TELE 301 Lecture 8: Post

Similar documents
10 Defense Mechanisms

LINUX ADMINISTRATION TYBSC-IT SEM V

TCP Wrapper. Provides host-based access control to network services

Xinted. 1.1 Brief introduction. 1.2 Configuration of Xinetd

Preface to the First Edition Preface to the Second Edition Acknowledgments UNIX Operating System Environment p. 1 UNIX: Past and Present p.

DoS Attacks Malicious Code Attacks Device Hardening Social Engineering The Network Security Wheel

CSE 265: System and Network Administration

Chapter 3: Client-Server Paradigm and Middleware

Services and Security

Lecture 10 Overview!

Security. Advanced Operating Systems and Virtualization Alessandro Pellegrini A.Y. 2017/2018

Securing Linux Systems Before Deployment

7 Distributed File Systems

HP HP-UX Networking and Security. Download Full Version :

Software Engineering 4C03 Answer Key

IBM AIX Operating System Courses

RFC RFC. Configuring FTP Server. FTP Clients

Networking Operating Systems (CO32010)

Linux Security & Firewall

Q) Q) What is Linux and why is it so popular? Answer - Linux is an operating system that uses UNIX like Operating system...

INSE 6130 Operating System Security

MultiBase and Cosmos. Particularities about the database engine installation on client-server architecture. BASE 100, S.A.

Introduction to UNIX/LINUX Security. Hu Weiwei

TELE301 Lab16 - The Secure Shell

UNIT V Introduction to Application Layer HTTP Non persistent versus Persistent Connections Non persistent Connections

Operating System Security. 0Handouts: Quizzes ProsoftTraining All Rights Reserved. Version 3.07

CS 716: Introduction to communication networks th class; 11 th Nov Instructor: Sridhar Iyer IIT Bombay

Lecture 08: Networking services: there s no place like

OPERATING SYSTEMS. Božo Krstajić, PhD, University of Montenegro Podgorica.

Troubleshooting TFTP Problems on Resource Manager Essentials

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

Network Working Group. Category: Informational July 1997

Check List: Linux Machines

Computer Science 3CN3 and Software Engineering 4C03 Final Exam Answer Key

FreeBSD Security Advisories

Linux Networking: network services

Interprocess Communication Mechanisms

shared storage These mechanisms have already been covered. examples: shared virtual memory message based signals

OS security mechanisms:

Avaya Port Matrix: Avaya Aura Performance Center 7.1

Network security session 9-2 Router Security. Network II

Basic File Transfer Services Commands

Practical Magic with SSH. By David F. Skoll Roaring Penguin Software Inc. 1 February

The basic server algorithm. Server algorithms and their design. Problems with the simple server? Servers. overview ofaserver

CCNA Exploration Network Fundamentals. Chapter 3 Application Layer Functionality and Protocols

A Study on Intrusion Detection Techniques in a TCP/IP Environment

ECE 435 Network Engineering Lecture 17

Cisco WAAS Software Command Summary

Tcpdump. For this exercise you must again be root. Login and obtain root privileges: Note that we use three computers for this exercise.

CMPE 151: Network Administration. Servers

Exercise Sheet 2. (Classifications of Operating Systems)

Configuring Basic File Transfer Services

Processes are subjects.

ZENworks for Desktops Preboot Services

BOOTP. 1. Verify that the bootpd and bootptab files are in the correct. 2. Edit the hosts file to add the printer internet addresses and names:

UNIX System Administration

Operating Systems Design Exam 3 Review: Spring Paul Krzyzanowski

ITCertMaster. Safe, simple and fast. 100% Pass guarantee! IT Certification Guaranteed, The Easy Way!

SE 4C03 Winter Final Examination Answer Key. Instructor: William M. Farmer

Strategic Infrastructure Security

Admin Guide ( Unix System Administration )

OPERATING SYSTEMS LINUX

HP-UX Security I. Ideal candidate for this course Experienced system and network administrators responsible for securing and monitoring HP-UX systems

Introduction to Change and Configuration Management

Objectives. Classes of threats to networks. Network Security. Common types of network attack. Mitigation techniques to protect against threats

1. Add these options in kernel configuration file and recompile the kernel

Blacklist'd. A daemon to manage network attacks. Christos Zoulas

Linux Network Administration

Implementing Secure Shell

Avaya Port Matrix: Avaya Proprietary Use pursuant to the terms of your signed agreement or Avaya policy.

