INSE 6130 Operating System Security
|
|
- Cecily Hensley
- 5 years ago
- Views:
Transcription
1 INSE 6130 Operating System Security Secure Booting Prof. Lingyu Wang 1 Overview AEGIS: Secure Bootstrap Architecture TPM: Trusted Platform Module 2 1
2 The Problem All security controls are initiated by... what? Why are we so sure about our kernel/bios/hardware? What if we were insecure from the very beginning? Network Service Security Access Control Authentication tion Auditing and Logging 3 Recall the Smartest Hack of All Time Ken Thompson, in his 1983 Turing Award lecture, admitted a back door he created in early UNIX versions Clean Source of Compiler Compiler Clean Source of UNIX UNIX If you start insecure, you always end up insecure Kenneth Thompson and Dennis Ritchie 4 2
3 OS Boot Process Problem: many things could already go wrong before your OS security controls can ever come into effect! User Programs Operating System (security control) Expanded ROMs Boot Block (MBR,GRUB) BIOS POST 5 Solution: AEGIS Architecture Each level needs to verify its upper level s integrity before the control is passed Level 0 is secure We assume it is If level i can ensure level i+1 is secure, then all levels will be secure (a simple mathematical induction) Expanded ROMs User Programs Operating System Boot Block (MBR,GRUB) BIOS section2 Level 5 Level 4 Level 3 Level 2 Level 1 trusted AEGIS ROM BIOS section1 POST Level 0 6 3
4 Integrity Chaining How does level i ensures integrity of level i+1? Level i stores a digital signature of level i+1 What if this signature is altered? The signature is part of level i So level i-1 will detect the modification Expanded ROMs BIOS section2 trusted AEGIS ROM BIOS section1 POST 7 What If The Check Fails? The boot process will be terminated if a check fails at any level Good for integrity, bad for availability Recovery mechanisms The system will boot into a small recovery kernel in ROM (like safe mode of OS) Then recover either from ROM cards or from network hosts Again, why can we trust what we trust? Bottom line: hacking hardware is more difficult than hacking software 8 4
5 Overview AEGIS: Secure Bootstrap Architecture TPM: Trusted Platform Module 9 Background Extending the ideas of AEGIS TCG (Trusted Computing Group) Industry standards body w/ 135 members including component vendors, software developers, systems vendors and network and infrastructure companies, e.g., AMD, HP, IBM, Intel, Lenovo, Microsoft, Sun Key component TPM (Trusted Platform Module) chip Roughly the AEGIS ROM role Shipped in hardware: Thinkpad, Lifebook, etc. Supported by software: Windows Vista, Trusted GRUB etc. 10 5
6 Architecture of TPM Borrowed from Dan Boneh s slides here 11 How Does TPM Work Very similar to AEGIS Borrowed from Dan Boneh s slides here 12 6
7 What Else Can Be Achieved Besides ensuring the integrity of booting process? Encrypted partitions Offline security (stolen laptops): only verified software can decrypt the partitions Ease data deletion/machine recycling: just change TPM to remove the decryption key 13 INSE 6130 Operating System Security Securing Network Services Prof. Lingyu Wang 14 7
8 Outline Overview inetd/xinetd tcp_wrapper iptables Telnet/FTP/SSH 15 Any Problem in Computer Science Can Be Solved with Another Layer of Indirection (Abstraction) ISO/OSI model vs TCP/IP suite Application layer Presentation layer Session layer Transport layer Nt Network layer Data link layer Physical layer Application layer Transport layer Internet layer Data link layer Physical layer HTTP, FTP, POP3, SMTP, SNMP, IMAP, IRC, SSH, Telnet, FTP BitTorrent, TCP, UDP, RTP SSL IPv4, IPv6 IPSEC Ethernet, Wi-Fi, Token ring, FDDI,PPP RS-232, 10BASE-T, 16 8
9 Network Model (Conceptual/physical) communications Application layer Application layer Application layer Presentation layer Presentation layer Session layer Session layer Transport layer Transport layer Transport layer Network layer Network layer Network layer Internet layer Data link layer Data link layer Data link layer Data link layer Physical layer Physical layer Physical layer Physical layer Alice Eve Bob 17 UNIX/Linux Basic defense in UNIX/Linux: Iptables-based firewall + tcp_wrapper + xinetd It s basic, so you too should have it It s basic, so you shouldn t depend on it 18 9
10 Outline Overview inetd/xinetd tcp_wrapper iptables Telnet/FTP/SSH 19 The UNIX Internet Daemon (inetd) inetd is a super server It runs at boot time as part of the startup procedure It examines /etc/inetd.conf to determine which network services are under its control No longer used in some OSs (e.g., inetd in Solaris is now configured in the Service Management Facility) Then listen to those ports Upon a connection request, inetd starts the appropriate server 20 10
