Advanced Unix

1
Advanced Unix 22 Sep 2005

• Chapter 14
• Computer Security Issues

2
Network Tools

• There are many, many network tools that come with
  a standard Linux installation.
• They can be used for network troubleshooting, for
  cause network trouble and fer detecting the same.
• Chapter 14 discusses a few of them

3
Network Tools

• The netstat command (Page 521) is one such tool
• It will show you the number of tcp/udp
  connections and the services that are listening
  on your system
• Demo netstat

4
Network Tools

• One tool overlooked by the book is lsof
• lsof or "list open files" is one of the systems
  administrator's number one tools
• You trace what processes are using which services
  as well as which files are open and by which
  processes
• Demo lsof

5
Network Tools

• Many root kits deployed by vandals replace the
  tools an SA would use to detect the attack
• ps, ls, netstat, lsof, etc.
• Always have original binaries and/or the tool
  source code available

6
Network Services

• They are the Points of Attack
• Remove/Disable all unneeded services
• /etc/services a test file that relates the
  ports to the services (page 523)

7
TCP Wrappers

• For the services that you need to have running
  (Page 525)
• Provides for added access control
• The Super Daemon xinetd now has tcp wrappers
  built in so any service using xinetd can take
  advantage of tcp wrappers

8
TCP Wrappers

• Other services also use tcp wrappers such as
  Very Secure FTP
• vsftpd FTP server (Page 525)
• Controlled in the vsftpd configuration file
• Access to rsync can be controlled by TCP Wrappers
  via xinetd

9
TCP Wrappers

• Uses two files to define the access to the
  services
• /etc/hosts.allow
• /etc/hosts.deny
• You can create a deny-by-default to all services
  that use tcp wrappers
• Dont be mislead into thinking this can secure
  you server 100
• Understand that not all services can or do use
  tcp wrappers
• tcp wrappers is not a Firewall but an access
  control

10
TCP Wrappers

• Good Example in the book (Page 526)
• Demo tcp wrappers
• hosts.allow
• hosts.deny

11
Firewalls

• Several types of Firewalls
• Packet filter
• Iptables layer 2 network
• Stateful filter
• Cisco PIX layer 3 and 4
• Stateful inspection
• Checkpoint Firewall-1
• Application proxy
• Sidewinder layers 5 thru 7
• Good reference for firewalls
• http//www.interhack.net/pubs/fwfaq/

12
Iptables

• iptables is a filtering firewall
• Comes standard as part of Linux
• Older versions of Linux have ipchains
• FC4 comes with a relatively good initial
  configuration
• Using chkconfig check to see if your iptables is
  configured to start on boot
• chkconfig --list iptables

13
Iptables

• If is not then enabled it via the following
  command
• chkconfig levels 235 iptables on
• To start iptables enter
• /etc/init.d/iptables start
• Or
• service iptables start

14
Iptables

• Many ways to implement iptables
• Demo Shorewall
• See http//www.linuxguruz.com/iptables/

15
Iptables

• To be continued next week