• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Day1
 

Day1

on

  • 2,307 views

Network Security and Hacking Techniques

Network Security and Hacking Techniques

Statistics

Views

Total Views
2,307
Views on SlideShare
2,307
Embed Views
0

Actions

Likes
0
Downloads
101
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Day1 Day1 Presentation Transcript

    • Network Security and Hacking Techniques
    • DAY 1  Objectives of Network Security  Hardening Linux  Hardening Windows 2000 Network Security and Hacking Techniques – DAY1
    • Outline – Network Security  Objectives of Network Security  Attacks, Services and Mechanisms  Key Security Attacks/Threats  Active and Passive Security Threats  Analysis of Software Vulnerabilities …  Analysis of Attacking Technique Sophistication …  Conclusions of Attacks From Past  Anyone can Launch …  Model For Network Security  Network Access Security Model  Network Security Process Closed Loop Corrective Action  Elements of a Security Policy Network Security and Hacking Techniques – DAY1
    • Objectives of Network Security Confidentiality Integrity Avaliability Network Security and Hacking Techniques – DAY1
    • Objectives of Network Security Confidentiality: only sender, intended receiver can “understand” msg  sender encrypts msg  receiver decrypts msg Authenticity: sender, receiver want to confirm identity of each other Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection Availability: ensure resource is available Authorization: access to a resource is authorized Network Security and Hacking Techniques – DAY1
    • Attacks, Services and Mechanisms  Security Attack: Any action that compromises the security of information.  Security Mechanism: A mechanism that is designed to detect, prevent, or recover from a security attack.  Security Service: A service that enhances the security of data processing systems and information transfers. A security service makes use of one or more security mechanisms. Network Security and Hacking Techniques – DAY1
    • What Is The Internet?  Collection of networks that communicate  with a common set of protocols (TCP/IP)  Collection of networks with  no central control  no central authority  no common legal oversight or regulations  no standard acceptable use policy  “wild west” atmosphere Network Security and Hacking Techniques – DAY1
    • Why Is Internet Security a Problem?  Security not a design consideration  Implementing change is difficult  Openness makes machines easy targets  Increasing complexity Network Security and Hacking Techniques – DAY1
    • Key Security Attacks/Threats Network Security and Hacking Techniques – DAY1
    • Key Security Attacks/Threats  Interruption: This is an attack on availability  Interception: This is an attack on confidentiality  Modification: This is an attack on integrity  Fabrication: This is an attack on authenticity Network Security and Hacking Techniques – DAY1
    • Active and Passive Security Threats Network Security and Hacking Techniques – DAY1
    • Analysis 82,094 of Software Vulnerabilities … 52,658 Incident: The exploitation of a vulnerability: an occurrence that interrupts normal process 21,756 and procedure. 4129 9859 2573 2412 3734 2437 2134 1090 345 311 417 171 262 1996 1997 1998 1999 2000 2001 2002 2003 Vulnerability: A defect that violates an implicit or explicit security policy Network Security and Hacking Techniques – DAY1
    • Analysis of Attacking Technique Sophistication … www attacks/incidents stealth diagnostics (Tools) High sniffers distributed denial of service sweepers denial of service automated probes/scans back doors disabling audits packet spoofing hijacking sessions exploiting known Attack vulnerabilities Sophistication password cracking self-replicating code password guessing 1980 1985 1990 1995 2002 Network Security and Hacking Techniques – DAY1 Source: CERT/CC
    • Conclusions of Attacks From Past www attacks/incidents Knowledge Required by stealth diagnostics (Tools) Attacker High sniffers distributed denial of service sweepers denial of service automated probes/scans back doors disabling audits packet spoofing hijacking sessions exploiting known Attack vulnerabilities Low Sophistication password cracking self-replicating code (Scripts) password guessing 1980 1985 1990 1995 2002 Network Security and Hacking Techniques – DAY1 Source: CERT/CC
    • Anyone can Launch … www attacks/incidents Knowledge Required by stealth diagnostics (Tools) Attacker High sniffers distributed denial of service s er sweepers c k denial of service a tt fA automated probes/scans ro back doors packet spoofing be disabling audits um sessions hijacking N exploiting known Attack vulnerabilities Low Sophistication password cracking self-replicating code (Scripts) password guessing 1980 1985 1990 1995 2002 Network Security and Hacking Techniques – DAY1 Source: CERT/CC
    • Consider that…  90% of companies detected computer security breaches in the last 12 months  59% cited the Internet as the most frequent origin of attack  74% acknowledged financial losses due to computer breaches  85% detected computer viruses Source: Computer Security Institute Network Security and Hacking Techniques – DAY1
    • WHO ARE THE OPPONENTS?  49% are inside employees on the internal network  17% come from dial-up (still inside people)  34% are from Internet or an external connection to another company of some sort HACKERS Network Security and Hacking Techniques – DAY1
    • HACKER MOTIVATIONS  Money, profit  Access to additional resources  Experimentation and desire to learn  “Gang” mentality  Psychological needs  Self-gratification  Personal vengeance  Emotional issues  Desire to embarrass the target Network Security and Hacking Techniques – DAY1
    • Internet Security? sC od e Session H iou ijacking M ali c Viruses Tro Wor j ans ms Replay Attack ows Scan ning Ove rfl Port Spoofing Bu ffer e Denial of n-in- the -midd l Ma Service Network Security and Hacking Techniques – DAY1
    • THE MOST COMMON EXCUSES  No one could possibly be interested in my information  Anti-virus software slows down my processor speed too much.  I don't use anti-virus software because I never open viruses or e-mail attachments from people I don't know.  So many people are on the Internet, I'm just a face in the crowd. No one would pick me out.  I'm busy. I can't become a security expert--I don't have time, and it's not important enough Network Security and Hacking Techniques – DAY1
    • SANS Five Worst Security Mistakes End Users Make  Opening unsolicited e-mail attachments without verifying their source and checking their content first.  Failing to install security patches-especially for Microsoft Office, Microsoft Internet Explorer, and Netscape.  Installing screen savers or games from unknown sources.  Not making and testing backups.  Using a modem while connected through a local area network. Network Security and Hacking Techniques – DAY1
    • Model For Network Security Network Security and Hacking Techniques – DAY1
    • Network Access Security Model Network Security and Hacking Techniques – DAY1
    • Methods of Defense  Encryption  Software Controls (access limitations in a data base, in operating system protect each user from other users)  Hardware Controls (smartcard)  Policies (frequent changes of passwords)  Physical Controls Network Security and Hacking Techniques – DAY1
    • Security hmm… ?? “Security is a process, not a product” Network Security and Hacking Techniques – DAY1
    • Network Security Process Closed Loop Corrective Action Evaluate • Policies / Processes • Design • Vulnerabilities Implement • Patches • New policies & designs Incident Improve • Authentication Response • Training / Awareness • Firewalls & VPNs Team • Adherence • Content security • Intrusion detection Monitor & Measure • Self • Service Network Security and Hacking Techniques – DAY1
    • Elements of a Security Policy  Build a Security Team  skills and roles Attacker  Training and Awareness  explaining security  Physical Security  Monitoring  logs and analysis Response  Auditing  assess security posture Forensics  Prepare for an Attack  incident response team Watch Team  Handling an Attack  Forensics General Employees  analyze data Network Security and Hacking Techniques – DAY1
    • Outline – Network Security Questions ?? Network Security and Hacking Techniques – DAY1
    • Systems – Linux and Windows 2000  Hardening Linux  Hardening Windows 2000 Network Security and Hacking Techniques – DAY1
    • Typical Network- Linux and Windows Host PC Servers Visible IP Address We are here Internal Network Linux and windows Host Application Servers Like IDS,Sniffers Network Security and Hacking Techniques – DAY1
