SlideShare a Scribd company logo

EMSC1515104 Shehansuhail

M
Mohomed Shehan

This document provides instructions for hardening the security of an Ubuntu 16.04 server. It outlines 27 steps to secure the server, including updating packages, restricting root access, removing unnecessary services like FTP, configuring a firewall and SSH, enforcing password policies, and logging and monitoring the system. References are provided for additional information on implementing each security measure.

1 of 11
Download to read offline
Executive MSc in Information Security Assignment: Advance Computer Security Prepared By: Mohomed Shihan Suhail |EMSC 1515104 Submitted to: Mr. Kushan Sharma Due Date: 27-August-2016 (13:00PM)
• Information security: a “well-informed sense of assurance that the information risks and controls are in balance.” —Jim Anderson, Inovant (2002) Summery In today’s technology environment, organizations are becoming more and more dependent on their information security. The public is increasingly concerned about the proper use of information, particularly personal data. The threats to information systems from criminals and terrorists are increasing. Many organizations will identify information as an area of their operation that needs to be protected as part of their system of internal control.
ADVANCED COMPUTER SECURITY 1. Ubuntu 16.04 and hardening process 1.Update the server with latest security patches released by the vendor. 2. Create Separate Partition for /tmp. 3. Set nodev option for /tmp Partition. 4. Bind Mount the /var/tmp directory to /tmp. 5. Set Boot Loader Password so that anyone rebooting the system must enter a password before being able to set command line boot parameters.
6. Set a password for the root user to force authentication in single user mode. 7. Remove X Window system and make sure that it is not installed. 8. Configure the server in such a way that it synchronizes system clocks across a variety of systems and use a source that is highly accurate. 9. Remove FTP Server and make sure that it is not enabled.
10. Configure Mail Transfer Agent for Local-Only Mode. This will ensures that the system will only process local mails. 11. Make sure that the rsync service is not enabled. The rsyncd service can be used to synchronize files between systems over network links, 12. Disable Send Packet Redirects. As a host itself does not act as a router (in a host only configuration), there is no need to send redirects. 13. Disable the acceptance of ICMP redirect messages. 14. Activate logs suspicious packets by enabling logging packets with un-routable source addresses to the kernel log.
15. Enforce accessing the system for specified IP Address range (i.e. 192.168.10.0/24) by enforcing TCP Wrappers. You may used /etc/host.allow. 16. Enable the host-based firewall and make sure that any outsider can only access webserver hosted at port 80. 17. Install configure and make sure that the rsyslog is active. 18. Configure logrotate to avoid filling up the system with logs or making the logs unmanageable large.
19. Enable cron daemon and configure it to take a backup of the web server access and error logs on everyday at 11.55pm. 21. Configure the server so that it will lock out users after 5 unsuccessful consecutive login attempts. User accounts should be locked out for 30 minutes.
22. Limit password reuse to prevent users from recycling 5 recent passwords. This will ensure that the users cannot reuse most recently used passwords. 23. Disable telnet, ftp, rlogin, rsh, and rcp and install and configure ssh for remote access. SSH settings should be configured to meet below listed requirements. Disable telnet Disable rlogin Remove line in /etc/inetd.conf #login stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.rlogind Disable rsh Remove shell, login, or exec lines in /etc/inetd.conf #shell stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.rshd #login stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.rlogind #exec stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.rexecd