Memory-Mapped Files. generic interface: vaddr mmap(file descriptor,fileoffset,length) munmap(vaddr,length)

UNIX Sockets. Developed for the Azera Group By: Joseph D. Fournier B.Sc.E.E., M.Sc.E.E.

FreeBSD Security Advisories (1)

EXAMGOOD QUESTION & ANSWER. Accurate study guides High passing rate! Exam Good provides update free of charge in one year!

CS321: Computer Networks FTP, TELNET, SSH

Outline. What is TCP protocol? How the TCP Protocol Works SYN Flooding Attack TCP Reset Attack TCP Session Hijacking Attack

SSH. Partly a tool, partly an application Features:

Application Layer: OSI and TCP/IP Models

ECE 650 Systems Programming & Engineering. Spring 2018

ITEM Y N N/A 1. ACCOUNT ADMINISTRATION 2. SYSTEM ADMINISTRATION

Server algorithms and their design

Foundations of Python

Sair 3X Linux Security, Privacy and Ethics (Level 1)

StormTracker EMS 2.3 Installation Instructions. Contents. Document Number EMS-A2-GN10-00 July 2002

SCP SC SC0-471 Strategic Infrastructure Security. Practice Test. Version

Security for All Jaqui Lynch

I N D E X. Numerics. 3DES (triple Data Encryption Standard), 199

INSTITUTE OF AERONAUTICAL ENGINEERING (Autonomous) Dundigal, Hyderabad

CompTIA Linux Course Overview. Prerequisites/Audience. Course Outline. Exam Code: XK0-002 Course Length: 5 Days

Operating Systems. Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring Paul Krzyzanowski. Rutgers University.

Chapter 11: It s a Network. Introduction to Networking

CS 416: Operating Systems Design April 22, 2015

EEC-682/782 Computer Networks I

TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the local terminal appears to be the

MODELS OF DISTRIBUTED SYSTEMS

Chapter 11: Networks

Datasäkerhet/Data security EDA625 Lect5

VB Socket Visual Basic socket implementation

FreeBSD Security Advisories

Project 4: Penetration Test

Transcription:

Last Lecture System installation This Lecture Post installation Next Lecture Wireless networking Overview TELE 301 Lecture 8: Post 1

Post-configuration Create user accounts and environments Sort out the access rights of different user groups Configure syslogd and klogd for log messages Important for monitoring the system status and security Automate administrative tasks Check and filter logs, clean disk space, intrusion detection Security of the system Is my system protected from potential risks? Hardware, data, and services are well protected? Privacy is protected? TELE 301 Lecture 8: Post 2

TELE 301 Lecture 8: Post 3 Unix maze

TELE 301 Lecture 8: Post 4 Attack paths

Security issues Protect your physical equipment Locked in a secure room? Keyboard and power and reset buttons are accessible to attackers? Floppy drive and CD-ROM are accessible to attackers? Password is set for BIOS/EFI? Is it possible for a Trojan horse to be installed? Detect potential attacks from Internet Check log files and alert the SA by email Remove unnecessary and insecure services TELE 301 Lecture 8: Post 5

Security issues (cont.) Protect your system from attacks Path= (.:/bin:/sbin: Avoid weak passwords: use a password suite to enforce certain rules Shadow passwords: /etc/shadow Close unneeded network ports Check file system ownership and permissions: find permission problems Use the least privilege rule for any user/program Stale and unnecessary accounts Avoid dangerous software with root privilege Tools for automatically checking file system changes Update old software versions TELE 301 Lecture 8: Post 6

Close weak doors The following services should be turned off finger NFS, mountd rsh, rcp, rlogin, and rexec talk echo and chargen TFTP Internal inetd services Any other unnecesary services TELE 301 Lecture 8: Post 7

BIOS/EFI setup BIOS/EFI Can control peripherals such as hard disks and read (limited) data from them BIOS/EFI setup Boot Set up bootup features such as boot device priority Security Set passwords for the PC TELE 301 Lecture 8: Post 8

Hardware awareness To have reasonable knowledge about hardware is essential for SAs Read instructions in a manual Interfaces and connectors Handling components: wear a conductive wrist strap or touch the metal casing of PC Disks Memory chips Interface cards for devices such as monitors TELE 301 Lecture 8: Post 9

Hardware awareness (cont.) Weather and environment affect computers Lightning: electronic spike protector Power: UPS is necessary for critical services Heat: <25 degree C Cold: > 5 degree C Airconditioning TELE 301 Lecture 8: Post 10

Services Different services from Internet FTP, SSH, NFS, WWW, DNS,... Client/server model Request and respond Proxies and agents Services can be offered by proxies Reasons: security and caching TELE 301 Lecture 8: Post 11

