2. DAY 1
Objectives of Network Security
Hardening Linux
Hardening Windows 2000
Network Security and Hacking Techniques – DAY1
3. Outline – Network Security
Objectives of Network Security
Attacks, Services and Mechanisms
Key Security Attacks/Threats
Active and Passive Security Threats
Analysis of Software Vulnerabilities …
Analysis of Attacking Technique Sophistication …
Conclusions of Attacks From Past
Anyone can Launch …
Model For Network Security
Network Access Security Model
Network Security Process Closed Loop Corrective Action
Elements of a Security Policy
Network Security and Hacking Techniques – DAY1
4. Objectives of Network Security
Confidentiality
Integrity Avaliability
Network Security and Hacking Techniques – DAY1
5. Objectives of Network Security
Confidentiality: only sender, intended receiver can
“understand” msg
sender encrypts msg
receiver decrypts msg
Authenticity: sender, receiver want to confirm
identity of each other
Integrity: sender, receiver want to ensure message
not altered (in transit, or afterwards) without
detection
Availability: ensure resource is available
Authorization: access to a resource is authorized
Network Security and Hacking Techniques – DAY1
6. Attacks, Services and Mechanisms
Security Attack: Any action that compromises
the security of information.
Security Mechanism: A mechanism that is
designed to detect, prevent, or recover from a
security attack.
Security Service: A service that enhances the
security of data processing systems and
information transfers. A security service makes
use of one or more security mechanisms.
Network Security and Hacking Techniques – DAY1
7. What Is The Internet?
Collection of networks that communicate
with a common set of protocols (TCP/IP)
Collection of networks with
no central control
no central authority
no common legal oversight or
regulations
no standard acceptable use policy
“wild west” atmosphere
Network Security and Hacking Techniques – DAY1
8. Why Is Internet Security a Problem?
Security not a design consideration
Implementing change is difficult
Openness makes machines easy targets
Increasing complexity
Network Security and Hacking Techniques – DAY1
10. Key Security Attacks/Threats
Interruption: This is an attack on
availability
Interception: This is an attack on
confidentiality
Modification: This is an attack on integrity
Fabrication: This is an attack on
authenticity
Network Security and Hacking Techniques – DAY1
11. Active and Passive Security Threats
Network Security and Hacking Techniques – DAY1
12. Analysis 82,094
of Software Vulnerabilities …
52,658
Incident:
The exploitation of a vulnerability: an
occurrence that interrupts normal process
21,756
and procedure.
4129
9859
2573
2412 3734
2437
2134
1090
345 311 417
171 262
1996 1997 1998 1999 2000 2001 2002 2003
Vulnerability:
A defect that violates an
implicit or explicit security policy
Network Security and Hacking Techniques – DAY1
13. Analysis of
Attacking Technique Sophistication …
www attacks/incidents
stealth diagnostics (Tools)
High sniffers
distributed denial
of service
sweepers
denial of service
automated probes/scans
back doors
disabling audits packet spoofing
hijacking
sessions
exploiting known
Attack vulnerabilities
Sophistication password cracking
self-replicating code
password guessing
1980 1985 1990 1995 2002
Network Security and Hacking Techniques – DAY1 Source: CERT/CC
14. Conclusions of Attacks From Past
www attacks/incidents
Knowledge
Required by stealth diagnostics (Tools)
Attacker High sniffers
distributed denial
of service
sweepers
denial of service
automated probes/scans
back doors
disabling audits packet spoofing
hijacking
sessions
exploiting known
Attack vulnerabilities
Low Sophistication password cracking
self-replicating code (Scripts)
password guessing
1980 1985 1990 1995 2002
Network Security and Hacking Techniques – DAY1 Source: CERT/CC
15. Anyone can Launch …
www attacks/incidents
Knowledge
Required by stealth diagnostics (Tools)
Attacker High sniffers
distributed denial
of service
s
er
sweepers
c k denial of service
a
tt
fA
automated probes/scans
ro
back doors
packet spoofing
be
disabling audits
um sessions
hijacking
N
exploiting known
Attack vulnerabilities
Low Sophistication password cracking
self-replicating code (Scripts)
