• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
A look at computer security

A look at computer security






Total Views
Views on SlideShare
Embed Views



5 Embeds 23

http://eglug.org 10
http://www.slideshare.net 7
http://www.eglug.org 3
http://www.linkedin.com 2
http://www.lmodules.com 1



Upload Details

Uploaded via as OpenOffice

Usage Rights

CC Attribution-ShareAlike LicenseCC Attribution-ShareAlike License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    A look at computer security A look at computer security Presentation Transcript

    • A Quick Look at Computer Security
        Ahmed D. Mekkawy AKA linuxawy [email_address]
    • Computer Security
      • Network Security.
      • Host Security.
      • Physical Security.
      • … etc
    • Encryption & Hashing
      • Single Key encryption.
      • Public / Private key encryption.
      • Hashing: a true one way function?
      • Md5? Md6 is in the kitchen now.
      • Sha1, sha256, sha512, sha1024
      • Tunneling.
      • Ssl (ssh, https, … etc)
      • Data Hiding ?!
    • First Things First
      • Mentality: always challenge your work. Wear the offending attackers' hat, and think how to destroy what you have done.
      • Never Underestimate your potential opponent.
      • Never underestimate how your data/computer is important to others (may be more than how it's important to you).
      • Password is like a toothbrush, never share it.
    • Use Good Passwords
      • Password less than 8 characters is lame.
      • Password containing only lower case characters is lamer.
      • Passwords containing your birth date/phone number is more lamer.
      • Passwords containing a sequense of digits like 123456 is the lamest.
      • Single password used among everything is a DISASTER.
    • Good password?
      • 4 types of characters: lower case, upper case, numbers, special characters. At least use 3 of them.
      • Good password is 16 digit, the more the better.
      • 32 character password equals 256 bit key, I call this secure.
      • Use transliterated Arabic.
      • Typing hacker style.
    • Hackers
      • Who are the hackers?
      • The word 'hacker' originally mean the one who makes furniture only by an axe.
      • Hackers means sharp minded, skilled persons.
      • Great inventions are hacks.
      • Gnu/Linux: an OS made by hackers.
    • Hackers' Hats
      • White Hat hacker: A good guy.
      • Black Hat hacker: A bad guy.
      • Grey Hat hacker: sometimes good, sometimes bad.
      • Normally white hats tend to help others (free or for a fee) and make the world a better place. Black hats tend to make the world much worse for their own benefits only.
      • Both use the same knowledge, have the same skills.
      • Black Hats are also called Crackers.
    • Black Hat's levels
      • Level 3: script kiddies, or skiddies: if you know the basics, you don't have a problem.
      • Level 2: moderate: can cause sever damage, you must be skilled to deal with them.
      • Level 1: Elite. If one of them is after you, run (unless you do know that you can handle him).
    • Attack Anatomy
      • Phase I: Info gathering
        • Low tech: social engineering, physical break-in, dumpster diving.
        • STFW.
        • Whois Database.
      • Phase II: Scanning
        • War driving.
        • Network mapping.
        • Port scanners.
        • Vulnerability scanners.
    • Attack Anatomy Contd.
      • Phase III: Gaining Access, or disabling it
        • Application / OS attacks: skeddies exploit trolling, buffer overflows, password attacks (brute force, dictionary), web application attacks (e.g sql injections).
        • Network attacks: sniffing, IP spoofing, session hijacking.
        • Denial of Service: Stopping service, exhausting resources, remotely exhausting resources (SYN flood, DDoS, .. etc)
    • Attack Anatomy Contd.
      • Phase IV: Maintaining Access
        • Trojans, Backdoors, Rootkits.
      • Phase V: Covering Tracks and Hiding.
    • Let's go technical
      • Firewalling is what we will discuss today.
      • Software firewall in GNU/Linux is IPTABLES.
      • Let's do some Packet filtering using iptables.
    • What is iptables/netfilter?
      • The native firewall in GNU/Linux is iptables/netfilter.
      • Netfilter is a kernel patch (now it's basic in all modern kernels, unless you compiled your own without it)
      • Iptables is just a configuration tool for netfilter.
      • You can uninstall iptables, but not netfilter.
      • Netfilter cannot be stopped. Anyway you can remove all rules so it doesn't do anything.
      • Iptables rules are volatile, you have to put them in a startup script to start with booting.
    • What are the tables/chains?
      • Tables => Chains => Rules
      • We have 3 tables:
        • Filter table
        • Nat table
        • Mangle table
      • We will focus on the filter table today, in filter table we have 3 main chains, which are:
        • INPUT chain
        • FORWARD chain
        • OUTPUT chain
    • iptables syntax
      • How to add a rule:
        • iptables -t table -A/I chain condition -j target
        • iptables -A INPUT -p tcp –-dport 80 -j ACCEPT
      • How to list rules:
        • iptables -t (table) -L (-n) (--line-number)
      • How to delete a rule:
        • iptables -t (table) -D (chain) (condition) (action)
        • iptables -t (table) -D (chain) (rule number)
    • iptables initialization
      • First, we flush all chains, delete custom chains, zero all counters:
        • iptables -F
        • iptables -X
        • iptables -Z
      • Turn off IP forwarding:
        • echo 0 > /proc/sys/net/ipv4/ip_forward
      • Enable dynamic IP support. 1: enable, 2: verbose, 0: disable
        • echo "1" > /proc/sys/net/ipv4/ip_dynaddr
      • To use RELATED in ftp rules, add ip_conntrack_ftp:
        • modprobe ip_conntrack_ftp
    • Enable pings
      • Enable incoming/outgoing pings:
      • Incoming:
        • i ptables -A INPUT -p icmp –-icmp-type echo-request -j ACCEPT
        • iptables -A OUTPUT -p icmp -–icmp-type echo-reply -j ACCEPT
      • Outgoing:
        • iptables -A OUTPUT -p icmp -–icmp-type echo-request -j ACCEPT
        • iptables -A INPUT -p icmp –-icmp-type echo-reply -j ACCEPT
    • Add your rules
        sport dport ============> CLIENT SERVER <============ dport sport
      • iptables (-t filter) -A INPUT -p tcp –-dport 80 -m state –-state NEW,ESTABLISHED -j ACCEPT
      • iptables (-t filter) -A OUTPUT -p tcp –-sport 80 -m state –-state ESTABLISHED -j ACCEPT
    • Special connections: ftp
      • You must enable kernel module ip_conntrack_ftp
      • FTP has 3 types of connections:
      • Control Port: Port 21, normal 3 way connection initiated by client.
      • Active connection: Port 20, normal 3 way connection RELATED to the previous connection, initiated by client
      • Passive connection: 3 way connection RELATED to the control connection, initiated by the server from a random port on the server to a random port at the client
    • ftp - continued
      • # Control Port:
        • iptables -A OUTPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
        • iptables -A INPUT -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT
      • # Active mode:
        • iptables -A OUTPUT -p tcp --dport 20 --sport 1024: -m state --state RELATED,ESTABLISHED -j ACCEPT
        • iptables -A INPUT -p tcp --sport 20 --dport 1024: -m state --state ESTABLISHED -j ACCEPT
      • # Passive mode:
        • iptables -A OUTPUT -p tcp --dport 1024: --sport 1024: -m state --state ESTABLISHED -j ACCEPT
        • iptables -A INPUT -p tcp --sport 1024: --dport 1024: -m state --state RELATED,ESTABLISHED -j ACCEPT
    • Thank You,,,