Hervey Allen. Network Startup Resource Center. PacNOG 6: Nadi, Fiji. Security Overview

Similar documents
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

NETWORK SECURITY HACKS

CTS2134 Introduction to Networking. Module Network Security

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

NETWORK SECURITY HACKS *

CMPT 471 Networking II

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

information security and its Describe what drives the need for information security.

Directory and File Transfer Services. Chapter 7

Codes of Connection for Devices Connected to Newcastle University ICT Network

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

What is included in the ATRC server support

Payment Card Industry Self-Assessment Questionnaire

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

Guidelines for Website Security and Security Counter Measures for e-e Governance Project

Information Technology Career Cluster Advanced Cybersecurity Course Number:

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

Linux Operating System Security

SSL Tunnels. Introduction

Securing Linux Servers Best Practice Document

Altus UC Security Overview

LINUX SECURITY COOKBOOK. DanieIJ. Barren, Richard E Silverman, and Robert G. Byrnes

Linux Network Security

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

SCP - Strategic Infrastructure Security

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Secure Software Programming and Vulnerability Analysis

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0.

Today s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, Concepts.

Web Application Security

DiamondStream Data Security Policy Summary

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

HP Education Services

CS 640 Introduction to Computer Networks. Network security (continued) Key Distribution a first step. Lecture24

CS5008: Internet Computing

ISP Best Practices. Addressing a DDoS Attack on a Host. Hervey Allen Network Startup Resource Center

Linux Server Support by Applied Technology Research Center. Proxy Server Configuration

Microsoft Systems Architecture 2.0 (MSA 2.0) Security Review An analysis by Foundstone, Inc.

GE Measurement & Control. Cyber Security for NEI 08-09

Network Security. Mike Trice, Network Engineer Richard Trice, Systems Specialist Alabama Supercomputer Authority

INFORMATION SECURITY TRAINING CATALOG (2015)

CS2107 Introduction to Information and System Security (Slid. (Slide set 8)

SonicWALL PCI 1.1 Implementation Guide

Developing Network Security Strategies

Firewalls. Ola Flygt Växjö University, Sweden Firewall Design Principles

IDS 4.0 Roadshow. Module 1- IDS Technology Overview. 2003, Cisco Systems, Inc. All rights reserved. IDS Roadshow

Firewall Server 7.2. Release Notes. What's New in Firewall Server 7.2

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

What is Web Security? Motivation

3 Days Course on Linux Firewall & Security Administration

Linux Boot Camp. Our Lady of the Lake University Computer Information Systems & Security Department Kevin Barton Artair Burnett

Who is Watching You? Video Conferencing Security

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

CCM 4350 Week 11. Security Architecture and Engineering. Guest Lecturer: Mr Louis Slabbert School of Science and Technology.

Sample Report. Security Test Plan. Prepared by Security Innovation

Information Security Measures and Monitoring System at BARC. - R.S.Mundada Computer Division B.A.R.C., Mumbai-85

Linux VPS with cpanel. Getting Started Guide

Security Audit Report for ACME Corporation

Host Hardening. OS Vulnerability test. CERT Report on systems vulnerabilities. (March 21, 2011)

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Network Security Guidelines. e-governance

A REVIEW OF METHODS FOR SECURING LINUX OPERATING SYSTEM

74% 96 Action Items. Compliance

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

modules 1 & 2. Section: Information Security Effective: December 2005 Standard: Server Security Standard Revised: Policy Ref:

Open Source Security Tools

Unix Network Security

TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM

VMware vcenter Log Insight Security Guide

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management

A43. Modern Hacking Techniques and IP Security. By Shawn Mullen. Las Vegas, NV IBM TRAINING. IBM Corporation 2006

Sitefinity Security and Best Practices

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

Payment Card Industry (PCI) Data Security Standard

Firewall implementation and testing

Network Security. Computer Security & Forensics. Security in Compu5ng, Chapter 7. l Network Defences. l Firewalls. l Demilitarised Zones

STABLE & SECURE BANK lab writeup. Page 1 of 21

CRYPTUS DIPLOMA IN IT SECURITY

Information Technology Career Cluster Introduction to Cybersecurity Course Number:

Nessus. A short review of the Nessus computer network vulnerability analysing tool. Authors: Henrik Andersson Johannes Gumbel Martin Andersson

Hands-on Hacking Unlimited

State of Wisconsin DET File Transfer Protocol Service Offering Definition (FTP & SFTP)

Locking down a Hitachi ID Suite server

Five Steps to Improve Internal Network Security. Chattanooga ISSA

Security Type of attacks Firewalls Protocols Packet filter

Getting Started in Red Hat Linux An Overview of Red Hat Linux p. 3 Introducing Red Hat Linux p. 4 What Is Linux? p. 5 Linux's Roots in UNIX p.

