Network Security and

Hacking Techniques

Network Security and Hacking Techniques – DAY1

DAY 1

Objectives of Network Security

Hardening Linux

Hardening Windows 2000

Network Security and Hacking Techniques – DAY1

Outline – Network Security

Objectives of Network Security Attacks, Services and Mechanisms Key Security Attacks/Threats Active and Passive Security Threats Analysis of Software Vulnerabilities … Analysis of Attacking Technique Sophistication … Conclusions of Attacks From Past Anyone can Launch … Model For Network Security Network Access Security Model Network Security Process Closed Loop Corrective Action Elements of a Security Policy

Network Security and Hacking Techniques – DAY1

Objectives of Network Security

Integrity

Confidentiality

Avaliability

Network Security and Hacking Techniques – DAY1

Objectives of Network Security

Confidentiality: only sender, intended receiver can “understand” msg

sender encrypts msg

receiver decrypts msg

Authenticity: sender, receiver want to confirm identity of each other

Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection

Availability: ensure resource is available

Authorization: access to a resource is authorized

Network Security and Hacking Techniques – DAY1

Attacks, Services and Mechanisms

Security Attack: Any action that compromises the security of information.

Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack.

Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms.

Network Security and Hacking Techniques – DAY1

What Is The Internet?

Collection of networks that communicate

with a common set of protocols (TCP/IP)

Collection of networks with

no central control

no central authority

no common legal oversight or regulations

no standard acceptable use policy

“wild west” atmosphere

Network Security and Hacking Techniques – DAY1

Why Is Internet Security a Problem?

Security not a design consideration

Implementing change is difficult

Openness makes machines easy targets

Increasing complexity

Network Security and Hacking Techniques – DAY1

Key Security Attacks/Threats

Network Security and Hacking Techniques – DAY1

Key Security Attacks/Threats

Interruption: This is an attack on availability

Interception: This is an attack on confidentiality

Modification: This is an attack on integrity

Fabrication: This is an attack on authenticity

Network Security and Hacking Techniques – DAY1

Active and Passive Security Threats

Network Security and Hacking Techniques – DAY1

Analysisof Software Vulnerabilities …

345345 311311

1996 1997 1998 1999 2000 2001 2002 2003262262

41741710901090

24372437

171171

41294129

Vulnerability:A defect that violates an implicit or explicit security policy

Incident:The exploitation of a vulnerability: an occurrence that interrupts normal processand procedure.

98599859

37343734

21342134

25732573

24122412

21,75621,756

82,09482,094

52,65852,658

Network Security and Hacking Techniques – DAY1

Analysis ofAttacking Technique Sophistication …

19801980 19851985 19901990 19951995 20022002

password guessingpassword guessing

self-replicating codeself-replicating code

password crackingpassword cracking

exploiting known exploiting known vulnerabilitiesvulnerabilities

disabling auditsdisabling audits

back doorsback doors

hijacking hijacking sessionssessions

sweeperssweepers

snifferssniffers

stealth diagnosticsstealth diagnostics

packet spoofingpacket spoofing

automated probes/scansautomated probes/scans

denial of servicedenial of service

www attacks/incidentswww attacks/incidents

Source: CERT/CC

distributed denial distributed denial of serviceof service

HighHigh

AttackAttackSophisticationSophistication

(Tools)(Tools)

Network Security and Hacking Techniques – DAY1

Conclusions of Attacks From Past

19801980 19851985 19901990 19951995 20022002

password guessingpassword guessing

self-replicating codeself-replicating code

password crackingpassword cracking

exploiting known exploiting known vulnerabilitiesvulnerabilities

disabling auditsdisabling audits

back doorsback doors

hijacking hijacking sessionssessions

sweeperssweepers

snifferssniffers

stealth diagnosticsstealth diagnostics

packet spoofingpacket spoofing

automated probes/scansautomated probes/scans

denial of servicedenial of service

www attacks/incidentswww attacks/incidents

Source: CERT/CC

distributed denial distributed denial of serviceof service

HighHigh

AttackAttackSophisticationSophistication

(Tools)(Tools)

LowLow

(Scripts)(Scripts)

