Home Page Icon
Home Page
Table of Contents for
III. Linux Network Security
Close
III. Linux Network Security
by Anonymous
Maximum Linux Security
Copyright
Dedication
Preface
About the Author
Acknowledgments
Tell Us What You Think!
Introduction
This Book's Organization
How This Book Is Cross-Referenced
amadmin
Using This Book
Odds and Ends
Summary
I. Linux Security Basics
1. Introducing Linux
What Is Linux?
Linux Is Free
Linux Closely Resembles UNIX
Where Did Linux Come From?
Linux as a Standalone System
Linux as an Intranet/Internet Server
A Linux Security Overview
User Accounts
Discretionary Access Control (DAC)
Network Access Control
Encryption
Built-In Logging, Auditing, and Network Monitoring
Intrusion Detection
Summary
2. Physical Security
Server Location and Physical Access
The Network Operations Center (NOC)
Network Topology
Assorted Network Topologies
Bus Topology
Ring Topology
Star Topology
Summary of Topology Security
Network Hardware
Common Network Hardware Security Measures
Summary of Network Hardware
Workstations and Security
BIOS and Console Passwords
Biometric Access Controls
Biometric Identification: A Historical Perspective
Using Biometric Access Control Devices
Modem Security
ModemLock
Modem Security Enforcer
CoSECURE
PortMarshal
Anti-Theft Devices
Laptop Lockup
FlexLock-50
Computer Guardian
PHAZER
Unique Numbers, Marking, and Other Techniques
STOP
Accupage
The Intel Pentium III Serial Number
Summary
3. Installation Issues
About Various Linux Distributions, Security, and Installation
Partitions and Security
What Are Partitions, Exactly?
Lumping Linux into a Single Partition
/etc/fstab
Other Advantages of Multiple Partitions
Sizing Out Partitions
fdisk
Creating the Swap and Root Partitions
Creating the Extended Partition
Creating Logical Partitions Within the Extended Partition
Other Partitioning Tools
cfdisk
Disk Druid
Summary of Partitions and Security
Choosing Network Services During Installation
Boot Loaders
/etc/lilo.conf: The LILO Configuration File
Adding a Boot Password
Summary of Boot Loaders
Summary
4. Basic Linux System Administration
The Basic Idea
Your Very Own Account
Creating and Managing Accounts
Account Policy
Account Structure
passwd
Adding Users
Adding Users with Graphical Tools
usercfg
Adding Users with adduser
adduser
adduser
Adding Users by Manually Editing /etc/passwd
vipw
Using Your Own Tools to Add Users
Deleting Users
Performing Administrative Tasks with su
su—The Substitute User
Granting Other Users Limited su-like Access
sudo
/etc/sudoers
Editing /etc/sudoers with visudo
Access Control
Permissions and Ownership
chmod: Changing File Permissions
The Octal System
Files with Special Permissions
Protecting Against SUID- and SGID-Based Attacks
Some Well-Known SUID-Related Vulnerabilities
A Closer Look at Groups
Creating Groups
/etc/group and Adding New Groups
chown: Assigning User Owner and Group Permissions
Using Graphical Tools to Set Owners, Permissions, and Groups
How Users Interface with Groups
newgrp: Changing the Current Group
Removing Groups
Bringing Down Your System
shutdown: Shutting Down Your Linux System
Summary
II. Linux User Security
5. Password Attacks
What Is a Password Attack?
