This document provides instructions for hardening the security of an Ubuntu 16.04 server. It outlines 27 steps to secure the server, including updating packages, restricting root access, removing unnecessary services like FTP, configuring a firewall and SSH, enforcing password policies, and logging and monitoring the system. References are provided for additional information on implementing each security measure.
Introducing bastion hosts for oracle cloud infrastructure v1.0maaz khan
Bastion hosts leverage easy and secure connectivity from your On-premise to OCI regions. They are created in Public subnet with a Public IP. They secure hosts like db and applications servers in private subnet using a multi-tiered approach. They can be very effective for customers who are reluctant initially to use IPSec VPN or FastConnect to connect to OCI but still want to have POC done with their on-premise data.
This presentation will cover following -
1. Introduction to Bastion Hosts
2. Securing connectivity between bastion hosts and On-premise connectivity.
3. Securing Bastion hosts on public network to safeguard cloud resources.
4. Alternatives to Bastion hosts.
Introducing bastion hosts for oracle cloud infrastructure v1.0maaz khan
Bastion hosts leverage easy and secure connectivity from your On-premise to OCI regions. They are created in Public subnet with a Public IP. They secure hosts like db and applications servers in private subnet using a multi-tiered approach. They can be very effective for customers who are reluctant initially to use IPSec VPN or FastConnect to connect to OCI but still want to have POC done with their on-premise data.
This presentation will cover following -
1. Introduction to Bastion Hosts
2. Securing connectivity between bastion hosts and On-premise connectivity.
3. Securing Bastion hosts on public network to safeguard cloud resources.
4. Alternatives to Bastion hosts.
Linux Server Hardening - Steps by StepsSunil Paudel
Linux Server Hardening
This document has the step by step of the way of hardening the server. We have used the metasploitable server, the vulnerable ubuntu server designed to be hacked, and have done the hardening. We have stopped all the unnecessary services and ports. We have assumed the server to be the web server only. Hence, only port 80 and 443 will be opened. Then the firewall rules have been set following by the apache web server hardening, encryption of the folder and files, disabling the unwanted users, forcing the password policies.
Martin Čmelík
Security-Portal.cz, Securix.org
http://www.security-session.cz
Přednáška: Hardening Linuxových systemů a představení distribuce Securix GNU/Linux
Přednáška se bude věnovat možnostem zabezpečení Linuxových systémů od té nejnižší až po aplikační vrstvu. Představí možnosti zvýšení bezpečnosti použitelných na všech linuxových distribucích až po MLS (Multi-Level Security) systémy typu Grsec a PaX, které jsou schopné detailního vymezení opravnění a přístupu k resourcům každé aplikace.
What is squid? What is a proxy server? how it works.., What squid can offer??, How you get a fast internet access using caching server,,
you can download this ppt
An overview of network security covering firewalls, IDS/IPS systems, traffic shaping and monitoring, and practical ways to get started learning network security.
Konfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCPWalid Umar
Panduan diatas dikhusukan untuk siswa dan guru TKJ yang hendak mempraktekkan tentang panduan untuk membangun sebuah server gateway dengan fitur proxy, webserver dan dhcp
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Editor IJMTER
In this paper the signature of a person is taken as input which is encrypted using
hierarchical visual cryptography. By using HVC the input signature will be divided into four shares.
From that any three are taken to generate key share. Another fragmentation should handover to the
authenticated server. The authenticated server should maintain the generated key and fourth
fragmentation. Only the authorized user can be accessed. If the receiver identifies the fourth
fragmentation and decrypt they got message by using HVC. It is insecure process because anybody
can hack the decrypted message easily. For the secure process the authenticated server generate a
password while transferring a message. The authenticated person can only able to got that message.
The authenticated server checks whether the person should be authorized user or not, while starting
their conversation. It provides more security and challenged for the hackers.
Linux Server Hardening - Steps by StepsSunil Paudel
Linux Server Hardening
This document has the step by step of the way of hardening the server. We have used the metasploitable server, the vulnerable ubuntu server designed to be hacked, and have done the hardening. We have stopped all the unnecessary services and ports. We have assumed the server to be the web server only. Hence, only port 80 and 443 will be opened. Then the firewall rules have been set following by the apache web server hardening, encryption of the folder and files, disabling the unwanted users, forcing the password policies.
Martin Čmelík
Security-Portal.cz, Securix.org
http://www.security-session.cz
Přednáška: Hardening Linuxových systemů a představení distribuce Securix GNU/Linux
Přednáška se bude věnovat možnostem zabezpečení Linuxových systémů od té nejnižší až po aplikační vrstvu. Představí možnosti zvýšení bezpečnosti použitelných na všech linuxových distribucích až po MLS (Multi-Level Security) systémy typu Grsec a PaX, které jsou schopné detailního vymezení opravnění a přístupu k resourcům každé aplikace.
What is squid? What is a proxy server? how it works.., What squid can offer??, How you get a fast internet access using caching server,,
you can download this ppt
An overview of network security covering firewalls, IDS/IPS systems, traffic shaping and monitoring, and practical ways to get started learning network security.
Konfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCPWalid Umar
Panduan diatas dikhusukan untuk siswa dan guru TKJ yang hendak mempraktekkan tentang panduan untuk membangun sebuah server gateway dengan fitur proxy, webserver dan dhcp
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Editor IJMTER
In this paper the signature of a person is taken as input which is encrypted using
hierarchical visual cryptography. By using HVC the input signature will be divided into four shares.