KnowledgeRequired by

Attacker

Network Security and Hacking Techniques – DAY1

Anyone can Launch …

19801980 19851985 19901990 19951995 20022002

password guessingpassword guessing

self-replicating codeself-replicating code

password crackingpassword cracking

exploiting known exploiting known vulnerabilitiesvulnerabilities

disabling auditsdisabling audits

back doorsback doors

hijacking hijacking sessionssessions

sweeperssweepers

snifferssniffers

stealth diagnosticsstealth diagnostics

packet spoofingpacket spoofing

automated probes/scansautomated probes/scans

denial of servicedenial of service

www attacks/incidentswww attacks/incidents

Source: CERT/CC

distributed denial distributed denial of serviceof service

HighHigh

AttackSophistication

(Tools)(Tools)

LowLow

(Scripts)(Scripts)

KnowledgeRequired by

Attacker

Number o

f Atta

ckers

Number o

f Atta

ckers

Network Security and Hacking Techniques – DAY1

Consider that…

90% of companies detected computer security breaches in the last 12 months

59% cited the Internet as the most frequent origin of attack

74% acknowledged financial losses due to computer breaches

85% detected computer viruses

Source: Computer Security Institute

Network Security and Hacking Techniques – DAY1

WHO ARE THE OPPONENTS?

49% are inside employees on the internal network

17% come from dial-up (still inside people)

34% are from Internet or an external connection to another company of some sort

HACKERS

Network Security and Hacking Techniques – DAY1

HACKER MOTIVATIONS

Money, profit

Access to additional resources

Experimentation and desire to learn

“Gang” mentality

Psychological needs

Self-gratification

Personal vengeance

Emotional issues

Desire to embarrass the target

Network Security and Hacking Techniques – DAY1

Internet Security?

Malicious Code

Viruses

Worms

Buffer Overflows

Buffer Overflows

Session Hijacking

Port Scanning

Trojans

Denial of Service

SpoofinSpoofingg

Replay Attack

Man-in-the-middle

Network Security and Hacking Techniques – DAY1

THE MOST COMMON EXCUSES

No one could possibly be interested in my information

Anti-virus software slows down my processor speed too much.

I don't use anti-virus software because I never open viruses or e-mail attachments from people I don't know.

So many people are on the Internet, I'm just a face in the crowd. No one would pick me out.

I'm busy. I can't become a security expert--I don't have time, and it's not important enough

Network Security and Hacking Techniques – DAY1

SANS Five Worst Security Mistakes End Users Make

Opening unsolicited e-mail attachments without verifying their source and checking their content first.

Failing to install security patches-especially for Microsoft Office, Microsoft Internet Explorer, and Netscape.

Installing screen savers or games from unknown sources.

Not making and testing backups.

Using a modem while connected through a local area network.

Network Security and Hacking Techniques – DAY1

Model For Network Security

Network Security and Hacking Techniques – DAY1

Network Access Security Model

Network Security and Hacking Techniques – DAY1

Methods of Defense

Encryption

Software Controls (access limitations in a data base, in operating system protect each user from other users)

Hardware Controls (smartcard)

Policies (frequent changes of passwords)

Physical Controls

Network Security and Hacking Techniques – DAY1

“Security is a process, not a product”

Security hmm… ??

Network Security and Hacking Techniques – DAY1

Network Security ProcessClosed Loop Corrective Action

Evaluate• Policies / Processes

• Design• Vulnerabilities

Implement• Patches

• New policies & designs• Authentication

• Firewalls & VPNs• Content security

• Intrusion detection

Monitor &Measure

• Self• Service

Improve• Training / Awareness

• Adherence

IncidentResponse

Team

Network Security and Hacking Techniques – DAY1

Elements of a Security Policy

Build a Security Team

skills and roles

Training and Awareness

explaining security

Physical Security

Monitoring

logs and analysis

Auditing

assess security posture

Prepare for an Attack

incident response team

Handling an Attack

Forensics

analyze data

General Employees

Watch Team

Forensics

Response

Attacker

Network Security and Hacking Techniques – DAY1

Outline – Network Security

Questions ??

Network Security and Hacking Techniques – DAY1

Systems – Linux and Windows 2000

Hardening Linux

Hardening Windows 2000

Network Security and Hacking Techniques – DAY1

Typical Network- Linux and Windows Host

Visible IP

Address

InternalNetwork

PC Servers

Linux and windows

HostApplication Servers

Like IDS,Sniffers

We are here

Network Security and Hacking Techniques – DAY1

Brief Introduction of Linux

Introduction of Linux

Installation of Linux Server

Security and Optimization

Linux Networking Concepts

Linux security Software's

Internet Infrastructure

“The Linux has by 8 billion users”

Network Security and Hacking Techniques – DAY1

What is Linux ??