How Linux Generates and Stores Passwords
Passwords Down Through the Ages
Cryptography
The Data Encryption Standard (DES)
Dictionary Attacks
Case Study: Cracking Linux Passwords Via Dictionary Attack
Crack
Unpacking Crack
Making Crack
Running Crack
Viewing Your Results
Crack Command-Line Options
Accessories for Crack: Wordlists
Alternatives to Crack
Dictionary Attacks: A Historical Perspective
Password Shadowing and the shadow Suite
/etc/shadow: The Password shadow Database
Adding Users on Shadowed Systems: useradd
Transferring Startup Files: /etc/skel
Deleting Users on Shadowed Systems: userdel
Modifying an Existing User Record on Shadowed Systems: usermod
Verifying Password Database Data: pwchk
Adding a Group on Shadowed Systems: groupadd
Modifying Group Information on a Shadowed System: groupmod
Deleting Groups on Shadowed Systems: groupdel
Managing Group Access: gpasswd
Verifying Group Data: grpchk
Beyond Creating and Deleting Users and Groups
Changing an Existing User's Password Expiration Data: chage
Mixing and Matching /etc/passwd and /etc/shadow Databases
Possible Attacks Against Your Shadowed System
After Installing the shadow Suite
Human Password Choices and System Security
Proactive Password Checking
passwd+
anlpasswd
npasswd
Other Password Security Issues
Password Proliferation and Security
Pluggable Authentication Modules
Still Other Password Security Solutions
Regarding Network Information Service and Password Security
Summary
6. Malicious Code
What Is Malicious Code?
What Is a Trojan?
Viruses
Detecting Malicious Code
Tripwire
Availability of Tripwire
Installing Tripwire
Generating Your Passphrases
Preparing to Use Tripwire
The Tripwire Configuration File
The Tripwire Policy File
Configuring and Running Tripwire
Checking File Integrity with Tripwire
Summary on Tripwire
Other File Integrity Checking Software
TAMU
ATP (The Anti-Tampering Program)
Hobgoblin
sXid
trojan.pl
Additional Resources
Summary
III. Linux Network Security
7. Sniffers and Electronic Eavesdropping
How Sniffers Work
Case Studies: Performing a Few Simple Sniffer Attacks
linsniffer
linux_sniffer
hunt
sniffit
sniffit Operation and Configuration
Other Sniffers and Network Monitoring Tools
Risks Posed by Sniffers
Defending Against Sniffer Attacks
ifconfig
ifstatus
NEPED: Network Promiscuous Ethernet Detector
Other, More Generic Defenses Against Sniffers
Further Reading
Summary
8. Scanners
What Is a Scanner?
Anatomy of a System Scanner
COPS—The Computer Oracle and Password System
Unpacking, Making, Installing, and Running Legacy COPS
Anatomy of a Network Scanner
ISS—Internet Security Scanner (Legacy Version)
Unpacking, Making, Installing, and Running Legacy ISS
Scanner Building Blocks and Scanner Evolution
SATAN (Security Administrator's Tool for Analyzing Networks)
SATAN's Basic Characteristics
Configuring SATAN for Linux
Making and Running SATAN on Linux
How Scanners Fit into Your Security Regimen
Various Scanner Tools
SAINT (Security Administrator's Integrated Network Tool)
ISS—Internet Security Scanner
Installing and Running ISS
Nessus
nmap—The Network Mapper
CGI scanner v1.0
Other Interesting Scanners
Are Scanners Legal?
Defending Against Scanner Attacks
courtney (SATAN and SAINT Detector)
IcmpInfo (ICMP scan/bomb detector)
scan-detector (Generic UDP scan detector)
klaxon
Psionic PortSentry
Interesting Resources
Summary
9. Spoofing
What Is Spoofing All About?
TCP and IP Spoofing
Case Study: A Simple Spoofing Attack
A Sample Attack
TCP and IP Spoofing Tools
spoofit.h
seq_number.c
ipspoof
1644
What Services Are Vulnerable to IP Spoofing?
Preventing IP Spoofing Attacks
ARP Spoofing
Defending Against ARP Spoofing Attacks
arp: A Tool to Manipulate Routing Tables
DNS Spoofing
jizz
ERECT
snoof
Detecting and Defending Against DNS Spoofing
Other Strange Spoofing Attacks
spoofscan
pmap_set/unset
ICQ File transfer spoofer v.0001
syslog-poison.c
ICQ Hijaak
icqspoof.c
RIP Spoofer
syslog_deluxe
spoofkey
sirc4
Further Reading
Summary
10. Protecting Data in Transit
Secure Shell (ssh)
The ssh Core Utilities
Quick Start: Installing the ssh Distribution
Not-So-Quick Start: Specifying configure Options
ssh Server Configuration
/etc/sshd_config: The ssh Server Configuration File
sshd Startup Command-Line Options
/etc/ssh_config: The ssh Client Configuration File
Starting sshd
Using the ssh Client
ssh Client Command-Line Options
scp: The Secure Copy Remote File Copy Program
Providing ssh Services in a Heterogeneous Network
Tera Term Pro + TTSSH for Windows
About ssh Support for Macintosh
Examples of ssh in Action
ssh Security Issues
Additional Resources
Summary
IV. Linux Internet Security
11. FTP Security
File Transfer Protocol
FTP Security History
FTP Bounce Attacks
Erroneous Permissions
The SITE EXEC bug
FTP's Default Security Features
/etc/ftpusers: The Restricted Users Access File
ftphosts
/etc/ftpaccess: The ftpd Configuration File
Summary of FTP's Default Security Measures
SSLftp
Installing SSLftp
Specific FTP Application Security
ncftp
filerunner
ftpwatch
wu-ftpd 2.4.2-academ[BETA-18]
Summary
12. Mail Security
SMTP Servers and Clients
A Simple SMTP Client
sendmail Security Basics
The MIME Buffer Overflow Bug
The HELO Buffer Overflow
Password File/Root Access
sendmail Header Parsing DoS Attack
sendmail Service Protection
Protecting Against Unauthorized Relaying
Real-Time Blacklisting
How Does the RBL Work?
Disabling EXPN and VRFY
Using TCP Wrappers to Block Traffic
Other sendmail Resources
Replacing sendmail with Qmail
Qmail Installation
Testing Qmail
Virtual User Accounts
Other Qmail Resources
Summary
13. Telnet Security
Assessing the Need to Provide Telnet Services
Telnet's Security History
Secure Telnet Systems
deslogin
Installing the deslogin Distribution
Installing the Cipher Package
Installing the deslogin Component
deslogin Configuration
The deslogin client
deslogin Licensing
STEL (Secure Telnet)
SSl MZ-Telnet
SRA Telnet from Texas A&M University
The Stanford SRP Telnet/FTP Package
Important Documents
Summary
14. Web Server Security
Eliminating Nonessential Services
File Transfer Protocol (FTP)
finger
Network File System (NFS)
Other RPC Services
rpc.ruserd
rstatd
rwalld (The rwall Server)
The R Services
rshd (The Remote Shell Server)
rlogin
rexec (Remote Execution Services)
rwhod (The Remote who Services)
Other Services
Applying Access Control to Running Services
Web Server Security
httpd
Controlling Outside Access: access.conf
Inclusive Screening: Explicitly Allowing Authorized Hosts
Exclusive Screening: Explicitly Blocking Unwanted Hosts
The mutual-failure Option: Mix and Match
Configuration Options That Can Affect Security
The ExecCGI Option: Enabling CGI Program Execution
The FollowSymLinks Option: Allowing Users to Follow Symbolic Links
The Includes Option: Enabling Server Side Includes (SSI)
Enabling Server Side Includes Without Command Execution
The Indexes Option: Enabling Directory Indexing
Adding Directory Access Control with Basic HTTP Authentication
htpasswd
Setting Up Simple User-Based HTTP Authentication
Creating a New .htpasswd Database
Creating a New .htaccess File
Setting Up Group-Based HTTP Authentication
Weaknesses in Basic HTTP Authentication
HTTP and Cryptographic Authentication
Adding MD5 Digest Authentication
Running a chroot Web Environment
Accreditation and Certification
Coopers & Lybrand L.L.P., Resource Protection Services (USA)
The American Institute of Certified Public Accountants (AICPA)
International Computer Security Association (Previously NCSA)
Troy Systems
Summary
15. Secure Web Protocols
The Problem
Secure Sockets Layer (SSL) from Netscape Communications Corporation
SSL's Security History
Installing Apache-SSL
Unpacking, Compiling, and Installing OpenSSL
Unpacking, Patching, and Installing Apache
Preparing to Generate a Certificate
Configuring httpsd Startup Files
Testing the Server
Configuration Notes
About Certificates and Certificate Authorities
Summary of Apache-SSL
Further Reading on SSL
Other Secure Protocols: IPSEC
Summary
16. Secure Web Development
Development Risk Factors: A Wide Overview
Spawning Shells
Executing Shell Commands with system()
system() in C
system() in Perl
popen() in C and C++
open() in Perl
eval (Perl and shell)
exec() in Perl
Buffer Overruns
About User Input in General
Paths, Directories, and Files
chdir()
Files
Other Interesting Security Programming and Testing Tools
Other Online Resources
Summary
17. Denial-of-Service Attacks
What Is a Denial-of-Service Attack?
Risks Posed by Denial-of-Service Attacks
How This Chapter Is Laid Out
Network Hardware DoS Attacks
Attacks on Linux Networking
sesquipedalian.c
inetd and NMAP
lpd Bogus Print Requests
mimeflood.pl
portmap (and other RPC services)
UNIX Socket Garbage Collection DoS
time and daytime DoS
teardrop.c
identd Open Socket Flood
Lynx/chargen Browser Attack
nestea.c
pong.c and ICMP floods
The Ping of Death
octopus.c
Attacks on Linux Applications
Netscape Communicator Content Type (1)
Netscape Communicator Content Type (2)
passwd Resource Starvation
xdm
wtmp lock
Other DoS Attacks
Defending Against Denial-of-Service Attacks
Online Resources
Summary
18. Linux and Firewalls
What Is a Firewall?
Network-Level Firewalls: Packet Filters
Application-Proxy Firewalls/Application Gateways
Assessing Whether You Really Need a Firewall
tcpd: TCP Wrappers
TCP Wrappers and Network Access Control
Configuring /etc/hosts.deny and /etc/hosts.allow
hosts_options Wildcards, Operators, and Shell Functions
The EXCEPT Operator
tcpdchk: The TCP Wrappers Configuration Checker
tcpdmatch: The TCP Wrappers Oracle
Summary of TCP Wrappers
ipfwadm
ipfwadm Basics
ipfwadm Rule Categories
Other ipfwadm Options
Configuring ipfwadm
ipchains
ipchains Security History
Free Firewall Tools and Add-Ons for Linux
Commercial Firewalls
Avertis
CSM Proxy/Enterprise Edition
GNAT Box Firewall
NetScreen
Phoenix Adaptive Firewall
PIX Firewall
SecureConnect
Additional Resources
Summary
19. Logs and Audit Trails
What Is Logging, Exactly?
Logging in Linux
lastlog
last
Circumventing lastlog, last, and wtmp
xferlog
httpd Logs
access_log: The HTTP Access Log File
error_log: The Error Message Log
Customizing httpd Logs
System and Kernel Messages
/var/log/messages: Recording System and Kernel Messages
syslog.conf: Customizing Your syslog
The Selector Field
The Action Field
Writing to syslog from Your Own Programs
Backing and Handling Logs
logrotate
Other Interesting Logging and Audit Tools
SWATCH (The System Watcher)
Watcher
NOCOL/NetConsole v4.0
PingLogger
LogSurfer
Netlog
Analog
Summary
20. Intrusion Detection
What Is Intrusion Detection?
Basic Intrusion Detection Concepts
Some Interesting Intrusion Detection Tools
chkwtmp
tcplogd
Snort
HostSentry
Shadow
MOM
The HummingBird System
AAFID (Autonomous Agents for Intrusion Detection)
Documents on Intrusion Detection
21. Disaster Recovery
What Is Disaster Recovery?
Why You Need a Disaster Recovery-Contingency Plan
Steps to Take Before Building Your Linux Network
Hardware Standardization
Software Standardization: Your Basic Config
Choosing Your Backup Tools
Simple Archiving: tarring and Zipping Your Files and Directories
Creating a tar Archive
Compressing Your tar Archive with gzip
cpio: Another File Archive Tool
Creating a Hot Archive Site
Types of Backups and Backup Strategies
dump: A Tool for Scheduling Backups
restore: Restoring Backups Made with dump
Backup Packages
KBackup (from Karsten Ballüders)
Enhanced Software Technologies' BRU
AMANDA (The Advanced Maryland Automatic Network Disk Archiver)
Odds and Ends
Summary
V. Appendixes
A. Linux Security Command Reference
.htaccess
.htpasswd
ACUA (An Add-On)
amadmin
amanda
amcheck
amcleanup
amdump
amrestore
Angel Network Monitor (An Add-On)
arp
bootpd
cfdisk
Check-ps (An Add-On)
checkXusers (An Add-On)
chmod
chown
chroot
CIPE Crypto IP Encapsulation (An Add-On)
crypt
ctrlaltdel
Dante (An Add-On)
Deception Toolkit (An Add-On)
DOC (Domain Obscenity Control, an Add-On)
dns_lint (An Add-On)
dnswalk (An Add-On)
Ethereal (An Add-On)
exports
exscan (An Add-On)
FakeBO (An Add-On)
fdisk
finger
fingerd
ftphosts
ftpaccess
ftpd
ftpshut
GNU Privacy Guard (An Add-On)
halt
hosts_access
hosts_options
hosts.equiv
HUNT (An Add-On)
htpasswd
httpd
icmpinfo (An Add-On)
identd
IdentTCPscan (An Add-On)
inetd.conf
ip_filter (An Add-On)
IPAC (An Add-On)
ipfwadm
ISS (An Add-On)
KSniffer (An Add-On)
last
Logcheck from the Abacus Project (An Add-On)
lsof (An Add-On)
MAT (Monitoring and Administration Tool, an Add-On)
MOM (An Add-On)
msystem (An Add-On That's Made for UNIX But Can Work with Linux)
NEPED (Network Promiscuous Ethernet Detector, an Add-On)
Nessus (An Add-On)
netstat
Network Security Scanner (An Add-On)
NIST Cerberus (An Add-On)
nmap (The Network Mapper, an Add-On)
npasswd (An Add-On)
ntop (An Add-On)
passwd
passwd+ (An Add-On)
pgp4pine
ping
ps
qmail (An Add-On)
QueSo (An Add-On)
rcmd
rcp
reboot
rlogin
rhosts
rhosts.dodgy (An Add-On)
rsh
scp
Sentry from the Abacus Project
services
shadow
Shadow in a Box (An Add-On)
showmount
shutdown
SINUS (An Add-On)
SocketScript (An Add-On)
ssh
ssh-add
ssh-agent
ssh-keygen
sshd
SSLeay
Strobe (An Add-On)
sudo
Swan (An Add-On)
swatch (The System Watcher)
sXid Secure (An Add-On)
sysklogd
System Administrator's Tool for Analyzing Networks (SATAN, an Add-On)
tcpd (TCP WRAPPER)
tcpdchk
tcpdmatch
tcpdump
tftp
The Linux Shadow Password Suite (An Add-On)
traceroute
traffic-vis (An Add-On)
Trinux (An Add-On)
TripWire(An Add-On)
trojan.pl
ttysnoop
vipw
visudo
w
who
whois
Xlogmaster (An Add-On)
B. Linux Security Index—Past Linux Security Issues
Summary
C. Other Useful Linux Security Tools
D. Sources for More Information
Linux Security Patches, Updates, and Advisories
Mailing Lists
Usenet Newsgroups
Secure Programming
General Web Security
General Security Resources
RFCS of Interest
E. Glossary
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
6. Malicious Code
Next
Next Chapter
7. Sniffers and Electronic Eavesdropping
Part III. Linux Network Security
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset