Date post: | 06-May-2015 |
Category: |
Technology |
Upload: | jai4uk |
View: | 1,922 times |
Download: | 4 times |
Network Security and
Hacking Techniques
Network Security and Hacking Techniques – DAY1
DAY 1
Objectives of Network Security
Hardening Linux
Hardening Windows 2000
Network Security and Hacking Techniques – DAY1
Outline – Network Security
Objectives of Network Security Attacks, Services and Mechanisms Key Security Attacks/Threats Active and Passive Security Threats Analysis of Software Vulnerabilities … Analysis of Attacking Technique Sophistication … Conclusions of Attacks From Past Anyone can Launch … Model For Network Security Network Access Security Model Network Security Process Closed Loop Corrective Action Elements of a Security Policy
Network Security and Hacking Techniques – DAY1
Objectives of Network Security
Integrity
Confidentiality
Avaliability
Network Security and Hacking Techniques – DAY1
Objectives of Network Security
Confidentiality: only sender, intended receiver can “understand” msg
sender encrypts msg
receiver decrypts msg
Authenticity: sender, receiver want to confirm identity of each other
Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection
Availability: ensure resource is available
Authorization: access to a resource is authorized
Network Security and Hacking Techniques – DAY1
Attacks, Services and Mechanisms
Security Attack: Any action that compromises the security of information.
Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack.
Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms.
Network Security and Hacking Techniques – DAY1
What Is The Internet?
Collection of networks that communicate
with a common set of protocols (TCP/IP)
Collection of networks with
no central control
no central authority
no common legal oversight or regulations
no standard acceptable use policy
“wild west” atmosphere
Network Security and Hacking Techniques – DAY1
Why Is Internet Security a Problem?
Security not a design consideration
Implementing change is difficult
Openness makes machines easy targets
Increasing complexity
Network Security and Hacking Techniques – DAY1
Key Security Attacks/Threats
Network Security and Hacking Techniques – DAY1
Key Security Attacks/Threats
Interruption: This is an attack on availability
Interception: This is an attack on confidentiality
Modification: This is an attack on integrity
Fabrication: This is an attack on authenticity
Network Security and Hacking Techniques – DAY1
Active and Passive Security Threats
Network Security and Hacking Techniques – DAY1
Analysisof Software Vulnerabilities …
345345 311311
1996 1997 1998 1999 2000 2001 2002 2003262262
41741710901090
24372437
171171
41294129
Vulnerability:A defect that violates an implicit or explicit security policy
Incident:The exploitation of a vulnerability: an occurrence that interrupts normal processand procedure.
98599859
37343734
21342134
25732573
24122412
21,75621,756
82,09482,094
52,65852,658
Network Security and Hacking Techniques – DAY1
Analysis ofAttacking Technique Sophistication …
19801980 19851985 19901990 19951995 20022002
password guessingpassword guessing
self-replicating codeself-replicating code
password crackingpassword cracking
exploiting known exploiting known vulnerabilitiesvulnerabilities
disabling auditsdisabling audits
back doorsback doors
hijacking hijacking sessionssessions
sweeperssweepers
snifferssniffers
stealth diagnosticsstealth diagnostics
packet spoofingpacket spoofing
automated probes/scansautomated probes/scans
denial of servicedenial of service
www attacks/incidentswww attacks/incidents
Source: CERT/CC
distributed denial distributed denial of serviceof service
HighHigh
AttackAttackSophisticationSophistication
(Tools)(Tools)
Network Security and Hacking Techniques – DAY1
Conclusions of Attacks From Past
19801980 19851985 19901990 19951995 20022002
password guessingpassword guessing
self-replicating codeself-replicating code
password crackingpassword cracking
exploiting known exploiting known vulnerabilitiesvulnerabilities
disabling auditsdisabling audits
back doorsback doors
hijacking hijacking sessionssessions
sweeperssweepers
snifferssniffers
stealth diagnosticsstealth diagnostics
packet spoofingpacket spoofing
automated probes/scansautomated probes/scans
denial of servicedenial of service
www attacks/incidentswww attacks/incidents
Source: CERT/CC
