Linux Security and Inspecting.

Uploaded on:
Category: Product / Service
Linux Security Tools. 3. Network Intelligence India Pvt. ... System Intelligence India Pvt. Ltd. Linux Architecture. Linux Kernel ...
Slide 1

© Network Intelligence India Pvt. Ltd. Linux Security & Auditing K. K. Mookhey Founder-CTO Network Intelligence India Pvt. Ltd.

Slide 2

© Network Intelligence India Pvt. Ltd. Plan History of Linux Distributions Business drivers for Linux Architecture Physical Security Operating System Security Network Security File System Security User and Group Security Application Security Linux Security Tools

Slide 3

© Network Intelligence India Pvt. Ltd. History of Linux Linus Benedict Torvalds composes an open-source working framework in 1991 Primary intention is as an examination venture around then, no other open-source Unix flavors accessible. All are restrictive and expensive. Linux turned out to be massively famous among the understudy and research group Today it is a suitable option for big business applications.

Slide 4

© Network Intelligence India Pvt. Ltd. Linux – Business Drivers IBM sold $759 million worth of Linux servers in 2001 (Dataquest) Total Linux server market evaluated at $4billion and developing quickly Oracle, Sun, HP, IBM, Novell, and other real merchants all effectively bolster Linux Open-source – infers: Cheaper expense of obtaining Possibility of more noteworthy security More adaptability in picking segments and designing them

Slide 5

© Network Intelligence India Pvt. Ltd. Linux – Distributions The Linux bit and related utilities are bundled and disseminated by various firms: Red Hat Mandrake Debian SuSE Changes: Most free appropriations are no more "free" Red Hat has halted after Fedora Mandrake requires installment for security patches SUSE has been purchased over by Novell Debian, Slackware still free

Slide 6

© Network Intelligence India Pvt. Ltd. Linux Attack Portscanner Identifies open ports Identifies running administrations Identifies Operating System Vulnerability Scanner Identifies variants and merchant of administrations Determines vulnerabilities in those Vulnerability Databases Feed in seller, programming and form number Check the vulnerabilities and check whether any endeavors accessible Portscan Report – Superscan Portscan Report - Nmap

Slide 7

© Network Intelligence India Pvt. Ltd. LINUX SECURITY

Slide 8

© Network Intelligence India Pvt. Ltd. Linux Architecture Linux Kernel – the real code that interfaces between client applications and equipment assets Hardware controllers – utilized by the portion to communicate with equipment Operating System Services – programming other than the piece that are considered part of the OS: X Windows framework, charge shell User Applications – programming other than bit and administrations: content managers, programs, and so forth

Slide 9

© Network Intelligence India Pvt. Ltd. Diagrammatically (GNU-LINUX) User Applications (GNU) OS Services (Apache, Sendmail, and so on.) KERNEL – LINUX Hardware Controllers Hardware – CPU, HDD, Keyboard, Mouse, Monitor, RAM

Slide 10

© Network Intelligence India Pvt. Ltd. Key focuses about Linux Kernel It is independently appropriated from client applications and other programming Uses modules, which can be progressively stacked For occurrence, support for FAT32 need not be altered, but rather can be included powerfully Kernel can be totally recompiled and superfluous segments can be expelled – not at all like Windows Kernel has had cradle flood vulnerabilities being found in it – exceptionally basic

Slide 11

© Network Intelligence India Pvt. Ltd. Piece Security One of the most imperative approaches to keep Linux secure is to guarantee a fixed portion Check your bit adaptation uname –a Third-party bit patches for improved security: Linux Intrusion Detection System – for guaranteeing honesty of basic documents Secure Linux Patch – avert regular cushion floods, and basic efforts to establish safety International Kernel Patch – bit level solid encryption to be inherent

Slide 12

© Network Intelligence India Pvt. Ltd. Snap and run Security Bastille Linux Available for mainstream Linux flavors You\'ll likewise require Perl-Tk Creates an arrangement of efforts to establish safety through a GUI Most of the actualized changes can be fixed Must be first keep running on "test" frameworks Demo

Slide 13

© Network Intelligence India Pvt. Ltd. Bastille-Linux preview

Slide 14

© Network Intelligence India Pvt. Ltd. Boot Security Boot setup is chosen by LILO (Linux Loader) or GRUB (Grand Unified Boot Loader) Check that one and only OS is designed to stack If required guarantee there is a section for password= in lilo.conf Also, guarantee authorizations are 600 Demo

Slide 15

© Network Intelligence India Pvt. Ltd. Working System Security Check forms top –n 1 –b ps-aux Check introduced programming rpm –q –a RPM = Red Hat Package Manager = installer bundles for programming on RH frameworks Look out for pointless bundles Also guarantee most recent variants of bundles are introduced – particularly those that are utilized by lower-favored clients: httpd, openssh, portion, sendmail, and so forth rpm –q –a | grep bit

