1 / 76

Secure System Administration & Certification Guide: TCP/IP Networking and General Security

This guide provides an overview of secure system administration and certification, covering the history of networking, TCP/IP protocols, network hardware, and general security practices. Includes practical exercises and examples.

lwingate
Download Presentation

Secure System Administration & Certification Guide: TCP/IP Networking and General Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure System Administration & Certification The Linux Network Administration Guide(Ch. 1-5, part of 11) Jim Arrowood Michael Linnenburger Nick Davis University of TulsaDepartment of Mathematical & Computer SciencesCS 5493/7493 Secure System Administration & CertificationDr. Mauricio Papa

  2. Guide Overview

  3. Chapter 1 • History of Networking • UUCP • TCP/IP • Various Protocols • Various Hardware • General Security

  4. Chapter 2 • Classes • Subnets • ARP • Gateways • ICMP

  5. Chapter 3 • Network Hardware • Kernel Configuration • Ethernet • PPP

  6. Chapter 4 • Introduction to Serial Devices • Serial Login

  7. Chapter 5 • TCP/IP Networking • Setting Hostname • IP Address Assignment • ifconfig/ping/route • Ethernet Interface • ifconfig in Detail • netstat in Detail • Checking ARP

  8. Chapter 11 • NAT

  9. Chapter 1Introduction to Networking

  10. History of Networking • Stone Age (A->B->C) • Network - a collection of hosts that are able to communicate with each other. • Hosts are often computers, but need not be • Small collections of hosts are called sites • Communication is impossible without some sort of language or code • In computer networks, these languages are collectively referred to as protocols

  11. TCP/IP Networks • Packet - a small chunk of data that is transferred from one machine to another across the network • Packet Switching-shares a single network link among many users by alternately sending packets from one user to another across that link

  12. TCP/IP In Action • $ rlogin quark.physics • Welcome to the Physics Department at GMU (ttyq2) • login: • $ DISPLAY=erdos.maths:0.0 • $ export DISPLAY • The X windows system is a fully network-aware graphical user environment • $startx – starts an X windows session.

  13. Ethernets • Most common type of LAN hardware • Inexpensive • Net transfer rate of 10, 100, or even 1,000 Megabits per second • Thick, thin, and twisted pair

  14. Thick & Thin Ethernet • Thin - T-shaped “BNC” connector, 200 M Distance, 10base-2 • Thick - Vampire Tap, 500M Distance, 10base-5

  15. Twisted Pair • Uses two pairs of copper wires • Requires additional hardware known as active hubs • RJ45, 100M, 10base-T, 100base-T.

  16. Adding a Machine • Thin-take network down • Thick-complicated, but doesn’t take network down • Twisted Pair - easy, plug into hub/switch

  17. Ethernet Drawback • Cable Length – limits use to LANs The solution: Repeaters - copy the signals between two or more segments so that all segments together will act as if they are one Ethernet. Due to timing requirements, there may not be more than four repeaters between any two hosts on the network. Bridges and routers are more sophisticated. They analyze incoming data and forward it only when the recipient host is not on the local Ethernet.

  18. Ethernet Bus • Host may send packets of up to 1,500 bytes to another host on the same Ethernet. • A host is addressed by a six-byte address hardcoded into the firmware of its Ethernet network interface card (NIC). • Addresses are usually written as a sequence of two-digit hex numbers separated by colons, as in aa:bb:cc:dd:ee:ff (MAC Address).

  19. Collision • If two stations try to send at the same time, a collision occurs. • Detected very quickly by NICs and are resolved by the two stations aborting the send, each waiting a random interval and re-attempting the transmission • Shouldn't be surprised to see collision rates of up to about 30 percent

  20. IP • Turns physically dissimilar networks into “one” network • Requires a hardware-independent addressing scheme • Achieved by assigning each host a unique 32-bit number called the IP address • An IP address is usually written as four decimal numbers, one for each 8-bit portion, separated by dots. For example a machine might have an IP address of 0x954C0C04, which would be written as 149.76.12.4.

  21. TCP • IP is not reliable…then comes TCP • Checks the integrity and completeness of the data and retransmits it in case of error • TCP identifies the end points of a connection by the IP addresses of the two hosts involved and the number of a port on each host. • Ports may be viewed as attachment points for network connections.

  22. TCP Drawback • Overhead • It takes at least three datagrams to establish a TCP connection, another three to send and confirm a small amount of data each way, and another three to close the connection

  23. UDP • User Datagram Protocol • UDP provides us with a means of using only two datagrams to achieve almost the same result. • UDP is said to be connectionless, and it doesn't require us to establish and close a session

  24. More on Ports • The IETF (Internet Engineering Task Force), regularly releases an RFC titled Assigned Numbers (RFC-1700). • It describes, among other things, the port numbers assigned to well-known services. • Linux uses a file called /etc/services that maps service names to numbers.

  25. A Mention of UUCP • Unix to Unix Copy • Main application is still in Wide Area Networks, based on periodic dialup telephone links • Operates in Batch Mode

  26. Linux Networking • Net-4 Linux Network code offers a wide variety of device drivers and advanced features. • Includes SLIP, PPP, PLIP (for parallel lines), IPX, Appletalk, AX.25, NetRom, and Rose (for amateur radio networks), SAMBA, and Novell NCP. • Other standard Net-4 features include IP firewalling, IP accounting, and IP Masquerading. • IP tunnelling in a couple of different flavors and advanced policy routing are supported.

