DESKTOP AND SERVER SECURITY• IS YOUR DESKTOP SECURE• HOW TO SECURE OWN DESKTOP BY-AROHI MORYA

ATL FOUNDATION,ARA

Introduction

An important issue is how important security is, and how much are we willing to pay it financial, convenience, performance and other terms.

Operating Systems

Windows Linux

Windows 7 Desktop Security

INTRODUCTION USER ACCOUNT CONTROL INTERNET EXPLORER WINDOWS FIREWALL LOCAL ADMINISTRATION GROUP LOCAL USER LOCAL ADMINISTRATION ACCOUNT SERVICES APPLOCKER BIT LOCKER

Introduction NORMALLY WINDOWS 7 IS MORE SECURE THAN ITS

PREDECESSORS, IT REMAINS VULNERABLE TO SECURITY THREATS. IN THIS TIP, STEPS FOR SECURING WINDOWS 7 DESKTOPS.

YOU WILL HAVE A PERFECT OPPORTUNITY TO SECURE YOUR WINDOW 7 DESKTOP SECURITY.

YOU CAN REDUCE HELPDESK CALL, INCREASE PRODUCTIVITY AND SECURITY.

I WILL SHOW YOU. HOW TO SECURE OWN DESKTOP STEP TO STEP . . . . . . . . . .

User account control(uac) WINDOWS 7 MAKES IT MUCH EASIER TO DEAL WITH UAC SETTINGS,

AND IN FACT YOU DON’T HAVE TO COMPLETELY DISABLE UAC IF YOU DON’T WANT TO. JUST TYPE UAC INTO THE START MENU OR CONTROL PANEL SEARCH BOX.

USER ACCOUNT CONTROL SETTING IS TERM IS NOTIFY THE USER INSTALL AND REMOVE PROGRAMME.

User Account control setting

NOTIFICATION SCALE IS SHOW UP LEVEL SHOW RISK IS HIGH AND LOW LEVEL RISK LOW

Internet Explorer INTERNET EXPLORER COMES TO ALL

WINDOWS OPERATING SYSTEMS BUT VERSION IS CHANGE.

WINDOW 7 PROVIDES SOME AMAZING SECURITY WHEN WE ARE BROWSING THE INTERNET EXPLORER.

PROTECTED MODE IS SECURE YOUR SECURE OUR SYSTEM BY LEVERAGING THE BENEFITS OF USER ACCOUNTS CONTROL, PLUS ADDING IN INTEGRITY CONTROLS AND ISOLATION OF INTERNET EXPLORER FROM OTHER RUNNING APPLICATION.

OPEN THE INTERNET EXPLORER GO TO SETTING OPEN

DIALOG BOX AND CLIK INTERNET OPTION.AND

CHECK THE ALL TAB FOR PRIVATE SETING

AS GENERAL,SECURITY,PRI

VACYETC.

Windows Firewall The Windows 7 firewall now gives you the ability to select from three network locations

types upon connecting your computer to a new network.

Another evolutionary step in the Windows 7 firewall is its support for multiple firewall profiles simultaneously.

In order for we to centralize, customize, and define more rules for our windows 7 desktops, we can use group policy.

Local administration group

TO HELP MAKE OUR COMPUTER MORE SECURE, ADD A USER TO THE ADMINISTRATORS GROUP ONLY IF IT IS ABSOLUTELY NECESSARY. USERS IN THE ADMINISTRATORS GROUP HAVE COMPLETE CONTROL OF THE COMPUTER. THEY CAN SEE EVERYONE'S FILES, CHANGE ANYONE'S PASSWORD, AND INSTALL ANY SOFTWARE THEY WANT.

TO CONTROL THIS ,WE CAN USE GROUP POLICY PREFERENCES.

Local user

LOCAL USER MEAN WINDOW 7 PROVIDED TO MORE USER SAME SYSTEM. THEY HAVE OWN USER ACCOUNT.