Disable rcp a. Set SSH Protocol to 2 b. Set LogLevel to INFO c. Set X11Forwarding to no d. Set MaxAuthTries to 4 e. Set PermitRootLogin to no f.Set PermitEmptyPasswords to no 24. Set SSH Banner and it should only display your full name and the registration number. 2. Web Host Install Apache, PHP7 and MySQL on the server and configured with own database named as “database” site hosted as cgm/index.php Root user-“root” Password- ACSB2#Cicra@2016 Sample project for Laksiri seva and database name “database” URL: http://Localhost/index.php Terminal View (Lynx)
Reference Guide Ubuntu 16.0.4 1. Setting up /tmp partition and nodev for /tmp partition http://www.md3v.com/mount-the-tmp-partition-with-noexec-and-nosuid-options. http://www.cyberciti.biz/faq/howto-mount-tmp-as-separate-filesystem-with-noexec-nosuid-nodev/ installing lamp https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php- lamp-stack-on-ubuntu-14-04 http://www.cyberciti.biz/faq/linux-add-nodev-nosuid-noexec-options-to-temporary-storage-partitions/ 2. Grub Password http://www.ostechnix.com/configure-grub-2-boot-loader-settings-ubuntu-16-04/ https://help.ubuntu.com/community/Postfix http://www.tecmint.com/password-protect-grub-in-linux/ 3. Grub protecting https://blog.sleeplessbeastie.eu/2015/01/06/how-to-password-protect-grub-entries/ 4. Xorg configuring http://www.ubuntugeek.com/ubuntu-tiphow-to-removeinstall-and-reconfigure-xorg-without-reinstalling- ubuntu.html http://askubuntu.com/questions/73219/remove-packages-to-tranform-ubuntu-desktop-to-server http://www.redwireservices.com/remote-x11-for-linux-unix 5. Postfix configuring only to send https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-as-a-send-only-smtp- server-on-ubuntu-14-04 https://help.ubuntu.com/community/Postfix https://www.digitalocean.com/community/tutorials/how-to-install-and-setup-postfix-on-ubuntu-14-04 https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-as-a-send-only-smtp- server-on-ubuntu-16-04 6. ICMP redirects blocking http://www.tldp.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/chap5sec57.html http://askubuntu.com/questions/118273/what-are-icmp-redirects-and-should-they-be-blocked http://www.itsyourip.com/Security/how-to-disable-icmp-redirects-in-linux-for-security- redhatdebianubuntususe-tested/ 7. Log configuring http://www.cyberciti.biz/faq/linux-kernel-etcsysctl-conf-security-hardening/ http://www.cyberciti.biz/faq/linux-log-suspicious-martian-packets-un-routable-source-addresses/ http://www.cyberciti.biz/faq/linux-kernel-etcsysctl-conf-security-hardening/
8. Setting up tcp wrappers https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-tcpwrappers.html https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/3/html/Reference_Guide/s1- tcpwrappers-access.html 9. Setting up firewall in ubuntu https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-14-04 10. Rsync desabling https://www.loggly.com/docs/troubleshooting-rsyslog/ 11. Log rotate configuring http://www.thegeekstuff.com/2011/07/rotate-apache-logs 12. Cron tab configure http://www.cyberciti.biz/faq/howto-linux-unix-start-restart-cron/ https://help.ubuntu.com/community/CronHowto http://www.computerhope.com/unix/ucrontab.htm http://www.debianhelp.co.uk/schedulejobs.htm 13. Password policy http://askubuntu.com/questions/244115/how-do-i-enforce-a-password-complexity-policy http://xmodulo.com/set-password-policy-linux.html 14. Fail login attempts http://websistent.com/linux-password-lockout-policy/ http://www.cyberciti.biz/tips/rhel-centos-fedora-linux-log-failed-login.html http://www.cyberciti.biz/tips/lock-unlock-set-number-of-login-attempts.html 15. Standerd and audit information https://benchmarks.cisecurity.org/tools2/linux/CIS_Ubuntu_14.04_LTS_Server_Benchmark_v1.0.0.pdf 16. Configring unsuccessfull password attepts relock https://ubuntuforums.org/showthread.php?t=1024263 17. Configring open SSH https://help.ubuntu.com/community/SSH/OpenSSH/Configuring

