1 / 19

Advanced Unix

Advanced Unix. Chapter 14. Network Tools. There are many, many network tools that come with a standard Linux installation. They can be used for network troubleshooting, for cause network trouble and for detecting the same. Chapter 14 discusses a few of them. Network Tools.

wilda
Download Presentation

Advanced Unix

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Advanced Unix Chapter 14

  2. Network Tools • There are many, many network tools that come with a standard Linux installation. • They can be used for network troubleshooting, for cause network trouble and for detecting the same. • Chapter 14 discusses a few of them

  3. Network Tools • The netstat command is one such tool • It will show you the number of tcp/udp connections and the services that are listening on your system • Demo netstat

  4. Network Tools • One tool often overlooked by the book is lsof • lsof or "list open files" is one of the systems administrator's number one tools • You trace what processes are using which services as well as which files are open and by which processes • Demo lsof

  5. Network Tools • Many “root kits” deployed by vandals replace the tools an SA would use to detect the attack • ps, ls, netstat, lsof, etc. • Always have original binaries and/or the tool source code available • See lecture I gave to Rose Cyber Security Club: • http://www.wildbill.org/rose

  6. Network Services • Each Network Service is a Point of Attack • Remove/Disable all unneeded services • /etc/services – a text file that relates the ports to the services • /etc/init.d • chkconfig

  7. TCP Wrappers • For the services that you need to have running consider using tcp_wrappers • Provides for added access control • /etc/host.allow • /etc/host.deny • Note: many services now hav wrapper support programmed into the source code • The Super Daemon xinetd now has tcp wrappers built in so any service using xinetd can take advantage of tcp wrappers if it is not already encoded

  8. TCP Wrappers • Other services also use tcp wrappers such as “Very Secure FTP” • vsftpd FTP server • Controlled in the vsftpd configuration file • Access to rsync can be controlled by TCP Wrappers via xinetd

  9. TCP Wrappers • Uses two files to define the access to the services • /etc/hosts.allow • /etc/hosts.deny • You can create a deny-by-default to all services that use tcp wrappers • Don’t be misled into thinking this can secure you server 100% • Understand that not all services can or do use tcp wrappers • tcp wrappers is not a Firewall but an access control process

  10. TCP Wrappers • Good Example in the book • Demo: tcp wrappers • hosts.allow • hosts.deny

  11. Firewalls • Several types of Firewalls: • Packet filter • Iptables – layer 2 network • Stateful filter • Cisco PIX – layer 3 and 4 • Stateful inspection • Checkpoint Firewall-1 • Application proxy • Sidewinder – layers 5 thru 7 • Good reference for firewalls: http://www.interhack.net/pubs/fwfaq/

  12. Introduction to iptables • 3rd generation firewall on Linux • Supports basic packet filtering as well as connection state tracking • For our needs for this course, we will use simple/basic packet filtering

  13. Iptables • iptables is a filtering firewall • Comes standard as part of Linux • Older versions of Linux have ipchains • FC comes with a relatively good initial configuration • Use chkconfig check to see if your iptables is configured to start on boot chkconfig --list iptables

  14. Iptables • If is not then enabled it via the following command: chkconfig –levels 235 iptables on • To start iptables enter: /etc/init.d/iptables start Or service iptables start

  15. Introduction to iptables # Sample firewall – incomplete… do not use. For discussion only IPTABLES=/sbin/iptables ANY=“0.0.0.0/0” ETHIP=“10.10.1.1” ADMINNOC=“10.10.1.250” # Flush chains $IPTABLES --flush # Set default policies $IPTABLES -P INPUT ACCEPT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -P FORWARD ACCEPT # Allow SSH from admin NOC $IPTABLES -A INPUT -p tcp -s $ADMINNOC --sport 1024:65534 --dport 22 -j ACCEPT $IPTABLES -A OUTPUT -p tcp -d $ADMINNOC -sport 22 --dport 1024:65534 -j ACCEPT # Allow Web access $IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT # Allows secure web access $IPTABLES -A INPUT -p tcp --dport 443 -j ACCEPT $IPTABLES -A INPUT -j DROP

  16. Dropping vs Rejecting Packets • Rejecting packets COULD resource starve your system • Dropping packets could cause network diagnostic hell for the other end if you don’t respond ‘nicely’ • Dana’s Law: It is better to DROP packets and buy your favorite network admin a beer than to REJECT and have alarms go off at 2 in the morning during a DoS, waking you up.

  17. Iptables • Many ways to implement iptables • Demo Shorewall • See: http://www.linuxguruz.com/iptables/ • IPTables Packet Filtering HOWTO:http://netfilter.org/documentation/HOWTO/packet-filtering-HOWTO.html

  18. Good reading • Building Internet FirewallsISBN:1-56592-124-0 • Linux FirewallsISBN: 0-7357-0900-9 • Threat ModelingISBN: 0-7356-1991-3

  19. Iptables • To be continued next class…

More Related