distributed denial distributed denial of serviceof service
HighHigh
AttackAttackSophisticationSophistication
(Tools)(Tools)
LowLow
(Scripts)(Scripts)
KnowledgeRequired by
Attacker
Network Security and Hacking Techniques – DAY1
Anyone can Launch …
19801980 19851985 19901990 19951995 20022002
password guessingpassword guessing
self-replicating codeself-replicating code
password crackingpassword cracking
exploiting known exploiting known vulnerabilitiesvulnerabilities
disabling auditsdisabling audits
back doorsback doors
hijacking hijacking sessionssessions
sweeperssweepers
snifferssniffers
stealth diagnosticsstealth diagnostics
packet spoofingpacket spoofing
automated probes/scansautomated probes/scans
denial of servicedenial of service
www attacks/incidentswww attacks/incidents
Source: CERT/CC
distributed denial distributed denial of serviceof service
HighHigh
AttackSophistication
(Tools)(Tools)
LowLow
(Scripts)(Scripts)
KnowledgeRequired by
Attacker
Number o
f Atta
ckers
Number o
f Atta
ckers
Network Security and Hacking Techniques – DAY1
Consider that…
90% of companies detected computer security breaches in the last 12 months
59% cited the Internet as the most frequent origin of attack
74% acknowledged financial losses due to computer breaches
85% detected computer viruses
Source: Computer Security Institute
Network Security and Hacking Techniques – DAY1
WHO ARE THE OPPONENTS?
49% are inside employees on the internal network
17% come from dial-up (still inside people)
34% are from Internet or an external connection to another company of some sort
HACKERS
Network Security and Hacking Techniques – DAY1
HACKER MOTIVATIONS
Money, profit
Access to additional resources
Experimentation and desire to learn
“Gang” mentality
Psychological needs
Self-gratification
Personal vengeance
Emotional issues
Desire to embarrass the target
Network Security and Hacking Techniques – DAY1
Internet Security?
Malicious Code
Viruses
Worms
Buffer Overflows
Buffer Overflows
Session Hijacking
Port Scanning
Trojans
Denial of Service
SpoofinSpoofingg
Replay Attack
Man-in-the-middle
Network Security and Hacking Techniques – DAY1
THE MOST COMMON EXCUSES
No one could possibly be interested in my information
Anti-virus software slows down my processor speed too much.
I don't use anti-virus software because I never open viruses or e-mail attachments from people I don't know.
So many people are on the Internet, I'm just a face in the crowd. No one would pick me out.
I'm busy. I can't become a security expert--I don't have time, and it's not important enough
Network Security and Hacking Techniques – DAY1
SANS Five Worst Security Mistakes End Users Make
Opening unsolicited e-mail attachments without verifying their source and checking their content first.
Failing to install security patches-especially for Microsoft Office, Microsoft Internet Explorer, and Netscape.
Installing screen savers or games from unknown sources.
Not making and testing backups.
Using a modem while connected through a local area network.
Network Security and Hacking Techniques – DAY1
Model For Network Security
Network Security and Hacking Techniques – DAY1
Network Access Security Model
Network Security and Hacking Techniques – DAY1
Methods of Defense
Encryption
Software Controls (access limitations in a data base, in operating system protect each user from other users)
Hardware Controls (smartcard)
Policies (frequent changes of passwords)
Physical Controls
Network Security and Hacking Techniques – DAY1
“Security is a process, not a product”
Security hmm… ??
Network Security and Hacking Techniques – DAY1
Network Security ProcessClosed Loop Corrective Action
Evaluate• Policies / Processes
• Design• Vulnerabilities
Implement• Patches
• New policies & designs• Authentication
• Firewalls & VPNs• Content security
• Intrusion detection
Monitor &Measure
• Self• Service
Improve• Training / Awareness
• Adherence
IncidentResponse
Team
Network Security and Hacking Techniques – DAY1
Elements of a Security Policy
Build a Security Team
skills and roles
Training and Awareness
explaining security
Physical Security
Monitoring
logs and analysis
Auditing
assess security posture
Prepare for an Attack
incident response team
Handling an Attack
Forensics
analyze data
General Employees
Watch Team
Forensics
Response
Attacker
Network Security and Hacking Techniques – DAY1
Outline – Network Security
Questions ??