WINDOWS 7 ALLOWS YOU TO HAVE MULTIPLE USERS SHARING THE SAME COMPUTER UNDER THEIR OWN INDIVIDUAL ACCOUNTS

Create new account

Services WE DON’T WANT USER RUNNING JUST ANY OLE

SERVICE ON THEIR WINDOWS 7 COMPUTER. THEREFORE WE CAN ESTABLISH A LIST OF APPROVED AND DENIED SERVICES USING GROUP POLICY PREFERENCES.

WINDOWS SERVICES CAN BE CONFIGURED TO START WHEN THE OPERATING SYSTEM IS STARTED AND RUN IN THE BACKGROUND AS LONG AS WINDOWS IS RUNNING. ALTERNATIVELY, THEY CAN BE STARTED MANUALLY OR BY AN EVENT. WINDOWS NT OPERATING SYSTEMS INCLUDE NUMEROUS SERVICES WHICH RUN IN CONTEXT OF THREE USER ACCOUNTS.

AppLocker THE SOFTWARE CONFIGURATION OF A TYPICAL

DESKTOP COMPUTER CHANGES FROM ITS DESIRED OR INITIAL STATE USUALLY FROM THE INSTALLATION AND EXECUTION OF NON-STANDARD OR UNAPPROVED SOFTWARE.

IT MEANS THAT TECHNIQUES ALWAYS NOTIFICATION ALERT ASKE USER ARE YOU SURE INSTALL PARTICULAR DATA, APPLICATION ETC.

Bit lockerWINDOWS 7 BITLOCKER™ DRIVE ENCRYPTION IS A DATA PROTECTION FEATURE AVAILABLE IN

WINDOWS® 7 ENTERPRISE AND ULTIMATE FOR CLIENT COMPUTERS AND IN WINDOWS SERVER 2008 R2.

THE TECHNOLOGY IS SIMPLE AND EASY TO CONFIGURE.

SUPPORT FOR NEW FILE SYSTEMS (FAT, FAT32, EXFAT).

SUPPORT FOR REMOVABLE DATA VOLUMES: NOW ANY VOLUME FORMATTED USING A SUPPORTED FILE SYSTEM CAN BE PROTECTED, WHETHER AN EXTERNAL HARD-DRIVE OR A

FLASH STICK.

NEW KEY PROTECTORS: A PASSWORD OR A SMARTCARD CAN NOW BE USED TO PROTECT DATA VOLUMES.

NEW RECOVERY MECHANISM: A PUBLIC-KEY-BASED KEY-PROTECTOR CAN NOW BE USED BY ENTERPRISE-DESIGNATED DATA RECOVERY AGENTS (DRA) TO TRANSPARENTLY PROTECT ALL

VOLUMES AND RECOVER THEM WITHOUT THE NEED OF A RECOVERY KEY OR RECOVERY PASSWORD.

Local Right And Privileges0

LOCAL RIGHT THESE ARE PER COMPUTER CONFIGURATIONS THAT CONTROL WHAT A USER CAN DO TO A COMPUTER.

PERMISSION IS WHAT YOU CONFIGURE FOR RESOURCE ACCESS. A RESOURCE IS A FILE, FOLDER, REGISTRY, KEY, PRINTER, OR ACTIVE DIRECTORY OBJECT. PERMISSION DEFINE WHO CAN DO WHAT TO A RESOURCE.

PERMISSION’S EXAMPLE ARE READ, MODIFY, DELETE, ETC.

What is Registry REGISTRY MEAN NOTE PARTICULAR NAME OR

ANYTHING, THAT KNOWN AS GENERAL WAYS REGISTERED BUT IN COMPUTER KNOWN AS ALL DATABASE THAT STORE CONFIGURE SETTINGS AND OPTIONS ON MICROSOFT WIDOWS OPERATING SYSTEMS. MICROSOFT WINDOWS FIRST INTRODUCED IN WINDOWS 3.1.

YES THAT CAN USE DESKTOP SECURE BY REGISTRY EDITING.