password guessing
1980 1985 1990 1995 2002
Network Security and Hacking Techniques – DAY1 Source: CERT/CC
16. Consider that…
90% of companies detected computer security
breaches in the last 12 months
59% cited the Internet as the most frequent
origin of attack
74% acknowledged financial losses due to
computer breaches
85% detected computer viruses
Source: Computer Security Institute
Network Security and Hacking Techniques – DAY1
17. WHO ARE THE OPPONENTS?
49% are inside employees on the
internal network
17% come from dial-up (still
inside people)
34% are from Internet or an
external connection to another
company of some sort
HACKERS
Network Security and Hacking Techniques – DAY1
18. HACKER MOTIVATIONS
Money, profit
Access to additional resources
Experimentation and desire to learn
“Gang” mentality
Psychological needs
Self-gratification
Personal vengeance
Emotional issues
Desire to embarrass the target
Network Security and Hacking Techniques – DAY1
19. Internet Security?
sC od e Session H
iou ijacking
M ali c
Viruses Tro
Wor j ans
ms Replay Attack
ows
Scan ning Ove rfl
Port Spoofing Bu ffer
e
Denial of n-in-
the -midd
l
Ma
Service
Network Security and Hacking Techniques – DAY1
20. THE MOST COMMON EXCUSES
No one could possibly be interested in my
information
Anti-virus software slows down my processor
speed too much.
I don't use anti-virus software because I never
open viruses or e-mail attachments from people I
don't know.
So many people are on the Internet, I'm just a
face in the crowd. No one would pick me out.
I'm busy. I can't become a security expert--I
don't have time, and it's not important enough
Network Security and Hacking Techniques – DAY1
21. SANS Five Worst Security Mistakes End
Users Make
Opening unsolicited e-mail attachments without
verifying their source and checking their content
first.
Failing to install security patches-especially for
Microsoft Office, Microsoft Internet Explorer, and
Netscape.
Installing screen savers or games from unknown
sources.
Not making and testing backups.
Using a modem while connected through a local
area network.
Network Security and Hacking Techniques – DAY1
22. Model For Network Security
Network Security and Hacking Techniques – DAY1
24. Methods of Defense
Encryption
Software Controls (access limitations in a data
base, in operating system protect each user from
other users)
Hardware Controls (smartcard)
Policies (frequent changes of passwords)
Physical Controls
Network Security and Hacking Techniques – DAY1
25. Security hmm… ??
“Security is a process,
not a product”
Network Security and Hacking Techniques – DAY1
27. Elements of a Security Policy
Build a Security Team
skills and roles Attacker
Training and Awareness
explaining security
Physical Security
Monitoring
logs and analysis Response
Auditing
assess security posture Forensics
Prepare for an Attack
incident response team Watch Team
Handling an Attack
Forensics General Employees
analyze data
Network Security and Hacking Techniques – DAY1
29. Systems – Linux and Windows 2000
Hardening Linux
Hardening Windows 2000
Network Security and Hacking Techniques – DAY1
30. Typical Network- Linux and Windows Host
PC Servers
Visible
IP
Address
We are
here
Internal
Network Linux and
windows
Host
Application Servers
Like IDS,Sniffers
Network Security and Hacking Techniques – DAY1
31. Brief Introduction of Linux
“The Linux has by Introduction of Linux
8 billion users”
Installation of Linux Server
Security and Optimization
Linux Networking Concepts
Linux security Software's
Internet Infrastructure
Network Security and Hacking Techniques – DAY1
32. What is Linux ??
“The Linux Based
Services that
Mean Business Linux is an operating system, which is same
Securing Internet” as UNIX operating system.
First created at the University of Helsinki in
Finland by a young student named Linus
Torvalds.
