The document discusses conducting four tasks to gain experience with TCP/IP vulnerabilities and attacks. Task 1 involves a TCP SYN flood attack and the SYN cookie countermeasure. Task 2 is a TCP session hijacking attack. Tasks 3 and 4 involve TCP RST attacks against telnet/SSH connections and video streaming applications respectively. The tasks are designed to help understand network security challenges and why defenses are needed by studying past vulnerabilities.
Wissbi is an open source toolset for building distributed event processing pipelines easily. It provides basic commands like wissbi-sub and wissbi-pub that allow receiving and sending messages. Filters can be written in any language and run in parallel as daemon processes configured through files. This allows constructing complex multi-stage data workflows. The ecosystem also includes tools like a log collector and metric collector that use Wissbi for transport. It aims to minimize operating effort through a simple design that relies mainly on filesystem operations and standard Unix tools and commands.
The document discusses firewalls in Linux systems and how to configure iptables firewall rules. It begins by explaining what firewalls are and how they work. It then discusses different tools for managing Linux firewalls, including iptables, UFW, and GUFW. The majority of the document provides instructions on how to set basic iptables rules to accept established connections and specific ports while dropping all other traffic. It explains how to view existing rules, insert new rules, and save the iptables configuration to load on startup.
1) Firewalls act as barriers to protect networks and computers from threats on the internet. They control incoming and outgoing network traffic by analyzing data packets and determining if they should be allowed or blocked based on rules.
2) There are different types of firewalls including software-based, hardware-based, network layer, and application layer. Network layer firewalls include packet filters and circuit level filters. Application layer firewalls can understand applications and protocols.
3) Techniques used by firewalls include packet filtering, stateful packet inspection, and application proxies. Choosing a firewall depends on ensuring security of ports, monitoring systems, and not slowing performance. Users can check if their firewall is working by performing a port scan
This document provides an overview and summaries of 6 modules for an information security course. Module 1 discusses building a remote light control system using an Arduino board. Module 2 provides an introduction to vulnerability scanning tools like Nmap and Nessus. Module 3 demonstrates implementing a stateful firewall and multi-factor authentication on Ubuntu. Module 4 discusses developing a bring your own device security policy. Modules 5 and 6 were not fully completed due to equipment issues. The course helped reinforce and build upon the student's previous information security knowledge.
This document discusses iptables, a firewall program used in Linux operating systems. Iptables allows administrators to configure rules that filter network packets and protect private networks. It provides stateful packet inspection, support for network address translation, and rate limiting capabilities. Iptables works by defining tables of chains containing rules that are applied to packets. Common chains include INPUT, OUTPUT, and FORWARD. The document also provides examples of iptables rules for allowing or blocking ping, filtering by IP address or port, saving and restoring rulesets, and preventing denial of service attacks.
This document describes potential backdoor techniques to maintain access to systems behind different types of firewalls. It discusses placing backdoors on internal machines rather than firewall machines. Suggested backdoor methods include using ACK-only telnet, the Loki ICMP tunnel, a UDP-based daemon shell, and exploiting ports left open for non-passive FTP. Insider assistance, exploiting vulnerable external services, hijacking connections, and trojan files are also proposed for initially penetrating firewalls.
This lab document describes using the Metasploit framework to perform exploits against Windows systems. It consists of six sections: installing Metasploit, adding a remote user to Windows XP, gaining remote command shell access to Windows XP, using DLL injection to open a remote VNC connection, remotely installing a rootkit on Windows, and setting up the Metasploit web interface. The document provides background on exploit frameworks and payloads, and guides students through exercises to complete each section.
The document discusses conducting four tasks to gain experience with TCP/IP vulnerabilities and attacks. Task 1 involves a TCP SYN flood attack and the SYN cookie countermeasure. Task 2 is a TCP session hijacking attack. Tasks 3 and 4 involve TCP RST attacks against telnet/SSH connections and video streaming applications respectively. The tasks are designed to help understand network security challenges and why defenses are needed by studying past vulnerabilities.
Wissbi is an open source toolset for building distributed event processing pipelines easily. It provides basic commands like wissbi-sub and wissbi-pub that allow receiving and sending messages. Filters can be written in any language and run in parallel as daemon processes configured through files. This allows constructing complex multi-stage data workflows. The ecosystem also includes tools like a log collector and metric collector that use Wissbi for transport. It aims to minimize operating effort through a simple design that relies mainly on filesystem operations and standard Unix tools and commands.
The document discusses firewalls in Linux systems and how to configure iptables firewall rules. It begins by explaining what firewalls are and how they work. It then discusses different tools for managing Linux firewalls, including iptables, UFW, and GUFW. The majority of the document provides instructions on how to set basic iptables rules to accept established connections and specific ports while dropping all other traffic. It explains how to view existing rules, insert new rules, and save the iptables configuration to load on startup.