Linux is an operating system, which is same as UNIX operating system.

First created at the University of Helsinki in Finland by a young student named Linus Torvalds.

The Linux operating system is developed under the GNU General Public License

Source code is freely available

“The Linux Based Services that Mean Business Securing Internet”

Network Security and Hacking Techniques – DAY1

Some good reasons to use Linux

There are no royalty or licensing fees for using Linux

Linux quite portable. Linux runs on more CPUs and platforms than any other computer operating system

Linux is a true multi-tasking operating system similar to his brother UNIX

Benefit of Linux is practically immunized against all kinds of viruses that we find in other operating systems

Network Security and Hacking Techniques – DAY1

Choosing Linux Vendors

Redhat Linux

Suse Linux

Debian Linux

Slackware Linux

Network Security and Hacking Techniques – DAY1

Installation of Linux Redhat

www.redhat.com

Freely available to everyone who downloads it via the Internet

ftp://ftp.redhat.com

The Red Hat Linux CD-ROM at Rs. 10,000/-

Network Security and Hacking Techniques – DAY1

Know your Hardware !!

How many hard drives and what are size ?

What kind of hard drive e.g IDE, SCSI ?

How much RAM do you have ?

Do you have a SCSI adapter ??, what make

What type of mouse do you have ?

What is the make and model of your video card ?

What kind of monitor do you have ?

Your types of network(s) card(s) (makes and model)?

If connected to network, what are IP address, gateway, subnet mask and DNS servers

Network Security and Hacking Techniques – DAY1

Installation Class and Method (Install Type)

Red Hat Linux 9.0 include four different classes, or

type of installation. They are:

GNOME Workstation

KDE Workstation

Server

Custom

Network Security and Hacking Techniques – DAY1

Partition Strategy

A good partition strategy is to create a separate partition for

each major file system

Creating multiple partitions offers you the following

advantages:

Faster booting.

Easy backup and upgrade management.

Limit each file system’s ability to grow.

Protection against SUID programs.

Protection against denial of service attack.

Network Security and Hacking Techniques – DAY1

Partition Example

Partitions that must be created on your system:

/boot 5MB All Kernel images are kept here.

/usr 512MB Must be large, since all Linux binaries programs are installed here.

/home 1146MB Proportional to the number of users you intend to host (i.e.

10MB per users * by the number of users 114 = 1140MB).

/chroot 256MB If you want to install programs in chroot jail environment (i.e. DNS).

/cache 256MB This is the cache partition of a proxy server (i.e. Squid).

/var 256MB Contains files that change when the system run normally (i.e. Log files). <Swap> 128MB Our swap partition. The virtual memory of the Linux operating system.

/tmp 256MB Our temporary files partition.

/ 256MB Our root partition.

Network Security and Hacking Techniques – DAY1

Tools to Partition the Hard Drives

Disk Druid

Fdisk

Network Security and Hacking Techniques – DAY1

Components to Install (Package Group Selection)

The host can be configured to better suit the requirements of the particular service.

By reducing services, the number of logs and log entries is reduced so detecting unexpected behavior becomes easier.

Different individuals may administer different services. By isolating services so each host and service has a single administrator you will minimize the possibility of conflicts between administrators.

Other services cannot be used to attack the host and impair or remove desired network services.

Network Security and Hacking Techniques – DAY1

Unwanted Packages

Applications/File: git

Applications/Internet: finger, ftp, fwhois, ncftp, rsh, rsync, talk, telnet

Applications/Publishing: ghostscript, ghostscript-fonts, groff-perl, mpage,

pnm2ppa, rhsprintfilters

Applications/System: arpwatch, bind-utils, rdate, rdist, screen, ucd-snmp-utils

Documentation: indexhtml

System Environment/Base: chkfontpath, yp-tools

System Daemons: XFree86-xfs, finger-server, lpr, nfs-utils, pidentd,

portmap, rsh-server, rusers, rusers-server, rwall-server, rwho, talk-server, telnet-

server,tftp-server, ucd-snmp, ypbind, ypserv

System Environment/Libraries:XFree86-libs, libpng

Network Security and Hacking Techniques – DAY1

How to use RPM Commands

• To install a RPM package, use the command:

[root@testing /]# rpm -ivh foo-1.0-2.i386.rpm

• To uninstall a RPM package, use the command:

[root@testing /]# rpm -e foo

• To upgrade a RPM package, use the command:

[root@testing /]# rpm -Uvh foo-1.0-2.i386.rpm

• To query a RPM package, use the command:

[root@testing /]# rpm -q foo

• To check a RPM signature package, use the command:

[root@testing /]# rpm --checksig foo

Network Security and Hacking Techniques – DAY1

Starting and stopping daemon services

• To start the httpd Web Server manually under Linux.