Transcription:

Hervey Allen Network Startup Resource Center PacNOG 6: Nadi, Fiji Security Overview

Security: A Massive Topic Security Viewpoints - Server - Client - Network Securing each overlaps the other Server Client Network So, what do we talk about?

Security: Network Network Security Keeping intruders out Resisting Denial of Service attacks Maintaining reliable service (see above) Assisting with your organization s reputation - You have compromised clients on your network. Don t let this cause problems for others. Authenticate data sources as they enter your network.

Security: Server Server-Side Security Keeping intruders out Resisting Denial of Service attacks Maintaining data on your server confidential Verifying the integrity of data on your server Authenticate user access to your server and services

Security: Client Client-Side Security Keeping intruders out Maintaining the confidentiality of your data Maintaining the integrity of your data Authenticating access to your resources

Security Overlap As you can see the overlap is pervasive. What s the reality as a system or network administrator? What can and should you do? Lots! Protect your clients and assume they are compromised. - But, keep on training them about security.

Steps to Take: Network Engineer your network with security in mind. What s behind routers and switches? Collect data needed to know what is happening on your network and to be able to investigate further. Back up network configurations. Use ingress/egress rules on routers. Enable flows (as possible) Prepare for DDoS attacks.

Steps to Take: Server Back up your data! Turn off unnecessary services Monitor your server and services Enforce security policies (passwords, backups) Learn how to enable firewalls if necessary, and block access to services as needed Create a disaster contingency plan Scan for security weaknesses

Steps to Take: Client Don t run unnecessary services (surprise!) Use anti-viral and anti-malware software Back up your data! Think about how to recover in case of disaster Use encryption (ssh, pgp, https/ssl) Be aware of physical security

Client-Server Security Steps Maintaining Confidentiality - Correct user and file permissions. - Strong passwords. - Trusting your users. - Use of good cryptographic methods - Be aware of physical security

Client-Server Security Steps Ensuring Integrity - Backup, backup, backup. - Revision control. - Intrusion detection systems (IDS). This is hard - Log and use log-watching software

Client-Server Security Steps Authenticating Access - Trusted users. - Strong passwords. - Public/Private keys. - Maintain accounts properly. - Correct user/group/file permissions. - Scan and watch for SUID and SGID. - Restrict root/administrator access

Client-Server Security Steps Other Bits and Pieces - Update and patch installed software - Run only the services you use - Use secure passwords or keys - Consider quotas if necessary - Use tcpwrappers, iptables (firewall software) - Scan and watch for SUID and SGID. - Restrict root/administrator access to your computer as well as to services

Security: Types of Attacks Attacks on Your Server(s) - Buffer overflow - Passive attacks, such as sniffers, traffic analysis (ngrep, dsniff). - Active attacks: - e.g. Connection hijacking, IP source spoofing, exploitation of weaknesses in IP stack or applications, scans like nmap. - Denial of Service attacks: e.g. synflood. - Man in the middle attacks: Hijacking services. - Network scans for holes (ssh, MySQL injection, script attacks on http, etc.)

Security: Simplify To see what is running use: lsof -i netstat -an -f inet ps auxwww more sockstat -4 what each and every item is. Simplify, simplify, simplify remove any and all services you are not using.

Security: Cryptographic Offerings Provide (almost) Only Secure Access to Services you are Running POP/IMAP with SSL only. Use TLS-Enabled SMTP. Remove Telnet replace with SSH. Remove FTP replace with SCP or SFTP. Anonymous FTP is OK, but be careful if you allow user uploads. Require HTTPS (HTTP over SSL) for sensitive information.

Security: Stay Up-to-Date Be sure that you track all the services you are running. If you run Bind (DNS), Apache (Web), Exim/ Postfix/Sendmail/Qmail (MTA) then subscribe to the appropriate security mailing lists for each. Subscribe to generic security mailing lists that pertain to your OS or Linux version. Subscribe to general security lists.