    • Brief Introduction of Linux “The Linux has by  Introduction of Linux 8 billion users”  Installation of Linux Server  Security and Optimization  Linux Networking Concepts  Linux security Software's  Internet Infrastructure Network Security and Hacking Techniques – DAY1
    • What is Linux ?? “The Linux Based Services that Mean Business  Linux is an operating system, which is same Securing Internet” as UNIX operating system.  First created at the University of Helsinki in Finland by a young student named Linus Torvalds.  The Linux operating system is developed under the GNU General Public License  Source code is freely available Network Security and Hacking Techniques – DAY1
    • Some good reasons to use Linux  There are no royalty or licensing fees for using Linux  Linux quite portable. Linux runs on more CPUs and platforms than any other computer operating system  Linux is a true multi-tasking operating system similar to his brother UNIX  Benefit of Linux is practically immunized against all kinds of viruses that we find in other operating systems Network Security and Hacking Techniques – DAY1
    • Choosing Linux Vendors  Redhat Linux  Suse Linux  Debian Linux  Slackware Linux Network Security and Hacking Techniques – DAY1
    • Installation of Linux Redhat  www.redhat.com  Freely available to everyone who downloads it via the Internet  ftp://ftp.redhat.com  The Red Hat Linux CD-ROM at Rs. 10,000/- Network Security and Hacking Techniques – DAY1
    • Know your Hardware !!  How many hard drives and what are size ?  What kind of hard drive e.g IDE, SCSI ?  How much RAM do you have ?  Do you have a SCSI adapter ??, what make  What type of mouse do you have ?  What is the make and model of your video card ?  What kind of monitor do you have ?  Your types of network(s) card(s) (makes and model)?  If connected to network, what are IP address, gateway, subnet mask and DNS servers Network Security and Hacking Techniques – DAY1
    • Installation Class and Method (Install Type) Red Hat Linux 9.0 include four different classes, or type of installation. They are:  GNOME Workstation  KDE Workstation  Server  Custom Network Security and Hacking Techniques – DAY1
    • Partition Strategy A good partition strategy is to create a separate partition for each major file system Creating multiple partitions offers you the following advantages:  Faster booting.  Easy backup and upgrade management.  Limit each file system’s ability to grow.  Protection against SUID programs.  Protection against denial of service attack. Network Security and Hacking Techniques – DAY1
    • Partition Example Partitions that must be created on your system: /boot 5MB All Kernel images are kept here. /usr 512MB Must be large, since all Linux binaries programs are installed here. /home 1146MB Proportional to the number of users you intend to host (i.e. 10MB per users * by the number of users 114 = 1140MB). /chroot 256MB If you want to install programs in chroot jail environment (i.e. DNS). /cache 256MB This is the cache partition of a proxy server (i.e. Squid). /var 256MB Contains files that change when the system run normally (i.e. Log f iles). <Swap> 128MB Our swap partition. The virtual memory of the Linux operating system. /tmp 256MB Our temporary files partition. / 256MB Our root partition. Network Security and Hacking Techniques – DAY1
    • Tools to Partition the Hard Drives  Disk Druid  Fdisk Network Security and Hacking Techniques – DAY1
    • Components to Install (Package Group Selection)  The host can be configured to better suit the requirements of the particular service.  By reducing services, the number of logs and log entries is reduced so detecting unexpected behavior becomes easier.  Different individuals may administer different services. By isolating services so each host and service has a single administrator you will minimize the possibility of conflicts between administrators.  Other services cannot be used to attack the host and impair or remove desired network services. Network Security and Hacking Techniques – DAY1