Recommended

Proxy
ProxyProxy
Proxyleminhvuong
 
Server hardening
Server hardeningServer hardening
Server hardening
Teja Babu
 
Introducing bastion hosts for oracle cloud infrastructure v1.0
Introducing bastion hosts for oracle cloud infrastructure v1.0Introducing bastion hosts for oracle cloud infrastructure v1.0
Introducing bastion hosts for oracle cloud infrastructure v1.0
maaz khan
 
Proactive monitoring with Monit
Proactive monitoring with MonitProactive monitoring with Monit
Proactive monitoring with Monit
OSOCO
 
Meeting 14. web server ii
Meeting 14. web server iiMeeting 14. web server ii
Meeting 14. web server ii
Syaiful Ahdan
 
Squid proxy server
Squid proxy serverSquid proxy server
Squid proxy serverGreen Jb
 
Actividad configuración de cisco asa vpn
Actividad configuración de cisco asa vpnActividad configuración de cisco asa vpn
Actividad configuración de cisco asa vpnAndres Ldño
 
Meeting 9 samba
Meeting 9 sambaMeeting 9 samba
Meeting 9 samba
Syaiful Ahdan
 

Recommended

Proxy
ProxyProxy
Proxyleminhvuong
 
Server hardening
Server hardeningServer hardening
Server hardening
Teja Babu
 
Introducing bastion hosts for oracle cloud infrastructure v1.0
Introducing bastion hosts for oracle cloud infrastructure v1.0Introducing bastion hosts for oracle cloud infrastructure v1.0
Introducing bastion hosts for oracle cloud infrastructure v1.0
maaz khan
 
Proactive monitoring with Monit
Proactive monitoring with MonitProactive monitoring with Monit
Proactive monitoring with Monit
OSOCO
 
Meeting 14. web server ii
Meeting 14. web server iiMeeting 14. web server ii
Meeting 14. web server ii
Syaiful Ahdan
 
Squid proxy server
Squid proxy serverSquid proxy server
Squid proxy serverGreen Jb
 
Actividad configuración de cisco asa vpn
Actividad configuración de cisco asa vpnActividad configuración de cisco asa vpn
Actividad configuración de cisco asa vpnAndres Ldño
 
Meeting 9 samba
Meeting 9 sambaMeeting 9 samba
Meeting 9 samba
Syaiful Ahdan
 
Linux Hardening - nullhyd
Linux Hardening - nullhydLinux Hardening - nullhyd
Linux Hardening - nullhyd
n|u - The Open Security Community
 
Linux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsLinux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by Steps
Sunil Paudel
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix Linux
Security Session
 
10 techniques from hacking labs1.3 miss confsp4
10 techniques from hacking labs1.3 miss confsp410 techniques from hacking labs1.3 miss confsp4
10 techniques from hacking labs1.3 miss confsp4
Manich Koomsusi
 
Squid
SquidSquid
Squid
Chirag Gupta
 
Project on squid proxy in rhel 6
Project on squid proxy in rhel 6Project on squid proxy in rhel 6
Project on squid proxy in rhel 6
Nutan Kumar Panda
 
Meeting 5.2 : ssh
Meeting 5.2 : sshMeeting 5.2 : ssh
Meeting 5.2 : ssh
Syaiful Ahdan
 
Squid
SquidSquid
Squid
Syeda Javeria
 
Cisco Ios Suneet
Cisco Ios SuneetCisco Ios Suneet
Cisco Ios Suneet
guest575e9c
 
CentOS Linux Server Hardening
CentOS Linux Server HardeningCentOS Linux Server Hardening
CentOS Linux Server Hardening
MyOwn Telco
 
Squid Caching for Web Content Accerlation
Squid Caching for Web Content AccerlationSquid Caching for Web Content Accerlation
Squid Caching for Web Content Accerlationrahul8590
 
LSOF Command Usage on RHEL 7
LSOF Command Usage on RHEL 7LSOF Command Usage on RHEL 7
LSOF Command Usage on RHEL 7
VCP Muthukrishna
 
Configuration of Smtp Server On CentOS 8
Configuration of Smtp Server On CentOS 8Configuration of Smtp Server On CentOS 8
Configuration of Smtp Server On CentOS 8
Kaan Aslandağ
 
Network Security
Network SecurityNetwork Security
Network Security
UTD Computer Security Group
 
OpenVPN
OpenVPNOpenVPN
OpenVPN
Emil CHERICHEȘ
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSHHemant Shah
 
Konfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCP
Konfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCPKonfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCP
Konfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCP
Walid Umar
 
Presentación1
Presentación1Presentación1
Presentación1
davidalbanc
 
Triangle OpenStack meetup 09 2013
Triangle OpenStack meetup 09 2013Triangle OpenStack meetup 09 2013
Triangle OpenStack meetup 09 2013
Dan Radez
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
Freddy Buenaño
 
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Editor IJMTER
 
SoftwareInformationTechnology
SoftwareInformationTechnologySoftwareInformationTechnology
SoftwareInformationTechnologySalhi Fadhel
 

More Related Content

What's hot

Linux Hardening - nullhyd
Linux Hardening - nullhydLinux Hardening - nullhyd
Linux Hardening - nullhyd
n|u - The Open Security Community
 
Linux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsLinux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by Steps
Sunil Paudel
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix Linux
Security Session
 
10 techniques from hacking labs1.3 miss confsp4
10 techniques from hacking labs1.3 miss confsp410 techniques from hacking labs1.3 miss confsp4
10 techniques from hacking labs1.3 miss confsp4
Manich Koomsusi
 
Squid
SquidSquid
Squid
Chirag Gupta
 
Project on squid proxy in rhel 6
Project on squid proxy in rhel 6Project on squid proxy in rhel 6
Project on squid proxy in rhel 6
Nutan Kumar Panda
 
Meeting 5.2 : ssh
Meeting 5.2 : sshMeeting 5.2 : ssh
Meeting 5.2 : ssh
Syaiful Ahdan
 
Squid
SquidSquid
Squid
Syeda Javeria
 
Cisco Ios Suneet
Cisco Ios SuneetCisco Ios Suneet
Cisco Ios Suneet
guest575e9c
 
CentOS Linux Server Hardening
CentOS Linux Server HardeningCentOS Linux Server Hardening
CentOS Linux Server Hardening
MyOwn Telco
 
Squid Caching for Web Content Accerlation
Squid Caching for Web Content AccerlationSquid Caching for Web Content Accerlation
Squid Caching for Web Content Accerlationrahul8590
 
LSOF Command Usage on RHEL 7
LSOF Command Usage on RHEL 7LSOF Command Usage on RHEL 7
LSOF Command Usage on RHEL 7
VCP Muthukrishna
 
Configuration of Smtp Server On CentOS 8
Configuration of Smtp Server On CentOS 8Configuration of Smtp Server On CentOS 8
Configuration of Smtp Server On CentOS 8
Kaan Aslandağ
 
Network Security
Network SecurityNetwork Security
Network Security
UTD Computer Security Group
 
OpenVPN
OpenVPNOpenVPN
OpenVPN
Emil CHERICHEȘ
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSHHemant Shah
 
Konfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCP
Konfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCPKonfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCP
Konfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCP
Walid Umar
 
Presentación1
Presentación1Presentación1
Presentación1
davidalbanc
 
Triangle OpenStack meetup 09 2013
Triangle OpenStack meetup 09 2013Triangle OpenStack meetup 09 2013
Triangle OpenStack meetup 09 2013
Dan Radez
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
Freddy Buenaño
 

What's hot (20)

Linux Hardening - nullhyd
Linux Hardening - nullhydLinux Hardening - nullhyd
Linux Hardening - nullhyd
 
Linux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsLinux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by Steps
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix Linux
 
10 techniques from hacking labs1.3 miss confsp4
10 techniques from hacking labs1.3 miss confsp410 techniques from hacking labs1.3 miss confsp4
10 techniques from hacking labs1.3 miss confsp4
 
Squid
SquidSquid
Squid
 
Project on squid proxy in rhel 6
Project on squid proxy in rhel 6Project on squid proxy in rhel 6
Project on squid proxy in rhel 6
 
Meeting 5.2 : ssh
Meeting 5.2 : sshMeeting 5.2 : ssh
Meeting 5.2 : ssh
 
Squid
SquidSquid
Squid
 
Cisco Ios Suneet
Cisco Ios SuneetCisco Ios Suneet
Cisco Ios Suneet
 
CentOS Linux Server Hardening
CentOS Linux Server HardeningCentOS Linux Server Hardening
CentOS Linux Server Hardening
 
Squid Caching for Web Content Accerlation
Squid Caching for Web Content AccerlationSquid Caching for Web Content Accerlation
Squid Caching for Web Content Accerlation
 
LSOF Command Usage on RHEL 7
LSOF Command Usage on RHEL 7LSOF Command Usage on RHEL 7
LSOF Command Usage on RHEL 7
 
Configuration of Smtp Server On CentOS 8
Configuration of Smtp Server On CentOS 8Configuration of Smtp Server On CentOS 8
Configuration of Smtp Server On CentOS 8
 
Network Security
Network SecurityNetwork Security
Network Security
 
OpenVPN
OpenVPNOpenVPN
OpenVPN
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSH
 
Konfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCP
Konfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCPKonfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCP
Konfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCP
 
Presentación1
Presentación1Presentación1
Presentación1
 
Triangle OpenStack meetup 09 2013
Triangle OpenStack meetup 09 2013Triangle OpenStack meetup 09 2013
Triangle OpenStack meetup 09 2013
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
 

Viewers also liked

Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Editor IJMTER
 
SoftwareInformationTechnology
SoftwareInformationTechnologySoftwareInformationTechnology
SoftwareInformationTechnologySalhi Fadhel
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
Peleg
 
TUD CS4105 | 2015 | Lecture 1
TUD CS4105 | 2015 | Lecture 1TUD CS4105 | 2015 | Lecture 1
TUD CS4105 | 2015 | Lecture 1
Eelco Visser
 