11 The UNIX Internet Daemon (inetd) A sample inetd.con file might look like this: # Internet server configuration database #ftp stream tcp nowait root /usr/etc/ftpd ftpd #telnet stream tcp nowait root /usr/etc/telnetd telnetd #shell stream tcp nowait root /usr/etc/rshd rshd #login stream tcp nowait root /usr/etc/rlogind rlogind #echo stream tcp nowait root internal #daytime stream tcp nowait root internal #time stream tcp nowait root internal #echo dgram udp wait root internal Service Socket type protocol type Re-use server Routinely check the file user Command/ argument After break ins, services may be installed for later use 21 xinetd A replacement for inetd Fedora is not shipped with inetd; it uses xinetd Is better Providing access control to services based on Address/(domain) name of remote host, and time of access Can alleviate DOS by placing limits on The number of processes for each service The number of processes it will fork The size of log files it creates The number of connections a single host can initiate Rate of incoming connections Extensive logging abilities
12 Outline Overview inetd/xinetd tcp_wrapper iptables Telnet/FTP/SSH 23 tcp_wrapper tcp_wrapper does the following: (Optionally) sends a "banner" to connecting client Compares hostname/requested service with a (negative) ACL If denied, tcpwrapper drops the connection Logs the results with syslog Advantages Transparent to both the client and the wrapped network service Centralized management of multiple protocols 24 12
13 tcp_wrapper Configuration Configuration files decide which connections to accept /etc/hosts.allow and /etc/hosts.deny When a connection reaches tcpwrapper: It reads /etc/hosts.allow to match a rule and executes the specified actions If no match, it checks /etc/hosts.deny to match a rule and then denies access If still no match, it handles the request to server At most one rule is executed On a first-come-first-serve basis 25 tcp_wrapper Configuration Language Format of /etc/hosts.allow and/etc/hosts.deny: daemon_list : client_host_list [: option : option... ] daemon_list Command name of a list of services Wildcard ALL client_host_list The hostname or IP address of clients Wildcard ALL, LOCAL, KNOWN, UNKNOWN, PARANOID option : option Actions (e.g., allow, deny, etc.)
14 tcp_wrapper Example 1 To allow all connections except those from the domain pirate.net: # # /etc/hosts.allow: # # Allow anybody to connect to our machine except # people from pirate.net # all :.pirate.net : deny all : all : allow What if the order is reversed? 27 tcp_wrapper Example 2 To only allow finger by internal machines: # # /etc/hosts.allow: # # finger for insiders only # # in.fingerd : LOCAL : allow in.fingerd : ALL : twist /usr/local/bin/some_message message What if the order is reversed? 28 14
15 tcp_wrapper Example 3 If you discover repeated break-in attempts through telnet and rlogin, but you need to telnet into your computer from concordia.ca: # # /etc/hosts.allow: # # Allow telnet & # rlogin from concordia.ca, but nowhere else # telnetd,rlogind : concordia.ca : allow telnetd,rlogind : all : deny 29 tcp_wrapper Utilities tcpdchk scans the configuration file and reports configuration errors % tcpdchk Warning: /etc/host.allow, line 24, iphone: no such process name in /etc/inetd.conf (/etc/host.allow or /etc/inetd.conf are inconsistent) Tcpdmatch simulates a request and see the result % tcpdmatch sshd bush@whitehouse.gov client: hostname whitehouse.gov client: address client: username bush server: process sshd matched: /etc/hosts.deny line 39 option : deny access: denied % 30 15
16 Outline Overview inetd/xinetd tcp_wrapper iptables Telnet/FTP/SSH 31 iptables Where it is In Linux kernel 2.4 or later, a command line program What it is for Define rules for filtering packets What it is Three chains of rules, INPUT, OUTPUT, FORWARD First come first serve input output host forward 32 16
17 iptables Example 1 iptables -A INPUT -s j DROP -A: append to rule chain INPUT -s: source address (IP or DNS name) -j: action (DROP, DENY, ACCEPT) So what does this mean? What about this: iptables -A OUTPUT -d j DROP 33 iptables Example 2 iptables -A INPUT -s /24 -p tcp -- destination-port telnet -j DROP -p: protocol (TCP, UDP, ICMP, etc.) --destination-port: (or source-port) /24: subnet mask (CIDR) iptables -A INPUT -p tcp --destination-port telnet -i wan1 -j DROP -i: input interface (or o) Iptables L, F, -I INPUT 1, -R INPUT 1 -L: list F: flush I: insert R: replace 34 17
18 iptables Example 3 iptables -A INPUT -i wan1 -p tcp --syn -j DROP --syn: syn packet iptables -A INPUT -i ppp0 -p tcp --syn --destinationport! 80 -j DROP!: not equal iptables -P FORWARD ACCEPT Default policy 35 Outline Overview inetd/xinetd tcp_wrapper iptables Telnet/FTP/SSH HTTP, FTP, POP3, SMTP, SNMP, IMAP, IRC, SSH, Telnet, FTP BitTorrent, TCP, UDP, RTP SSL IPv4, IPv6 IPSEC Ethernet, Wi-Fi, Token ring, FDDI,PPP RS-232, 10BASE-T, 36 18