    • Unwanted Packages Applications/File: git Applications/Internet: finger, ftp, fwhois, ncftp, rsh, rsync, talk, telnet Applications/Publishing: ghostscript, ghostscript-fonts, groff-perl, mpage, pnm2ppa, rhsprintfilters Applications/System: arpwatch, bind-utils, rdate, rdist, screen, ucd- snmp-utils Documentation: indexhtml System Environment/Base: chkfontpath, yp-tools System Daemons: XFree86-xfs, finger-server, lpr, nfs-utils, pidentd, portmap, rsh-server, rusers, rusers-server, rwall-server, rwho, talk-server, telnet- server,tftp-server, ucd-snmp, Network Security and Hacking Techniques – DAY1 ypbind, ypserv System Environment/Libraries:XFree86-libs, libpng
    • How to use RPM Commands • To install a RPM package, use the command: [root@testing /]# rpm -ivh foo-1.0-2.i386.rpm • To uninstall a RPM package, use the command: [root@testing /]# rpm -e foo • To upgrade a RPM package, use the command: [root@testing /]# rpm -Uvh foo-1.0-2.i386.rpm • To query a RPM package, use the command: [root@testing /]# rpm -q foo • To check a RPM signature package, use the command: [root@testing /]# rpm --checksig foo Network Security and Hacking Techniques – DAY1
    • Starting and stopping daemon services • To start the httpd Web Server manually under Linux. [root@testing /]# /etc/rc.d/init.d/httpd start Starting httpd: [ OK ] • To stop the httpd Web Server manually under Linux. [root@testing /]# /etc/rc.d/init.d/httpd stop Shutting down http: [ OK ] • To restart the httpd Web Server manually under Linux. [root@testing /]# /etc/rc.d/init.d/httpd restart Shutting down http: [ OK ] Starting httpd: [ OK ] Network Security and Hacking Techniques – DAY1
    • Securing and Optimization of Linux  Basic Linux System Administration  General System Security  General System Optimization  Configuring and Building Kernels Network Security and Hacking Techniques – DAY1
    • Basic Linux System Administration  Creating general users root# useradd testing root# passwd testing  Getting Help root# man man  Walking around the Linux Directories root# pwd Output: /root root# cd /home/testing root# pwd Output: /home/testing  Looking Around root# ls –l where -l – listing the files -a--- listing all the files Network Security and Hacking Techniques – DAY1
    • Basic Linux System Administration (cont..) Working with Files and Directories  To create a directory under the current directory root# mkdir testing root# mkdir /home/testing/test  To create a file, using text editor root# vi ya.txt  To copy a file, root# cp ya.txt yah.txt root# cp ya.txt /home/testing/yah.txt  To move and rename a file root# mv ya.txt /home/testing/yah.txt root# mv l.txt /home/testing/l.txt  To delete a directory and file root# rm –r /home/testing root# rm y.txt Network Security and Hacking Techniques – DAY1
    • Basic Linux System Administration (cont..)  Pipes root# ls –la /etc | less root# ls –la /etc | grep hosts  Putting Commands Together root# ls ; cp /home/testing/h.txt /root/h.txt  To check the process root# ps –aux  To kill the process root# kill –9 pid root# killall –9 xinetd  To check loadaverage root# uptime Network Security and Hacking Techniques – DAY1
    • Linux General Security  BIOS Security set a boot password  Security Policy  Choose a right Password  The password length Edit file /etc/login.defs and Change the following line PASS_MIN_LEN 5 To read: PASS_MIN_LEN 8  The root account Set login time out for the root account Edit file profile (/etc/profile) and the change the following line TMOUT=7200 Network Security and Hacking Techniques – DAY1
    • Linux General Security (Cont…)  TCP_WRAPPERS TCP_WRAPPERS is controlled from two files and the search stops at the first match. vi /etc/hosts.allow vi /etc/hosts.deny For Example Add ALL:ALL in hosts.deny file, then the access will be denied Add following line in hosts.allow sshd: 192.128.9.13 home.secureindia.com this will allow to access to above IP and Hostnames Network Security and Hacking Techniques – DAY1
    • Linux General Security (Cont…) Xinetd xinetd is a secure replacement for inetd, the internet services daemon Features:  Access control  Prevent denial of service attacks!  Extensive logging abilities!  Offload services to a remote host Network Security and Hacking Techniques – DAY1
    • Linux General Security (Cont…) Xinetd (Cont..) Xinetd files are /etc/xinetd.conf and directories are stored at /etc/xinetd.d/ Simple Configuration defaults { instances = 60 log_type = SYSLOG authpriv log_on_success = HOST PID log_on_failure = HOST cps = 25 30 } includedir /etc/xinetd.d Network Security and Hacking Techniques – DAY1