Slide 16

© Network Intelligence India Pvt. Ltd. Cron and At Cron is utilized to calendar general occupations. At is utilized to calendar one time work later on Both can be abused to introduce time-bombs on the framework, which may all of a sudden cause the framework to breakdown Can be confined utilizing documents/and so forth/cron.allow, cron.deny , at.allow and at.deny DEMO cron.allow contains root cron.deny contains ALL

Slide 17

© Network Intelligence India Pvt. Ltd. Linux Auditing Linux examining is done utilizing syslogd Configuration record is/and so forth/syslog.conf Format is: Facility.Priority Action to be taken Facility – the application/program that is creating the logs Priority – Emerg, alarm, crit, blunder, cautioning, notice, data, troubleshoot, none Action – send it to a document, send it to support, send it by means of email, send it to another framework (loghost) Segregation of obligations – send logs to another framework, where the security director has control

Slide 18

© Network Intelligence India Pvt. Ltd. Linux Auditing – vital charges Recent logins Last login time for all clients (lethargic clients) lastlog Last fizzled logins (requires to make/var/log/btmp record) lastb Security related occasions/var/log/secure Tools for Log Analysis Swatch – continuous observing of logs Logsentry Logwatch

Slide 19

© Network Intelligence India Pvt. Ltd. Apparatuses for testing COPS Computer Oracle and Password System Outdated Checks for regular mis-arrangements, frail passwords, unreliable authorizations, and so on. TIGER Similar to COPS, yet more thorough Also not as of late upgraded TARA Most overhauled and late form of TIGER Runs utilizing shell scripts or ideally Perl

Slide 20

© Network Intelligence India Pvt. Ltd. System Security Services are begun by/and so forth/rc.d scripts and xinetd chkconfig - list chkconfig levels {numbers} {service} on|off Xinetd administrations are designed by individual records in/and so forth/xinetd.d/Open system associations netstat –antp Use the –p choice to see which procedures are in charge of which open ports Also lsof can be utilized

Slide 21

© Network Intelligence India Pvt. Ltd. System Services Possibly not required: NFS and related administrations: autofs, nfs, nfsserver, nfslock Unused systems administration administrations: steered, gated, ratvf, snmpd, named, dhcpd, dhclient, dhrelay, nscd, smb Mail Services: Sendmail, postfix Optional system and nearby administrations: atd, ldap, kudzu, rhnsd, ypbind, apache, share, quotad, myself, and so on. Printing administrations: lpr, glasses, lprng

Slide 22

© Network Intelligence India Pvt. Ltd. Xinetd Logic change from prior inetd.conf document Builds in controls like TCPWrappers and that\'s only the tip of the iceberg: Access_control: which hosts are permitted to interface and at what times Logging: which information gets logged Resource use: limits on most extreme associations bolstered, CPU use, and so forth. Others

Slide 23

© Network Intelligence India Pvt. Ltd. Trusted Hosts Entries in/and so on/hosts.equiv and/and so on/hosts.lpd are basic They permit clients from those hosts to interface without supplying a watchword! Likewise, clients can make .rhosts and .netrc documents in their home catalogs, which work comparably. Discover these too

Slide 24

© Network Intelligence India Pvt. Ltd. Telnet and FTP versus SSH Telnet and FTP are plain-message conventions Should be supplanted by SSH Any inside client can sniff the activity, even on exchanged systems without breaking a sweat SSH utilizes encryption to give administrations proportionate to Telnet and FTP Configuration is in/and so on/sshd/sshd_config SSH customers are accessible for nothing – putty for Windows

Slide 25

© Network Intelligence India Pvt. Ltd. Client and Group Security User records are made in/and so on/passwd Hashed passwords, secret key and record lockout arrangements are in/and so forth/shadow Password and record lockout strategies can be set amid record creation, or with the chage charge: Minimum watchword age Maximum secret key age Expiry cautioning time Inactive time after which record is bolted out Some future information when record will be bolted out

Slide 26

© Network Intelligence India Pvt. Ltd. Checks for these documents No lethargic or non specific records present Accounts of isolated clients not introduce All framework (non-client) accounts have/receptacle/false for the shell All framework accounts have *NP* or *LK* in their secret word fields in/and so forth/shadow SOP exists for confirming legitimacy of records in these records Every record in passwd has a comparing section in shadow Only one line contains 0 in the uid field in the passwd document

Slide 27

© Network Intelligence India Pvt. Ltd. Watchword and Account Lockout Other more grounded strategies require utilization of PAM – Pluggable Authentication Modules PAM Allows the accompanying to be set Minimum secret key length No lexicon words No some portion of username in the secret key Number of alphanumeric and accentuation characters to be available PAM is arranged in the/and so on/pam.d envelope DEMO – change of secret word for client evaluator

Slide 28

© Network Inte

View more...