The Linux operating system is developed
under the GNU General Public License
Source code is freely available
Network Security and Hacking Techniques – DAY1
33. Some good reasons to use Linux
There are no royalty or licensing fees for using
Linux
Linux quite portable. Linux runs on more CPUs
and platforms than any other computer operating
system
Linux is a true multi-tasking operating system
similar to his brother UNIX
Benefit of Linux is practically immunized against
all kinds of viruses that we find in other operating
systems
Network Security and Hacking Techniques – DAY1
34. Choosing Linux Vendors
Redhat Linux
Suse Linux
Debian Linux
Slackware Linux
Network Security and Hacking Techniques – DAY1
35. Installation of Linux Redhat
www.redhat.com
Freely available to everyone who downloads it via
the Internet
ftp://ftp.redhat.com
The Red Hat Linux CD-ROM at Rs. 10,000/-
Network Security and Hacking Techniques – DAY1
36. Know your Hardware !!
How many hard drives and what are size ?
What kind of hard drive e.g IDE, SCSI ?
How much RAM do you have ?
Do you have a SCSI adapter ??, what make
What type of mouse do you have ?
What is the make and model of your video card ?
What kind of monitor do you have ?
Your types of network(s) card(s) (makes and
model)?
If connected to network, what are IP address,
gateway, subnet mask and DNS servers
Network Security and Hacking Techniques – DAY1
37. Installation Class and Method (Install Type)
Red Hat Linux 9.0 include four different classes, or
type of installation. They are:
GNOME Workstation
KDE Workstation
Server
Custom
Network Security and Hacking Techniques – DAY1
38. Partition Strategy
A good partition strategy is to create a separate partition for
each major file system
Creating multiple partitions offers you the following
advantages:
Faster booting.
Easy backup and upgrade management.
Limit each file system’s ability to grow.
Protection against SUID programs.
Protection against denial of service attack.
Network Security and Hacking Techniques – DAY1
39. Partition Example
Partitions that must be created on your system:
/boot 5MB All Kernel images are kept
here.
/usr 512MB Must be large, since all Linux
binaries programs are
installed here.
/home 1146MB Proportional to the number of
users you intend to host (i.e.
10MB per users * by the
number of users 114 =
1140MB).
/chroot 256MB If you want to install
programs in chroot jail
environment (i.e. DNS).
/cache 256MB This is the cache partition of a
proxy server (i.e. Squid).
/var 256MB Contains files that change
when the system run
normally (i.e. Log f
iles). <Swap> 128MB Our
swap partition. The virtual
memory of the Linux
operating system.
/tmp 256MB Our temporary files partition.
/ 256MB Our root partition.
Network Security and Hacking Techniques – DAY1
40. Tools to Partition the Hard Drives
Disk Druid
Fdisk
Network Security and Hacking Techniques – DAY1
41. Components to Install (Package Group
Selection)
The host can be configured to better suit the
requirements of the particular service.
By reducing services, the number of logs and log
entries is reduced so detecting unexpected
behavior becomes easier.
Different individuals may administer different
services. By isolating services so each host and
service has a single administrator you will
minimize the possibility of conflicts between
administrators.
Other services cannot be used to attack the host
and impair or remove desired network services.
Network Security and Hacking Techniques – DAY1
43. How to use RPM Commands
• To install a RPM package, use the command:
[root@testing /]# rpm -ivh foo-1.0-2.i386.rpm
• To uninstall a RPM package, use the command:
[root@testing /]# rpm -e foo
• To upgrade a RPM package, use the command:
[root@testing /]# rpm -Uvh foo-1.0-2.i386.rpm
• To query a RPM package, use the command:
[root@testing /]# rpm -q foo
• To check a RPM signature package, use the
command:
[root@testing /]# rpm --checksig foo
Network Security and Hacking Techniques – DAY1
44. Starting and stopping daemon services
• To start the httpd Web Server manually under Linux.
[root@testing /]# /etc/rc.d/init.d/httpd start
Starting httpd: [ OK ]
• To stop the httpd Web Server manually under Linux.
[root@testing /]# /etc/rc.d/init.d/httpd stop
Shutting down http: [ OK ]
• To restart the httpd Web Server manually under
Linux.