    • Linux General Security (Cont…) Xinetd (cont..) Sample Configuration of telnet services service telnet { disable = no flags = REUSE socket_type = stream wait = no user = root server = /usr/sbin/in.telnetd log_on_failure += USERID } Network Security and Hacking Techniques – DAY1
    • Linux General Security (Conts…)  Password protect the boot loader Edit vi /etc/lilo.conf add the following line password = xxxxx  Special accounts DISABLE ALL default vendor accounts root# userdel adm root# userdel lp root# userdel sync root# userdel shutdown root# userdel halt root# userdel news root# userdel operator root# userdel games Network Security and Hacking Techniques – DAY1
    • Linux General Security (Cont…)  Enable TCP SYN Cookie Protection Edit /etc/sysctl.conf and add net.ipv4.tcp_syscookies = 1 OR echo 1 > /proc/sys/net/ipv4/tcp_syncookies  Prevent your system from responding to ping request Edit /etc/sysctl.conf net.ipv4.icmp_echo_ignore_all = 1 OR echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all Network Security and Hacking Techniques – DAY1
    • Linux Optimization  The “inode-max” parameter Value roughly 3 to 4 times (8192*4=32768) the number of opened files Edit /etc/sysctl.conf and add fs.inode-max = 32768 OR echo "32768" >/proc/sys/fs/inode-max  The “file-max” parameter 256 for every 4M of RAM we have: i.e. for a machine with 128 MB of RAM, set it to 8192 (128/4=32 32*256=8192). The default setup for the “file-max” parameter under Red Hat Linux is:"4096“ Edit /etc/sysctl.conf and add fs.file-max = 8192 OR echo 8192 > /proc/sys/fs/file-max Network Security and Hacking Techniques – DAY1
    • Linux Optimization (cont…)  The “ulimit’ parameter Linux itself has a "Max Processes" per user limit. Edit the .bashrc file (vi /root/.bashrc) and add the following line: ulimit -u unlimited root# ulimit -a core file size (blocks) 1000000 data seg size (kbytes) unlimited file size (blocks) unlimited max memory size (kbytes) unlimited stack size (kbytes) 8192 cpu time (seconds) unlimited max user processes unlimited _ this line. pipe size (512 bytes) 8 open files 1024 virtual memory (kbytes) 2105343 Network Security and Hacking Techniques – DAY1
    • Linux Optimization (cont…)  The “atime” attribute Linux records information about when files were created and last modified as well as when it was last accessed. To set the attribute to a file, use: root# chattr +A filename _ For a specific file For a whole directory tree, do something like: root# chattr -R +A /var/spool/ _ For a news and mail root# chattr -R +A /cache/ _ For a proxy caches root# chattr -R +A /home/httpd/ona/ _ For a web pages Network Security and Hacking Techniques – DAY1
    • Linux Optimization (cont…)  Handled more connections by time with your TCP/ IP Edit the “/etc/sysctl.conf” file and add the following lines: # Decrease the time default value for tcp_fin_timeout connection net.ipv4.tcp_fin_timeout = 30 # Decrease the time default value for tcp_keepalive_time connection net.ipv4.tcp_keepalive_time = 1800 # Turn off the tcp_window_scaling net.ipv4.tcp_window_scaling = 0 # Turn off the tcp_sack net.ipv4.tcp_sack = 0 # Turn off the tcp_timestamps net.ipv4.tcp_timestamps = 0 Network Security and Hacking Techniques – DAY1
    • Securing and Building Linux kernel  Kernel is the core of Operating System  Kernel plays important role in performance of Linux Server  Role of Kernel  Memory Management  Hardware Management  Process Management  www.kernel.org  http://www.openwall.com/linux/ Network Security and Hacking Techniques – DAY1
    • Securing and Building Linux kernel (Cont…)  Untar the kernel Source root# cp kernel_version.tar.gz /usr/src root# cd /usr/src root# tar –zxvf kernel_version.tar.gz  Increase the Tasks (optimization) To increase the number of tasks allowed (the maximum number of processes per user), you may need to edit the “/usr/src/linux/include/linux/tasks.h” file and change the following parameters. Edit the tasks.h file (vi +14 usr/src/linux/include/linux/tasks.h) and change the following parameters: NR_TASKS from 512 to 3072 MIN_TASKS_LEFT_FOR_ROOT from 4 to 24  Untar the kernel security patch root#tar –zxvf linux-2_2_14-ow2_tar.gz Network Security and Hacking Techniques – DAY1
