wrappers

8
TCP Wrappers
  • Other services also use tcp wrappers such as
    Very Secure FTP
  • vsftpd FTP server (Page 525)
  • Controlled in the vsftpd configuration file
  • Access to rsync can be controlled by TCP Wrappers
    via xinetd

9
TCP Wrappers
  • Uses two files to define the access to the
    services
  • /etc/hosts.allow
  • /etc/hosts.deny
  • You can create a deny-by-default to all services
    that use tcp wrappers
  • Dont be mislead into thinking this can secure
    you server 100
  • Understand that not all services can or do use
    tcp wrappers
  • tcp wrappers is not a Firewall but an access
    control

10
TCP Wrappers
  • Good Example in the book (Page 526)
  • Demo tcp wrappers
  • hosts.allow
  • hosts.deny

11
Firewalls
  • Several types of Firewalls
  • Packet filter
  • Iptables layer 2 network
  • Stateful filter
  • Cisco PIX layer 3 and 4
  • Stateful inspection
  • Checkpoint Firewall-1
  • Application proxy
  • Sidewinder layers 5 thru 7
  • Good reference for firewalls
  • http//www.interhack.net/pubs/fwfaq/

12
Iptables
  • iptables is a filtering firewall
  • Comes standard as part of Linux
  • Older versions of Linux have ipchains
  • FC4 comes with a relatively good initial
    configuration
  • Using chkconfig check to see if your iptables is
    configured to start on boot
  • chkconfig --list iptables

13
Iptables
  • If is not then enabled it via the following
    command
  • chkconfig levels 235 iptables on
  • To start iptables enter
  • /etc/init.d/iptables start
  • Or
  • service iptables start

14
Iptables
  • Many ways to implement iptables
  • Demo Shorewall
  • See http//www.linuxguruz.com/iptables/

15
Iptables
  • To be continued next week
Write a Comment
User Comments (0)
About PowerShow.com