[root@testing /]# /etc/rc.d/init.d/httpd restart
Shutting down http: [ OK ]
Starting httpd: [ OK ]
Network Security and Hacking Techniques – DAY1
45. Securing and Optimization of Linux
Basic Linux System Administration
General System Security
General System Optimization
Configuring and Building Kernels
Network Security and Hacking Techniques – DAY1
46. Basic Linux System Administration
Creating general users
root# useradd testing
root# passwd testing
Getting Help
root# man man
Walking around the Linux Directories
root# pwd
Output: /root
root# cd /home/testing
root# pwd
Output: /home/testing
Looking Around
root# ls –l
where -l – listing the files
-a--- listing all the files
Network Security and Hacking Techniques – DAY1
47. Basic Linux System Administration
(cont..)
Working with Files and Directories
To create a directory under the current directory
root# mkdir testing
root# mkdir /home/testing/test
To create a file, using text editor
root# vi ya.txt
To copy a file,
root# cp ya.txt yah.txt
root# cp ya.txt /home/testing/yah.txt
To move and rename a file
root# mv ya.txt /home/testing/yah.txt
root# mv l.txt /home/testing/l.txt
To delete a directory and file
root# rm –r /home/testing
root# rm y.txt
Network Security and Hacking Techniques – DAY1
48. Basic Linux System Administration
(cont..)
Pipes
root# ls –la /etc | less
root# ls –la /etc | grep hosts
Putting Commands Together
root# ls ; cp /home/testing/h.txt /root/h.txt
To check the process
root# ps –aux
To kill the process
root# kill –9 pid
root# killall –9 xinetd
To check loadaverage
root# uptime
Network Security and Hacking Techniques – DAY1
49. Linux General Security
BIOS Security set a boot password
Security Policy
Choose a right Password
The password length
Edit file /etc/login.defs and Change the following line
PASS_MIN_LEN 5
To read:
PASS_MIN_LEN 8
The root account
Set login time out for the root account
Edit file profile (/etc/profile) and the change the
following line
TMOUT=7200
Network Security and Hacking Techniques – DAY1
50. Linux General Security (Cont…)
TCP_WRAPPERS
TCP_WRAPPERS is controlled from two files and
the search stops at the first match.
vi /etc/hosts.allow
vi /etc/hosts.deny
For Example
Add ALL:ALL in hosts.deny file, then the access will be
denied
Add following line in hosts.allow
sshd: 192.128.9.13 home.secureindia.com
this will allow to access to above IP and Hostnames
Network Security and Hacking Techniques – DAY1
51. Linux General Security (Cont…)
Xinetd
xinetd is a secure replacement for inetd, the internet
services daemon
Features:
Access control
Prevent denial of service attacks!
Extensive logging abilities!
Offload services to a remote host
Network Security and Hacking Techniques – DAY1
52. Linux General Security (Cont…)
Xinetd (Cont..)
Xinetd files are /etc/xinetd.conf and
directories are stored at
/etc/xinetd.d/
Simple Configuration
defaults
{
instances = 60
log_type = SYSLOG authpriv
log_on_success = HOST PID
log_on_failure = HOST
cps = 25 30
}
includedir /etc/xinetd.d
Network Security and Hacking Techniques – DAY1
53. Linux General Security (Cont…)
Xinetd (cont..)
Sample Configuration of telnet services
service telnet
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
}
Network Security and Hacking Techniques – DAY1
54. Linux General Security (Conts…)
Password protect the boot loader
Edit vi /etc/lilo.conf
add the following line
password = xxxxx
Special accounts
DISABLE ALL default vendor accounts
root# userdel adm
root# userdel lp
root# userdel sync
root# userdel shutdown
root# userdel halt
root# userdel news
root# userdel operator
root# userdel games
Network Security and Hacking Techniques – DAY1
55. Linux General Security (Cont…)
Enable TCP SYN Cookie Protection
Edit /etc/sysctl.conf and add
net.ipv4.tcp_syscookies = 1
OR
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
Prevent your system from responding to
ping request
Edit /etc/sysctl.conf
net.ipv4.icmp_echo_ignore_all = 1
OR
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all
Network Security and Hacking Techniques – DAY1
56. Linux Optimization
The “inode-max” parameter
Value roughly 3 to 4 times (8192*4=32768) the number of
opened files
Edit /etc/sysctl.conf and add
fs.inode-max = 32768
OR
echo "32768" >/proc/sys/fs/inode-max
The “file-max” parameter
256 for every 4M of RAM we have: i.e. for a machine with 128 MB
of RAM, set it to 8192 (128/4=32 32*256=8192). The default
setup for the “file-max” parameter under Red Hat Linux
is:"4096“
Edit /etc/sysctl.conf and add
fs.file-max = 8192
OR
echo 8192 > /proc/sys/fs/file-max
Network Security and Hacking Techniques – DAY1
57. Linux Optimization (cont…)
The “ulimit’ parameter
Linux itself has a "Max Processes" per user limit.