Network Security and Hacking Techniques – DAY1
Systems – Linux and Windows 2000
Hardening Linux
Hardening Windows 2000
Network Security and Hacking Techniques – DAY1
Typical Network- Linux and Windows Host
Visible IP
Address
InternalNetwork
PC Servers
Linux and windows
HostApplication Servers
Like IDS,Sniffers
We are here
Network Security and Hacking Techniques – DAY1
Brief Introduction of Linux
Introduction of Linux
Installation of Linux Server
Security and Optimization
Linux Networking Concepts
Linux security Software's
Internet Infrastructure
“The Linux has by 8 billion users”
Network Security and Hacking Techniques – DAY1
What is Linux ??
Linux is an operating system, which is same as UNIX operating system.
First created at the University of Helsinki in Finland by a young student named Linus Torvalds.
The Linux operating system is developed under the GNU General Public License
Source code is freely available
“The Linux Based Services that Mean Business Securing Internet”
Network Security and Hacking Techniques – DAY1
Some good reasons to use Linux
There are no royalty or licensing fees for using Linux
Linux quite portable. Linux runs on more CPUs and platforms than any other computer operating system
Linux is a true multi-tasking operating system similar to his brother UNIX
Benefit of Linux is practically immunized against all kinds of viruses that we find in other operating systems
Network Security and Hacking Techniques – DAY1
Choosing Linux Vendors
Redhat Linux
Suse Linux
Debian Linux
Slackware Linux
Network Security and Hacking Techniques – DAY1
Installation of Linux Redhat
www.redhat.com
Freely available to everyone who downloads it via the Internet
ftp://ftp.redhat.com
The Red Hat Linux CD-ROM at Rs. 10,000/-
Network Security and Hacking Techniques – DAY1
Know your Hardware !!
How many hard drives and what are size ?
What kind of hard drive e.g IDE, SCSI ?
How much RAM do you have ?
Do you have a SCSI adapter ??, what make
What type of mouse do you have ?
What is the make and model of your video card ?
What kind of monitor do you have ?
Your types of network(s) card(s) (makes and model)?
If connected to network, what are IP address, gateway, subnet mask and DNS servers
Network Security and Hacking Techniques – DAY1
Installation Class and Method (Install Type)
Red Hat Linux 9.0 include four different classes, or
type of installation. They are:
GNOME Workstation
KDE Workstation
Server
Custom
Network Security and Hacking Techniques – DAY1
Partition Strategy
A good partition strategy is to create a separate partition for
each major file system
Creating multiple partitions offers you the following
advantages:
Faster booting.
Easy backup and upgrade management.
Limit each file system’s ability to grow.
Protection against SUID programs.
Protection against denial of service attack.
Network Security and Hacking Techniques – DAY1
Partition Example
Partitions that must be created on your system:
/boot 5MB All Kernel images are kept here.
/usr 512MB Must be large, since all Linux binaries programs are installed here.
/home 1146MB Proportional to the number of users you intend to host (i.e.
10MB per users * by the number of users 114 = 1140MB).
/chroot 256MB If you want to install programs in chroot jail environment (i.e. DNS).
/cache 256MB This is the cache partition of a proxy server (i.e. Squid).
/var 256MB Contains files that change when the system run normally (i.e. Log files). <Swap> 128MB Our swap partition. The virtual memory of the Linux operating system.
/tmp 256MB Our temporary files partition.
/ 256MB Our root partition.
Network Security and Hacking Techniques – DAY1
Tools to Partition the Hard Drives
Disk Druid
Fdisk
Network Security and Hacking Techniques – DAY1
Components to Install (Package Group Selection)
The host can be configured to better suit the requirements of the particular service.
By reducing services, the number of logs and log entries is reduced so detecting unexpected behavior becomes easier.
Different individuals may administer different services. By isolating services so each host and service has a single administrator you will minimize the possibility of conflicts between administrators.
Other services cannot be used to attack the host and impair or remove desired network services.
