This document discusses setting up secure remote administration and firewalls on a Linux server. It is divided into three parts.
Part 1 discusses configuring a separate SSH daemon to restrict root access while allowing normal users. Public-key authentication is configured for the root user.
Part 2 demonstrates local port forwarding using SSH to access a custom Apache page on another server.
Part 3 sets up iptables firewall rules to implement a default deny policy, only allow inbound traffic on the two SSH ports, and allow a trusted network to access the privileged SSH port while logging all other dropped packets.
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios
Leland Lammert's presentation on Nagios in a Multi-Platform Enviornment.
The presentation was given during the Nagios World Conference North America held Sept 20-Oct 2nd, 2013 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/nwcna
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios
Leland Lammert's presentation on Nagios in a Multi-Platform Enviornment.
The presentation was given during the Nagios World Conference North America held Sept 20-Oct 2nd, 2013 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/nwcna
Konfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCPWalid Umar
Panduan diatas dikhusukan untuk siswa dan guru TKJ yang hendak mempraktekkan tentang panduan untuk membangun sebuah server gateway dengan fitur proxy, webserver dan dhcp
Computers are connected in a network to exchange information or resources with each other. Two or more computer are connected through network media called computer media.
There are a number of network devices or media that are involved to form computer network.
Computer loaded with Linux Operation System can also be a part of network whether it is a small or large network by multitasking and multi user natures.
Maintaining of system and network up and running is a task of System / Network Administrator’s job. In this article we are going to review frequently used network configuration and troubleshoot commands in Linux.
Shell is a protocol that provides authentication, encryption and data integrity to secure network communications. Implementations of Secure Shell offer the following capabilities: a secure command-shell, secure file transfer, and remote access to a variety of TCP/IP applications via a secure tunnel. Secure Shell client and server applications are widely available for most popular operating systems.
Overview of the SSH protocol.
SSH (Secure SHell) is a secure replacement for TELNET, rcp, rlogin, rsh (for login, remote execution of
commands, file transfer).
Security-wise SSH provides confidentiality (nobody can read the message content), integrity (guarantee that data is unaltered in transit) and authentication (of client and server). This provides protection against many of the possible attack vectors like IP spoofing, DNS spoofing, Password interception and eavesdropping.
SSH exists in 2 versions. SSH-2 fixes some of the shortcomings of SSH-1 so it should be used in place of SSH-1.
SSH also comes with features that in itself raise security concerns like tunneling and port forwarding.
Complete MPICH2 Clustering Manual in UbuntuMinhas Kamal
Complete MPICH2 Clustering Manual in Linux Ubuntu for beginners.
Documented in 3rd year of Bachelor of Science in Software Engineering (BSSE) course at Institute of Information Technology, University of Dhaka (IIT, DU).
Konfigurasi Server Gateway dengan fitur PROXY, WEBSERVER dan DHCPWalid Umar
Panduan diatas dikhusukan untuk siswa dan guru TKJ yang hendak mempraktekkan tentang panduan untuk membangun sebuah server gateway dengan fitur proxy, webserver dan dhcp
Computers are connected in a network to exchange information or resources with each other. Two or more computer are connected through network media called computer media.
There are a number of network devices or media that are involved to form computer network.
Computer loaded with Linux Operation System can also be a part of network whether it is a small or large network by multitasking and multi user natures.
Maintaining of system and network up and running is a task of System / Network Administrator’s job. In this article we are going to review frequently used network configuration and troubleshoot commands in Linux.
Shell is a protocol that provides authentication, encryption and data integrity to secure network communications. Implementations of Secure Shell offer the following capabilities: a secure command-shell, secure file transfer, and remote access to a variety of TCP/IP applications via a secure tunnel. Secure Shell client and server applications are widely available for most popular operating systems.
Overview of the SSH protocol.
SSH (Secure SHell) is a secure replacement for TELNET, rcp, rlogin, rsh (for login, remote execution of
commands, file transfer).
Security-wise SSH provides confidentiality (nobody can read the message content), integrity (guarantee that data is unaltered in transit) and authentication (of client and server). This provides protection against many of the possible attack vectors like IP spoofing, DNS spoofing, Password interception and eavesdropping.
SSH exists in 2 versions. SSH-2 fixes some of the shortcomings of SSH-1 so it should be used in place of SSH-1.
SSH also comes with features that in itself raise security concerns like tunneling and port forwarding.
Complete MPICH2 Clustering Manual in UbuntuMinhas Kamal
Complete MPICH2 Clustering Manual in Linux Ubuntu for beginners.
Documented in 3rd year of Bachelor of Science in Software Engineering (BSSE) course at Institute of Information Technology, University of Dhaka (IIT, DU).
Objective Modify a ProofofConcept PoC vsftpd 234 expl.pdfAAYAMINDIA
Objective: Modify a Proof-of-Concept (PoC) vsftpd 2.3.4 exploit written in Bash to pass values
for targeted host and command(s) from command line arguments to the PoC.
Bonus for modifying the script to get a bind shell on the targeted host. A bind shell allows the
attacker to execute system commands through a command line interface (CLI) on the target
where the victim host provides a listening port (server side) and the attacker connects to that
port (client side).
Discussion: You modified Bash and Python scripts in two recent exercises to pass arguments
from the command line to script variables. The Bash script vsftpd_bdoor.sh.txt uses static
values for two key variables, $HOST and $CMD. The script works with these static values but
would be easier to use against other targets if values for those variables could be passed from
the CLI.
You may note a couple of other interesting features in the PoC. First, the PoC adds color to
some of the output text. Second, the PoC creates a file /tmp/cmd to hold the command(s) and
exit function for the backdoor. A connection is made to the backdoor using netcat and the file
/tmp/cmd is piped into the netcat connection. This is done because netcat-openbsd does not
support the execute (-e) option. The execute option is provided in netcat-traditional, so an
attacker using netcat-traditional could just pass those variables using the execute option.
However, another approach is required for netcat-opensbsd. Placing the commands in a file
using a Here Document and piping that file into the netcat connection ensures the script works
with both netcat-traditional and netcat-openbsd. You can read more about Here Documents at
this source.
The here document is written to /tmp because a pen-tester may not always have permission to
write to their working directory (pwd). By default, all users can write to /tmp. Its common
practice to see attackers or pen-testers write files to /tmp. The here document is created with
the following snippet:
cat <<EOF >/tmp/cmd
$CMD
$QUIT
EOF
Beyond that, we see the script is pretty simple. It:
1. Defines variables.
2. Authenticates to FTP, passing the trigger for the vsftpd 2.3.4 backdoor in the $USER
variable.
3. Makes a netcat connection to the backdoor and pipes commands and an exit into that
netcat connection.
Resources:
1. Kali Linux Container2. Metasploitable2 Container
Overview:
1. Rename vsftpd_bdoor.sh.txt to vsftpd_bdoor.sh. This is good housekeeping.
2. Demonstrate the PoC is successful against a vulnerable vsftpd server using static values.
3. Modify the script to pass target host and commands from the command line.
4. Demonstrate the modified PoC is successful against a vulnerable vsftpd 2.3.4 server.
5. Bonus: Modify the PoC to obtain a bind shell through the vsftpd 2.3.4 backdoor.
6. Bonus: Demonstrate the modified PoC successfully provides the bind shell.
Procedures:
1. Start Kali Linux and Metasploitable2 containers. See instructions in prior assignments.
2. Determine th.
Setting up a kubernetes cluster on ubuntu 18.04- loves cloudLoves Cloud
#Kubernetes has become a de-facto standard for #container orchestration and is becoming ubiquitous with #devops across organizations. As the first part of this series, let us go through the steps involved in deploying a single master node # kubernetes #cluster along with two worker nodes.......#kubernetes #cluster #container #devops #Ubuntu
Labs cisco ccna icnd1 proposé par firebrandtraining pour appliqué les connaissances apporté.
les bonnes pratiques dans le domaine reseau informatique vous obliger de faire des labs après la fin de chaque chapitre abordé dans les classes cisco.
Tick Stack - Listen your infrastructure and please sleepGianluca Arbezzano
Our application and our infrastructure speak, time series are one of their languages, during this talk I will share my experience about InfluxDB and time series to monitor and know the status of our cloud infrastructure. We will show best practice and tricks to grab information from an application in order to understand the mains difference between logs and time series.
LAN to LAN VPN also known as Site to Site VPN is the most basic and the most simplest of all the VPN’s used on CISCO devices. It helps in connecting networks in different geographical location.