Registry Structure THE REGISTRY HAVE TWO BASIC ELEMENTS…1. KEYS2. VALUES AND ALSO HAVE FIVE CLASSES 1. HKEY CLASSES ROOT2. HKEY CURRENT USER3. HKEY LOCAL MACHINE4. HKEY USERS5. HKEY CURRENT CONFIG

Registry Editing The registry is edited by manually. Manually mean current user as administration

or guest user. For open windows key +R key and type “regedit” and enter registry editor is

open. Registry Editor is a tool intended for advanced users. It's used to view and change

settings in the system registry, which contains information about how your computer runs.

I followed the rules. Here are my five rules for safer Registry editing: 1.The ironclad rule of Registry editing is that you must first back up the Registry. For many, making a System Restore point is the most convenient backup method. I also use the export facility of Regedit to make a copy of the Registry key that I am working on. Keep in mind that Regedit has no Undo function. 2. Know how to restore a Registry backup. It can be as simple as running System Restore or merging a backup REG file. 3. Make only one Registry edit at a time. Wait to see if everything works the way you want before making any more changes to the Registry. Don't forget that many Registry edits require that you log off or reboot before they take effect. 4. Only use Registry edits recommended by known reliable sources. Many of the common recommendations on the Internet are useless or nearly so. And some are even harmful. 5. Remember Rule #1.

RULES FOR EDITING THE REGISTRY SAFELY

Root keys or Hives

Keys Abbreviation Description

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_CURRENT_CONFIG

HKCR

HKCU

HKLM

HKU

HKCC

Stores file association and COM object registration

Stores data associated with the account currently logged on

Stores system-related information

Stores information about all the accounts on the machine

Stores information about the current machine profile

REGISTRY FILES THE REGISTRY

EDITOR ON WINDOW ON THESE SYSTEMS ALSO SOPPORTS EXPORTING.REG FILES ON WINDOWS 9X/NT FORMAT.DATA IS STORED IN .REG FILES.

[HKEY LOCAL MACHINE\SOFTWARE\MICROSOFT]

PROTECTING THE REGISTRY ALL THE INITIALIZATION AND CONFIGURATION INFROMATION USED BY

WINDOW IS STORED IN THE REGISTRY.NORMALLY, THE KEYS IN THE REGISTRYKK ARE CHANGED INDIRECRLY, THROUGH THE ADMINISTRATIVE TOOLS SUCH AS THE CONTROL PANEL.

THE SECURITY PERMISSIONS SET ON THIS KEY DEFINE WHICH USERS OR GROUPS CAN CONNECT TO THE SYSTEM FOR REMOTE REGISTRY ACCESS.

HIVE: HKEY_LOCAL_MACHINEKEY: \CurrentcontrolSet\Control\SecurePipeServers NAME: \winreg

Policy GROUP POLICY IS A HIERARCHICAL INFRASTRUCTURE THAT ALLOWS A

NETWORK ADMINISTRATOR IN CHARGE OF MICROSOFT'S ACTIVE DIRECTORY TO IMPLEMENT SPECIFIC CONFIGURATIONS FOR USERS AND COMPUTERS. GROUP POLICY CAN ALSO BE USED TO DEFINE USER, SECURITY AND NETWORKING POLICIES AT THE MACHINE LEVEL.

THE GROUP POLICY IS A TOOL USED TO ASSIGN POLICIES TO A SYSTEM. GROUP POLICIES ARE DESIGNED TO APPLY POLICY SETTINGS TO A WIDE VARIETY OF TASKS.

WINDOWS 2000 AND LATER VERSIONS OF WINDOWS USE GROUP POLICY TO ENFORCE REGISTRY SETTINGS. POLICY MAY APPLIED LOCALLY TO A SINGLE COMPUTER USING GPEDIT.MSC OR TO MULTIPLE COMPUTERS IN A DOMAIN USING GPMC.MSC.

FOR OPEN GPE GO TO RUN DIALOGUE BOX AND TYPE GPEDIT.MSC

Using Group policy editor Notice that the local security policy is divided into Computer Configuration and User

Configuration. The Desktop configuration portion of the local security policy can be found by navigating through the console to User Configuration.

