1 / 9

Linux Networking Security

Linux Networking Security. Sunil Manhapra & Ling Wang Project Report for CS691X July 15 , 1998. Approaches for Networking security. configure secure kernel always send password , sensitive data…encrypted over the network provide only necessary system services verify DNS information

zorana
Télécharger la présentation

Linux Networking Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Linux Networking Security Sunil Manhapra & Ling Wang Project Report for CS691X July 15 , 1998

  2. Approaches for Networking security • configure secure kernel • always send password , sensitive data…encrypted over the network • provide only necessary system services • verify DNS information • Firewalls • monitor the network carefully • backups (backup all the important information in case of intrusion).

  3. Project Outline • SATAN • Logcheck • Sentry • SSH

  4. SATAN is a port scanner with a web interface SATAN recognizes and reports several common network-related security problems, though it doesn’t attempt to solve them. SATAN can be configured to do light, medium, or strong checks on a machine or network of machines. Example problems SATAN can report: NFS file systems exported to arbitrary hosts or to unprivileged programs Writable anonymous FTP home directory NIS password file access from arbitrary hosts SATAN does NOT work on Red Hat 5.1 SATAN

  5. Logcheck • Log files aren’t frequently checked and mostly contain unimportant information • Automatically runs and checks system log files ,filters them,and reports security violations and unusual activities via email • It allows you to specify what kind of violations should be reported to you • 00,15,30,45 * * * * /usr/local/etc/logcheck.sh

  6. Sentry • To monitor a particular port/ports against probes • Sentry can detect and react • indicate via system log • host is dropped(entry in /etc/hosts.deny) • reconfigure to route traffic to a dead host • reconfigure to drop packets • sentry -tcp (basic port bound TCP mode) • sentry -stcp(stealth TCP scan detection) • sentry -atcp(advanced TCP stealth scan detection) • same applies for UDP also

  7. SSH (Secure Shell) • SSH is a suite of programs used as secure replacement for rlogin, rsh and rcp to allow user to login to remote system with encrypted connection. • SSH prevents man-in-the-middle attacks and DNS spoofing. • SSH can be subverted by attackers who have root access or have access to your home directory.

  8. SSH Components • Server daemon: sshd • r-Program replacements: • ssh: rlogin replacement • scp: rcp replacement • key management programs: • ssh-keygen: create authentication keys • ssh-agent: authentication agent, holds RSA authentication keys • ssh-add: register new keys with the agent • make-ssh-known-hosts: script to probe hosts on network for their public keys

  9. Tips from our Experiences • Never run any program without specifying the path • Before installing any software ,which should according to the creator,work on your system, search some relative mailing lists to find out what the problems other users had • It will never be a waste of time to read all documents before actually doing anything • Many problems can be understood and solved by looking into source code

More Related