From that any three are taken to generate key share. Another fragmentation should handover to the
authenticated server. The authenticated server should maintain the generated key and fourth
fragmentation. Only the authorized user can be accessed. If the receiver identifies the fourth
fragmentation and decrypt they got message by using HVC. It is insecure process because anybody
can hack the decrypted message easily. For the secure process the authenticated server generate a
password while transferring a message. The authenticated person can only able to got that message.
The authenticated server checks whether the person should be authorized user or not, while starting
their conversation. It provides more security and challenged for the hackers.
Class I was asked to teach at a High School I was consulting at reconfiguring there whole it infrastructure. The class was a test case. This is lecture 2 of 3 created...
RSA Laboratories' Frequently Asked Questions About Today's Cryptography, Vers...EMC
RSA Laboratories’ Frequently Asked Questions about Today's Cryptography was first published in 1992 and has been one of the most popular sections of RSA’s Web site. The latest revision, version 4.1 from the year 2000, still remains a valuable introduction to the field. Its content, however, no longer represents the state of the art.
Information sharing may be great for your team, but not so great when it comes to your valuable, sensitive data. This talk is an introduction to cryptography - the art and science of keeping information secret. We'll gently introduce core concepts like steganography, codes, ciphers, and lexical analysis by reviewing the history of making (and breaking) secret writing systems from ancient times to World War 2, and finish with a discussion about modern symmetric and asymmetric (aka public key) encryption.
The Security Problem
Program Threats
System and Network Threats
Cryptography as a Security Tool
User Authentication
Implementing Security Defenses
Firewalling to Protect Systems and Networks
Computer-Security Classifications
An Example: Windows XP
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days
A participant will acquire basic skills of searching for vulnerabilities on switches and routers from various vendors. The masterclass will cover both common network vulnerabilities, and exceptive cases that can be detected in the process of security assessment of real networks.
1. Executive MSc in Information Security
Assignment:
Advance Computer Security
Prepared By:
Mohomed Shihan Suhail |EMSC 1515104
Submitted to:
Mr. Kushan Sharma
Due Date:
27-August-2016 (13:00PM)
2. • Information security: a “well-informed sense of assurance that the information
risks and controls are in balance.” —Jim Anderson, Inovant (2002)
Summery
In today’s technology environment, organizations are becoming more and more
dependent on their information security. The public is increasingly concerned about
the proper use of information, particularly personal data. The threats to information
systems from criminals and terrorists are increasing. Many organizations will identify
information as an area of their operation that needs to be protected as part of their
system of internal control.
3. ADVANCED COMPUTER SECURITY
1. Ubuntu 16.04 and hardening process
1.Update the server with latest security patches released by the vendor.
2. Create Separate Partition for /tmp.
3. Set nodev option for /tmp Partition.
4. Bind Mount the /var/tmp directory to /tmp.
5. Set Boot Loader Password so that anyone rebooting the system must enter a password before
being able to set command line boot parameters.
4. 6. Set a password for the root user to force authentication in single user mode.
7. Remove X Window system and make sure that it is not installed.
8. Configure the server in such a way that it synchronizes system clocks across a variety of
systems and use a source that is highly accurate.
9. Remove FTP Server and make sure that it is not enabled.
5. 10. Configure Mail Transfer Agent for Local-Only Mode. This will ensures that the system will
only process local mails.
11. Make sure that the rsync service is not enabled. The rsyncd service can be used to
synchronize files between systems over network links,
12. Disable Send Packet Redirects. As a host itself does not act as a router (in a host only
configuration), there is no need to send redirects.
13. Disable the acceptance of ICMP redirect messages.
14. Activate logs suspicious packets by enabling logging packets with un-routable source
addresses to the kernel log.
6. 15. Enforce accessing the system for specified IP Address range (i.e. 192.168.10.0/24) by
enforcing TCP Wrappers. You may used /etc/host.allow.
16. Enable the host-based firewall and make sure that any outsider can only access webserver
hosted at port 80.
17. Install configure and make sure that the rsyslog is active.
18. Configure logrotate to avoid filling up the system with logs or making the logs unmanageable
large.
7. 19. Enable cron daemon and configure it to take a backup of the web server access and error logs
on everyday at 11.55pm.
21. Configure the server so that it will lock out users after 5 unsuccessful consecutive login
attempts. User accounts should be locked out for 30 minutes.
8. 22. Limit password reuse to prevent users from recycling 5 recent passwords. This will ensure
that the users cannot reuse most recently used passwords.
23. Disable telnet, ftp, rlogin, rsh, and rcp and install and configure ssh for remote access. SSH
settings should be configured to meet below listed requirements.
Disable telnet
Disable rlogin
Remove line in /etc/inetd.conf
#login stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.rlogind
Disable rsh
Remove shell, login, or exec lines in /etc/inetd.conf
#shell stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.rshd
#login stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.rlogind
#exec stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.rexecd
9. Disable rcp
a. Set SSH Protocol to 2
b. Set LogLevel to INFO
c. Set X11Forwarding to no
d. Set MaxAuthTries to 4
e. Set PermitRootLogin to no
f.Set PermitEmptyPasswords to no
24. Set SSH Banner and it should only display your full name and the registration number.
2. Web Host
Install Apache, PHP7 and MySQL on the server and configured with own database named as
“database” site hosted as cgm/index.php
Root user-“root”
Password- ACSB2#Cicra@2016
Sample project for Laksiri seva and database name “database”
URL: http://Localhost/index.php
Terminal View (Lynx)