Create Registry Value STEP 1-FIRST OPEN

REGISTRY EDITORS, GO TO RUN TYPE REGEDIT AND OK

STEP 2- THEN CREATE VALUE PRESSING RIGHT CLICK ON LEFT HAND SIDE WINDOW IT MAY BE DWORD VALUE STRING VALUE ETC DEPENDING UPON THE REGISTRY CONFIGURATION AND THEIR PATH.

Windows 8 introduction & security

Windows 8 is newest family of Microsoft windows family and windows 8.1 is updated features including some new feature e.g.-start menu etc

Why windows 8 or 8.1 This version built by Microsoft for broad access as laptop, pcs, tablet pcs and mobile phones

using modern technology at home. Provide the experience and devices that users love and expect. Deliver enterprises-grade solutions that we can use to manage and secure them.Windows 8 also offers enterprises grade solution Enhance to end-to-end security Management and virtualization advancements windows 8 includes

And windows 8 have fast boot and shutdown feature from later Microsoft windows family

Similarities windows 7 and windows 8

Windows 8 is just an improvement of windows 7 features. But still there exists some points that are common in both & they are: Windows 8 is use the same management tools that we

already use to support Windows 7 in our organization. In windows 7 you can quickly run apps by pressing the

windows logo key, typing the name of the app and pressing Enter. we can do the same windows 8

In windows 8 we swipe in from the top edge of the screen to display app commands by simply right click with the mouse.

Windows 8 is definitely more secure than Windows 7. An integrated antivirus and application reputation system, along with a tamed app ecosystem that replaces the wild-west nature of previous versions of Windows, will probably make the most difference for inexperienced users that may not have ran an antivirus or knew which applications were safe to install on previous versions of Windows. Low-level improvements to the way Windows manages memory will help everyone, even power users.

New features of windows 8 or 8.1

Windows 8 is focused on users Windows is focused very heavily on a new, tiled, touch-centric

interface for tablet 

End to end Security Windows 8 have secure booting system because some

malware programs target the boot process and insert. Measure boot on Trusted Platform Module(TPM) based

systems. Bit locker Drive Encryptions-It is a data protection feature

in windows 8 pro and windows 8 enterprises editions that helps protect data theft from lost, stolen or inappropriately

decommissioned computers. AppLocker-It is a simple and flexible mechanism that allows our specify exactly which apps are allowed to run

users pcs. Windows Smart Screen-Its app reputation is safety feature

in windows 8 or 8.1 Claim Based access control-this control is enables you to

set up and manage usage polices for files folders, and shared resources.

Hardware RecommendationsWindows 8 or 8.1

If you want to run Windows 8.1 on your PC, here's what it takes:

Processor: 1 gigahertz (GHz)* or faster with support for PAE, NX, and SSE2 (more info)

RAM: 1 gigabyte (GB) (32-bit) or 2 GB (64-bit)

Hard disk space: 16 GB (32-bit) or 20 GB (64-bit)

Graphics card: Microsoft DirectX 9 graphics device with WDDM driver

If we're running Windows 8 we can get a free update to Windows 8.1. Just tap or click the Windows Store tile on your Start screen. Once we've moved up to

Windows 8.1 we should get the update automatically. If you don't, follow these steps to get it manually using Windows Update.

Hardware InnovationTouch

Touch is clearly front and centre for Microsoft 1. The response times required for touch

2. The sensitivity and precision required of digitizer 3. The user experience of flush bezel

Long battery lifeOne of the key design tenant of Windows 8 or 8.1 is enable to long

life batterySensor and security

With windows 8 or 8.1 will enables developers to take advantage of hardware innovation such as

4. Low power Bluetooth5. Gps

6. Gyroscopes7. accelerometer

We will also be able to take advantage of security hardware technology like Trusted Platform Module(TPM) and Unified Extensible Interface(UEFI)

boot.

Windows 8 Security Protecting the client against

threatsBoot options for security

Smart screenVulnerability mitigation and

sandboxingProtecting sensitive data

secure access to resources

Protecting the client against threats

Microsoft actually introduced a few great features in its new operating system, some of which will help keep you safer from malware and other security threats.