Edit the .bashrc file (vi /root/.bashrc) and add the following line:
ulimit -u unlimited
root# ulimit -a
core file size (blocks) 1000000
data seg size (kbytes) unlimited
file size (blocks) unlimited
max memory size (kbytes) unlimited
stack size (kbytes) 8192
cpu time (seconds) unlimited
max user processes unlimited _ this line.
pipe size (512 bytes) 8
open files 1024
virtual memory (kbytes) 2105343
Network Security and Hacking Techniques – DAY1
58. Linux Optimization (cont…)
The “atime” attribute
Linux records information about when files were created and last
modified as well as when it was last accessed.
To set the attribute to a file, use:
root# chattr +A filename _ For a specific file
For a whole directory tree, do something like:
root# chattr -R +A /var/spool/ _ For a news and mail
root# chattr -R +A /cache/ _ For a proxy caches
root# chattr -R +A /home/httpd/ona/ _ For a web pages
Network Security and Hacking Techniques – DAY1
59. Linux Optimization (cont…)
Handled more connections by time with your TCP/
IP
Edit the “/etc/sysctl.conf” file and add the following lines:
# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 30
# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 1800
# Turn off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 0
# Turn off the tcp_sack
net.ipv4.tcp_sack = 0
# Turn off the tcp_timestamps
net.ipv4.tcp_timestamps = 0
Network Security and Hacking Techniques – DAY1
60. Securing and Building Linux kernel
Kernel is the core of Operating System
Kernel plays important role in performance of Linux
Server
Role of Kernel
Memory Management
Hardware Management
Process Management
www.kernel.org
http://www.openwall.com/linux/
Network Security and Hacking Techniques – DAY1
61. Securing and Building Linux kernel
(Cont…)
Untar the kernel Source
root# cp kernel_version.tar.gz /usr/src
root# cd /usr/src
root# tar –zxvf kernel_version.tar.gz
Increase the Tasks (optimization)
To increase the number of tasks allowed (the maximum number
of processes per user), you may need to edit the
“/usr/src/linux/include/linux/tasks.h” file and change the following
parameters.
Edit the tasks.h file
(vi +14 usr/src/linux/include/linux/tasks.h) and change the
following parameters:
NR_TASKS from 512 to 3072
MIN_TASKS_LEFT_FOR_ROOT from 4 to 24
Untar the kernel security patch
root#tar –zxvf linux-2_2_14-ow2_tar.gz
Network Security and Hacking Techniques – DAY1
62. Securing and Building Linux kernel
(Cont…)
Securing the kernel
Features:
Non-executable user stack area
Restricted links in /tmp
Restricted FIFOs in /tmp
Restricted /proc
Special handling of fd 0, 1, and 2
Enforce RLIMIT_NPROC on execve(2)
Network Security and Hacking Techniques – DAY1
63. Securing and Building Linux kernel
(Cont…)
Applying the Patch
root# cd /usr/src/kernel_version
root# patch -p0 < linux-2.2.14-ow2.diff
Compilation
root# make config
Choose options in menu .