A5.1 Maintenance and Security Assignment By_Austin,Nameer,mohamed
A5.1 Maintenance and Security Assignment By_Austin,Nameer,mohamedA5.1 Maintenance and Security Assignment By_Austin,Nameer,mohamed
A5.1 Maintenance and Security Assignment By_Austin,Nameer,mohamedMohamed Essa
 
Information Systems Security 365/765 Introduction - Day One
Information Systems Security 365/765 Introduction - Day OneInformation Systems Security 365/765 Introduction - Day One
Information Systems Security 365/765 Introduction - Day One
Nicholas Davis
 
RSA Laboratories' Frequently Asked Questions About Today's Cryptography, Vers...
RSA Laboratories' Frequently Asked Questions About Today's Cryptography, Vers...RSA Laboratories' Frequently Asked Questions About Today's Cryptography, Vers...
RSA Laboratories' Frequently Asked Questions About Today's Cryptography, Vers...
EMC
 
Assignment mqanagement information system 0047
Assignment mqanagement information system 0047Assignment mqanagement information system 0047
Assignment mqanagement information system 0047amol_dongare
 
Cryptography 101
Cryptography 101Cryptography 101
Cryptography 101
Nolan Egly
 
Chapter 15 - Security
Chapter 15 - SecurityChapter 15 - Security
Chapter 15 - Security
Wayne Jones Jnr
 
Management Information systems – Assignments
Management Information systems – AssignmentsManagement Information systems – Assignments
Management Information systems – Assignments
Manohar Mani Manjula Iyer
 
Key Distribution Problem in advanced operating system
Key Distribution Problem in advanced operating systemKey Distribution Problem in advanced operating system
Key Distribution Problem in advanced operating systemMerlin Florrence
 
Problem Based Task 1
Problem Based Task 1Problem Based Task 1
Problem Based Task 1rozimm78
 
FINAL PAPER FP501 OPEN SOURCE OPERATING SYSTEM
FINAL PAPER FP501 OPEN SOURCE OPERATING SYSTEMFINAL PAPER FP501 OPEN SOURCE OPERATING SYSTEM
FINAL PAPER FP501 OPEN SOURCE OPERATING SYSTEMAmira Dolce Farhana
 
Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication
rajakhurram
 
Cryprography Assignment
Cryprography AssignmentCryprography Assignment
Cryprography Assignment
Ashik Iqbal
 
Overview of cryptography
Overview of cryptographyOverview of cryptography
Overview of cryptography
Roshan Chaudhary
 
Final Exam OS fall 2012-2013 with answers
Final Exam OS fall 2012-2013 with answersFinal Exam OS fall 2012-2013 with answers
Final Exam OS fall 2012-2013 with answers
Arab Open University and Cairo University
 
Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3koolkampus
 
Message Authentication
Message AuthenticationMessage Authentication
Message Authentication
Ram Dutt Shukla
 

Viewers also liked (20)

Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
 
SoftwareInformationTechnology
SoftwareInformationTechnologySoftwareInformationTechnology
SoftwareInformationTechnology
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
TUD CS4105 | 2015 | Lecture 1
TUD CS4105 | 2015 | Lecture 1TUD CS4105 | 2015 | Lecture 1
TUD CS4105 | 2015 | Lecture 1
 
A5.1 Maintenance and Security Assignment By_Austin,Nameer,mohamed
A5.1 Maintenance and Security Assignment By_Austin,Nameer,mohamedA5.1 Maintenance and Security Assignment By_Austin,Nameer,mohamed
A5.1 Maintenance and Security Assignment By_Austin,Nameer,mohamed
 
Information Systems Security 365/765 Introduction - Day One
Information Systems Security 365/765 Introduction - Day OneInformation Systems Security 365/765 Introduction - Day One
Information Systems Security 365/765 Introduction - Day One
 
RSA Laboratories' Frequently Asked Questions About Today's Cryptography, Vers...
RSA Laboratories' Frequently Asked Questions About Today's Cryptography, Vers...RSA Laboratories' Frequently Asked Questions About Today's Cryptography, Vers...
RSA Laboratories' Frequently Asked Questions About Today's Cryptography, Vers...
 
