Complete Referance of Secure Networking in Linux

• OpenSSH
• Samba
• NIS
• NFS
• Securing FTP and HTTP servers

OpenSSH

• Open source version of SSH that normally comes with OpenBSD
• Comes with several distros or downloadable
• Linux ports have ‘p’ in version number
• Replaces telnet, ftp, rlogin, etc.
• Offers secure remote connectivity due to encryption, authentication, and tunnelling
• Supports all versions of the SSH protocol
• Comes with several secure utilities to replace traditioally insecure ones
• scp(secure copy) replaces rcp
• sftp(secure ftp) replaces ftp
• Allows secure login of root remotely even when system plicy disallows
• Uses 3DES,RC4,AES and Blowfish encryption algorithms
• Create private/public key pair when install or use ssh-keygen command
• Sign with private key using ssh-keysign command
• ssh 192.168.10.10
• Will get authentication error first time
• OpenSSH demostration

Samba

• Open source version of CIFS(Common Internet File System) standard invented by Microsoft
• Uses latest version of server Massage Block(SMB), which is nativr Windows file sharing protocol
• Samba’s configuration is stored in the smb.conf file, in /etc/samba/smb.conf
• Configure manually or use SWAT
• Samba uses 3 daemons(services)
• nmdb – handles name resolution and registration
• smbd – manages authentication and all connection requests
• winbindd – required if connecting to an NT4 or AD domain
• SWAT is a web-based interface that comes with Samba
• May come as a separate package to download and install
• Point browser to http://12.0.0.1:901 to run SWAT
• SWAT can be used to configure remote samba clients, but sends auhentication in clear – use ssh!
• SWAT/Samba Demostration

NIS

• Network Information Services(NIS) provides simple network lookup services
• Similar to some Active Directory functions
• Enables lookup of directory objects
• Provides single sign-on(SSO) capablity
• Original NIS also called Sun Yellow Pages
• Name changed due to copyright issues
• Little security with NIS
• NIS+ is updated,more secure version
• NIS+ allows for hierarchical domains
• NIS+ provides for centralized updates of configuration information
• User ID’s and passwords can be used throughout NIS domain
• NIS requires at least 1 master server and optional ‘slave’ servers
• NIS+ allows secure authentication and encryption
• Allows for updates via secure RPC
• Similar to Samba, except hosts are unix-based rather than Windows-based
• Primary file used is /etc/exports
• Controls which dirctories are shared and whom(hosts)
• Default after setup is insecure!

Securing FTP and HTTP Servers

• Linux has built-in capability of being FTP or HTTP(web)server
• FTP protocol insecure by default
• No encryption – user id’s, passwords, and data passed in plaintext
• Several ways to secure FTP
• Use SSH to secure transmission
• Use alternate FTP client/servers
• Discourage use of user/passwords and use anonymous FTP instead
• Only use FTP for publicly available data
• Don’t allow write access to FTP server only download
• Secure infrastructure around FTP(firewalls, directory ACLs, etc)
• HTTP is usually served on Linux through Apache
• Vulnerabilities can result from not hardening system or daemons
• Vulnerabilities can affect authentication and authorization to resources
• Configure strong authorization on web server
• Ensure proper permissions applied to files and directories
• Don’t allow directory traversal
• Pay attention to script write and execute permissions on web servers
• Secure httpd throgh tcp wrappers and xinetd
• Restrict administrative access to http and ftp services
• Ensure all access is logged
• Enable warning banners on FTP and web sites
• Lock down the htpasswd file(640)
• Lock down access control files,such as .htaccess and .nsconfig to 400
• Restrict write access to web directories
• Use https and ssl certificates when possible for data encryption and mutual authentication

Rajesh Kumar

I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I have worked at Cotocus. I share tech blog at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at TrueReviewNow , and SEO strategies at Wizbrand.

Do you want to learn Quantum Computing?

Please find my social handles as below;

Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at WIZBRAND

Rajesh Kumar DailyLogs