1) Firewalls act as barriers to protect networks and computers from threats on the internet. They control incoming and outgoing network traffic by analyzing data packets and determining if they should be allowed or blocked based on rules.
2) There are different types of firewalls including software-based, hardware-based, network layer, and application layer. Network layer firewalls include packet filters and circuit level filters. Application layer firewalls can understand applications and protocols.
3) Techniques used by firewalls include packet filtering, stateful packet inspection, and application proxies. Choosing a firewall depends on ensuring security of ports, monitoring systems, and not slowing performance. Users can check if their firewall is working by performing a port scan
This document provides an overview and summaries of 6 modules for an information security course. Module 1 discusses building a remote light control system using an Arduino board. Module 2 provides an introduction to vulnerability scanning tools like Nmap and Nessus. Module 3 demonstrates implementing a stateful firewall and multi-factor authentication on Ubuntu. Module 4 discusses developing a bring your own device security policy. Modules 5 and 6 were not fully completed due to equipment issues. The course helped reinforce and build upon the student's previous information security knowledge.
This document discusses iptables, a firewall program used in Linux operating systems. Iptables allows administrators to configure rules that filter network packets and protect private networks. It provides stateful packet inspection, support for network address translation, and rate limiting capabilities. Iptables works by defining tables of chains containing rules that are applied to packets. Common chains include INPUT, OUTPUT, and FORWARD. The document also provides examples of iptables rules for allowing or blocking ping, filtering by IP address or port, saving and restoring rulesets, and preventing denial of service attacks.
This document describes potential backdoor techniques to maintain access to systems behind different types of firewalls. It discusses placing backdoors on internal machines rather than firewall machines. Suggested backdoor methods include using ACK-only telnet, the Loki ICMP tunnel, a UDP-based daemon shell, and exploiting ports left open for non-passive FTP. Insider assistance, exploiting vulnerable external services, hijacking connections, and trojan files are also proposed for initially penetrating firewalls.
This lab document describes using the Metasploit framework to perform exploits against Windows systems. It consists of six sections: installing Metasploit, adding a remote user to Windows XP, gaining remote command shell access to Windows XP, using DLL injection to open a remote VNC connection, remotely installing a rootkit on Windows, and setting up the Metasploit web interface. The document provides background on exploit frameworks and payloads, and guides students through exercises to complete each section.
CNS440 – Lab Assignment Week 2
Complete Lab 1: Performing Reconnaissance and Probing using Common Tools
Typically, attackers, malicious users, and/or hackers follow these steps in waging attacks:
1. Reconnaissance / Scanning
2. Vulnerability Analysis (enumeration)
3. Exploitation (the actual attack)
4. Post attack clean-up (anti-forensics)
In Lab 1, you will reconnaissance and scan a local network to identify the local hosts, open ports,
and services enabled on the local servers. You will use Wireshark to capture and analyze traffic,
Nessus to scan the network; review a sample of collection of data using the NetWitness
Investigator, connect to a remote Windows machine and explore two file transfer applications –
FileZilla and Tftpd64. You will use PuTTY to connect a Linux machine and run several Cisco
commands to display statistics for the network interfaces. You will use Zenmap (the graphical
version of the popular reconnaissance tool nmap) to scan the network and create a network
topology chart.
Section 1 is a hands-on demonstration – a lot of the steps are repeated in the Section 2 where you
have to actually experiment as part of your applied learning. You can go over Section 1 to get a
grip; keep the focus on Section 2. Upon Completion of Lab 1, you are required to provide the
following deliverables in the submission folder in D2L for this lab:
1. One .docx or .pdf document that contains:
1.1. A summary what you find most interesting and/or most challenging in the lab
1.2. All the screenshots as indicated in the Lab Manual for the lab in the online platform
2. All the remaining files, if there any, as indicated in the Lab Manual for the lab in the
online platform.
CNS440 – Lab Assignment Week 6
Complete Lab 10: Implementing an Information Systems Security Policy
In this lab, you will act as a member of the network security team. You have been given an
assignment to implement two security standards that have been accepted by the organization.
First you will enforce a newly adopted corporate password policy using the Group Policy
Management Console. Additionally, the new policy dictates that all servers on a given subnet
must be members of the Active Directory domain, but your organization has a Linux workstation
that is currently a standalone system. You will join the Linux machine to the Active Directory
domain using an open source tool, PowerBroker Identity Services Open.