Assignment mqanagement information system 0047
Assignment mqanagement information system 0047Assignment mqanagement information system 0047
Assignment mqanagement information system 0047
 
Cryptography 101
Cryptography 101Cryptography 101
Cryptography 101
 
Chapter 15 - Security
Chapter 15 - SecurityChapter 15 - Security
Chapter 15 - Security
 
Management Information systems – Assignments
Management Information systems – AssignmentsManagement Information systems – Assignments
Management Information systems – Assignments
 
Key Distribution Problem in advanced operating system
Key Distribution Problem in advanced operating systemKey Distribution Problem in advanced operating system
Key Distribution Problem in advanced operating system
 
Problem Based Task 1
Problem Based Task 1Problem Based Task 1
Problem Based Task 1
 
FINAL PAPER FP501 OPEN SOURCE OPERATING SYSTEM
FINAL PAPER FP501 OPEN SOURCE OPERATING SYSTEMFINAL PAPER FP501 OPEN SOURCE OPERATING SYSTEM
FINAL PAPER FP501 OPEN SOURCE OPERATING SYSTEM
 
Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication
 
Cryprography Assignment
Cryprography AssignmentCryprography Assignment
Cryprography Assignment
 
Overview of cryptography
Overview of cryptographyOverview of cryptography
Overview of cryptography
 
Final Exam OS fall 2012-2013 with answers
Final Exam OS fall 2012-2013 with answersFinal Exam OS fall 2012-2013 with answers
Final Exam OS fall 2012-2013 with answers
 
Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3
 
Message Authentication
Message AuthenticationMessage Authentication
Message Authentication
 

Similar to EMSC1515104 Shehansuhail

Linux security quick reference guide
Linux security quick reference guideLinux security quick reference guide
Linux security quick reference guideCraig Cannon
 
Nat mikrotik
Nat mikrotikNat mikrotik
Nat mikrotik
louisraj
 
8 steps to protect your cisco router
8 steps to protect your cisco router8 steps to protect your cisco router
8 steps to protect your cisco router
IT Tech
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
Muhammad Moinur Rahman
 
CCNA CheatSheet
CCNA CheatSheetCCNA CheatSheet
CCNA CheatSheet
Eng. Emad Al-Atoum
 
Install websphere message broker 8 RHEL 6 64 bits
Install websphere message broker 8 RHEL 6 64 bitsInstall websphere message broker 8 RHEL 6 64 bits
Install websphere message broker 8 RHEL 6 64 bits
Manuel Vega
 
Attacks and their mitigations
Attacks and their mitigationsAttacks and their mitigations
Attacks and their mitigations
Mukesh Chaudhari
 
Aci dp
Aci dpAci dp
Aci dp
Zchabar Jhie
 
Interview questions
Interview questionsInterview questions
Interview questions
xavier john
 
Client side exploits
Client side exploitsClient side exploits
Client side exploitsnickyt8
 
Advanced RAC troubleshooting: Network
Advanced RAC troubleshooting: NetworkAdvanced RAC troubleshooting: Network
Advanced RAC troubleshooting: Network
Riyaj Shamsudeen
 
How hackers attack networks
How hackers attack networksHow hackers attack networks
How hackers attack networks
Adeel Javaid
 
SnortReport Presentation
SnortReport PresentationSnortReport Presentation
SnortReport Presentationwebhostingguy
 
Student packet tracer manual v1.1
Student packet tracer manual v1.1Student packet tracer manual v1.1
Student packet tracer manual v1.1
milkux
 
Linux internet server security and configuration tutorial
Linux internet server security and configuration tutorialLinux internet server security and configuration tutorial
Linux internet server security and configuration tutorial
annik147
 
All About Snort
All About SnortAll About Snort
All About Snort
28pranjal
 
Lec 1.pptx
Lec 1.pptxLec 1.pptx
Lec 1.pptx
ahmedraed19
 
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days
 

Similar to EMSC1515104 Shehansuhail (20)

Linux security quick reference guide
Linux security quick reference guideLinux security quick reference guide
Linux security quick reference guide
 
Nat mikrotik
Nat mikrotikNat mikrotik
Nat mikrotik
 
8 steps to protect your cisco router
8 steps to protect your cisco router8 steps to protect your cisco router
8 steps to protect your cisco router
 
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web ServerFreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
 
CCNA CheatSheet
CCNA CheatSheetCCNA CheatSheet
CCNA CheatSheet
 
Install websphere message broker 8 RHEL 6 64 bits
Install websphere message broker 8 RHEL 6 64 bitsInstall websphere message broker 8 RHEL 6 64 bits
Install websphere message broker 8 RHEL 6 64 bits
 