[root@testing /]# /etc/rc.d/init.d/httpd start

Starting httpd: [ OK ]

 

• To stop the httpd Web Server manually under Linux.

[root@testing /]# /etc/rc.d/init.d/httpd stop

Shutting down http: [ OK ]

 

• To restart the httpd Web Server manually under Linux.

[root@testing /]# /etc/rc.d/init.d/httpd restart

Shutting down http: [ OK ]

Starting httpd: [ OK ]

Network Security and Hacking Techniques – DAY1

Securing and Optimization of Linux

Basic Linux System Administration

General System Security

General System Optimization

Configuring and Building Kernels

Network Security and Hacking Techniques – DAY1

Basic Linux System Administration

Creating general users

root# useradd testing

root# passwd testing

Getting Help

root# man man

Walking around the Linux Directories

root# pwd

Output: /root

root# cd /home/testing

root# pwd

Output: /home/testing

Looking Around

root# ls –l

where -l – listing the files

-a--- listing all the files

Network Security and Hacking Techniques – DAY1

Basic Linux System Administration (cont..)

Working with Files and Directories

To create a directory under the current directory

root# mkdir testing

root# mkdir /home/testing/test

To create a file, using text editor

root# vi ya.txt

To copy a file,

root# cp ya.txt yah.txt

root# cp ya.txt /home/testing/yah.txt

To move and rename a file

root# mv ya.txt /home/testing/yah.txt

root# mv l.txt /home/testing/l.txt

To delete a directory and file

root# rm –r /home/testing

root# rm y.txt

Network Security and Hacking Techniques – DAY1

Basic Linux System Administration (cont..)

Pipes

root# ls –la /etc | less

root# ls –la /etc | grep hosts

Putting Commands Together

root# ls ; cp /home/testing/h.txt /root/h.txt

To check the process

root# ps –aux

To kill the process

root# kill –9 pid

root# killall –9 xinetd

To check loadaverage

root# uptime

Network Security and Hacking Techniques – DAY1

Linux General Security

BIOS Security set a boot password

Security Policy

Choose a right Password

The password length

Edit file /etc/login.defs and Change the following linePASS_MIN_LEN 5

To read:

PASS_MIN_LEN 8

The root account

Set login time out for the root account

Edit file profile (/etc/profile) and the change the following line

TMOUT=7200

Network Security and Hacking Techniques – DAY1

Linux General Security (Cont…)

TCP_WRAPPERS

TCP_WRAPPERS is controlled from two files and the search stops at the first match.

vi /etc/hosts.allow

vi /etc/hosts.deny

For Example

Add ALL:ALL in hosts.deny file, then the access will be denied

Add following line in hosts.allow

sshd: 192.128.9.13 home.secureindia.com

this will allow to access to above IP and Hostnames

Network Security and Hacking Techniques – DAY1

Linux General Security (Cont…)

Xinetd

xinetd is a secure replacement for inetd, the internet

services daemon

Features:

Access control

Prevent denial of service attacks!

Extensive logging abilities!

Offload services to a remote host

Network Security and Hacking Techniques – DAY1

Linux General Security (Cont…)

Xinetd (Cont..)

Xinetd files are /etc/xinetd.conf and directories are stored at

/etc/xinetd.d/

Simple Configurationdefaults

{

instances = 60

log_type = SYSLOG authpriv

log_on_success = HOST PID

log_on_failure = HOST

cps = 25 30

}

includedir /etc/xinetd.d

Network Security and Hacking Techniques – DAY1

Linux General Security (Cont…)

Xinetd (cont..)