19 Client FTP: Separate Control, Data contacts server at port 21, obtains authorization over control connection, browses remote directory by commands over control connection Server receives a command for a file transfer, opens a TCP data connection to client, closes connection, maintains state : current directory, earlier authentication TCP control connection port 21 FTP client TCP data connection port 20 FTP server 37 Security Issues with FTP Passwords typed to FTP are transmitted in clear 38 19
20 FTP in active mode makes it difficult to implement packet-based firewalls Because server needs to initiate the data connection Bounce attack Security Issues with FTP (Cont d) 39 Telnet Risks Username, Password and other session data are transmitted over the network in clear In Ethernet, packets sent between computers are actually delivered to every computer on the wire Telnet session packets are vulnerable throughout their journey ISPs have a single computer compromised and every Telnet connection passing through it had its password sniffed A second danger of Telnet is session hijacking After you log in using your password, the attacker can seize control of the session and type whatever commands he wishes 40 20
21 What is SSH? SSH Secure Shell A software Commercial version Freeware ( A protocol For secure remote login/many other network services SSH-1 developed in 1995 by Tatu YlöneninFinland Internet Engineering Task Force (IETF) Draft in
TCP Wrapper. Provides host-based access control to network services
1 TCP Wrapper Provides host-based access control to network services It has the following features: Logging Access Control Host Name Verification User Name Verification Spoofing Protection 2 TCP Wrapper
More informationLINUX ADMINISTRATION TYBSC-IT SEM V
1 LINUX ADMINISTRATION TYBSC-IT SEM V 2 UNIT 4 CHAPTER 1 : INTERNET SERVICES WHAT IS AN INTERNET SERVICE? Internet Service can be defined as any service that can be accessed through TCP/IP based networks,
More informationSE 4C03 Winter Final Examination Answer Key. Instructor: William M. Farmer
SE 4C03 Winter 2003 Final Examination Answer Key Instructor: William M. Farmer (1) [2 pts.] Both the source and destination IP addresses are used to route IP datagrams. Is this statement true or false?
More informationLast time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control
Last time Security Policies and Models Bell La-Padula and Biba Security Models Information Flow Control Trusted Operating System Design Design Elements Security Features 10-1 This time Trusted Operating
More information1. Add these options in kernel configuration file and recompile the kernel
Chapter 21 Security Firewall (1) Using ipfw 1. Add these options in kernel configuration file and recompile the kernel options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_FORWARD options IPFIREWALL_DEFAULT_TO_ACCEPT
More informationTELE 301 Lecture 8: Post
Last Lecture System installation This Lecture Post installation Next Lecture Wireless networking Overview TELE 301 Lecture 8: Post 1 Post-configuration Create user accounts and environments Sort out the
More informationNetwork Security and Cryptography. 2 September Marking Scheme
Network Security and Cryptography 2 September 2015 Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers to the questions,
More informationSoftware Engineering 4C03 Answer Key
Software Engineering 4C03 Answer Key DAY CLASS Dr. William M. Farmer DURATION OF EXAMINATION: 2 Hours MCMASTER UNIVERSITY FINAL EXAMINATION April 2002 (1) [2 pts.] Conventional encryption cannot be used
More informationLecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005
Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 24 April 16, 2012 CPSC 467b, Lecture 24 1/33 Kerberos Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management
More informationThe Internet: what it looks like, how it works, and how it is abused
The Internet: what it looks like, how it works, and how it is abused Bill Cheswick ches@cheswick.com Visiting Scholar, University of Pennsylvania 1 What Does the Internet Look Like? 2 Science Seminar 3
More informationFreeBSD Security Advisories
Security FreeBSD Security Advisories http://www.freebsd.org/security/advisories.html 2 FreeBSD Security Advisories Advisory Security information Where to find it Web page (Security Advisories Channel)
More informationGlobal Information Assurance Certification Paper
Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without
More informationIntroduction to UNIX/LINUX Security. Hu Weiwei
Introduction to UNIX/LINUX Security Hu Weiwei Operation System Security The Security Problems in Operation Systems become more and more important The Security techniques improved rapidly The number of
More informationNETWORK CONFIGURATION AND SERVICES. route add default gw /etc/init.d/apache restart
NETWORK CONFIGURATION AND SERVICES route add default gw 192.168.0.1 /etc/init.d/apache restart NETWORK CONFIGURATION There are two main approaches to configuring a machine for network access: Static configuration
More informationRouters use access lists to control incoming or outgoing traffic. You should know the following characteristics of an access list.