root# make dep ; make bzImage
Compile the Modules
root# make modules; make modules_install
Installation of Kernel
root# cp /usr/src/linux/arch/i386/boot/bzImage /
boot/vmlinuz_kernel_version.number
Network Security and Hacking Techniques – DAY1
64. Securing and Building Linux kernel
(Cont…)
Linux Loader (lilo)
Edit file /etc/lilo.conf and add the following lines
mage=/boot/vmlinuz-2.5.1
label=linux-5
initrd=/boot/initrd-2.5.1
read-only
root=/dev/sda1
and change default to linux-5
default=linux
to
default=linux-5
running following command lilo –v to recognize new
kernel
root# /sbin/lilo –v
Network Security and Hacking Techniques – DAY1
65. Securing and Building Linux kernel
(Cont…)
Make a new rescue floppy
root# mkbootdisk -devise /dev/fd0 old-version
example
root# mkbootdisk –devise /dev/fd0 2.4.18
Now Reboot the system
root# reboot
After booting you see new kernel
Network Security and Hacking Techniques – DAY1
66. Linux Network Management
TCP/IP Network Management
Networking Firewall
Network Security and Hacking Techniques – DAY1
67. TCP/IP Linux Network Management
Files related to networking functionality
The “/etc/HOSTNAME” file
This file stores your system’s host name—your system’s fully
qualified domain name (FQDN), such as testing.secureindia.net.
Following is a sample “/etc/HOSTNAME” file:
testing.secureindia.com
The “/etc/resolv.conf” file
This file is another text file, used by the resolver—a library that
determines the IP address for a host name.
Following is a sample “/etc/resolv.conf” file:
search secureindia.net
nameserver 202.71.129.33
nameserver 202.71.129.37
Network Security and Hacking Techniques – DAY1
68. TCP/IP Linux Network Management(Cont..)
The “/etc/sysconfig/network-scripts/ifcfg-ethN”
files
File configurations for each network device
Following is a sample “/etc/sysconfig/network-
scripts/ifcfg-eth0” file:
DEVICE=eth0
IPADDR=202.71.129.252
NETMASK=255.255.255.0
NETWORK=202.71.129.0
BROADCAST=202.71.129.255
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
Network Security and Hacking Techniques – DAY1
69. TCP/IP Linux Network Management(Cont..)
The “/etc/host.conf” file
This file specifies how names are resolved. Linux uses a
resolver library to obtain the IP address corresponding
to a host name.
Following is a sample “/etc/host.conf” file:
# Lookup names via DNS first then fall back to
/etc/hosts.
order bind,hosts
# We have machines with multiple addresses.
multi on
# Check for IP address spoofing.
nospoof on
Network Security and Hacking Techniques – DAY1
70. TCP/IP Linux Network Management(Cont..)
The “/etc/sysconfig/network” file
The “/etc/sysconfig/network” file is used to specify information
about the desired network configuration on your server.
Following is a sample “/etc/sysconfig/network” file:
NETWORKING=yes
FORWARD_IPV4=yes
HOSTNAME=deep. secureindia.com
GATEWAY=0.0.0.0
GATEWAYDEV=eth1
The “/etc/sysctl.conf” file
In Red Hat Linux 9.0, many kernel options related to networking
security such as dropping packets that come in over interfaces
they shouldn't or ignoring ping/broadcasts request, etc can be set
in the new “/etc/sysctl.conf” file instead of the “/etc/rc.d/rc.local”
file.
Edit the “/etc/sysctl.conf” file and add the following line:
# Enable packet forwarding
net.ipv4.ip_forward = 1
Network Security and Hacking Techniques – DAY1
71. TCP/IP Linux Network Management(Cont..)
Configuring TCP/IP Networking manually with the
command line
ifconfig utility is the tool used to set up and configure
your network card
To assign the eth0 interface the IP-address of
202.71.128.252 use the command:
root# ifconfig eth0 202.71.128.252 netmask 255.255.255.0
root# ifconfig eth0
The output should look something like this:
eth0 Link encap:Ethernet HWaddr 00:E0:18:90:1B:56
inet addr:202.71.128.252 Bcast:202.71.128.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1295 errors:0 dropped:0 overruns:0 frame:0
TX packets:1163 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:11 Base address:0xa800