Sample Configuration of telnet services

service telnet

{

disable = no

flags = REUSE

socket_type = stream

wait = no

user = root

server = /usr/sbin/in.telnetd

log_on_failure += USERID

}

Network Security and Hacking Techniques – DAY1

Linux General Security (Conts…)

Password protect the boot loader Edit vi /etc/lilo.conf

add the following line

password = xxxxx

Special accountsDISABLE ALL default vendor accounts

root# userdel adm

root# userdel lp

root# userdel sync

root# userdel shutdown

root# userdel halt

root# userdel news

root# userdel operator

root# userdel games

Network Security and Hacking Techniques – DAY1

Linux General Security (Cont…)

Enable TCP SYN Cookie Protection Edit /etc/sysctl.conf and add

net.ipv4.tcp_syscookies = 1

OR

echo 1 > /proc/sys/net/ipv4/tcp_syncookies

Prevent your system from responding to ping request

Edit /etc/sysctl.conf

net.ipv4.icmp_echo_ignore_all = 1

OR

echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all

Network Security and Hacking Techniques – DAY1

Linux Optimization

The “inode-max” parameter

Value roughly 3 to 4 times (8192*4=32768) the number of opened files

Edit /etc/sysctl.conf and add

fs.inode-max = 32768

OR

echo "32768" >/proc/sys/fs/inode-max

The “file-max” parameter

256 for every 4M of RAM we have: i.e. for a machine with 128 MB of RAM, set it to 8192 (128/4=32 32*256=8192). The default setup for the “file-max” parameter under Red Hat Linux is:"4096“

Edit /etc/sysctl.conf and add

fs.file-max = 8192

OR

echo 8192 > /proc/sys/fs/file-max

Network Security and Hacking Techniques – DAY1

Linux Optimization (cont…)

The “ulimit’ parameter Linux itself has a "Max Processes" per user limit.

Edit the .bashrc file (vi /root/.bashrc) and add the following line:

ulimit -u unlimited

root# ulimit -a

core file size (blocks) 1000000

data seg size (kbytes) unlimited

file size (blocks) unlimited

max memory size (kbytes) unlimited

stack size (kbytes) 8192

cpu time (seconds) unlimited

max user processes unlimited _ this line.

pipe size (512 bytes) 8

open files 1024

virtual memory (kbytes) 2105343

Network Security and Hacking Techniques – DAY1

Linux Optimization (cont…)

The “atime” attributeLinux records information about when files were created and last modified as well as when it was last accessed.

 To set the attribute to a file, use:

  root# chattr +A filename _ For a specific file

 

For a whole directory tree, do something like:

root# chattr -R +A /var/spool/ _ For a news and mail

root# chattr -R +A /cache/ _ For a proxy caches

root# chattr -R +A /home/httpd/ona/ _ For a web pages

Network Security and Hacking Techniques – DAY1

Linux Optimization (cont…)

Handled more connections by time with your TCP/IP

Edit the “/etc/sysctl.conf” file and add the following lines:

# Decrease the time default value for tcp_fin_timeout connection

net.ipv4.tcp_fin_timeout = 30

# Decrease the time default value for tcp_keepalive_time connection

net.ipv4.tcp_keepalive_time = 1800

# Turn off the tcp_window_scaling

net.ipv4.tcp_window_scaling = 0

# Turn off the tcp_sack

net.ipv4.tcp_sack = 0

# Turn off the tcp_timestamps

net.ipv4.tcp_timestamps = 0

Network Security and Hacking Techniques – DAY1

Securing and Building Linux kernel

Kernel is the core of Operating System

Kernel plays important role in performance of Linux Server

Role of Kernel Memory Management

Hardware Management

Process Management

www.kernel.org

http://www.openwall.com/linux/

Network Security and Hacking Techniques – DAY1

Securing and Building Linux kernel (Cont…)

Untar the kernel Source

root# cp kernel_version.tar.gz /usr/src

root# cd /usr/src

root# tar –zxvf kernel_version.tar.gz

Increase the Tasks (optimization)To increase the number of tasks allowed (the maximum number of processes per user), you may need to edit the “/usr/src/linux/include/linux/tasks.h” file and change the following parameters.