8.1. Access List Routers use access lists to control incoming or outgoing traffic. You should know the following characteristics of an access list. Access lists describe the traffic type that will be controlled.
More informationAN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM
1 AN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM 2 Introduction (1/2) TCP provides a full duplex reliable stream connection between two end points A connection is uniquely defined by the quadruple
More informationXinted. 1.1 Brief introduction. 1.2 Configuration of Xinetd
Xinted 1.1 Brief introduction Xinetd provides visiting control, improved log function and resource management. It is standard super guardian process of Internet in Asianux 2.0 system. Inetd is called super
More informationFreeBSD Security Advisories (1)
Security FreeBSD Security Advisories (1) http://www.freebsd.org/security/advisories.html 2 FreeBSD Security Advisories (2) 3 FreeBSD Security Advisories (3) freebsd-security-notifications Mailing list
More informationApplication Layer: OSI and TCP/IP Models
Application Layer Application Layer: OSI and TCP/IP Models The communication process between two communicating nodes is actually a communication process between two applications on these devices. Service
More informationPreface to the First Edition Preface to the Second Edition Acknowledgments UNIX Operating System Environment p. 1 UNIX: Past and Present p.
Preface to the First Edition p. xv Preface to the Second Edition p. xvii Acknowledgments p. xix UNIX Operating System Environment p. 1 UNIX: Past and Present p. 2 History and Growth of UNIX p. 2 Flavors
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 24a December 2, 2013 CPSC 467, Lecture 24a 1/20 Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management and Trusted
More informationA+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 8 Networking Essentials
A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e Chapter 8 Networking Essentials Objectives Learn about the protocols and standards Windows uses for networking Learn how to connect
More informationHands-On Ethical Hacking and Network Defense
Hands-On Ethical Hacking and Network Defense Chapter 2 TCP/IP Concepts Review Last modified 1-11-17 Objectives Describe the TCP/IP protocol stack Explain the basic concepts of IP addressing Explain the
More informationSecurity. Advanced Operating Systems and Virtualization Alessandro Pellegrini A.Y. 2017/2018
Security Advanced Operating Systems and Virtualization Alessandro Pellegrini A.Y. 2017/2018 Basic Security Aspects 1. Systems must be usable by legitimate users only 2. Access is granted on the basis of
More information10 Defense Mechanisms
SE 4C03 Winter 2006 10 Defense Mechanisms Instructor: W. M. Farmer Revised: 23 March 2006 1 Defensive Services Authentication (subject, source) Access control (network, host, file) Data protection (privacy
More informationComputer Network Vulnerabilities
Computer Network Vulnerabilities Objectives Explain how routers are used to protect networks Describe firewall technology Describe intrusion detection systems Describe honeypots Routers Routers are like
More informationE&CE 358: Tutorial 1. Instructor: Sherman (Xuemin) Shen TA: Miao Wang
E&CE 358: Tutorial 1 Instructor: Sherman (Xuemin) Shen TA: Miao Wang Email: m59wang@uwaterloo.ca 1 About Tutorials TA: Miao Wang Office: EIT 3133; Tutorials: Th 4:30 5:20 pm Topics Supplementary knowledge
More informationUnit 28 Website Production ASSIGNMENT 1
Unit 28 Website Production ASSIGNMENT 1 Last week Learning outcomes History HTML skeleton Annotated diagram of a WAN Servers, routers, client PC, browser, Server OS Switch, packet Architecture ISP Web
More informationIdentify the features of network and client operating systems (Windows, NetWare, Linux, Mac OS)
Course Outline Network+ Duration: 5 days (30 hours) Learning Objectives: Install and configure a network card Define the concepts of network layers Understand and implement the TCP/IP protocol Install
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationNT1210 Introduction to Networking. Unit 10
NT1210 Introduction to Networking Unit 10 Chapter 10, TCP/IP Transport Objectives Identify the major needs and stakeholders for computer networks and network applications. Compare and contrast the OSI
More informationch02 True/False Indicate whether the statement is true or false.