To take full advantage of Windows 8’s new security features, your PC needs to run a new kind of boot system called Unified Extensible Firmware Interface (UEFI). This system, which replaces the archaic Basic Input/output System (BIOS), adds many new boot features and greatly speeds the start-up process.

Window 8 offers several

enhancements such as trusted

boot, internet explorer smart

screen application reputation and

app sandboxing.

Boot options for security Measured Boot

The biggest challenge with rootkits and bootkits on earlier versions of Windows is that they can be undetectable to the client. Because they start before antimalware and they have system-level privileges, they

can completely disguise themselves while continuing to access system resources. As a result, PCs infected with rootkits appear to be healthy,

even with antimalware running.Secure Boot

When a PC starts, it starts the process of loading the operating system by locating the bootloader on the PC’s hard drive. If a PC doesn’t

support Secure Boot (as is the case with most PCs released prior to Windows 8), the PC simply hands control over to the bootloader,

without even determining whether it is a trusted operating system or malware.

On new Windows 8 computers that use the UEFI firmware instead of the old-style BIOS, Secure Boot guarantees that only specially signed

and approved software can run at boot. On current computers, malware could install a malicious boot loader that loads before the

Windows boot loader, starting a boot-level rootkit (or “bootkit”) before Windows even launches. The rootkit could then hide itself from

Windows and antivirus software, pulling the strings in the background.

Smart screen check application reputation.Smart screen gives broader protectionWhen we install new app then automatic activate and remember are you secure

Smart screen

Vulnerability mitigation and sandboxing

Windows 8 has improved address space layout randomization (ASLR) data execution prevention

(DEP) both of which make exploiting vulnerabilities more difficulty.

The combination DEP and ASLR in windows 8 increase the amount of effort required by an

attacker to develop and be successful with an exploit.

Protecting sensitive dataWhere users travel, so does their organization’s confidential data. Since Windows Vista, BitLocker has

provided full drive encryption capable of protecting both confidential data and system integrity. Windows 8 improves BitLocker by making it easy and faster to deploy, more convenient, and more

manageable.Table 2 lists specific data-protection challenges in Windows 7 and the Windows 8 solution.

Table 2. Windows 8 solutions to Windows 7 data-protection challengesWindows 7 challenge Windows 8 challengeWhen BitLocker is used with a PIN to protect start-up, PCs such as servers and kiosks cannot be restarted remotely.

Network Unlock allows PCs to start automatically when connected to the internal network.

Users must contact IT to change their BitLocker PIN or password. Windows 8 allows users with standard privileges to change their BitLocker PIN or password.

Enabling BitLocker can make the provisioning process take several hours. BitLocker preprovisioning and Used Space Only encryption allow BitLocker to be quickly enabled on new computers.

No support for using BitLocker with Self-Encrypting Drives (SEDs). BitLocker supports offloading encryption to encrypted hard drives.

Administrators have to use separate tools to manage encrypted hard drives. BitLocker supports encrypted hard drives with onboard encryption hardware built in, allowing administrators to use the familiar BitLocker administrative tools to manage them.

Encrypting a new flash drive can take more than 20 minutes. BitLocker To Go’s Used Space Only encryption allows users to encrypt drives in seconds.

BitLocker could require users to enter a recovery key when system configuration changes occur. BitLocker requires the user to enter a recovery key only when disk corruption occurs or when the user loses their PIN or password.

secure access to resources

Pervasive Internet access and the latest generation of lightweight tablets and Ultrabook devices have

changed the way users work. They are not sitting at a desk with a mouse and keyboard anymore; they are using touch interfaces, travelling around the world, and working from untrusted networks. Let’s explore the different ways Windows 8 meets these modern

work styles. Virtual smart cards enables two factor authentication

in a cost-effective manner. Dynamic Access Control enables granular and complex

resource protection throughout an enterprises.

LINUX SECURITY

I N T R O D U C T I O N & S E C U R I T Y

O V E RV I E W

A D VA N TA G E L I N U X T H R E AT S T O L I N U X M A C H I N E S .