Network Security and Hacking Techniques – DAY1
Unwanted Packages
Applications/File: git
Applications/Internet: finger, ftp, fwhois, ncftp, rsh, rsync, talk, telnet
Applications/Publishing: ghostscript, ghostscript-fonts, groff-perl, mpage,
pnm2ppa, rhsprintfilters
Applications/System: arpwatch, bind-utils, rdate, rdist, screen, ucd-snmp-utils
Documentation: indexhtml
System Environment/Base: chkfontpath, yp-tools
System Daemons: XFree86-xfs, finger-server, lpr, nfs-utils, pidentd,
portmap, rsh-server, rusers, rusers-server, rwall-server, rwho, talk-server, telnet-
server,tftp-server, ucd-snmp, ypbind, ypserv
System Environment/Libraries:XFree86-libs, libpng
Network Security and Hacking Techniques – DAY1
How to use RPM Commands
• To install a RPM package, use the command:
[root@testing /]# rpm -ivh foo-1.0-2.i386.rpm
• To uninstall a RPM package, use the command:
[root@testing /]# rpm -e foo
• To upgrade a RPM package, use the command:
[root@testing /]# rpm -Uvh foo-1.0-2.i386.rpm
• To query a RPM package, use the command:
[root@testing /]# rpm -q foo
• To check a RPM signature package, use the command:
[root@testing /]# rpm --checksig foo
Network Security and Hacking Techniques – DAY1
Starting and stopping daemon services
• To start the httpd Web Server manually under Linux.
[root@testing /]# /etc/rc.d/init.d/httpd start
Starting httpd: [ OK ]
• To stop the httpd Web Server manually under Linux.
[root@testing /]# /etc/rc.d/init.d/httpd stop
Shutting down http: [ OK ]
• To restart the httpd Web Server manually under Linux.
[root@testing /]# /etc/rc.d/init.d/httpd restart
Shutting down http: [ OK ]
Starting httpd: [ OK ]
Network Security and Hacking Techniques – DAY1
Securing and Optimization of Linux
Basic Linux System Administration
General System Security
General System Optimization
Configuring and Building Kernels
Network Security and Hacking Techniques – DAY1
Basic Linux System Administration
Creating general users
root# useradd testing
root# passwd testing
Getting Help
root# man man
Walking around the Linux Directories
root# pwd
Output: /root
root# cd /home/testing
root# pwd
Output: /home/testing
Looking Around
root# ls –l
where -l – listing the files
-a--- listing all the files
Network Security and Hacking Techniques – DAY1
Basic Linux System Administration (cont..)
Working with Files and Directories
To create a directory under the current directory
root# mkdir testing
root# mkdir /home/testing/test
To create a file, using text editor
root# vi ya.txt
To copy a file,
root# cp ya.txt yah.txt
root# cp ya.txt /home/testing/yah.txt
To move and rename a file
root# mv ya.txt /home/testing/yah.txt
root# mv l.txt /home/testing/l.txt
To delete a directory and file
root# rm –r /home/testing
root# rm y.txt
Network Security and Hacking Techniques – DAY1
Basic Linux System Administration (cont..)
Pipes
root# ls –la /etc | less
root# ls –la /etc | grep hosts
Putting Commands Together
root# ls ; cp /home/testing/h.txt /root/h.txt
To check the process
root# ps –aux
To kill the process
root# kill –9 pid
root# killall –9 xinetd
To check loadaverage
root# uptime
Network Security and Hacking Techniques – DAY1
Linux General Security
BIOS Security set a boot password
Security Policy
Choose a right Password
The password length
Edit file /etc/login.defs and Change the following linePASS_MIN_LEN 5
To read:
PASS_MIN_LEN 8
The root account
Set login time out for the root account
Edit file profile (/etc/profile) and the change the following line
TMOUT=7200
Network Security and Hacking Techniques – DAY1
Linux General Security (Cont…)
TCP_WRAPPERS
TCP_WRAPPERS is controlled from two files and the search stops at the first match.
vi /etc/hosts.allow
vi /etc/hosts.deny
For Example
Add ALL:ALL in hosts.deny file, then the access will be denied
Add following line in hosts.allow
sshd: 192.128.9.13 home.secureindia.com
this will allow to access to above IP and Hostnames
Network Security and Hacking Techniques – DAY1
Linux General Security (Cont…)
Xinetd
xinetd is a secure replacement for inetd, the internet
services daemon
Features:
Access control
Prevent denial of service attacks!
Extensive logging abilities!
Offload services to a remote host
Network Security and Hacking Techniques – DAY1
Linux General Security (Cont…)
Xinetd (Cont..)