Network Security and Hacking Techniques – DAY1
72. TCP/IP Linux Network Management(Cont..)
To assign the default gateway
root# route add default gw 202.71.128.1
To verify that you can reach your hosts, use the
command:
root# ping 202.71.128.1
The output should look something like this:
PING 202.71.128.1 (202.71.128.1) from 202.71.128.252:
56 data bytes
64 bytes from 202.71.128.252: icmp_seq=0 ttl=128 time=1.0 ms
64 bytes from 202.71.128.252: icmp_seq=1 ttl=128 time=1.0 ms
Network Security and Hacking Techniques – DAY1
73. TCP/IP Linux Network Management(Cont..)
To display the routing information
root# route -n
The output should look something like this:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
202.71.128.252 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
202.71.128.0 202.71.128.252 255.255.255.0 UG 0 0 0 eth0
208.164.186.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
Network Security and Hacking Techniques – DAY1
74. TCP/IP Linux Network Management(Cont..)
To see all active TCP connections
root# netstat -t
The output should look something like this:
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
Tcp 0 0 deep.openar:netbios-ssn gate.openna.com:1045 ESTABLISHED
Tcp 0 0 localhost:1032 localhost:1033 ESTABLISHED
Tcp 0 0 localhost:1033 localhost:1032 ESTABLISHED
Tcp 0 0 localhost:1033 localhost:1034 ESTABLISHED
Tcp 0 0 localhost:1033 localhost:1030 ESTABLISHED
Network Security and Hacking Techniques – DAY1
75. Introduction to netfilter/iptables
Linux security and netfilter/iptables
Inbuilt capability is firewall configuration for Linux
systems on a network
Firewalls to stop unauthorized sources from
accessing their Linux systems by using telnet, for
example.
Free up the bandwidth by blocking unnecessary
traffic coming from sources like advertisement
sites
Network Security and Hacking Techniques – DAY1
76. Netfilter/IPtables
packet filtering process
Network Security and Hacking Techniques – DAY1
77. Building rules and chains
Root# iptables [-t table] command [match] [target]
Tables: INPUT,OUTPUT,PREROUTING,POSTROUTING
Command: -A or –append
$ iptables -A INPUT -s 205.168.0.1 -j ACCEPT
-D or --delete
$ iptables -D INPUT --dport 80 -j DROP
-F or –flush
$ iptables -F
-L or --list
$ iptables -L
Network Security and Hacking Techniques – DAY1
78. Building rules and chains (cont…)
Match: -p or --protocol
$ iptables -A INPUT -p TCP, UDP
-s or –source
$ iptables -A OUTPUT -s 192.168.1.1
-d or --destination
$ iptables -A INPUT -d 192.168.1.1
Target : ACCEPT,DROP and REJECT
$ iptables -A FORWARD -p TCP --dport 22 -j REJECT
Network Security and Hacking Techniques – DAY1
79. Securing Windows 2000
OS Installation
Installing Service Packs and Hotfixes
Secure Server Settings
Miscellaneous settings
Network Settings
Enabling /Disabling Services
System Policies
Registry Settings
Network Security and Hacking Techniques – DAY1
80. Windows2000 Server operating system
requires…
Introduction
Careful planning and preparation.
Default installation Server is vulnerable to security
attacks
Disconnected from the network until both the Windows
2000 Service Pack 3 and the Security hotfixes are
installed.
Disk Configuration
Ensure that all the drives on the server have NTFS
partitions
If the drives are not on NTFS then use the
“Convert.exe” tool to convert the partition to NTFS and
retain the data also
Ensure that the disk is partitioned into at least two
separate partitions
One for the system and OS files, and the other for data
files
Network Security and Hacking Techniques – DAY1
81. Installing Service Packs and Hotfixes
Hotfixes and security packs
Hotfixes are code patches for products that are provided
While applying the service pack you will be asked whether you
want to back up the existing setup
Secure Server Settings
Anti-virus
• Ensure that an anti-virus is installed on the server
• Latest updates as provided by the Anti-Virus vendor.
Emergency repair disk (ERD)
Network Security and Hacking Techniques – DAY1
82. Miscellaneous Settings
File permissions
list the permissions to be granted on critical files
Example
Repeat the process for the following directories and files.