S E C U R I N G L I N U X B E T T E R . H O W T O S E C U R E L I N U X

LINUX KERNELThe kernel is the central nervous system of Linux,

include OS code which runs the whole computer. It provides resources to all other programs that

you run under Linux, and manages all other programs as they run.

The kernel includes the code that performs certain specialized tasks, including TCP/IP

networking. The kernel design is modular, so that the

actual OS code is very small to be able to load when it needs, and then free the memory

afterwards, thus the kernel remains small and fast and highly extensible

LINUX NETWORKING Networking comes naturally to Linux. In a real

sense, Linux is a product of the Internet or World Wide Web (www).

Linux is made for networking. Probably all networking protocols in use on the Internet are native to Unix and/or Linux. A large part of the Web is running on Linux boxes, e.g. : AOL

ENCRYPTION Encryption commonly used to secure data. It is the ancient technique

of hiding information in plain sight. Include:

Strong encryption - is stronger than the 40-bit encryption maximum that can be exported from the United States under U.S. law.

Public-key Encryption - is a type of asymmetric encryption, which is a system that you encrypt your message with one key, and the

recipient decrypts it with a mathematically related, but different key.

THE SECURE SHELL(SSH) The ssh and its tools use strong encryption to allow

remotely located systems to exchange data securely.

By using strong encryption, ssh significantly enhances the security of both the authentication process and the session itself.

ADVANTAGE OF LINUXUser vs. administrator Only root can install software or change

system settings. More difficult for viruses to spread. Commands, utilities, even the desktop run

separately from the Kernel. Security updates are easier, quicker to

deploy.

THREATS TO LINUX MACHINES Reasons for Break-in.

Loose Passwords Improper Permissions

Careless Security Unwanted Vulnerable Services Brute force password attacks

Buffer overflows in network services. int main () {int buffer[10]; buffer[20]=10;}

Aim: overwrite some control information to change the flow of control in the program.

SECURING LINUX BETTER1. Secure the console 2. Set good passwords 3. Set right permissions4. Secure the network connection5. Restrict Access6. Iptables 7. Firewalls, Ports & Services8. Handling / Restricting Services9. Adding security to desktop10. Keep the system up to date

SECURING THE CONSOLEPhysical Security

Password protect the screensaver.Set a password on the boot loader (lilo / grub).

Use xlock or xautolock while away.Do NOT normally login as root in own machine.

Set BIOS Password.Machine in safe location.

Set boot hierarchy to HDD first (not CD,HDD).Restrict Remote access.

Set up an idle timeout, to logout idle users.

PASSWORDSUse strong, unique passwords (especially for root)

Must have a minimum length of 8 characters.Must be alpha-numeric not based on dictionary words.

Password must be changed every 30 days.Account will be locked out after 3 consecutive

unsuccessful login attempts.Don’t write down passwords or User-id & password.

Passwords must contain multiple characters (Lower / Upper Case, numbers, punctuation etc.)

Root password should be very hard to crack.

PERMISSIONSCorrect permissions & ownerships on all directories & files.Never make files world-writable / world readable.Search for world-writable files in pwdfind . -perm -2 -print Improper file permissions in /dev : read/write directly to hardware like hard disks and network interfaces. /dev files should only be writable by root & readable only by their groupException : /dev/tty, /dev/pty, /dev/null, /dev/zero. find /dev -perm -2 -print chmod -R 700 /etc/rc.d/init.d/*Lock the /etc/services file so that no one can modify it

SECURE THE NETWORKRemove all unwanted users and groups.Enable nospoof option in /etc/host.conf.Don't create /etc/hosts.equiv or a .rhosts fileDon't run rlogind or rshd. (pw in plain text)Run sshd to allow remote access via SSHUse TCP Wrappers “tcpd”Use /etc/hosts.deny & /etc/hosts.allowhosts.allow overrides hosts.denyDisable unwanted services thru xinetd.conf also Ref: man hosts_access