Xinetd files are /etc/xinetd.conf and directories are stored at
/etc/xinetd.d/
Simple Configurationdefaults
{
instances = 60
log_type = SYSLOG authpriv
log_on_success = HOST PID
log_on_failure = HOST
cps = 25 30
}
includedir /etc/xinetd.d
Network Security and Hacking Techniques – DAY1
Linux General Security (Cont…)
Xinetd (cont..)
Sample Configuration of telnet services
service telnet
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
}
Network Security and Hacking Techniques – DAY1
Linux General Security (Conts…)
Password protect the boot loader Edit vi /etc/lilo.conf
add the following line
password = xxxxx
Special accountsDISABLE ALL default vendor accounts
root# userdel adm
root# userdel lp
root# userdel sync
root# userdel shutdown
root# userdel halt
root# userdel news
root# userdel operator
root# userdel games
Network Security and Hacking Techniques – DAY1
Linux General Security (Cont…)
Enable TCP SYN Cookie Protection Edit /etc/sysctl.conf and add
net.ipv4.tcp_syscookies = 1
OR
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
Prevent your system from responding to ping request
Edit /etc/sysctl.conf
net.ipv4.icmp_echo_ignore_all = 1
OR
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all
Network Security and Hacking Techniques – DAY1
Linux Optimization
The “inode-max” parameter
Value roughly 3 to 4 times (8192*4=32768) the number of opened files
Edit /etc/sysctl.conf and add
fs.inode-max = 32768
OR
echo "32768" >/proc/sys/fs/inode-max
The “file-max” parameter
256 for every 4M of RAM we have: i.e. for a machine with 128 MB of RAM, set it to 8192 (128/4=32 32*256=8192). The default setup for the “file-max” parameter under Red Hat Linux is:"4096“
Edit /etc/sysctl.conf and add
fs.file-max = 8192
OR
echo 8192 > /proc/sys/fs/file-max
Network Security and Hacking Techniques – DAY1
Linux Optimization (cont…)
The “ulimit’ parameter Linux itself has a "Max Processes" per user limit.
Edit the .bashrc file (vi /root/.bashrc) and add the following line:
ulimit -u unlimited
root# ulimit -a
core file size (blocks) 1000000
data seg size (kbytes) unlimited
file size (blocks) unlimited
max memory size (kbytes) unlimited
stack size (kbytes) 8192
cpu time (seconds) unlimited
max user processes unlimited _ this line.
pipe size (512 bytes) 8
open files 1024
virtual memory (kbytes) 2105343
Network Security and Hacking Techniques – DAY1
Linux Optimization (cont…)
The “atime” attributeLinux records information about when files were created and last modified as well as when it was last accessed.
To set the attribute to a file, use:
root# chattr +A filename _ For a specific file
For a whole directory tree, do something like:
root# chattr -R +A /var/spool/ _ For a news and mail
root# chattr -R +A /cache/ _ For a proxy caches
root# chattr -R +A /home/httpd/ona/ _ For a web pages
Network Security and Hacking Techniques – DAY1
Linux Optimization (cont…)
Handled more connections by time with your TCP/IP
Edit the “/etc/sysctl.conf” file and add the following lines:
# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 30
# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 1800
# Turn off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 0
# Turn off the tcp_sack
net.ipv4.tcp_sack = 0
# Turn off the tcp_timestamps
net.ipv4.tcp_timestamps = 0
Network Security and Hacking Techniques – DAY1
Securing and Building Linux kernel
Kernel is the core of Operating System
Kernel plays important role in performance of Linux Server
Role of Kernel Memory Management
Hardware Management
Process Management
www.kernel.org
http://www.openwall.com/linux/
Network Security and Hacking Techniques – DAY1
Securing and Building Linux kernel (Cont…)
Untar the kernel Source
root# cp kernel_version.tar.gz /usr/src
root# cd /usr/src
root# tar –zxvf kernel_version.tar.gz
Increase the Tasks (optimization)To increase the number of tasks allowed (the maximum number of processes per user), you may need to edit the “/usr/src/linux/include/linux/tasks.h” file and change the following parameters.