    • Securing and Building Linux kernel (Cont…)  Securing the kernel Features: Non-executable user stack area Restricted links in /tmp Restricted FIFOs in /tmp Restricted /proc Special handling of fd 0, 1, and 2 Enforce RLIMIT_NPROC on execve(2) Network Security and Hacking Techniques – DAY1
    • Securing and Building Linux kernel (Cont…)  Applying the Patch root# cd /usr/src/kernel_version root# patch -p0 < linux-2.2.14-ow2.diff  Compilation root# make config Choose options in menu . root# make dep ; make bzImage Compile the Modules root# make modules; make modules_install  Installation of Kernel root# cp /usr/src/linux/arch/i386/boot/bzImage / boot/vmlinuz_kernel_version.number Network Security and Hacking Techniques – DAY1
    • Securing and Building Linux kernel (Cont…)  Linux Loader (lilo) Edit file /etc/lilo.conf and add the following lines mage=/boot/vmlinuz-2.5.1 label=linux-5 initrd=/boot/initrd-2.5.1 read-only root=/dev/sda1 and change default to linux-5 default=linux to default=linux-5 running following command lilo –v to recognize new kernel root# /sbin/lilo –v Network Security and Hacking Techniques – DAY1
    • Securing and Building Linux kernel (Cont…)  Make a new rescue floppy root# mkbootdisk -devise /dev/fd0 old-version example root# mkbootdisk –devise /dev/fd0 2.4.18 Now Reboot the system root# reboot  After booting you see new kernel Network Security and Hacking Techniques – DAY1
    • Linux Network Management  TCP/IP Network Management  Networking Firewall Network Security and Hacking Techniques – DAY1
    • TCP/IP Linux Network Management Files related to networking functionality  The “/etc/HOSTNAME” file This file stores your system’s host name—your system’s fully qualified domain name (FQDN), such as testing.secureindia.net. Following is a sample “/etc/HOSTNAME” file: testing.secureindia.com  The “/etc/resolv.conf” file This file is another text file, used by the resolver—a library that determines the IP address for a host name. Following is a sample “/etc/resolv.conf” file: search secureindia.net nameserver 202.71.129.33 nameserver 202.71.129.37 Network Security and Hacking Techniques – DAY1
    • TCP/IP Linux Network Management(Cont..)  The “/etc/sysconfig/network-scripts/ifcfg-ethN” files File configurations for each network device Following is a sample “/etc/sysconfig/network- scripts/ifcfg-eth0” file: DEVICE=eth0 IPADDR=202.71.129.252 NETMASK=255.255.255.0 NETWORK=202.71.129.0 BROADCAST=202.71.129.255 ONBOOT=yes BOOTPROTO=none USERCTL=no Network Security and Hacking Techniques – DAY1
    • TCP/IP Linux Network Management(Cont..)  The “/etc/host.conf” file This file specifies how names are resolved. Linux uses a resolver library to obtain the IP address corresponding to a host name. Following is a sample “/etc/host.conf” file: # Lookup names via DNS first then fall back to /etc/hosts. order bind,hosts # We have machines with multiple addresses. multi on # Check for IP address spoofing. nospoof on Network Security and Hacking Techniques – DAY1
    • TCP/IP Linux Network Management(Cont..)  The “/etc/sysconfig/network” file The “/etc/sysconfig/network” file is used to specify information about the desired network configuration on your server. Following is a sample “/etc/sysconfig/network” file: NETWORKING=yes FORWARD_IPV4=yes HOSTNAME=deep. secureindia.com GATEWAY=0.0.0.0 GATEWAYDEV=eth1  The “/etc/sysctl.conf” file In Red Hat Linux 9.0, many kernel options related to networking security such as dropping packets that come in over interfaces they shouldn't or ignoring ping/broadcasts request, etc can be set in the new “/etc/sysctl.conf” file instead of the “/etc/rc.d/rc.local” file. Edit the “/etc/sysctl.conf” file and add the following line: # Enable packet forwarding net.ipv4.ip_forward = 1 Network Security and Hacking Techniques – DAY1
    • TCP/IP Linux Network Management(Cont..)  Configuring TCP/IP Networking manually with the command line ifconfig utility is the tool used to set up and configure your network card To assign the eth0 interface the IP-address of 202.71.128.252 use the command: root# ifconfig eth0 202.71.128.252 netmask 255.255.255.0 root# ifconfig eth0 The output should look something like this: eth0 Link encap:Ethernet HWaddr 00:E0:18:90:1B:56 inet addr:202.71.128.252 Bcast:202.71.128.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1295 errors:0 dropped:0 overruns:0 frame:0 TX packets:1163 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 Interrupt:11 Base address:0xa800 Network Security and Hacking Techniques – DAY1
    • TCP/IP Linux Network Management(Cont..)  To assign the default gateway root# route add default gw 202.71.128.1 To verify that you can reach your hosts, use the command: root# ping 202.71.128.1 The output should look something like this: PING 202.71.128.1 (202.71.128.1) from 202.71.128.252: 56 data bytes 64 bytes from 202.71.128.252: icmp_seq=0 ttl=128 time=1.0 ms 64 bytes from 202.71.128.252: icmp_seq=1 ttl=128 time=1.0 ms Network Security and Hacking Techniques – DAY1
    • TCP/IP Linux Network Management(Cont..)  To display the routing information root# route -n The output should look something like this: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 202.71.128.252 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 202.71.128.0 202.71.128.252 255.255.255.0 UG 0 0 0 eth0 208.164.186.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo Network Security and Hacking Techniques – DAY1
    • TCP/IP Linux Network Management(Cont..)  To see all active TCP connections root# netstat -t The output should look something like this: Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State Tcp 0 0 deep.openar:netbios-ssn gate.openna.com:1045 ESTABLISHED Tcp 0 0 localhost:1032 localhost:1033 ESTABLISHED Tcp 0 0 localhost:1033 localhost:1032 ESTABLISHED Tcp 0 0 localhost:1033 localhost:1034 ESTABLISHED Tcp 0 0 localhost:1033 localhost:1030 ESTABLISHED Network Security and Hacking Techniques – DAY1
    • Introduction to netfilter/iptables  Linux security and netfilter/iptables  Inbuilt capability is firewall configuration for Linux systems on a network  Firewalls to stop unauthorized sources from accessing their Linux systems by using telnet, for example.  Free up the bandwidth by blocking unnecessary traffic coming from sources like advertisement sites Network Security and Hacking Techniques – DAY1
    • Netfilter/IPtables packet filtering process Network Security and Hacking Techniques – DAY1
    • Building rules and chains Root# iptables [-t table] command [match] [target] Tables: INPUT,OUTPUT,PREROUTING,POSTROUTING Command: -A or –append $ iptables -A INPUT -s 205.168.0.1 -j ACCEPT -D or --delete $ iptables -D INPUT --dport 80 -j DROP -F or –flush $ iptables -F -L or --list $ iptables -L Network Security and Hacking Techniques – DAY1
    • Building rules and chains (cont…) Match: -p or --protocol $ iptables -A INPUT -p TCP, UDP -s or –source $ iptables -A OUTPUT -s 192.168.1.1 -d or --destination $ iptables -A INPUT -d 192.168.1.1 Target : ACCEPT,DROP and REJECT $ iptables -A FORWARD -p TCP --dport 22 -j REJECT Network Security and Hacking Techniques – DAY1
    • Securing Windows 2000  OS Installation  Installing Service Packs and Hotfixes  Secure Server Settings  Miscellaneous settings  Network Settings  Enabling /Disabling Services  System Policies  Registry Settings Network Security and Hacking Techniques – DAY1
    • Windows2000 Server operating system requires… Introduction  Careful planning and preparation.  Default installation Server is vulnerable to security attacks  Disconnected from the network until both the Windows 2000 Service Pack 3 and the Security hotfixes are installed. Disk Configuration  Ensure that all the drives on the server have NTFS partitions  If the drives are not on NTFS then use the “Convert.exe” tool to convert the partition to NTFS and retain the data also  Ensure that the disk is partitioned into at least two separate partitions  One for the system and OS files, and the other for data files Network Security and Hacking Techniques – DAY1
    • Installing Service Packs and Hotfixes Hotfixes and security packs  Hotfixes are code patches for products that are provided  While applying the service pack you will be asked whether you want to back up the existing setup Secure Server Settings Anti-virus • Ensure that an anti-virus is installed on the server • Latest updates as provided by the Anti-Virus vendor. Emergency repair disk (ERD) Network Security and Hacking Techniques – DAY1