Edit the tasks.h file

(vi +14 usr/src/linux/include/linux/tasks.h) and change the following parameters:

NR_TASKS from 512 to 3072

MIN_TASKS_LEFT_FOR_ROOT from 4 to 24

Untar the kernel security patch

root#tar –zxvf linux-2_2_14-ow2_tar.gz

Network Security and Hacking Techniques – DAY1

Securing and Building Linux kernel (Cont…)

Securing the kernel

Features:

Non-executable user stack area

Restricted links in /tmp

Restricted FIFOs in /tmp

Restricted /proc

Special handling of fd 0, 1, and 2

Enforce RLIMIT_NPROC on execve(2)

Network Security and Hacking Techniques – DAY1

Securing and Building Linux kernel (Cont…)

Applying the Patch

root# cd /usr/src/kernel_version

root# patch -p0 < linux-2.2.14-ow2.diff

Compilation

root# make config

Choose options in menu .

root# make dep ; make bzImage

Compile the Modules

root# make modules; make modules_install

Installation of Kernel

root# cp /usr/src/linux/arch/i386/boot/bzImage /boot/vmlinuz_kernel_version.number

Network Security and Hacking Techniques – DAY1

Securing and Building Linux kernel (Cont…)

Linux Loader (lilo)

Edit file /etc/lilo.conf and add the following lines

mage=/boot/vmlinuz-2.5.1

label=linux-5

initrd=/boot/initrd-2.5.1

read-only

root=/dev/sda1

and change default to linux-5

default=linux

to

default=linux-5

running following command lilo –v to recognize new kernel

root# /sbin/lilo –v

Network Security and Hacking Techniques – DAY1

Securing and Building Linux kernel (Cont…)

Make a new rescue floppy

root# mkbootdisk -devise /dev/fd0 old-version

example

root# mkbootdisk –devise /dev/fd0 2.4.18

Now Reboot the system

root# reboot

After booting you see new kernel

Network Security and Hacking Techniques – DAY1

Linux Network Management

TCP/IP Network Management

Networking Firewall

Network Security and Hacking Techniques – DAY1

TCP/IP Linux Network Management

Files related to networking functionality

The “/etc/HOSTNAME” file

This file stores your system’s host name—your system’s fully qualified domain name (FQDN), such as testing.secureindia.net.

Following is a sample “/etc/HOSTNAME” file:

testing.secureindia.com

The “/etc/resolv.conf” file

This file is another text file, used by the resolver—a library that determines the IP address for a host name.

Following is a sample “/etc/resolv.conf” file:

search secureindia.net

nameserver 202.71.129.33

nameserver 202.71.129.37

Network Security and Hacking Techniques – DAY1

TCP/IP Linux Network Management(Cont..)

The “/etc/sysconfig/network-scripts/ifcfg-ethN” files

File configurations for each network device

Following is a sample “/etc/sysconfig/network-scripts/ifcfg-eth0” file:

DEVICE=eth0

IPADDR=202.71.129.252

NETMASK=255.255.255.0

NETWORK=202.71.129.0

BROADCAST=202.71.129.255

ONBOOT=yes

BOOTPROTO=none

USERCTL=no

Network Security and Hacking Techniques – DAY1

TCP/IP Linux Network Management(Cont..)

The “/etc/host.conf” file

This file specifies how names are resolved. Linux uses a resolver library to obtain the IP address corresponding to a host name.

  Following is a sample “/etc/host.conf” file:

# Lookup names via DNS first then fall back to /etc/hosts.

order bind,hosts

# We have machines with multiple addresses.

multi on

# Check for IP address spoofing.

nospoof on

Network Security and Hacking Techniques – DAY1

TCP/IP Linux Network Management(Cont..)

The “/etc/sysconfig/network” file

The “/etc/sysconfig/network” file is used to specify information about the desired network configuration on your server.

  Following is a sample “/etc/sysconfig/network” file:NETWORKING=yes

FORWARD_IPV4=yes

HOSTNAME=deep. secureindia.com

GATEWAY=0.0.0.0

GATEWAYDEV=eth1

The “/etc/sysctl.conf” file

In Red Hat Linux 9.0, many kernel options related to networking security such as dropping packets that come in over interfaces they shouldn't or ignoring ping/broadcasts request, etc can be set in the new “/etc/sysctl.conf” file instead of the “/etc/rc.d/rc.local” file.

Edit the “/etc/sysctl.conf” file and add the following line:

# Enable packet forwarding

net.ipv4.ip_forward = 1

Network Security and Hacking Techniques – DAY1

TCP/IP Linux Network Management(Cont..)