Temp directories like c:temp, %systemroot%tmp.
Audit logs (%systemroot%system32config*.evt)
Registry files (%systemroot%system32config, %systemroot%repair)
All shared directories
Boot files on the system partition (Boot.ini, NTLDR, NTDETECT.COM, NTBOOTDD.SYS,
BOOTSECT.DOS)
Administrator password length
Rename Administrator Account
Rename Guest Account
Network Security and Hacking Techniques – DAY1
83. Network Settings
Microsoft provides two categories of networking services
Microsoft’s File and Print services (Installed Default)
The General TCP/IP and Internet services
• DNS and WINS settings
• Unbinding Microsoft networking services
Network Security and Hacking Techniques – DAY1
84. Network Settings
Enabling/Disabling services
• Default windows start a few services over
which we do not have any control, during
the installation phase
Network Security and Hacking Techniques – DAY1
85. System Policies
Password Policies
Password policies help
administrators dictate the
strength of passwords that
users can set
Account Lockout
Policies
Account lockout policy options
disable accounts after a set
number of failed logon attempts
Network Security and Hacking Techniques – DAY1
86. System Policies (Conts…)
Audit policy
Audit policies help administrators
monitor logon activity in
Windows 2000 Server in a very
detailed way by enabling success-
and-failure auditing in the system's
Audit policy
Network Security and Hacking Techniques – DAY1
87. System Policies (Conts…)
Audit log settings
Changing parameters like
1. Maximum log size
2. Do not overwrite events
Network Security and Hacking Techniques – DAY1
88. System Policies (Conts…)
User rights
User rights are typically
assigned on the basis of the
security groups to which a
user belongs
The policy settings in this
category are typically used
to allow or deny users
permission to access to
their computer based on the
method of access and their
security group memberships
Network Security and Hacking Techniques – DAY1
89. System Policies (Conts…)
Security options
The settings provided under
this heading help define the
behavior of the system for the
settings configured above
and the way the system
interacts with other machines
on the network.
Network Security and Hacking Techniques – DAY1
90. Registry Settings
This section address specific settings that have to be
done manually in the system registry
It’s highly recommended to take to take a full back of
the registry before any changes have been made
SYN attack protection
Procedure
Right click on the right hand pane
Syn attack protection involves reducing the Choose New→ DWORD Value
amount of retransmissions for the SYN-ACKS Name it “SynAttackProtect”.
Double click on the “SynAttackProtect” key
Reduce the time for which resources have to Enter the value as “2”
remain allocated
Network Security and Hacking Techniques – DAY1
91. Registry Settings (Conts…)
TcpMaxHalfOpen
This parameter controls the number of connections in the
SYN-RCVD state allowed before SYN-ATTACK protection
begins to operate.
If SynAttackProtect is set to 1, ensure that this value is
lower than the AFD listen backlog on the port you want to
protect. See the SynAttackProtect parameter for more
details.
TcpMaxHalfOpenRetried
This parameter controls the number of connections in the
SYN-RCVD state for which there has been at least one
retransmission of the SYN sent, before SYN-ATTACK
attack protection begins to operate.
The default values are 80 for Win2K Pro and Server and
400 for Advanced Server. See the SynAttackProtect
parameter for more details.
Network Security and Hacking Techniques – DAY1
92. Registry Settings (Conts…)
Perform router discovery
This parameter controls whether Windows 2000 will try to
perform router discovery (RFC 1256). This is on a per-
interface basis
It is located in Interfaces<interface> and is a REG_DWORD,
with a range of 0–2, (default is 2 and recommended is 0).
Value of 0 is disabled; 1 is enabled; and 2 DHCP controls the
setting.
Enable ICMP redirects
This controls whether Windows 2000 will alter its route table
in response to ICMP redirect messages that are sent to it by
network devices such as a routers.
It is a REG_DWORD, with 0,1 (False, True). Default value is
1, recommended value is 0.
Network Security and Hacking Techniques – DAY1
93. Registry Settings (Conts..)
Restrict network access to the registry
Network Security and Hacking Techniques – DAY1