# Internet Security: Safeguarding Your Digital World
In the contemporary digital age, the internet is a cornerstone of our daily lives. It connects us to vast amounts of information, provides platforms for communication, enables commerce, and offers endless entertainment. However, with these conveniences come significant security challenges. Internet security is essential to protect our digital identities, sensitive data, and overall online experience. This comprehensive guide explores the multifaceted world of internet security, providing insights into its importance, common threats, and effective strategies to safeguard your digital world.
## Understanding Internet Security
Internet security encompasses the measures and protocols used to protect information, devices, and networks from unauthorized access, attacks, and damage. It involves a wide range of practices designed to safeguard data confidentiality, integrity, and availability. Effective internet security is crucial for individuals, businesses, and governments alike, as cyber threats continue to evolve in complexity and scale.
### Key Components of Internet Security
1. **Confidentiality**: Ensuring that information is accessible only to those authorized to access it.
2. **Integrity**: Protecting information from being altered or tampered with by unauthorized parties.
3. **Availability**: Ensuring that authorized users have reliable access to information and resources when needed.
## Common Internet Security Threats
Cyber threats are numerous and constantly evolving. Understanding these threats is the first step in protecting against them. Some of the most common internet security threats include:
### Malware
Malware, or malicious software, is designed to harm, exploit, or otherwise compromise a device, network, or service. Common types of malware include:
- **Viruses**: Programs that attach themselves to legitimate software and replicate, spreading to other programs and files.
- **Worms**: Standalone malware that replicates itself to spread to other computers.
- **Trojan Horses**: Malicious software disguised as legitimate software.
- **Ransomware**: Malware that encrypts a user's files and demands a ransom for the decryption key.
- **Spyware**: Software that secretly monitors and collects user information.
### Phishing
Phishing is a social engineering attack that aims to steal sensitive information such as usernames, passwords, and credit card details. Attackers often masquerade as trusted entities in email or other communication channels, tricking victims into providing their information.
### Man-in-the-Middle (MitM) Attacks
MitM attacks occur when an attacker intercepts and potentially alters communication between two parties without their knowledge. This can lead to the unauthorized acquisition of sensitive information.
### Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
1. CN8822
Assignment #2
2
Assignment 2 – Secure Remote administration and firewalls ________________________________ 3
Part1 _____________________________________________________________________________ 3
Objective: To Study the concepts of remotely administering a server using ssh.__________________ 3
Public-key authentication should be used for the root user __________________________________ 9
Part II-Objective: To study the concepts of ssh port forwarding._____________________________ 12
Part III -Objective: Firewall using IPTABLES ______________________________________________ 17
References ________________________________________________________________________ 21
2. CN8822
Assignment #2
3
Assignment 2 – Secure Remote administration and firewalls
Part1
Objective: To Study the concepts of remotely administering a server using ssh.
1)You are to secure a Linux server by restricting remote root access by running a separate sshd daemon.
Make the necessary changes to have the newly configured sshd daemon comply with following restrictions:
1. Daemon must start on all run levels, i.e. 2345
2. root should have remote access to this server using new sshd daemon and no others.
3. All others should be accessing the server using the existing sshd daemon; again root should not be to
access this sshd daemon.
4. Public-key authentication should be used for the root user
5. Feel free to add any configuration directives to further secure the ssh daemon
Explanation:
There is one SSH daemon runs by default to provide the ssh service on the default port 22. To have a
separate SSH daemon we need to have separate run level and configuration files, and to isolate both
daemons to work independently we copied binary file with different name .
This was achieved by following these steps.
1) Copy sshd binary file with new name sshd_root with the –p option to retain same rights.
2) Copy sshd_config file with new name and make necessary changes to have separate keys for
Root user and normal user, have separate pid file, separate port, separate Login Rules, these
Rules are highlighted in the file
5. CN8822
Assignment #2
6
3) Have separate init scripts for sshd daemon and sshd_root daemon, we have highlighted the
Changes in both files .
In the ssh script file we have pointed to correct config file
Also changed the pid file name to new pid file all the corresponding functions.
Similar changes were made in the ssh_root init script and we have highlighted them , most
important change was to point to new binary sshd_root in the /usr/bin directory.
Next change is point to right config file.