Wissbi osdc pdf
Wissbi osdc pdfWissbi osdc pdf
Wissbi osdc pdf
 
Penetration Testing Boot CAMP
Penetration Testing Boot CAMPPenetration Testing Boot CAMP
Penetration Testing Boot CAMP
 
Attacks and their mitigations
Attacks and their mitigationsAttacks and their mitigations
Attacks and their mitigations
 
Aci dp
Aci dpAci dp
Aci dp
 
Interview questions
Interview questionsInterview questions
Interview questions
 
Client side exploits
Client side exploitsClient side exploits
Client side exploits
 
Advanced RAC troubleshooting: Network
Advanced RAC troubleshooting: NetworkAdvanced RAC troubleshooting: Network
Advanced RAC troubleshooting: Network
 
How hackers attack networks
How hackers attack networksHow hackers attack networks
How hackers attack networks
 
SnortReport Presentation
SnortReport PresentationSnortReport Presentation
SnortReport Presentation
 
Student packet tracer manual v1.1
Student packet tracer manual v1.1Student packet tracer manual v1.1
Student packet tracer manual v1.1
 
Linux internet server security and configuration tutorial
Linux internet server security and configuration tutorialLinux internet server security and configuration tutorial
Linux internet server security and configuration tutorial
 
All About Snort
All About SnortAll About Snort
All About Snort
 
Lec 1.pptx
Lec 1.pptxLec 1.pptx
Lec 1.pptx
 
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
 

EMSC1515104 Shehansuhail

  • 1. Executive MSc in Information Security Assignment: Advance Computer Security Prepared By: Mohomed Shihan Suhail |EMSC 1515104 Submitted to: Mr. Kushan Sharma Due Date: 27-August-2016 (13:00PM)
  • 2. • Information security: a “well-informed sense of assurance that the information risks and controls are in balance.” —Jim Anderson, Inovant (2002) Summery In today’s technology environment, organizations are becoming more and more dependent on their information security. The public is increasingly concerned about the proper use of information, particularly personal data. The threats to information systems from criminals and terrorists are increasing. Many organizations will identify information as an area of their operation that needs to be protected as part of their system of internal control.
  • 3. ADVANCED COMPUTER SECURITY 1. Ubuntu 16.04 and hardening process 1.Update the server with latest security patches released by the vendor. 2. Create Separate Partition for /tmp. 3. Set nodev option for /tmp Partition. 4. Bind Mount the /var/tmp directory to /tmp. 5. Set Boot Loader Password so that anyone rebooting the system must enter a password before being able to set command line boot parameters.
  • 4. 6. Set a password for the root user to force authentication in single user mode. 7. Remove X Window system and make sure that it is not installed. 8. Configure the server in such a way that it synchronizes system clocks across a variety of systems and use a source that is highly accurate. 9. Remove FTP Server and make sure that it is not enabled.
  • 5. 10. Configure Mail Transfer Agent for Local-Only Mode. This will ensures that the system will only process local mails. 11. Make sure that the rsync service is not enabled. The rsyncd service can be used to synchronize files between systems over network links, 12. Disable Send Packet Redirects. As a host itself does not act as a router (in a host only configuration), there is no need to send redirects. 13. Disable the acceptance of ICMP redirect messages. 14. Activate logs suspicious packets by enabling logging packets with un-routable source addresses to the kernel log.
  • 6. 15. Enforce accessing the system for specified IP Address range (i.e. 192.168.10.0/24) by enforcing TCP Wrappers. You may used /etc/host.allow. 16. Enable the host-based firewall and make sure that any outsider can only access webserver hosted at port 80. 17. Install configure and make sure that the rsyslog is active. 18. Configure logrotate to avoid filling up the system with logs or making the logs unmanageable large.
  • 7. 19. Enable cron daemon and configure it to take a backup of the web server access and error logs on everyday at 11.55pm. 21. Configure the server so that it will lock out users after 5 unsuccessful consecutive login attempts. User accounts should be locked out for 30 minutes.