Section 1 is a hands-on demonstration – a lot of the steps are repeated in the Section 2 where you
have to actually experiment as part of your applied learning. You can go over Section 1 to get a
grip; keep the focus on Section 2. Upon Completion of Lab 6, you are required to provide the
following deliverables in the Dropbox folder in D2L for this lab:
1. One .docx or .pdf document that contains:
1.1. A summary what you find most interesting and/or most challenging in the lab
1.2. All the scr.
This document provides an overview of SD-WAN and NSX SD-WAN by VeloCloud. It defines SD-WAN as using software and cloud technologies to simplify WAN services delivery to branch offices. Key benefits of SD-WAN include business agility, lower bandwidth costs using internet connectivity, and optimized connections to cloud applications. The document reviews SD-WAN features such as virtualizing networks, enabling secure overlays, and supporting automation through business policies. It provides examples of common business uses cases for SD-WAN and contrasts SD-WAN with traditional WAN optimization. Finally, it presents an at-a-glance overview of NSX SD-WAN by VeloCloud's capabilities and
This document discusses firewalls and packet filters. It defines a firewall as a device that provides secure connectivity between networks and can be hardware, software, or a combination. There are two main types of firewalls - hardware and software. It also describes how firewalls and packet filters work, including inspecting packets and applying rules to determine if packets should be allowed through or blocked. The functions of packet filters are to control traffic and provide security. Manufacturing companies that provide firewall and packet filtering solutions are also listed.
This document contains a list of probable questions related to operating systems, file systems, networking, Windows commands, and troubleshooting. Some of the topics covered include types of operating systems, differences between FAT and NTFS file systems, Active Directory, firewall types, OSI model layers, and RAID levels. The list provides definitions and explanations for many common computer and networking concepts.
The document lists several probable questions about operating systems and computer security topics. It includes definitions and comparisons of different types of operating systems like real-time, multi-user, multi-tasking, distributed, and embedded operating systems. It also summarizes the differences between FAT and NTFS file systems, enhancements in Windows 2003, defines what an active directory is, describes types of firewalls like network-level, circuit-level, application-level, and stateful multi-level firewalls, and compares hardware and software firewalls.
### Delivered at grrcon.com ###
One of the primary data sources we use on the Splunk Security Research Team is attack data collected from various corners of the globe. We often obtain this data in the wild using honeypots, with the goal of uncovering new or unusual attack techniques and other malicious activities for research purposes. The nirvana state is a honeypot tailored to mimic the kind of attack/attacker you are hoping to study. To do this effectively, the honeypot must very closely resemble a legitimate system. As a principal security research at Splunk, co-founder of Zenedge (Now part of Oracle), and Security Architect at Akamai I have spent many years protecting organizations from targeted as well as internet-wide attacks, and honeypots has been extremely useful (at times better than threat intel) tool at capturing and studying active malicious actors.
In this talk, I aim to provide an introduction to honeypots, explain some of the experiences and lessons learned we have had running Cowrie a medium interaction SSH honeypot base on Kippo. How we modified cowrie to make it more realistic and mimic the systems and attack we are trying to capture as well as our approach for the next generation of honeypots we plan to use in our research work. The audience in this talk will learn how to deploy and use cowrie honeypot as a defense mechanism in their organization. Also, we will share techniques on how to modify cowrie in order to masquerade different systems and vulnerabilities mimicking the asset(s) being defended. Finally, share example data produced by the honeypot and analytic techniques that can be used as feedback to improve the deployed honeypot. We will close off the talk by sharing thoughts on how we are evolving our approach for capturing attack data using honeypots and why.
This document discusses using Ansible to manage PostgreSQL databases. It begins with an introduction to Ansible, explaining that it is an agentless automation tool used for configuration management, deployment, and orchestration. It then provides an overview of installing and using Ansible to provision infrastructure on Amazon Web Services and install PostgreSQL with streaming replication across multiple servers. Key components of Ansible like templates, variables, tasks, and playbooks are demonstrated in an example repository for automating PostgreSQL configuration management.
The document provides an overview of the Apache Struts 2 framework. It discusses that Struts 2 is a popular Java web framework based on the MVC pattern. It is a complete rewrite of the original Struts framework. The document then covers the core components of Struts 2 including actions, interceptors, the value stack, results, and view technologies. It also provides details on setting up the Struts 2 development environment including installing Java, Tomcat, Eclipse, and the Struts 2 libraries.
The document discusses firewall implementation for a company called Acme. It describes how Acme can set up firewalls to restrict access between internal and external networks and between different internal departments. Packet filtering, proxy servers, and demilitarized zones are implemented to enforce access controls and monitor network traffic flow while protecting sensitive data. The completed Acme intranet design includes multiple firewalls configured in screened subnets and dual-homed gateways to secure remote access and internal information flows.