Security-Related Mailing Lists General security mailing lists - BugTraq: http://www.securityfocus.com/ - CERT: http://www.cert.org/ - Rootshell: http://www.rootshell.com/ For Apache, Bind, Exim and SSH - http://www.apache.org/ - http://www.isc.org/ (Bind) - http://www.exim.org/ - http://www.openssh.org/

Server Security a Few More Steps Logging Monitoring Backing Up Testing Logging: we will cover this separately Monitoring: We ve already covered this

Server Security: Backup Pretty hard to stress this more. If your security is compromised what will you do without a backup? A few basic items to consider are: - What needs to be backed up. - How often do you need to backup? - Where will your backup media be in case of disaster (fire, flood, earthquake, theft)? - What happens in case of total loss? - What tools will you use? Tar, Arkeia, cpio, Amanda, Bacula, rsync, dd, other?

Server Security: Backup Details What do you want to backup? What do you need to backup? - User data - System configuration files - Operating system files How often must you backup? What is the backup rotation? Daily, weekly, monthly, semi-annually, yearly? What type of backup media are you going to use? Will you use the same media and software for each piece of your backup process? Where will you backup your data? Where will you keep copies of your backups? Have you tested your backups? I.E. have you tried a restore? What will you do if you lose your server? Do you have a place to restore your data in this case?

Server Security: Backup Tools Arkeia: commercial product: http://www.arkeia.com/ http://nsrc/security/#backups dd: convert and copy a file. man dd dd if=/dev/sda of=/dev/fd0/bootsector.bin bs=512 count=1 Backs up a boot sector to a floppy dd if=/dev/fd0/bootsector.bin of=/dev/sda bs=512 count=1 Recovers from floppy to sda. Be very careful doing this!

Server Security: Backup Tools cpio: copy files to and from archives: cpitool: http://www.nickb.org/utils/ man cpio dump: ext2/ext3 filesystem backup. man dump rsync: remote copy. man rsync. tar: read man tar (impressive!)

Server Security: Backup Examples You can use ssh and tar together to quickly backup parts of your server. For instance, to backup all home directories to another server as a single image: root@machine1# tar xzvf - /home/ \ ssh machine2 cat > machine1-homes.tgz Or, you can use rsync over ssh if you wish to keep directories synchronized between two locations: rsync -ave ssh remote:/home/docs.

Server Security: Backup Examples Later today we'll discuss ssh and the use of ssh keys to connect to a remote machine without passwords and use encryption. If in /etc/cron.daily/sync-web you do the following: rsync -ae ssh /var/www/html/ backup.machine:/var/www/html/ This recursively copies your root web documents to a backup machine using rsync via ssh. Use --delete to remove remote copies of files deleted locally.

Security: Backup with rsync Real World Example /usr/bin/rsync -avzprl -e "/usr/bin/ssh -i /var/www/backups/ afnog.org.freebsd/afnog-back-rsync-key -l root@afnog.org" root@afnog.org:'/etc /usr/local/libexec/autoreply /usr/ local/mailman /usr/local/www /var/lib /root' /var/www/ backups/afnog.org.freebsd/daily What is this doing?

Server Security: Testing Once you have in place what you believe to be a secure server try connecting to it from an external machine. Verify that your security model works as expected. Try circumventing your own rules. Run a security scanner against your server (your network as well?). A nice tool to run against your server is Nessus. You can find this product here: http://www.nessus.org/ Or, you might try nmap: http://www.insecure.org/nmap/

Security: Use of nmap Network MAPper

Network Security General Ideas - Set up proper ingress and egress filters on your routers. - Be sure to not route known bogus addresses. - Use ssh on your routers, switches and anything you log in to remotely (or can log in on remotely) - If you have budget build in extra capacity to deal with active attacks - Back up your configurations! (RANCID)

Network Security Cont. General Ideas cont: - Don t share your network topology with everyone. This can be used to find known weaknesses - Prepare for DDoS attacks. You are very likely to experience one at some point. - Remember physical security of your equipment - Know where your equipment is (Documentation). - Patch software versions when necessary.

References CERT (Coordinated Emergency Response Team) http://www.cert.org/ and http://www.us-cert.gov/cas/index.html SANS Computer Security and Mailing Lists http://www.sans.org/ and http://www.sans.org/newsletters/risk/ Nice List of Security Resources for Linux/UNIX http://www.yolinux.com/tutorials/linuxsecuritytools.html Nessus Security Auditing Package http://nessus.org/ nmap: Network exploration tool and security scanner http://www.insecure.org/nmap/ O'Reilly Books http://www.oreilly.com/ Security Documents from nsrc.org http://nsrc.org/security/

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information