6. CN8822
Assignment #2
7
3rd change was to have separate pid file as shown
After all these changes we were able to successfully register the ssh_root as a separate daemon at
the specified runlevels which is 2345 by using debian service register tool
We can verify this by checking at the soft links at the rc startup level.
After All these changes we were able to start/stop these two daemon separately and verified the
login Rules.
Here is the screenprint of separate pid files.
7. CN8822
Assignment #2
8
We restarted the server and two daemons started independently.
We tried to login as root on port 22 it failed
Where as normal user login was successful.
Similarly root login was successful at port 2501 and normal user failed on this port.
8. CN8822
Assignment #2
9
Login as root was successful using port 2501 as shown.
From this we were able to confirm that our two ssh daemon are working as expected in our
Assignment.
Public-key authentication should be used for the root user
For the Public Key Authentication we used two machines with IP 192.168.56.101 as Server A
And 192.168.56.102 as Server B and we were able to login with password.
Here is the steps we had followed.
1) Create a key for root user
9. CN8822
Assignment #2
10
2) Copy key to 192.168.56.102 using ssh-copy which copied the key to authorized directoy and
Login to 192.168.56.102, login was successful without prompting for Password.
11. CN8822
Assignment #2
12
Part II-Objective: To study the concepts of ssh port forwarding.
SSH tunnels can be created in several ways using different kinds of port forwarding
mechanisms. Ports can be forwarded in three ways.
1) Local port forwarding
2) Remote port forwarding
3) Dynamic port forwarding
Port forwarding or port mapping is a name given to the combined technique of
1) translating the address and/or port number of a packet to a new destination
2) possibly accepting such packet(s) in a packet filter(firewall)
3 ) forwarding the packet according to the routing table.
To illustrate Port Forwarding Example we have used Local port Forwarding.
We have Two Servers A(192.168.56.101) and B (192.168.56.102) both have Apache running
One Machine has default Apache test Page which we will treat as Client and Second Machine has
Our Custom Page as shown below.
12. CN8822
Assignment #2
13
This Machine we will treat as Server with IP 192.168.56.101 and Client one IP is
192.168.56.102 and Apache Page is
We will use Local Port Forwarding on Client to Display the server Apache page
To achieve this we will use SSH Local forwarding.
13. CN8822
Assignment #2
14
SSH Local forwarding Syntax is
ssh -L <local-port-to-listen>:<remote-host>:<remote-port> <gateway>
In our case we have decided to use Local port 4500 to listen to remote server port 80 using Remote
server as gateway.
ssh –L 4500:192.168.56.101:80 root@192.168.56.101
Once we are logged into to Server 192.168.56.101, we will be listening port 80 traffic of this box to
192.168.56.102, 4500 port.
We can confirm this by netstat
16. CN8822
Assignment #2
17
Part III -Objective: Firewall using IPTABLES
Firewall implementation using iptables. You are to setup the
Appropriate iptables rules to accomplish the following:
1. Using the same VM running the newly configured sshd daemon From Part I; setup a default-deny
policy to drop all inbound Traffic.
2. Only allow inbound traffic to both sshd ports, port 22 for public Access and privileged port for
root access. Note: Privileged Port is something you choose in Part I when new daemon was
Configured.
3. Only allow a trusted network or net-block to access the privileged sshd port.
4. Log all other dropped packets
Explanations
Firewalls are used to block unauthorized access to Network. All Linux Flavors provide basic
firewall in the kernel “IPTABLES” which can be used to provide simple IPv4 and IPV6 packet
filtering and Network Address Translation.
IP Table provided three set of Rules, knows as chains, which are IPUT CHAIN, Forward Chain and
OUT PUT CHAIN.
Diagram Below shows high Level IP Packet Filtering in the “ IP Tables”
17. CN8822
Assignment #2
18
Our Assignment requirement is to Implement Basic IP table Rules at the INPUT chain
We have implemented the Rules by following commands
mangle
PREROUTING
nat
PREROUTING
filter
INPUT
filter
OUTPUT
nat
POSTROUTING
filter
FORWARD
Mangle
OUTPUT
route
Local
Process
Network
Network
18. CN8822
Assignment #2
19
Since IPTABLE Rules are sequential we have to be careful to have DROP Rule at the End of
The Rules.
We can verify our Rules by following Command.
Checked active ports on server
Using TCP dump to see the traffic on these ports.