ch02 True/False Indicate whether the statement is true or false. 1. No matter what medium connects computers on a network copper wires, fiber-optic cables, or a wireless setup the same protocol must be
More informationThis course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N
CompTIA Network+ (Exam N10-007) Course Description: CompTIA Network+ is the first certification IT professionals specializing in network administration and support should earn. Network+ is aimed at IT
More informationLecture 05 Application Layer - I
Computer Networks and Internet Protocol Prof. Soumya Kanti Ghosh Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Lecture 05 Application Layer - I Hi. So, we will
More informationCHAPTER 7 ADVANCED ADMINISTRATION PC
ii Table of Contents CHAPTER 1 INTRODUCTION... 1 Broadband ADSL Router Features... 1 Package Contents... 3 Physical Details... 4 CHAPTER 2 INSTALLATION... 6 Requirements... 6 Procedure... 6 CHAPTER 3 SETUP...
More informationInt ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28
Int ernet w orking Internet Security Literature: Forouzan: TCP/IP Protocol Suite : Ch 28 Internet Security Internet security is difficult Internet protocols were not originally designed for security The
More informationFreeBSD Security Advisories
Security FreeBSD Security Advisories http://www.freebsd.org/security/advisories.html 2 FreeBSD Security Advisories Advisory Security information Where to find it Web page (Security Advisories Channel)
More informationCCNA Exploration Network Fundamentals. Chapter 3 Application Layer Functionality and Protocols
CCNA Exploration Network Fundamentals Chapter 3 Application Layer Functionality and Protocols Application Layer Functionality and Protocols Applications: The Interface Between the Networks Horny/Coufal
More informationMan In The Middle Project completed by: John Ouimet and Kyle Newman
Man In The Middle Project completed by: John Ouimet and Kyle Newman What is MITM? Man in the middle attacks are a form of eves dropping where the attacker relays messages that are sent between victims
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST IT Certification Guaranteed, The Easy Way! \ http://www.pass4test.com We offer free update service for one year Exam : SCNS Title : SCNS Tactical Perimeter Defense Vendors : EXIN Version : DEMO
More informationINFS 766 Internet Security Protocols. Lecture 1 Firewalls. Prof. Ravi Sandhu INTERNET INSECURITY
INFS 766 Internet Security Protocols Lecture 1 Firewalls Prof. Ravi Sandhu INTERNET INSECURITY Internet insecurity spreads at Internet speed Morris worm of 1987 Password sniffing attacks in 1994 IP spoofing
More informationExam : SCNS_EN. Title : SCNS SCNS Tactical Perimeter Defense. Version : Demo
Exam : SCNS_EN Title : SCNS SCNS Tactical Perimeter Defense Version : Demo 1.The exhibit represents a simple routed network. Node 7 is a Windows 2000 Professional machine that establishes a TCP communication
More informationRFC RFC. Configuring FTP Server. FTP Clients
RFC slide 1 RFC slide 2 as a network manager it is important to understand some of the subtle issues within networking within the TCP/IP suite of protocols including: TCP, UDP, IP, SNMP, ICMP, SMTP, FTP,
More informationOverview. Computer Network Lab, SS Security. Type of attacks. Firewalls. Protocols. Packet filter
Computer Network Lab 2017 Fachgebiet Technische Informatik, Joachim Zumbrägel Overview Security Type of attacks Firewalls Protocols Packet filter 1 Security Security means, protect information (during
More informationLinux Security & Firewall
Linux Security & Firewall Linux is not secure No computer system can ever be "completely secure". make it increasingly difficult for someone to compromise your system. The more secure your system, the
More informationCyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems
Cyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems Section 1: Command Line Tools Skill 1: Employ commands using command line interface 1.1 Use command line commands to gain situational
More informationComputer Security and Privacy
CSE P 590 / CSE M 590 (Spring 2010) Computer Security and Privacy Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for
More informationVII. Corente Services SSL Client
VII. Corente Services SSL Client Corente Release 9.1 Manual 9.1.1 Copyright 2014, Oracle and/or its affiliates. All rights reserved. Table of Contents Preface... 5 I. Introduction... 6 Chapter 1. Requirements...