MORE OF /ETC/ACCESS.[ALLOW|DENY]/etc/hosts.deny

Only Local host allowed accessALL:ALL

/etc/hosts.allow sshd: ALL

ALL: .tifr.res.in EXCEPT xyz.tifr.res.inAllow localhost ALL : 127.0.0.1

Allow another m/c to connect to any service ALL : 192.168.1.2

Let all ssh except 192.168.1.3 and 192.168.1.4 sshd: ALL EXCEPT 192.168.1.3, 192.168.1.4

FIREWALLS Hardware firewall - A device between Internet & LAN. Software firewall: Software on a desktop/server that

rejects certain types of network traffic. Consider implementing a firewall. man iptables Restrict n/w traffic to a machine or network segment. Improves security and network performance. Why do I need a software firewall? Protects the m/c even if the h/w firewall is compromised. Protects the m/c against compromised m/c s on n/w. When can't one use a firewall? Some services (like Samba) may use unspecified ports. Some applications want to use arbitrary ports.

IPTABLESSystem Settings > Security Level System Settings > Server Settings > Services Activate iptables in runlevels 3 & 5Chains: INPUT, OUTPUT,FORWARD.Effects : ACCEPT, DENY, DROPList all iptables rules# iptables –L# iptables -A INPUT -s <SIP> -j DROP# iptables -D <Chain name> <Rule no>

IPTABLES (CONTD…) Drop all incoming telnet packets

# iptables -A INPUT -j DROP -p tcp --destination-port telnet

Block any incoming tcp packets on 2nd Eth card (eth1)# iptables -A INPUT -j DROP -p tcp -i eth1

Drop incoming sync ie. anything not initiated by our PC# iptables -A INPUT -p tcp --syn -j DROP

Block by mac addressiptables -A INPUT --mac-source 00:0B:DB:45:56:42 -j

DROP Ref:

PORTSWhat are ports?

Network connection analogous to a lan highway. Each type of traffic needs to be in its own lan

A port is analogous to a lane on the highway; different types of traffic (http, ftp, ssh, etc.) use different ports

(80,21,22 etc)What ports need to be open?

Open the ports for services you need to use and/or offer others.

SSH (remote access to your machine): 22 FTP (file sharing server): 21

Web server: 80 X (display graphics on remote machines): 6000

See /etc/services for an exhaustive list. Close unused ports/terminate unwanted services.

SERVICES / DAEMONSServices :

Special applications that start before any login Web server (httpd or Apache)

File services (samba, NFS, ftpd) Print services (lpd, CUPS)

Remote access (telnetd, sshd, vncserver) Management tools (crond, rhnsd)

Why can services be dangerous? Many services offer themselves to local & remote m/c s

If a flaw exists in the program providing the service, an attacker can exploit this flaw and break into the machine RULE: don't run any services you don't need.

RULE: if you're running a service, restrict access possible.

ADDING SECURITY TO DESKTOP NIS maintains and distributes files such as /etc/group, /etc/password,

and /etc/hosts NIS’s very nature of “easy information access” makes it tasty hacker

bait A late replacement is NIS+ Access to NFS volumes is granted by /etc/exports This is a weak form of security because the server trusts the clients

to tell it who they are It is easy to make clients lie about their identities The TCP wrappers package can help limit the hosts that can access

NFS filesystems (through /etc/hosts.deny)

REALISTIC SECURITY SEVERITY METRICS Elements of an overall severity metricDamaged potential of any given discovered security vulnerability is a measurement of the potential harm done. Overall severity metric and interaction between the three

key metrics.Our security analyst informs that we are the CIO for a business based on a web ecommerce site. The exception of ruleThe exploitation potential is an exception to this rule, anonymous malicious hackers with only mediocre programing skills can spend week months developing a program to exploit a security hole with little or no risk of getting caught. Applying the overall severity metric Suppose one operating system has far more security alerts than another.

MICROSOFT WINDOWS VS LINUX Both offer some of the graphics capabilities and include some networking capabilities. But Linux

networking is excellent.Linux is multi-user, multi-tasking, but Microsoft

Windows doesn’t support it.Viruses, Trojans and other malware make it onto

Window desktop for a Familiar to window and foreign to linux

THANK YOU