2. Root Password Break
Network Security
and spinning Containers
BY: ATHAR KALEEM
LECTURER
DEPUTY DIRECTOR IT
THE UNIVERSITY OF HARIPUR
2
3. Root Password Break
• For example: Ubuntu Root Password
• Set the root password and restart the Machine.
• Boot the Machine in “Advance Option”
• Type “e” to edit the options
• Change the permissions from “ro” to “rw”
• Now you can change the root password.
• Reboot and password is changed.
3
5. Security at Network and Transport Layers: Layer 3 & 4
• Network based Firewalls
• For example: Linux Firewall, netfilters, iptables
• Understanding types of traffic and their tables w.r.t to Gateway.
• Chains in iptables
• Rules for writing iptables
• Script/develop your Firewall
5
8. Rules for writing iptables
#! /bin/bash
echo 1 > /proc/sys/net/ipv4/ip_forward
$iptables -F
$iptables -t nat -F
$iptables -t mangle -F
#-------------MAIN POLICY--------------
$iptables --policy INPUT DROP
$iptables --policy OUTPUT DROP
$iptables --policy FORWARD DROP
#------------SOURCE NATTING-------------
$iptables -t nat -A POSTROUTING -j MASQUERADE -o vmbr0
#-------Accepting traffic that is related to an established stream.
$iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
#------local loop back accepted
$iptables -A INPUT -i lo -j ACCEPT
$iptables -A OUTPUT -o lo -j ACCEPT
#--------Examples Rules----------
$iptables -A INPUT -p tcp --dport 21 -m state --state NEW -j ACCEPT
$iptables -A OUTPUT -o vmbr0 -p udp --dport 53 -m state --state NEW -j ACCEPT
$iptables -A FORWARD -p tcp --dport 80 -m state --state NEW -j ACCEPT
$iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 18000 -j DNAT --to-destination 192.168.3.14:80
8
9. Security at Application level/ layer 5,6 & 7
• Firewall limitations: up to layer 4
• What for Layer 5, 6 and 7. The IDS and IPS
• Popular open-source IDS and IPS
• Ossec : The IDS
• Snort : The IDS and IPS
9
12. Ossec : The IDS
For installation, go through ips-ids.txt script that is made while installing it.
After installing Access the web-user-interface
12
14. Snort : The IPS
Features
• The IPS is able to perform actions to shut down the threat. These actions include:
Restoring log files from storage
Suspending user accounts
Blocking IP addresses
Killing processes
Shutting down systems
Starting up processes
Updating firewall settings
Alerting, recording, and reporting suspicious activities
14
15. Snort : The IPS
Features
Support multiple packet processing threads
Allows multiple packet processing
Autogenerate reference documentation
Use a simple scriptable configuration
Make key components pluggable
Allows users to write their own plugins
Shared configuration and attribute table
Allows rules to run quicker
15
16. Snort : The IPS
Deployment for learning
Download the Container
$ docker pull ciscotalos/snort3
Start the Container
$ docker run --name snort3 -h snort3 -u snorty -w /home/snorty -
d -it ciscotalos/snort3 bash
Enter the Snort Container
$ docker exec -it snort3 bash
Stop the Snort Container
$ docker kill snort3
16
17. Snort : The IPS
Deployment for learning
Download the Container
$ docker pull ciscotalos/snort3
Start the Container
$ docker run --name snort3 -h
snort3 -u snorty -w /home/snorty -d -
it ciscotalos/snort3 bash
Enter the Snort Container
$ docker exec -it snort3 bash
Stop the Snort Container
$ docker kill snort3
17