Configuring TCP/IP Networking manually with the command line

ifconfig utility is the tool used to set up and configure your network card

To assign the eth0 interface the IP-address of 202.71.128.252 use the command:

root# ifconfig eth0 202.71.128.252 netmask 255.255.255.0

root# ifconfig eth0

The output should look something like this:

 

eth0 Link encap:Ethernet HWaddr 00:E0:18:90:1B:56

inet addr:202.71.128.252 Bcast:202.71.128.255 Mask:255.255.255.0

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:1295 errors:0 dropped:0 overruns:0 frame:0

TX packets:1163 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:100

Interrupt:11 Base address:0xa800

 

 

Network Security and Hacking Techniques – DAY1

TCP/IP Linux Network Management(Cont..)

To assign the default gateway

root# route add default gw 202.71.128.1

To verify that you can reach your hosts, use the command:

root# ping 202.71.128.1

The output should look something like this:

PING 202.71.128.1 (202.71.128.1) from 202.71.128.252:

56 data bytes

64 bytes from 202.71.128.252: icmp_seq=0 ttl=128 time=1.0 ms

64 bytes from 202.71.128.252: icmp_seq=1 ttl=128 time=1.0 ms

Network Security and Hacking Techniques – DAY1

TCP/IP Linux Network Management(Cont..)

To display the routing information

root# route -n

  The output should look something like this:

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

202.71.128.252 0.0.0.0 255.255.255.255 UH 0 0 0 eth0

202.71.128.0 202.71.128.252 255.255.255.0 UG 0 0 0 eth0

208.164.186.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo

Network Security and Hacking Techniques – DAY1

TCP/IP Linux Network Management(Cont..)

To see all active TCP connections

root# netstat -t

 

The output should look something like this:

Active Internet connections (w/o servers)

Proto Recv-Q Send-Q Local Address Foreign Address State

Tcp 0 0 deep.openar:netbios-ssn gate.openna.com:1045 ESTABLISHED

Tcp 0 0 localhost:1032 localhost:1033 ESTABLISHED

Tcp 0 0 localhost:1033 localhost:1032 ESTABLISHED

Tcp 0 0 localhost:1033 localhost:1034 ESTABLISHED

Tcp 0 0 localhost:1033 localhost:1030 ESTABLISHED

Network Security and Hacking Techniques – DAY1

Introduction to netfilter/iptables

Linux security and netfilter/iptables

Inbuilt capability is firewall configuration for Linux systems on a network

Firewalls to stop unauthorized sources from accessing their Linux systems by using telnet, for example.

Free up the bandwidth by blocking unnecessary traffic coming from sources like advertisement sites

Network Security and Hacking Techniques – DAY1

Netfilter/IPtables

packet filtering process

Network Security and Hacking Techniques – DAY1

Building rules and chains

Root# iptables [-t table] command [match] [target]

Tables: INPUT,OUTPUT,PREROUTING,POSTROUTING

Command: -A or –append

$ iptables -A INPUT -s 205.168.0.1 -j ACCEPT

-D or --delete

$ iptables -D INPUT --dport 80 -j DROP

-F or –flush

$ iptables -F

-L or --list

$ iptables -L

Network Security and Hacking Techniques – DAY1

Building rules and chains (cont…)

Match: -p or --protocol

$ iptables -A INPUT -p TCP, UDP

-s or –source

$ iptables -A OUTPUT -s 192.168.1.1

-d or --destination $ iptables -A INPUT -d 192.168.1.1

Target : ACCEPT,DROP and REJECT

$ iptables -A FORWARD -p TCP --dport 22 -j REJECT

Network Security and Hacking Techniques – DAY1

Securing Windows 2000

OS Installation

Installing Service Packs and Hotfixes

Secure Server Settings

Miscellaneous settings

Network Settings

Enabling /Disabling Services

System Policies

Registry Settings

Network Security and Hacking Techniques – DAY1

Windows2000 Server operating system requires…

Introduction Careful planning and preparation. Default installation Server is vulnerable to security

attacks Disconnected from the network until both the Windows

2000 Service Pack 3 and the Security hotfixes are installed.

Disk Configuration Ensure that all the drives on the server have NTFS

partitions If the drives are not on NTFS then use the “Convert.exe”

tool to convert the partition to NTFS and retain the data also

Ensure that the disk is partitioned into at least two separate partitions

One for the system and OS files, and the other for data files

Network Security and Hacking Techniques – DAY1

Installing Service Packs and Hotfixes

Hotfixes and security packs

Hotfixes are code patches for products that are provided

While applying the service pack you will be asked whether you want to back up the existing setup

Secure Server Settings

Anti-virus • Ensure that an anti-virus is installed on the server

• Latest updates as provided by the Anti-Virus vendor.