More informationNetwork Implementation
CS 256/456: Operating Systems Network Implementation John Criswell! University of Rochester 1 Networking Overview 2 Networking Layers Application Layer Format of Application Data Transport Layer Which
More informationCompTIA Network+ Course
CompTIA Network+ Course Duration: 5 Days Course Delivery: Classroom Language: English Target Audience Comprehensive approach to both preparing a student for CompTIA's Network+ exam and developing proficiency
More informationLinux Network Administration
Secure Remote Connections with OpenSSH Objective At the conclusion of this module, the student will be able to: Configure the ssh daemon start, stop, and restart sshd 17 January 2005 NETW 111 - SSH 2 SSH
More informationFirewalls. IT443 Network Security Administration Slides courtesy of Bo Sheng
Firewalls IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Internet Security Mechanisms Prevent: Firewall, IPsec, SSL Detect: Intrusion Detection Survive/ Response: Recovery, Forensics
More informationPractical Magic with SSH. By David F. Skoll Roaring Penguin Software Inc. 1 February
Practical Magic with SSH By David F. Skoll Roaring Penguin Software Inc. 1 February 2001 http://www.roaringpenguin.com dfs@roaringpenguin.com Overview of Presentation Why SSH? Problems with Telnet & Friends
More informationConfiguring LDAP. Finding Feature Information
This chapter describes how to configure the Lightweight Directory Access Protocol (LDAP) on Cisco NX-OS devices. This chapter includes the following sections: Finding Feature Information, page 1 Information
More informationHP HP-UX Networking and Security. Download Full Version :
HP HP0-094 HP-UX Networking and Security Download Full Version : https://killexams.com/pass4sure/exam-detail/hp0-094 QUESTION: 168 In order to restrict the access to the /etc/passwd file through ftp, which
More informationExam Questions SY0-401
Exam Questions SY0-401 CompTIA Security+ Certification https://www.2passeasy.com/dumps/sy0-401/ 1. A company has implemented PPTP as a VPN solution. Which of the following ports would need to be opened
More informationAddresses, Protocols, and Ports Reference
APPENDIXA Addresses, Protocols, and Ports Reference This appendix provides a quick reference for the following topics: IP Addresses and Subnet Masks Protocols and Applications TCP and UDP Ports ICMP Types
More informationAdvanced Security and Mobile Networks
WJ Buchanan. ASMN (1) Advanced Security and Mobile Networks Unit 1: Network Security Application Presentation Session Transport Network Data Link Physical OSI Application Transport Internet Internet model
More informationTCP wrappers and IP filtering (UKERNA security workshop)
CP wrappers and P filtering (KA security workshop) eorge oss gdmr@dcs.ed.ac.uk ovember 22nd 2000 gdmr@dcs.ed.ac.uk KA workshop: P filtering 2000/11/22 (v2.6) ntroduction 1 his talk is based on our experiences
More informationIntroduction to TCP/IP
Introduction to TCP/IP Properties and characteristics of TCP/IP IPv4 IPv6 Public vs private vs APIPA/link local Static vs dynamic Client-side DNS settings Client-side DHCP Subnet mask vs CIDR Gateway TCP/IP
More informationNetworking and Health Information Exchange: ISO Open System Interconnection (OSI)
Networking and Health Information Exchange: ISO Open System Interconnection (OSI) Lecture 4 Audio Transcript Slide 1 Welcome to Networking and Health Information Exchange, ISO Open System Interconnection
More informationTCP/IP Protocol Suite and IP Addressing
TCP/IP Protocol Suite and IP Addressing CCNA 1 v3 Module 9 10/11/2005 NESCOT CATC 1 Introduction to TCP/IP U.S. DoD created the TCP/IP model. Provides reliable data transmission to any destination under
More informationASA/PIX Security Appliance
I N D E X A AAA, implementing, 27 28 access to ASA/PIX Security Appliance monitoring, 150 151 securing, 147 150 to websites, blocking, 153 155 access control, 30 access policies, creating for web and mail
More informationCS321: Computer Networks FTP, TELNET, SSH
CS321: Computer Networks FTP, TELNET, SSH Dr. Manas Khatua Assistant Professor Dept. of CSE IIT Jodhpur E-mail: manaskhatua@iitj.ac.in FTP File Transfer Protocol (FTP) is the standard protocol provided
More informationStudy Abroad Programme
MODULE SPECIFICATION UNDERGRADUATE PROGRAMMES KEY FACTS Module name Module code School Department or equivalent Networks and Operating Systems IN2011 Mathematics, Computer Science and Engineering Department