    • Miscellaneous Settings  File permissions list the permissions to be granted on critical files Example Repeat the process for the following directories and files. Temp directories like c:temp, %systemroot%tmp. Audit logs (%systemroot%system32config*.evt) Registry files (%systemroot%system32config, %systemroot%repair) All shared directories Boot files on the system partition (Boot.ini, NTLDR, NTDETECT.COM, NTBOOTDD.SYS, BOOTSECT.DOS)  Administrator password length  Rename Administrator Account  Rename Guest Account Network Security and Hacking Techniques – DAY1
    • Network Settings  Microsoft provides two categories of networking services Microsoft’s File and Print services (Installed Default)  The General TCP/IP and Internet services • DNS and WINS settings • Unbinding Microsoft networking services Network Security and Hacking Techniques – DAY1
    • Network Settings  Enabling/Disabling services • Default windows start a few services over which we do not have any control, during the installation phase Network Security and Hacking Techniques – DAY1
    • System Policies  Password Policies Password policies help administrators dictate the strength of passwords that users can set  Account Lockout Policies Account lockout policy options disable accounts after a set number of failed logon attempts Network Security and Hacking Techniques – DAY1
    • System Policies (Conts…)  Audit policy Audit policies help administrators monitor logon activity in Windows 2000 Server in a very detailed way by enabling success- and-failure auditing in the system's Audit policy Network Security and Hacking Techniques – DAY1
    • System Policies (Conts…)  Audit log settings Changing parameters like 1. Maximum log size 2. Do not overwrite events Network Security and Hacking Techniques – DAY1
    • System Policies (Conts…)  User rights User rights are typically assigned on the basis of the security groups to which a user belongs The policy settings in this category are typically used to allow or deny users permission to access to their computer based on the method of access and their security group memberships Network Security and Hacking Techniques – DAY1
    • System Policies (Conts…)  Security options The settings provided under this heading help define the behavior of the system for the settings configured above and the way the system interacts with other machines on the network. Network Security and Hacking Techniques – DAY1
    • Registry Settings  This section address specific settings that have to be done manually in the system registry  It’s highly recommended to take to take a full back of the registry before any changes have been made SYN attack protection Procedure Right click on the right hand pane Syn attack protection involves reducing the Choose New→ DWORD Value amount of retransmissions for the SYN-ACKS Name it “SynAttackProtect”. Double click on the “SynAttackProtect” key Reduce the time for which resources have to Enter the value as “2” remain allocated Network Security and Hacking Techniques – DAY1
    • Registry Settings (Conts…)  TcpMaxHalfOpen  This parameter controls the number of connections in the SYN-RCVD state allowed before SYN-ATTACK protection begins to operate.  If SynAttackProtect is set to 1, ensure that this value is lower than the AFD listen backlog on the port you want to protect. See the SynAttackProtect parameter for more details.  TcpMaxHalfOpenRetried  This parameter controls the number of connections in the SYN-RCVD state for which there has been at least one retransmission of the SYN sent, before SYN-ATTACK attack protection begins to operate.  The default values are 80 for Win2K Pro and Server and 400 for Advanced Server. See the SynAttackProtect parameter for more details. Network Security and Hacking Techniques – DAY1
    • Registry Settings (Conts…)  Perform router discovery  This parameter controls whether Windows 2000 will try to perform router discovery (RFC 1256). This is on a per- interface basis  It is located in Interfaces<interface> and is a REG_DWORD, with a range of 0–2, (default is 2 and recommended is 0). Value of 0 is disabled; 1 is enabled; and 2 DHCP controls the setting.  Enable ICMP redirects  This controls whether Windows 2000 will alter its route table in response to ICMP redirect messages that are sent to it by network devices such as a routers.  It is a REG_DWORD, with 0,1 (False, True). Default value is 1, recommended value is 0. Network Security and Hacking Techniques – DAY1
    • Registry Settings (Conts..)  Restrict network access to the registry Network Security and Hacking Techniques – DAY1