Edit the tasks.h file
(vi +14 usr/src/linux/include/linux/tasks.h) and change the following parameters:
NR_TASKS from 512 to 3072
MIN_TASKS_LEFT_FOR_ROOT from 4 to 24
Untar the kernel security patch
root#tar –zxvf linux-2_2_14-ow2_tar.gz
Network Security and Hacking Techniques – DAY1
Securing and Building Linux kernel (Cont…)
Securing the kernel
Features:
Non-executable user stack area
Restricted links in /tmp
Restricted FIFOs in /tmp
Restricted /proc
Special handling of fd 0, 1, and 2
Enforce RLIMIT_NPROC on execve(2)
Network Security and Hacking Techniques – DAY1
Securing and Building Linux kernel (Cont…)
Applying the Patch
root# cd /usr/src/kernel_version
root# patch -p0 < linux-2.2.14-ow2.diff
Compilation
root# make config
Choose options in menu .
root# make dep ; make bzImage
Compile the Modules
root# make modules; make modules_install
Installation of Kernel
root# cp /usr/src/linux/arch/i386/boot/bzImage /boot/vmlinuz_kernel_version.number
Network Security and Hacking Techniques – DAY1
Securing and Building Linux kernel (Cont…)
Linux Loader (lilo)
Edit file /etc/lilo.conf and add the following lines
mage=/boot/vmlinuz-2.5.1
label=linux-5
initrd=/boot/initrd-2.5.1
read-only
root=/dev/sda1
and change default to linux-5
default=linux
to
default=linux-5
running following command lilo –v to recognize new kernel
root# /sbin/lilo –v
Network Security and Hacking Techniques – DAY1
Securing and Building Linux kernel (Cont…)
Make a new rescue floppy
root# mkbootdisk -devise /dev/fd0 old-version
example
root# mkbootdisk –devise /dev/fd0 2.4.18
Now Reboot the system
root# reboot
After booting you see new kernel
Network Security and Hacking Techniques – DAY1
Linux Network Management
TCP/IP Network Management
Networking Firewall
Network Security and Hacking Techniques – DAY1
TCP/IP Linux Network Management
Files related to networking functionality
The “/etc/HOSTNAME” file
This file stores your system’s host name—your system’s fully qualified domain name (FQDN), such as testing.secureindia.net.
Following is a sample “/etc/HOSTNAME” file:
testing.secureindia.com
The “/etc/resolv.conf” file
This file is another text file, used by the resolver—a library that determines the IP address for a host name.
Following is a sample “/etc/resolv.conf” file:
search secureindia.net
nameserver 202.71.129.33
nameserver 202.71.129.37
Network Security and Hacking Techniques – DAY1
TCP/IP Linux Network Management(Cont..)
The “/etc/sysconfig/network-scripts/ifcfg-ethN” files
File configurations for each network device
Following is a sample “/etc/sysconfig/network-scripts/ifcfg-eth0” file:
DEVICE=eth0
IPADDR=202.71.129.252
NETMASK=255.255.255.0
NETWORK=202.71.129.0
BROADCAST=202.71.129.255
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
Network Security and Hacking Techniques – DAY1
TCP/IP Linux Network Management(Cont..)
The “/etc/host.conf” file
This file specifies how names are resolved. Linux uses a resolver library to obtain the IP address corresponding to a host name.
Following is a sample “/etc/host.conf” file:
# Lookup names via DNS first then fall back to /etc/hosts.
order bind,hosts
# We have machines with multiple addresses.
multi on
# Check for IP address spoofing.
nospoof on
Network Security and Hacking Techniques – DAY1
TCP/IP Linux Network Management(Cont..)
The “/etc/sysconfig/network” file
The “/etc/sysconfig/network” file is used to specify information about the desired network configuration on your server.
Following is a sample “/etc/sysconfig/network” file:NETWORKING=yes
FORWARD_IPV4=yes
HOSTNAME=deep. secureindia.com
GATEWAY=0.0.0.0
GATEWAYDEV=eth1
The “/etc/sysctl.conf” file
In Red Hat Linux 9.0, many kernel options related to networking security such as dropping packets that come in over interfaces they shouldn't or ignoring ping/broadcasts request, etc can be set in the new “/etc/sysctl.conf” file instead of the “/etc/rc.d/rc.local” file.
Edit the “/etc/sysctl.conf” file and add the following line:
# Enable packet forwarding
net.ipv4.ip_forward = 1
Network Security and Hacking Techniques – DAY1
TCP/IP Linux Network Management(Cont..)
