Slide 1
Most trusted JOB oriented professional program
DevOps Certified Professional (DCP)

Take your first step into the world of DevOps with this course, which will help you to learn about the methodologies and tools used to develop, deploy, and operate high-quality software.

Slide 2
DevOps to DevSecOps – Learn the evolution
DevSecOps Certified Professional (DSOCP)

Learn to automate security into a fast-paced DevOps environment using various open-source tools and scripts.

Slide 2
Get certified in the new tech skill to rule the industry
Site Reliability Engineering (SRE) Certified Professional

A method of measuring and achieving reliability through engineering and operations work – developed by Google to manage services.

Slide 2
Master the art of DevOps
Master in DevOps Engineering (MDE)

Get enrolled for the most advanced and only course in the WORLD which can make you an expert and proficient Architect in DevOps, DevSecOps and Site Reliability Engineering (SRE) principles together.

Slide 2
Gain expertise and certified yourself
Azure DevOps Solutions Expert

Learn about the DevOps services available on Azure and how you can use them to make your workflow more efficient.

Slide 3
Learn and get certified
AWS Certified DevOps Professional

Learn about the DevOps services offered by AWS and how you can use them to make your workflow more efficient.

previous arrow
next arrow

Complete Referance of Secure Networking in Linux

Spread the Knowledge
  • OpenSSH
  • Samba
  • NIS
  • NFS
  • Securing FTP and HTTP servers

OpenSSH

  • Open source version of SSH that normally comes with OpenBSD
  • Comes with several distros or downloadable
  • Linux ports have ‘p’ in version number
  • Replaces telnet, ftp, rlogin, etc.
  • Offers secure remote connectivity due to encryption, authentication, and tunnelling
  • Supports all versions of the SSH protocol
  • Comes with several secure utilities to replace traditioally insecure ones
  • scp(secure copy) replaces rcp
  • sftp(secure ftp) replaces ftp
  • Allows secure login of root remotely even when system plicy disallows
  • Uses 3DES,RC4,AES and Blowfish encryption algorithms
  • Create private/public key pair when install or use ssh-keygen command
  • Sign with private key using ssh-keysign command
  • ssh 192.168.10.10
  • Will get authentication error first time
  • OpenSSH demostration

Samba

  • Open source version of CIFS(Common Internet File System) standard invented by Microsoft
  • Uses latest version of server Massage Block(SMB), which is nativr Windows file sharing protocol
  • Samba’s configuration is stored in the smb.conf file, in /etc/samba/smb.conf
  • Configure manually or use SWAT
  • Samba uses 3 daemons(services)
  • nmdb – handles name resolution and registration
  • smbd – manages authentication and all connection requests
  • winbindd – required if connecting to an NT4 or AD domain
  • SWAT is a web-based interface that comes with Samba
  • May come as a separate package to download and install
  • Point browser to http://12.0.0.1:901 to run SWAT
  • SWAT can be used to configure remote samba clients, but sends auhentication in clear – use ssh!
  • SWAT/Samba Demostration

NIS

  • Network Information Services(NIS) provides simple network lookup services
  • Similar to some Active Directory functions
  • Enables lookup of directory objects
  • Provides single sign-on(SSO) capablity
  • Original NIS also called Sun Yellow Pages
  • Name changed due to copyright issues
  • Little security with NIS
  • NIS+ is updated,more secure version
  • NIS+ allows for hierarchical domains
  • NIS+ provides for centralized updates of configuration information
  • User ID’s and passwords can be used throughout NIS domain
  • NIS requires at least 1 master server and optional ‘slave’ servers
  • NIS+ allows secure authentication and encryption
  • Allows for updates via secure RPC
  • Similar to Samba, except hosts are unix-based rather than Windows-based
  • Primary file used is /etc/exports
  • Controls which dirctories are shared and whom(hosts)
  • Default after setup is insecure!

Securing FTP and HTTP Servers

  • Linux has built-in capability of being FTP or HTTP(web)server
  • FTP protocol insecure by default
  • No encryption – user id’s, passwords, and data passed in plaintext
  • Several ways to secure FTP
  • Use SSH to secure transmission
  • Use alternate FTP client/servers
  • Discourage use of user/passwords and use anonymous FTP instead
  • Only use FTP for publicly available data
  • Don’t allow write access to FTP server only download
  • Secure infrastructure around FTP(firewalls, directory ACLs, etc)
  • HTTP is usually served on Linux through Apache
  • Vulnerabilities can result from not hardening system or daemons
  • Vulnerabilities can affect authentication and authorization to resources
  • Configure strong authorization on web server
  • Ensure proper permissions applied to files and directories
  • Don’t allow directory traversal
  • Pay attention to script write and execute permissions on web servers
  • Secure httpd throgh tcp wrappers and xinetd
  • Restrict administrative access to http and ftp services
  • Ensure all access is logged
  • Enable warning banners on FTP and web sites
  • Lock down the htpasswd file(640)
  • Lock down access control files,such as .htaccess and .nsconfig to 400
  • Restrict write access to web directories
  • Use https and ssl certificates when possible for data encryption and mutual authentication
Facebook Notice for EU! You need to login to view and post FB Comments!
Latest posts by Amardeep Dubey (see all)