More informationinside: THE MAGAZINE OF USENIX & SAGE June 2002 volume 27 number 3 SECURITY PROTOWRAP by Gunnar Wolf
THE MAGAZINE OF USENIX & SAGE June 2002 volume 27 number 3 inside: SECURITY PROTOWRAP by Gunnar Wolf y & The Advanced Computing Systems Association & The System Administrators Guild protowrap by Gunnar
More informationProtocol Layers, Security Sec: Application Layer: Sec 2.1 Prof Lina Battestilli Fall 2017
CSC 401 Data and Computer Communications Networks Protocol Layers, Security Sec:1.5-1.6 Application Layer: Sec 2.1 Prof Lina Battestilli Fall 2017 Outline Computer Networks and the Internet (Ch 1) 1.1
More informationConfigure Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) Service Settings on a Switch
Configure Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) Service Settings on a Switch Objective Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) are transportation
More informationELEC5616 COMPUTER & NETWORK SECURITY
ELEC5616 COMPUTER & NETWORK SECURITY Lecture 17: Network Protocols I IP The Internet Protocol (IP) is a stateless protocol that is used to send packets from one machine to another using 32- bit addresses
More informationChapter 6 Global CONFIG Commands
Chapter 6 Global CONFIG Commands aaa accounting Configures RADIUS or TACACS+ accounting for recording information about user activity and system events. When you configure accounting on an HP device, information
More informationSecuring CS-MARS C H A P T E R
C H A P T E R 4 Securing CS-MARS A Security Information Management (SIM) system can contain a tremendous amount of sensitive information. This is because it receives event logs from security systems throughout
More informationFundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin,
Fundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin, ydlin@cs.nctu.edu.tw Chapter 1: Introduction 1. How does Internet scale to billions of hosts? (Describe what structure
More informationAdvanced Security and Forensic Computing
Advanced Security and Forensic Computing Unit 2: Network Security Elements Dr Dr Bill Buchanan, Reader, School of of Computing. >Unit 2: 2: Network Security Elements Advanced Security and Forensic Computing
More informationRHCSA BOOT CAMP. Network Security
RHCSA BOOT CAMP Network Security TCP WRAPPERS TCP Wrappers was originally written to provide host based access control for services which did not already include it. It was one of the first firewalls of
More informationOSI Model with Protocols. Layer Name PDU Address Protocols Device
NetEss Name: Networking Essentials Prof. CHIN OSI Model with Protocols Layer Name PDU Address Protocols Device 7 Application Data FTP, SSH, Telnet, SMTP, DNS TFTP,HTTP, POP3, IMAP, HTTPS 6 Presentation
More information20-CS Cyber Defense Overview Fall, Network Basics
20-CS-5155 6055 Cyber Defense Overview Fall, 2017 Network Basics Who Are The Attackers? Hackers: do it for fun or to alert a sysadmin Criminals: do it for monetary gain Malicious insiders: ignores perimeter
More informationCCNA R&S: Introduction to Networks. Chapter 10: The Application Layer
CCNA R&S: Introduction to Networks Chapter 10: The Application Layer Frank Schneemann 10.0.1.1 Introduction 10.0.1.2 Activity - Application Investigation 10.1.1.1 OSI and TCP/IP Models Revisited The application
More informationStateless Firewall Implementation
Stateless Firewall Implementation Network Security Lab, 2016 Group 16 B.Gamaliel K.Noellar O.Vincent H.Tewelde Outline : I. Enviroment Setup II. Today s Task III. Conclusion 2 Lab Objectives : After this
More informationSnort Rules Classification and Interpretation
Snort Rules Classification and Interpretation Pop2 Rules: Class Type Attempted Admin(SID: 1934, 284,285) GEN:SID 1:1934 Message POP2 FOLD overflow attempt Summary This event is generated when an attempt
More informationTopexam. 一番権威的な IT 認定試験ウェブサイト 最も新たな国際 IT 認定試験問題集
Topexam 一番権威的な IT 認定試験ウェブサイト http://www.topexam.jp 最も新たな国際 IT 認定試験問題集 Exam : EX0-106 Title : SCNS Tactical Perimeter Defense Vendors : EXIN Version : DEMO Get Latest & Valid EX0-106 Exam's Question and
More informationAvaya Port Matrix: Avaya Diagnostic Server 3.0
Avaya Matrix: Avaya Diagnostic Server 3.0 Issue 2.0 February 208 ALL INFORMATION IS BELIEVED TO BE CORRECT AT THE TIME OF PUBLICATION AND IS PROVIDED "AS IS". AVAYA INC. DISCLAIMS ALL WARRANTIES, EITHER
More informationb) Diverse forms of physical connection - all sorts of wired connections, wireless connections, fiber optics, etc.