Emergency repair disk (ERD)

Network Security and Hacking Techniques – DAY1

Miscellaneous Settings

File permissions list the permissions to be granted on critical files Example

Repeat the process for the following directories and files.

Temp directories like c:\temp, %systemroot%\tmp.

Audit logs (%systemroot%\system32\config\*.evt)

Registry files (%systemroot%\system32\config, %systemroot%\repair)

All shared directories

Boot files on the system partition (Boot.ini, NTLDR, NTDETECT.COM, NTBOOTDD.SYS,

BOOTSECT.DOS)

Administrator password length

Rename Administrator Account

Rename Guest Account

Network Security and Hacking Techniques – DAY1

Network Settings

Microsoft provides two categories of networking services

Microsoft’s File and Print services (Installed Default)

The General TCP/IP and Internet services• DNS and WINS settings

• Unbinding Microsoft networking services

Network Security and Hacking Techniques – DAY1

Network Settings

Enabling/Disabling services

• Default windows start a few services over which we do not have any control, during the installation phase

Network Security and Hacking Techniques – DAY1

System Policies

Password Policies

Account Lockout Policies

Password policies help administrators dictate the strength of passwords that users can set

Account lockout policy options disable accounts after a set number of failed logon attempts

Network Security and Hacking Techniques – DAY1

System Policies (Conts…)

Audit policy

Audit policies help administrators monitor logon activity in Windows 2000 Server in a very detailed way by enabling success-and-failure auditing in the system's Audit policy

Network Security and Hacking Techniques – DAY1

System Policies (Conts…)

Audit log settings

Changing parameters like1. Maximum log size2. Do not overwrite events

Network Security and Hacking Techniques – DAY1

System Policies (Conts…)

User rights

User rights are typically assigned on the basis of the security groups to which a user belongs

The policy settings in this category are typically used to allow or deny users permission to access to their computer based on the method of access and their security group memberships

Network Security and Hacking Techniques – DAY1

System Policies (Conts…)

Security options

The settings provided under this heading help define the behavior of the system for the settings configured above and the way the system interacts with other machines on the network.

Network Security and Hacking Techniques – DAY1

Registry Settings

This section address specific settings that have to be done manually in the system registry

It’s highly recommended to take to take a full back of the registry before any changes have been made

SYN attack protection

Syn attack protection involves reducing the amount of retransmissions for the SYN-ACKS

Reduce the time for which resources have to remain allocated

ProcedureRight click on the right hand pane Choose New→ DWORD Value Name it “SynAttackProtect”.Double click on the “SynAttackProtect” keyEnter the value as “2”

Network Security and Hacking Techniques – DAY1

Registry Settings (Conts…)

TcpMaxHalfOpen This parameter controls the number of connections in the

SYN-RCVD state allowed before SYN-ATTACK protection begins to operate.

If SynAttackProtect is set to 1, ensure that this value is lower than the AFD listen backlog on the port you want to protect. See the SynAttackProtect parameter for more details.

TcpMaxHalfOpenRetried This parameter controls the number of connections in the

SYN-RCVD state for which there has been at least one retransmission of the SYN sent, before SYN-ATTACK attack protection begins to operate.

The default values are 80 for Win2K Pro and Server and 400 for Advanced Server. See the SynAttackProtect parameter for more details.

Network Security and Hacking Techniques – DAY1

Registry Settings (Conts…)

Perform router discovery This parameter controls whether Windows 2000 will try to

perform router discovery (RFC 1256). This is on a per-interface basis

It is located in Interfaces\<interface> and is a REG_DWORD, with a range of 0–2, (default is 2 and recommended is 0). Value of 0 is disabled; 1 is enabled; and 2 DHCP controls the setting.

Enable ICMP redirects

This controls whether Windows 2000 will alter its route table in response to ICMP redirect messages that are sent to it by network devices such as a routers.

It is a REG_DWORD, with 0,1 (False, True). Default value is 1, recommended value is 0.

Network Security and Hacking Techniques – DAY1

Registry Settings (Conts..)

Restrict network access to the registry