Upgrade & Secure Your Future with DevOps, SRE, DevSecOps, MLOps!

We spend hours on Instagram and YouTube and waste money on coffee and fast food, but won’t spend 30 minutes a day learning skills to boost our careers.
Master in DevOps, SRE, DevSecOps & MLOps!

Learn from Guru Rajesh Kumar and double your salary in just one year.


Get Started Now!

Complete Referance of Secure Networking in Linux

  • OpenSSH
  • Samba
  • NIS
  • NFS
  • Securing FTP and HTTP servers

OpenSSH

  • Open source version of SSH that normally comes with OpenBSD
  • Comes with several distros or downloadable
  • Linux ports have ‘p’ in version number
  • Replaces telnet, ftp, rlogin, etc.
  • Offers secure remote connectivity due to encryption, authentication, and tunnelling
  • Supports all versions of the SSH protocol
  • Comes with several secure utilities to replace traditioally insecure ones
  • scp(secure copy) replaces rcp
  • sftp(secure ftp) replaces ftp
  • Allows secure login of root remotely even when system plicy disallows
  • Uses 3DES,RC4,AES and Blowfish encryption algorithms
  • Create private/public key pair when install or use ssh-keygen command
  • Sign with private key using ssh-keysign command
  • ssh 192.168.10.10
  • Will get authentication error first time
  • OpenSSH demostration

Samba

  • Open source version of CIFS(Common Internet File System) standard invented by Microsoft
  • Uses latest version of server Massage Block(SMB), which is nativr Windows file sharing protocol
  • Samba’s configuration is stored in the smb.conf file, in /etc/samba/smb.conf
  • Configure manually or use SWAT
  • Samba uses 3 daemons(services)
  • nmdb – handles name resolution and registration
  • smbd – manages authentication and all connection requests
  • winbindd – required if connecting to an NT4 or AD domain
  • SWAT is a web-based interface that comes with Samba
  • May come as a separate package to download and install
  • Point browser to http://12.0.0.1:901 to run SWAT
  • SWAT can be used to configure remote samba clients, but sends auhentication in clear – use ssh!
  • SWAT/Samba Demostration

NIS

  • Network Information Services(NIS) provides simple network lookup services
  • Similar to some Active Directory functions
  • Enables lookup of directory objects
  • Provides single sign-on(SSO) capablity
  • Original NIS also called Sun Yellow Pages
  • Name changed due to copyright issues
  • Little security with NIS
  • NIS+ is updated,more secure version
  • NIS+ allows for hierarchical domains
  • NIS+ provides for centralized updates of configuration information
  • User ID’s and passwords can be used throughout NIS domain
  • NIS requires at least 1 master server and optional ‘slave’ servers
  • NIS+ allows secure authentication and encryption
  • Allows for updates via secure RPC
  • Similar to Samba, except hosts are unix-based rather than Windows-based
  • Primary file used is /etc/exports
  • Controls which dirctories are shared and whom(hosts)
  • Default after setup is insecure!

Securing FTP and HTTP Servers

  • Linux has built-in capability of being FTP or HTTP(web)server
  • FTP protocol insecure by default
  • No encryption – user id’s, passwords, and data passed in plaintext
  • Several ways to secure FTP
  • Use SSH to secure transmission
  • Use alternate FTP client/servers
  • Discourage use of user/passwords and use anonymous FTP instead
  • Only use FTP for publicly available data
  • Don’t allow write access to FTP server only download
  • Secure infrastructure around FTP(firewalls, directory ACLs, etc)
  • HTTP is usually served on Linux through Apache
  • Vulnerabilities can result from not hardening system or daemons
  • Vulnerabilities can affect authentication and authorization to resources
  • Configure strong authorization on web server
  • Ensure proper permissions applied to files and directories
  • Don’t allow directory traversal
  • Pay attention to script write and execute permissions on web servers
  • Secure httpd throgh tcp wrappers and xinetd
  • Restrict administrative access to http and ftp services
  • Ensure all access is logged
  • Enable warning banners on FTP and web sites
  • Lock down the htpasswd file(640)
  • Lock down access control files,such as .htaccess and .nsconfig to 400
  • Restrict write access to web directories
  • Use https and ssl certificates when possible for data encryption and mutual authentication

Certification Courses

DevOpsSchool has introduced a series of professional certification courses designed to enhance your skills and expertise in cutting-edge technologies and methodologies. Whether you are aiming to excel in development, security, or operations, these certifications provide a comprehensive learning experience. Explore the following programs:

DevOps Certification, SRE Certification, and DevSecOps Certification by DevOpsSchool

Explore our DevOps Certification, SRE Certification, and DevSecOps Certification programs at DevOpsSchool. Gain the expertise needed to excel in your career with hands-on training and globally recognized certifications.