Slide 1
Excellent Education Program
Innovative Methods of Teaching

Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Cum sociis natoque penatibus et magnis dis parturient.

Slide 2
Learning Through Play
Devoted to the Early Education

Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem. Nulla consequat massa quis enim.

Slide 2
Learning Through Play
Devoted to the Early Education

Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem. Nulla consequat massa quis enim.

Slide 2
Learning Through Play
Devoted to the Early Education

Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem. Nulla consequat massa quis enim.

Slide 2
Learning Through Play
Devoted to the Early Education

Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem. Nulla consequat massa quis enim.

Slide 3
Learning Through Play
Find a Class for your Children

Aenean leo ligula, porttitor eu, consequat vitae, eleifend ac, enim. Aliquam lorem ante, dapibus in, viverra quis.

previous arrow
next arrow

Complete Referance of Secure Networking in Linux

Spread the Knowledge
  • OpenSSH
  • Samba
  • NIS
  • NFS
  • Securing FTP and HTTP servers

OpenSSH

  • Open source version of SSH that normally comes with OpenBSD
  • Comes with several distros or downloadable
  • Linux ports have ‘p’ in version number
  • Replaces telnet, ftp, rlogin, etc.
  • Offers secure remote connectivity due to encryption, authentication, and tunnelling
  • Supports all versions of the SSH protocol
  • Comes with several secure utilities to replace traditioally insecure ones
  • scp(secure copy) replaces rcp
  • sftp(secure ftp) replaces ftp
  • Allows secure login of root remotely even when system plicy disallows
  • Uses 3DES,RC4,AES and Blowfish encryption algorithms
  • Create private/public key pair when install or use ssh-keygen command
  • Sign with private key using ssh-keysign command
  • ssh 192.168.10.10
  • Will get authentication error first time
  • OpenSSH demostration

Samba

  • Open source version of CIFS(Common Internet File System) standard invented by Microsoft
  • Uses latest version of server Massage Block(SMB), which is nativr Windows file sharing protocol
  • Samba’s configuration is stored in the smb.conf file, in /etc/samba/smb.conf
  • Configure manually or use SWAT
  • Samba uses 3 daemons(services)
  • nmdb – handles name resolution and registration
  • smbd – manages authentication and all connection requests
  • winbindd – required if connecting to an NT4 or AD domain
  • SWAT is a web-based interface that comes with Samba
  • May come as a separate package to download and install
  • Point browser to http://12.0.0.1:901 to run SWAT
  • SWAT can be used to configure remote samba clients, but sends auhentication in clear – use ssh!
  • SWAT/Samba Demostration

NIS

  • Network Information Services(NIS) provides simple network lookup services
  • Similar to some Active Directory functions
  • Enables lookup of directory objects
  • Provides single sign-on(SSO) capablity
  • Original NIS also called Sun Yellow Pages
  • Name changed due to copyright issues
  • Little security with NIS
  • NIS+ is updated,more secure version
  • NIS+ allows for hierarchical domains
  • NIS+ provides for centralized updates of configuration information
  • User ID’s and passwords can be used throughout NIS domain
  • NIS requires at least 1 master server and optional ‘slave’ servers
  • NIS+ allows secure authentication and encryption
  • Allows for updates via secure RPC
  • Similar to Samba, except hosts are unix-based rather than Windows-based
  • Primary file used is /etc/exports
  • Controls which dirctories are shared and whom(hosts)
  • Default after setup is insecure!

Securing FTP and HTTP Servers

  • Linux has built-in capability of being FTP or HTTP(web)server
  • FTP protocol insecure by default
  • No encryption – user id’s, passwords, and data passed in plaintext
  • Several ways to secure FTP
  • Use SSH to secure transmission
  • Use alternate FTP client/servers
  • Discourage use of user/passwords and use anonymous FTP instead
  • Only use FTP for publicly available data
  • Don’t allow write access to FTP server only download
  • Secure infrastructure around FTP(firewalls, directory ACLs, etc)
  • HTTP is usually served on Linux through Apache
  • Vulnerabilities can result from not hardening system or daemons
  • Vulnerabilities can affect authentication and authorization to resources
  • Configure strong authorization on web server
  • Ensure proper permissions applied to files and directories
  • Don’t allow directory traversal
  • Pay attention to script write and execute permissions on web servers
  • Secure httpd throgh tcp wrappers and xinetd
  • Restrict administrative access to http and ftp services
  • Ensure all access is logged
  • Enable warning banners on FTP and web sites
  • Lock down the htpasswd file(640)
  • Lock down access control files,such as .htaccess and .nsconfig to 400
  • Restrict write access to web directories
  • Use https and ssl certificates when possible for data encryption and mutual authentication
Latest posts by Amardeep Dubey (see all)