Configuring TCP/IP Networking manually with the command line
ifconfig utility is the tool used to set up and configure your network card
To assign the eth0 interface the IP-address of 202.71.128.252 use the command:
root# ifconfig eth0 202.71.128.252 netmask 255.255.255.0
root# ifconfig eth0
The output should look something like this:
eth0 Link encap:Ethernet HWaddr 00:E0:18:90:1B:56
inet addr:202.71.128.252 Bcast:202.71.128.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1295 errors:0 dropped:0 overruns:0 frame:0
TX packets:1163 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:11 Base address:0xa800
Network Security and Hacking Techniques – DAY1
TCP/IP Linux Network Management(Cont..)
To assign the default gateway
root# route add default gw 202.71.128.1
To verify that you can reach your hosts, use the command:
root# ping 202.71.128.1
The output should look something like this:
PING 202.71.128.1 (202.71.128.1) from 202.71.128.252:
56 data bytes
64 bytes from 202.71.128.252: icmp_seq=0 ttl=128 time=1.0 ms
64 bytes from 202.71.128.252: icmp_seq=1 ttl=128 time=1.0 ms
Network Security and Hacking Techniques – DAY1
TCP/IP Linux Network Management(Cont..)
To display the routing information
root# route -n
The output should look something like this:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
202.71.128.252 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
202.71.128.0 202.71.128.252 255.255.255.0 UG 0 0 0 eth0
208.164.186.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
Network Security and Hacking Techniques – DAY1
TCP/IP Linux Network Management(Cont..)
To see all active TCP connections
root# netstat -t
The output should look something like this:
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
Tcp 0 0 deep.openar:netbios-ssn gate.openna.com:1045 ESTABLISHED
Tcp 0 0 localhost:1032 localhost:1033 ESTABLISHED
Tcp 0 0 localhost:1033 localhost:1032 ESTABLISHED
Tcp 0 0 localhost:1033 localhost:1034 ESTABLISHED
Tcp 0 0 localhost:1033 localhost:1030 ESTABLISHED
Network Security and Hacking Techniques – DAY1
Introduction to netfilter/iptables
Linux security and netfilter/iptables
Inbuilt capability is firewall configuration for Linux systems on a network
Firewalls to stop unauthorized sources from accessing their Linux systems by using telnet, for example.
Free up the bandwidth by blocking unnecessary traffic coming from sources like advertisement sites
Network Security and Hacking Techniques – DAY1
Netfilter/IPtables
packet filtering process
Network Security and Hacking Techniques – DAY1
Building rules and chains
Root# iptables [-t table] command [match] [target]
Tables: INPUT,OUTPUT,PREROUTING,POSTROUTING
Command: -A or –append
$ iptables -A INPUT -s 205.168.0.1 -j ACCEPT
-D or --delete
$ iptables -D INPUT --dport 80 -j DROP
-F or –flush
$ iptables -F
-L or --list
$ iptables -L
Network Security and Hacking Techniques – DAY1
Building rules and chains (cont…)
Match: -p or --protocol
$ iptables -A INPUT -p TCP, UDP
-s or –source
$ iptables -A OUTPUT -s 192.168.1.1
-d or --destination $ iptables -A INPUT -d 192.168.1.1
Target : ACCEPT,DROP and REJECT
$ iptables -A FORWARD -p TCP --dport 22 -j REJECT
Network Security and Hacking Techniques – DAY1
Securing Windows 2000
OS Installation
Installing Service Packs and Hotfixes
Secure Server Settings
Miscellaneous settings
Network Settings
Enabling /Disabling Services
System Policies
Registry Settings
Network Security and Hacking Techniques – DAY1
Windows2000 Server operating system requires…
Introduction Careful planning and preparation. Default installation Server is vulnerable to security
attacks Disconnected from the network until both the Windows
2000 Service Pack 3 and the Security hotfixes are installed.
Disk Configuration Ensure that all the drives on the server have NTFS
partitions If the drives are not on NTFS then use the “Convert.exe”
tool to convert the partition to NTFS and retain the data also
Ensure that the disk is partitioned into at least two separate partitions
One for the system and OS files, and the other for data files
Network Security and Hacking Techniques – DAY1
Installing Service Packs and Hotfixes
Hotfixes and security packs
Hotfixes are code patches for products that are provided
While applying the service pack you will be asked whether you want to back up the existing setup
Secure Server Settings
Anti-virus • Ensure that an anti-virus is installed on the server
• Latest updates as provided by the Anti-Virus vendor.