Objectives CPS221 Lecture: Layered Network Architecture last revised 6/22/10 1. To discuss the OSI layered architecture model 2. To discuss the specific implementation of this model in TCP/IP Materials:
More informationModular Policy Framework. Class Maps SECTION 4. Advanced Configuration
[ 59 ] Section 4: We have now covered the basic configuration and delved into AAA services on the ASA. In this section, we cover some of the more advanced features of the ASA that break it away from a
More informationLinux Administration
Linux Administration This course will cover all aspects of Linux Certification. At the end of the course delegates will have the skills required to administer a Linux System. It is designed for professionals
More informationSpecialized Programme on Internetworking Design and LAN WAN Administration
Specialized Programme on Internetworking Design and LAN WAN Administration OBJECTIVE OF THE PROGRAMME The main objective of the programme is to build capacity of the professionals drawn from industry,
More informationChapter 8 roadmap. Network Security
Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e-mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7 Securing
More informationData Communications and Networks Spring Syllabus and Reading Assignments
Data Communications and Networks Spring 2018 Syllabus and Assignments Revision Date: January 24, 2018 Course : This course teaches the design and implementation techniques essential for engineering robust
More information1. Which OSI layers offers reliable, connection-oriented data communication services?
CCNA 1 Practice Final Exam Answers v4.0 100% 1. Which OSI layers offers reliable, connection-oriented data communication services? application presentation session transport network 2. Refer to the exhibit.
More informationFirewalls. Firewall. means of protecting a local system or network of systems from network-based security threats creates a perimeter of defense
FIREWALLS 3 Firewalls Firewall means of protecting a local system or network of systems from network-based security threats creates a perimeter of defense administered network public Internet firewall
More informationCSC 4900 Computer Networks: Security Protocols (2)
CSC 4900 Computer Networks: Security Protocols (2) Professor Henry Carter Fall 2017 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message Integrity 8.4 End point Authentication
More informationGuide to Networking Essentials, 6 th Edition. Chapter 5: Network Protocols
Guide to Networking Essentials, 6 th Edition Chapter 5: Network Protocols Objectives Describe the purpose of a network protocol, the layers in the TCP/IP architecture, and the protocols in each TCP/IP
More informationCPS221 Lecture: Layered Network Architecture
CPS221 Lecture: Layered Network Architecture Objectives last revised 9/8/14 1. To discuss the OSI layered architecture model 2. To discuss the specific implementation of this model in TCP/IP Materials:
More informationRussian Cyber Attack Warning and Impact on AccessEnforcer UTM Firewall
Russian Cyber Attack Warning and Impact on AccessEnforcer UTM Firewall 1 U.S. and U.K. authorities last week alerted the public to an on-going effort to exploit network infrastructure devices including
More informationNetworking and Health Information Exchange Unit 1a ISO Open Systems Interconnection (OSI) Slide 1. Slide 2. Slide 3
Slide 1 Networking and Health Information Exchange Unit 1a ISO Open Systems Interconnection (OSI) Networking and Health Information Exchange Unit 1a ISO Open Systems Interconnection (OSI) Slide 2 Unit
More informationStream Control Transmission Protocol - Wikipedia, the free encyclopedia
Page 1 of 9 Stream Control Transmission Protocol From Wikipedia, the free encyclopedia In the field of The five-layer TCP/IP model 5. Application layer DHCP DNS FTP Gopher HTTP IMAP4 IRC NNTP XMPP MIME
More informationUniversity of Southern California EE450: Introduction to Computer Networks
University of Southern California EE450: Introduction to Computer Networks Catalog Description Network architectures; Layered protocols, Network service interface; Local Networks; long-haul Networks; Internal
More informationUnit 4: Firewalls (I)
Unit 4: Firewalls (I) What is a firewall? Types of firewalls Packet Filtering Statefull Application and Circuit Proxy Firewall services and limitations Writing firewall rules Example 1 Example 2 What is
More informationSecuring Linux Systems Before Deployment
Securing Linux Systems Before Deployment Richard Williams Senior Support Services Specialist Symark Why secure Linux systems? Your Linux enterprise installation is growing Assets on Linux systems are becoming
More informationTestOut Routing and Switching Pro - English 6.0.x COURSE OUTLINE. Modified
TestOut Routing and Switching Pro - English 6.0.x COURSE OUTLINE Modified 2017-07-10 TestOut Routing and Switching Pro Outline- English 6.0.x Videos: 133 (15:42:34) Demonstrations: 78 (7:22:19) Simulations:
More information