Services Server programs (for services) are called daemons Two ways to start up daemons Directly Indirectly by inetd when needed Need to configure /etc/services for new services/daemons Normally daemons are started up when the system boots up (from the startup scripts /etc/rc.d) Each service uses a socket bound to a unique port number (well-known ports for well-known services) TCP wrapper: tcpd Allow access control to network services using hosts.allow and hosts.deny TELE 301 Lecture 8: Post 12

Network daemons Daemons provide application services via the network A daemon binds to a port, most commonly a well-known TCP/ UDP port, and waits for incoming connections on it. If one occurs, the daemon accepts the connection, creates a child process that services the connection, while the parent continues to listen for further requests Normally one service needs one daemon and at least one instance of every possible service you wish to provide must be active in memory at all times Problems with many daemons Most daemons are not frequently used but occupy memory space To overcome these inefficiencies, most UNIX systems run a special network daemon inetd TELE 301 Lecture 8: Post 13

The inetd super server Super Server inetd Internet Daemon (port number of the daemon?) It is started at system boot time and takes the list of services it is to manage from a startup file named /etc/inetd.conf The configuration file inetd.conf An entry in the file /etc/inetd.conf consists of a single line made up of the following fields service type protocol wait user server cmdline If you want to start up some service, you should add a line in the file for that service Use kill -hup to inform inetd to re-read the configuration file TELE 301 Lecture 8: Post 14

The inetd super server (cont.) Fields in each line of inetd.conf service: gives the service name. The name is translated to a port number by looking it up in the /etc/services file type: specifies a socket type, either stream or dgram (connection-oriented or connection-less) protocol: gives the name of the transport protocol used by the service, e.g. tcp or udp. The names have to be valid protocols listed in /etc/protocols user: owner of the server when it is running Normally root, but sometimes may be nobody. Use the principle of least privilege. TELE 301 Lecture 8: Post 15

The inetd super server (cont.) wait: It can be either wait or nowait. If wait is specified, inetd executes only one server for the specified port at any time; otherwise, it immediately continues to listen on the port after starting the server and may start multiple instances of servers at the same time For most RPC (remote procedure call) servers specify wait; for multi-threaded servers specify nowait server: full path of the server program cmdline: the command line arguments to be passed to the server TELE 301 Lecture 8: Post 16

The inetd super server (cont.) How inetd works? Listens for connections on certain internet sockets (depending on the content of inetd.conf) When a connection is found on one of its sockets, it decides what service the socket corresponds to, and invokes a program to service the request The daemon repeats the above steps. Insecure servers should be removed from inetd.conf finger, tftp, ftp, telnet, rsh, rlogin, rexec, etc. Use netstat -a to show all listened ports For more information about inetd, man inetd TELE 301 Lecture 8: Post 17

TCP wrapper tcpd tcpd is used to monitor incoming requests for telnet, finger, ftp, exec, rsh, rlogin, tftp, and other services that have a one-to-one mapping onto executable files Operation is as follows: whenever a request for a service arrives, the inetd daemon is tricked into running the tcpd program instead of the desired server. tcpd logs the request and does some additional checks. If all is well, tcpd runs the appropriate server program and goes away. Another way to use tcpd is to call tcpd library in programs TELE 301 Lecture 8: Post 18

TCP wrapper (cont.) Checks in tcpd Pattern access control: use hosts.allow and hosts.deny files in /etc. hosts.allow is checked first. If the incoming request matches one of the entries, the connection is allowed; otherwise, check the hosts.deny. If one of the entries matches in it, the connection is rejected. If none matches, the connection is allowed User name can be checked with the RFC 931 protocol Host name and address are checked with DNS service Protects from IP spoofing Shell commands can be executed When some suspicious connections are found, put in a log file the attacker s info. and send email to root For more information about tcpd, man 8 tcpd For more information about access pattern in hosts.allow and hosts.deny, man 5 hosts_access TELE 301 Lecture 8: Post 19

PAM Pluggable Authentication Modules (PAM) a generalized API for authentication-related services which allows a system administrator to add new authentication methods simply by installing new PAM modules, and to modify authentication policies by editing configuration files. Configuration file /etc/pam.conf or /etc/pam.d References http://www.informit.com/articles/article.aspx? p=20968&seqnum=3 http://www.kernel.org/pub/linux/libs/pam/linux-pamhtml/linux-pam_sag.html http://www.netbsd.org/guide/en/chap-pam.html TELE 301 Lecture 8: Post 20

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback