* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Networking & Security
Survey
Document related concepts
Wireless security wikipedia , lookup
Net neutrality law wikipedia , lookup
Internet protocol suite wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Deep packet inspection wikipedia , lookup
Computer network wikipedia , lookup
Remote Desktop Services wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Network tap wikipedia , lookup
Airborne Networking wikipedia , lookup
Distributed firewall wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Transcript
Linux: Networking & Security Feng Gao 104504 2000-08-31 Objective (1) Give an overview of the networking capacities of the Linux OS Networking protocols Capacity for file sharing & printing Capacity for Internet/Intranet services Capacity for remote execution of application Capacity for acting as network interconnection Capacity for network management Objective (2) Talk about some security tools for Linux network Monitoring tools Network services System integrity Management & limitation Brief Introduction of Linux OS A Unix like operating system Completely open source code no royalty or licensing fees the source code can be modified to fit users’ needs Fast, powerful, and extremely stable Cross hardware and platform Tons of application software Created by and for the Internet Why Linux is a choice for network Cheap & portable Ideal for many small to medium businesses Open source code Tons of applications are freely available Modifiable whenever/wherever needed Robustness Who uses Linux? Besides ISPs and other Web companies, the following companies had some Linux servers installed in 1997. Ford Motor Co. NASA Disney General Electric IRS UPS NASDAQ Boeing many leading US Universities Used for gateways, routers, file and print servers, database servers, computation servers, development servers, CAD, besides being used as Web servers. Part I Linux Networking Network protocols supported by Linux TCP/IP IPv6 ( IP version 6 ) IPX/SPX AppleTalk Protocol WAN networking Protocols Isdn4linux PPP, SLIP, PLIP ATM More File sharing and printing Sharing with Apple environment using AppleTalk family protocols ( NetaTalk) Sharing with Windows environment using Samba ( an implementation of SMB protocol) Sharing with Novell environment using IPX/SPX Sharing with Unix environment using NFS ( Network File system) Internet / Intranet services Mail Mail Servers ( eg.Sendmail, smail, qmail, etc.) Remote access to mail (POP, IMAP) Fetchmail Web Servers Apache Stable, Robust Yahoo, Altavista, Geocities, Hotmail are based on this server Internet/Intranet services Web Browsers Netscape Navagator, Mozilla , lynx, etc. FTP servers & clients News service Domain Name System ( DNS ) NIS ( Network Information Service ) (cont’) Remote execution of application Telnet Use a remote computer as if just at the site Remote commands Execution of a command on a remote machine The X window system The X server controls the display and I/O The X client do the real computing work VNC ( Virtual Network Computing) eg. Execute in a Windows machine and output displayed in a Linux machine Acting as Network Interconnection Bridge Router Firewall Proxy Server IP Masquerade Load Balancing Traffic Shaping Port Forwarding Virtual private networks Network Management Network management applications Webmin Linuxconf SNMP (Simple Network Management Protocol ) allows for remote monitoring and configuration of routers, bridges , network cards, switches … Part II Security tools for Linux network Monitoring tools Scan to determine if the machine is vulnerable to a specific exploit on that server Connect to target machine on all ports they can Help to fix the found problems Examples: SATAN ( Security Administrator’s Tool for Analyzing Networks ) ISS( Internet Security Scaner ) SAINT ( updated version of SATAN ) Nessus, xSid, Logcheck, PortSentry Network Services Problem The more services the system offers, the more places for attackers to find a hole Network Services (cont’) Strategy Disable or remove services not needed Use tcp_wrappers to wrap all the TCP services Use SSH to replace old, insecure remote programs such as telnet, rlogin, rdist, rcp SSH A secure login program that revolutionized remote management of networks hosts over the Internet A powerful program that uses strong cryptography for protecting all transmitted confidential data System integrity Problem A typical Linux server handles about 30,400 files In its busy times administrators can’t check the integrities of all system files A cracker can easily install or modify some files System Integrity ( cont’ ) Security tools Tripwire Tripwire ASR ( Academic Source Release ) Create a database first Check the integrity of a system at any time Compare the current system and the stored database Find if malicious changes exist Management & Limitation GnuPG A tool for secure communication and data storage Can be used to encrypt data and create digital signatures Quota A system administration tool for monitoring and limiting users’ and groups’ disk usage With quota, the users are forced by the system administrator to not consume unlimited disk space on a system Summary We’ve talked about: The network capacities of Linux OS : Support of many network protocols File sharing and printing Internet / Intranet Services Remote execution of application Acting as network interconnection Network managemet Summary Also talked about: Some security tools for Linux network: Monitoring tools Network services System integrity Management & Limitation