  • 8. 22. Limit password reuse to prevent users from recycling 5 recent passwords. This will ensure that the users cannot reuse most recently used passwords. 23. Disable telnet, ftp, rlogin, rsh, and rcp and install and configure ssh for remote access. SSH settings should be configured to meet below listed requirements. Disable telnet Disable rlogin Remove line in /etc/inetd.conf #login stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.rlogind Disable rsh Remove shell, login, or exec lines in /etc/inetd.conf #shell stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.rshd #login stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.rlogind #exec stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.rexecd
  • 9. Disable rcp a. Set SSH Protocol to 2 b. Set LogLevel to INFO c. Set X11Forwarding to no d. Set MaxAuthTries to 4 e. Set PermitRootLogin to no f.Set PermitEmptyPasswords to no 24. Set SSH Banner and it should only display your full name and the registration number. 2. Web Host Install Apache, PHP7 and MySQL on the server and configured with own database named as “database” site hosted as cgm/index.php Root user-“root” Password- ACSB2#Cicra@2016 Sample project for Laksiri seva and database name “database” URL: http://Localhost/index.php Terminal View (Lynx)
  • 10. Reference Guide Ubuntu 16.0.4 1. Setting up /tmp partition and nodev for /tmp partition http://www.md3v.com/mount-the-tmp-partition-with-noexec-and-nosuid-options. http://www.cyberciti.biz/faq/howto-mount-tmp-as-separate-filesystem-with-noexec-nosuid-nodev/ installing lamp https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php- lamp-stack-on-ubuntu-14-04 http://www.cyberciti.biz/faq/linux-add-nodev-nosuid-noexec-options-to-temporary-storage-partitions/ 2. Grub Password http://www.ostechnix.com/configure-grub-2-boot-loader-settings-ubuntu-16-04/ https://help.ubuntu.com/community/Postfix http://www.tecmint.com/password-protect-grub-in-linux/ 3. Grub protecting https://blog.sleeplessbeastie.eu/2015/01/06/how-to-password-protect-grub-entries/ 4. Xorg configuring http://www.ubuntugeek.com/ubuntu-tiphow-to-removeinstall-and-reconfigure-xorg-without-reinstalling- ubuntu.html http://askubuntu.com/questions/73219/remove-packages-to-tranform-ubuntu-desktop-to-server http://www.redwireservices.com/remote-x11-for-linux-unix 5. Postfix configuring only to send https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-as-a-send-only-smtp- server-on-ubuntu-14-04 https://help.ubuntu.com/community/Postfix https://www.digitalocean.com/community/tutorials/how-to-install-and-setup-postfix-on-ubuntu-14-04 https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-as-a-send-only-smtp- server-on-ubuntu-16-04 6. ICMP redirects blocking http://www.tldp.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/chap5sec57.html http://askubuntu.com/questions/118273/what-are-icmp-redirects-and-should-they-be-blocked http://www.itsyourip.com/Security/how-to-disable-icmp-redirects-in-linux-for-security- redhatdebianubuntususe-tested/ 7. Log configuring http://www.cyberciti.biz/faq/linux-kernel-etcsysctl-conf-security-hardening/ http://www.cyberciti.biz/faq/linux-log-suspicious-martian-packets-un-routable-source-addresses/ http://www.cyberciti.biz/faq/linux-kernel-etcsysctl-conf-security-hardening/
  • 11. 8. Setting up tcp wrappers https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-tcpwrappers.html https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/3/html/Reference_Guide/s1- tcpwrappers-access.html 9. Setting up firewall in ubuntu https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-14-04 10. Rsync desabling https://www.loggly.com/docs/troubleshooting-rsyslog/ 11. Log rotate configuring http://www.thegeekstuff.com/2011/07/rotate-apache-logs 12. Cron tab configure http://www.cyberciti.biz/faq/howto-linux-unix-start-restart-cron/ https://help.ubuntu.com/community/CronHowto http://www.computerhope.com/unix/ucrontab.htm http://www.debianhelp.co.uk/schedulejobs.htm 13. Password policy http://askubuntu.com/questions/244115/how-do-i-enforce-a-password-complexity-policy http://xmodulo.com/set-password-policy-linux.html 14. Fail login attempts http://websistent.com/linux-password-lockout-policy/ http://www.cyberciti.biz/tips/rhel-centos-fedora-linux-log-failed-login.html http://www.cyberciti.biz/tips/lock-unlock-set-number-of-login-attempts.html 15. Standerd and audit information https://benchmarks.cisecurity.org/tools2/linux/CIS_Ubuntu_14.04_LTS_Server_Benchmark_v1.0.0.pdf 16. Configring unsuccessfull password attepts relock https://ubuntuforums.org/showthread.php?t=1024263 17. Configring open SSH https://help.ubuntu.com/community/SSH/OpenSSH/Configuring