  27. System Maintenance • Log File Scripts • cron jobs

  28. System Security • Mail Alias for Root • The COPS program will check your file system and common configuration files for unusual permissions • When making a service accessible to the network, make sure to give it least privilege

  29. System Security Ctd. • Tripwire - allows you to check vital system files to see if their contents or permissions have been changed. • Computes various strong checksums over these files and stores them in a database • During subsequent runs, the checksums are recomputed and compared to the stored ones to detect any modifications.

  30. Chapter 2Issues of TCP/IP Networking

  31. Networking Interfaces • For each peripheral networking device, a corresponding interface has to be present in the kernel. • For example, Ethernet interfaces in Linux are called by such names as eth0 and eth1; PPP interfaces are named ppp0 and ppp1

  32. IP Address Classes • Class A comprises networks 1.0.0.0 through 127.0.0.0. The network number is contained in the first octet • Allowing roughly 1.6 million hosts per network • Class B contains networks 128.0.0.0 through 191.255.0.0; the network number is in the first two octets • Allows for 16,320 nets with 65,024 hosts each • Class C networks range from 192.0.0.0 through 223.255.255.0, with the network number contained in the first three octets • Allows for nearly 2 million networks with up to 254 hosts • Classes D, E, and F Addresses falling into the range of 224.0.0.0 through 254.0.0.0 are either experimental or are reserved for special purpose use and don't specify any network.

  33. Private IP Use • Class Networks • A 10.0.0.0 through 10.255.255.255 • B 172.16.0.0 through 172.31.0.0 • C 192.168.0.0 through 192.168.255.0

  34. Special Purpose IP • Octets 0 and 255 are reserved for special purposes. • An address where all host part bits are 0 refers to the network, and an address where all bits of the host part are 1 is called a broadcast address. • This refers to all hosts on the specified network simultaneously. Thus, 149.76.255.255 is not a valid host address, but refers to all hosts on network 149.76.0.0.

  35. Special Purpose IP Ctd. • Usually, address 127.0.0.1 will be assigned to a special interface on your host, the loopback interface, which acts like a closed circuit. • Any IP packet handed to this interface from TCP or UDP will be returned to them as if it had just arrived from some network.

  36. Address Resolution • ARP - mechanism that maps IP addresses onto the addresses of the underlying network • A datagram is addressed to all stations on the network simultaneously. The broadcast datagram sent by ARP contains a query for the IP address. Each receiving host compares this query to its own IP address and if it matches, returns an ARP reply to the inquiring host. • The inquiring host can now extract the sender's Ethernet address from the reply.

  37. Subnetworks • Hosts with identical IP network numbers should be found within the same network • The number of bits that are interpreted as the subnet number is given by the so-called subnet mask, or netmask. This is a 32-bit number too, which specifies the bit mask for the network part of the IP address. • A class B network number of 149.76.0.0 has a netmask of 255.255.0.0.

  38. Gateways • A gateway is a host that is connected to two or more physical networks simultaneously and is configured to switch packets between them.

  39. ICMP • Internet Control Message Protocol (ICMP), used by the kernel networking code to communicate error messages to other hosts • There is one very interesting message called the Redirect message. • It is generated by the routing module when it detects that another host is using it as a gateway, even though a much shorter route exists

  40. Resolving Host Names • The need to map numbers to names • On a small network like an Ethernet or even a cluster of Ethernets, it is not very difficult to maintain tables mapping hostnames to addresses. • This information is usually kept in a file named /etc/hosts • This is why a new name resolution scheme was adopted in 1994: the Domain Name System

  41. Config Network H/W • 3.0 Config Network H/W • 3.1 Kernel Config (Overview) • 3.2 Tour of Network Dev • 3.3 Ethernet Install • 3.5 PPP-Dialup

  42. 3.0 Config Network H/W • Hardware == Physical device • i.e., Ethernet, FDDI, or Token Ring • Device Driver • Auto Probing • i.e., ISA, PCI, MCA, PCMCIA, and USB • I/O and Memory Address • Interrupt Request Number (IRQ)

  43. 3.0 Config Network H/W • Interfaces in /dev • Type ls –las /dev/ • Dev files • Type b  block device • Type c  character device • Major & minor device numbers • Defined in kernel not real files in /dev

  44. 3.0 Config Network H/W

  45. 3.0 Config Network H/W

  46. 3.1 Kernel Config (Overview) • Distribution media supplied w/boot disks • Basics of compiling Linux in Matt Welsh’s book, running Linux (O’Reilly) • Linux kernel numbering 2.2.14 • 1st digit  major version • 2nd digit  minor version • Even  production, or stable • Odd  development, or unstable • 3rd incremented for each release of a minor

  47. 3.1 Kernel Config (Overview) • Make menuconfig • Offers list of config questions • Asks whether you want TCP/IP networking support. • You must answer this with y to get a kernel capable of networking

  48. 3.1 Kernel Options (Linux 2.2) • After General Section • Config for SCSI/sound cards • Config for network support

  49. 3.1 Kernel Options (Linux 2.2)

  50. 3.1 Kernel Options (Linux 2.2)

More Related