Emergency repair disk (ERD)
Network Security and Hacking Techniques – DAY1
Miscellaneous Settings
File permissions list the permissions to be granted on critical files Example
Repeat the process for the following directories and files.
Temp directories like c:\temp, %systemroot%\tmp.
Audit logs (%systemroot%\system32\config\*.evt)
Registry files (%systemroot%\system32\config, %systemroot%\repair)
All shared directories
Boot files on the system partition (Boot.ini, NTLDR, NTDETECT.COM, NTBOOTDD.SYS,
BOOTSECT.DOS)
Administrator password length
Rename Administrator Account
Rename Guest Account
Network Security and Hacking Techniques – DAY1
Network Settings
Microsoft provides two categories of networking services
Microsoft’s File and Print services (Installed Default)
The General TCP/IP and Internet services• DNS and WINS settings
• Unbinding Microsoft networking services
Network Security and Hacking Techniques – DAY1
Network Settings
Enabling/Disabling services
• Default windows start a few services over which we do not have any control, during the installation phase
Network Security and Hacking Techniques – DAY1
System Policies
Password Policies
Account Lockout Policies
Password policies help administrators dictate the strength of passwords that users can set
Account lockout policy options disable accounts after a set number of failed logon attempts
Network Security and Hacking Techniques – DAY1
System Policies (Conts…)
Audit policy
Audit policies help administrators monitor logon activity in Windows 2000 Server in a very detailed way by enabling success-and-failure auditing in the system's Audit policy
Network Security and Hacking Techniques – DAY1
System Policies (Conts…)
Audit log settings
Changing parameters like1. Maximum log size2. Do not overwrite events
Network Security and Hacking Techniques – DAY1
System Policies (Conts…)
User rights
User rights are typically assigned on the basis of the security groups to which a user belongs
The policy settings in this category are typically used to allow or deny users permission to access to their computer based on the method of access and their security group memberships
Network Security and Hacking Techniques – DAY1
System Policies (Conts…)
Security options
The settings provided under this heading help define the behavior of the system for the settings configured above and the way the system interacts with other machines on the network.
Network Security and Hacking Techniques – DAY1
Registry Settings
This section address specific settings that have to be done manually in the system registry
It’s highly recommended to take to take a full back of the registry before any changes have been made
SYN attack protection
Syn attack protection involves reducing the amount of retransmissions for the SYN-ACKS
Reduce the time for which resources have to remain allocated
ProcedureRight click on the right hand pane Choose New→ DWORD Value Name it “SynAttackProtect”.Double click on the “SynAttackProtect” keyEnter the value as “2”
Network Security and Hacking Techniques – DAY1
Registry Settings (Conts…)
TcpMaxHalfOpen This parameter controls the number of connections in the
SYN-RCVD state allowed before SYN-ATTACK protection begins to operate.
If SynAttackProtect is set to 1, ensure that this value is lower than the AFD listen backlog on the port you want to protect. See the SynAttackProtect parameter for more details.
TcpMaxHalfOpenRetried This parameter controls the number of connections in the
SYN-RCVD state for which there has been at least one retransmission of the SYN sent, before SYN-ATTACK attack protection begins to operate.
The default values are 80 for Win2K Pro and Server and 400 for Advanced Server. See the SynAttackProtect parameter for more details.
Network Security and Hacking Techniques – DAY1
Registry Settings (Conts…)
Perform router discovery This parameter controls whether Windows 2000 will try to
perform router discovery (RFC 1256). This is on a per-interface basis
It is located in Interfaces\<interface> and is a REG_DWORD, with a range of 0–2, (default is 2 and recommended is 0). Value of 0 is disabled; 1 is enabled; and 2 DHCP controls the setting.
Enable ICMP redirects
This controls whether Windows 2000 will alter its route table in response to ICMP redirect messages that are sent to it by network devices such as a routers.
It is a REG_DWORD, with 0,1 (False, True). Default value is 1, recommended value is 0.
Network Security and Hacking Techniques – DAY1
Registry Settings (Conts..)
Restrict network access to the registry