A look at computer security


Published on

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

A look at computer security

  1. 1. A Quick Look at Computer Security <ul>Ahmed D. Mekkawy AKA linuxawy [email_address] </ul>
  2. 2. Computer Security <ul><li>Network Security.
  3. 3. Host Security.
  4. 4. Physical Security.
  5. 5. … etc </li></ul>
  6. 6. Encryption & Hashing <ul><li>Single Key encryption.
  7. 7. Public / Private key encryption.
  8. 8. Hashing: a true one way function?
  9. 9. Md5? Md6 is in the kitchen now.
  10. 10. Sha1, sha256, sha512, sha1024
  11. 11. Tunneling.
  12. 12. Ssl (ssh, https, … etc)
  13. 13. Data Hiding ?! </li></ul>
  14. 14. First Things First <ul><li>Mentality: always challenge your work. Wear the offending attackers' hat, and think how to destroy what you have done.
  15. 15. Never Underestimate your potential opponent.
  16. 16. Never underestimate how your data/computer is important to others (may be more than how it's important to you).
  17. 17. Password is like a toothbrush, never share it. </li></ul>
  18. 18. Use Good Passwords <ul><li>Password less than 8 characters is lame.
  19. 19. Password containing only lower case characters is lamer.
  20. 20. Passwords containing your birth date/phone number is more lamer.
  21. 21. Passwords containing a sequense of digits like 123456 is the lamest.
  22. 22. Single password used among everything is a DISASTER. </li></ul>
  23. 23. Good password? <ul><li>4 types of characters: lower case, upper case, numbers, special characters. At least use 3 of them.
  24. 24. Good password is 16 digit, the more the better.
  25. 25. 32 character password equals 256 bit key, I call this secure.
  26. 26. Use transliterated Arabic.
  27. 27. Typing hacker style. </li></ul>
  28. 28. Hackers <ul><li>Who are the hackers?
  29. 29. The word 'hacker' originally mean the one who makes furniture only by an axe.
  30. 30. Hackers means sharp minded, skilled persons.
  31. 31. Great inventions are hacks.
  32. 32. Gnu/Linux: an OS made by hackers. </li></ul>
  33. 33. Hackers' Hats <ul><li>White Hat hacker: A good guy.
  34. 34. Black Hat hacker: A bad guy.
  35. 35. Grey Hat hacker: sometimes good, sometimes bad.
  36. 36. Normally white hats tend to help others (free or for a fee) and make the world a better place. Black hats tend to make the world much worse for their own benefits only.
  37. 37. Both use the same knowledge, have the same skills.
  38. 38. Black Hats are also called Crackers. </li></ul>
  39. 39. Black Hat's levels <ul><li>Level 3: script kiddies, or skiddies: if you know the basics, you don't have a problem.
  40. 40. Level 2: moderate: can cause sever damage, you must be skilled to deal with them.
  41. 41. Level 1: Elite. If one of them is after you, run (unless you do know that you can handle him). </li></ul>
  42. 42. Attack Anatomy <ul><li>Phase I: Info gathering </li><ul><li>Low tech: social engineering, physical break-in, dumpster diving.
  43. 43. STFW.
  44. 44. Whois Database. </li></ul><li>Phase II: Scanning </li><ul><li>War driving.
  45. 45. Network mapping.
  46. 46. Port scanners.
  47. 47. Vulnerability scanners. </li></ul></ul>
  48. 48. Attack Anatomy Contd. <ul><li>Phase III: Gaining Access, or disabling it </li><ul><li>Application / OS attacks: skeddies exploit trolling, buffer overflows, password attacks (brute force, dictionary), web application attacks (e.g sql injections).
  49. 49. Network attacks: sniffing, IP spoofing, session hijacking.
  50. 50. Denial of Service: Stopping service, exhausting resources, remotely exhausting resources (SYN flood, DDoS, .. etc) </li></ul></ul>
  51. 51. Attack Anatomy Contd. <ul><li>Phase IV: Maintaining Access </li><ul><li>Trojans, Backdoors, Rootkits. </li></ul><li>Phase V: Covering Tracks and Hiding. </li></ul>
  52. 52. Let's go technical <ul><li>Firewalling is what we will discuss today.
  53. 53. Software firewall in GNU/Linux is IPTABLES.
  54. 54. Let's do some Packet filtering using iptables. </li></ul>
  55. 55. What is iptables/netfilter? <ul><li>The native firewall in GNU/Linux is iptables/netfilter.
  56. 56. Netfilter is a kernel patch (now it's basic in all modern kernels, unless you compiled your own without it)
  57. 57. Iptables is just a configuration tool for netfilter.
  58. 58. You can uninstall iptables, but not netfilter.
  59. 59. Netfilter cannot be stopped. Anyway you can remove all rules so it doesn't do anything.
  60. 60. Iptables rules are volatile, you have to put them in a startup script to start with booting. </li></ul>
  61. 61. What are the tables/chains? <ul><li>Tables => Chains => Rules
  62. 62. We have 3 tables: </li><ul><li>Filter table
  63. 63. Nat table
  64. 64. Mangle table </li></ul><li>We will focus on the filter table today, in filter table we have 3 main chains, which are: </li><ul><li>INPUT chain
  65. 65. FORWARD chain
  66. 66. OUTPUT chain </li></ul></ul>
  67. 67. iptables syntax <ul><li>How to add a rule: </li><ul><li>iptables -t table -A/I chain condition -j target
  68. 68. iptables -A INPUT -p tcp –-dport 80 -j ACCEPT </li></ul><li>How to list rules: </li><ul><li>iptables -t (table) -L (-n) (--line-number) </li></ul><li>How to delete a rule: </li><ul><li>iptables -t (table) -D (chain) (condition) (action)
  69. 69. iptables -t (table) -D (chain) (rule number) </li></ul></ul>
  70. 70. iptables initialization <ul><li>First, we flush all chains, delete custom chains, zero all counters: </li><ul><li>iptables -F
  71. 71. iptables -X
  72. 72. iptables -Z </li></ul><li>Turn off IP forwarding: </li><ul><li>echo 0 > /proc/sys/net/ipv4/ip_forward </li></ul><li>Enable dynamic IP support. 1: enable, 2: verbose, 0: disable </li><ul><li>echo &quot;1&quot; > /proc/sys/net/ipv4/ip_dynaddr </li></ul><li>To use RELATED in ftp rules, add ip_conntrack_ftp: </li><ul><li>modprobe ip_conntrack_ftp </li></ul></ul>
  73. 73. Enable pings <ul><li>Enable incoming/outgoing pings:
  74. 74. Incoming: </li><ul><li>i ptables -A INPUT -p icmp –-icmp-type echo-request -j ACCEPT
  75. 75. iptables -A OUTPUT -p icmp -–icmp-type echo-reply -j ACCEPT </li></ul><li>Outgoing: </li><ul><li>iptables -A OUTPUT -p icmp -–icmp-type echo-request -j ACCEPT
  76. 76. iptables -A INPUT -p icmp –-icmp-type echo-reply -j ACCEPT </li></ul></ul>
  77. 77. Add your rules <ul>sport dport ============> CLIENT SERVER <============ dport sport <li>iptables (-t filter) -A INPUT -p tcp –-dport 80 -m state –-state NEW,ESTABLISHED -j ACCEPT
  78. 78. iptables (-t filter) -A OUTPUT -p tcp –-sport 80 -m state –-state ESTABLISHED -j ACCEPT </li></ul>
  79. 79. Special connections: ftp <ul><li>You must enable kernel module ip_conntrack_ftp
  80. 80. FTP has 3 types of connections:
  81. 81. Control Port: Port 21, normal 3 way connection initiated by client.
  82. 82. Active connection: Port 20, normal 3 way connection RELATED to the previous connection, initiated by client
  83. 83. Passive connection: 3 way connection RELATED to the control connection, initiated by the server from a random port on the server to a random port at the client </li></ul>
  84. 84. ftp - continued <ul><li># Control Port: </li><ul><li>iptables -A OUTPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
  85. 85. iptables -A INPUT -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT </li></ul><li># Active mode: </li><ul><li>iptables -A OUTPUT -p tcp --dport 20 --sport 1024: -m state --state RELATED,ESTABLISHED -j ACCEPT
  86. 86. iptables -A INPUT -p tcp --sport 20 --dport 1024: -m state --state ESTABLISHED -j ACCEPT </li></ul><li># Passive mode: </li><ul><li>iptables -A OUTPUT -p tcp --dport 1024: --sport 1024: -m state --state ESTABLISHED -j ACCEPT
  87. 87. iptables -A INPUT -p tcp --sport 1024: --dport 1024: -m state --state RELATED,ESTABLISHED -j ACCEPT </li></ul></ul>
  88. 88. Thank You,,,