The document discusses firewalls and how they can protect computer networks from unauthorized access. It describes different types of firewalls including packet filters, application gateways, circuit-level gateways, and stateful packet inspection. It also outlines common firewall configurations like screened networks, dual-homed gateways, and screened subnets. The document provides details on how each type of firewall works and their advantages and disadvantages.
This document discusses firewalls and their types. It begins by explaining that firewalls protect networks by guarding entry points and are becoming more sophisticated. It then defines a firewall as a network security system that controls incoming and outgoing network traffic based on rules. The document outlines different generations of firewalls and describes four main types: packet filtering, stateful packet inspection, application gateways/proxies, and circuit-level gateways. It details the characteristics, strengths, and weaknesses of each type. Finally, it emphasizes that networks are still at risk of attacks and that firewalls have become ubiquitous, so choosing the right solution depends on needs, policies, resources.
Firestarter is an open source graphical firewall program for Linux. It aims to combine ease of use with powerful features for both desktop and server use. The main interface has status, events, and policy pages. The firewall wizard guides initial configuration. By default, Firestarter blocks incoming traffic but allows outgoing. Events show blocked attempts, and policies can be created to allow specific traffic. It provides firewalling, network address translation, and optional DHCP for internet connection sharing.
The document provides instructions for a lab on Snort and firewall rules. It describes:
1) Setting up the virtual environment and configuring networking on the CyberOps Workstation VM.
2) Explaining the differences between firewall and IDS rules while noting their similarities, such as both having matching and action components.
3) Having students run commands to start a malware server, use Snort to monitor traffic, and download a file from the server to trigger an alert, observing the alert in the Snort log.
Red Hat Linux 5 Hardening Tips - National Security Agencysanchetanparmar
This document provides a summary of tips for hardening the default installation of Red Hat Enterprise Linux 5. It recommends securing physical access to servers, minimizing installed software, regularly updating systems, disabling unnecessary services, removing SUID/SGID permissions and X Windows, configuring firewalls and SELinux, and securing SSH access. The full document provides more detailed guidance for implementing these security configurations.
This document provides an introduction to firewalls. It discusses what firewalls are, the differences between hardware and software firewalls, and how software firewalls work. Specific examples of personal firewall software are given, and considerations for using this type of firewall software are outlined. Brief overviews are provided of the firewalls included in Windows XP and Mac OS X operating systems. The document also describes Northeastern University's firewall service and the process for implementing a firewall for a department.
A gateway server is a server through which the computers in a LAN access the Internet. This is
usually done through NAT. It should also provide firewall protection for the LAN and it can also serve
as a DNS and DHCPD server for the LAN. Some years ago I have been involved in a project for building gateway servers like this, using
slackware on old PCs. In this article I will try to explain the things that I have done on this project and
how I did them.
From Linux kernel livepatches to encryption to ASLR to compiler optimizations and configuration hardening, we strive to ensure that Ubuntu 16.04 LTS is the most secure Linux distribution out of the box.
These slides try to briefly explain:
- what we do to secure Ubuntu
- how the underlying technology works
- when the features took effect in Ubuntu
This document provides an overview of pentesting iOS apps. It discusses setting up an environment for analysis, including installing tools. It then covers static analysis techniques like inspecting app binaries and local data storage. Dynamic analysis techniques are also covered, like monitoring API calls, the filesystem, and network traffic. The document provides tips on bypassing protections like certificate pinning and resources for further learning.
The document discusses several topics relating to securing Unix web servers and firewalls. It provides instructions on monitoring system files and backups to detect intrusions and protect important data. It also examines the purpose of firewalls in restricting network traffic and the key factors to consider when selecting a firewall system, such as the operating system, protocols supported, filter types, logging and administration interfaces.
Write a page to a page and half for each topic and read each topic a.docxedgar6wallace88877
Write a page to a page and half for each topic and read each topic and there attachment carefully and summarize
1-Mon Oct 28: The Conflict over Religious Authority in Post-Safavid Iran
Attached Files:
Attachment : Momen Akhbari School (1).pdf
Moojan Momen,
An Introduction to Shi’i Islam,
ch.6, 12.
2- Wed Oct 30: Imperial Reform Movements
Attached Files:
Tanzimat Decree (1).pdf
Tobacco Concession (2)pdf
25 Reform Movements (3) pptx
Cleveland,
Modern Middle East,
ch.5-6
Primary Sources:
Gulhane Edict (1839)
Hatt-i Humayun (1856)
Tobacco Concession
3- Fri Nov 1: Social and Intellectual Movements in the Early 20th Century
Attached Files:
alAfghani (1)
Abduh Theology of Unity (2)
.
Write a page discussing why you believe PMI is focusing BA as the fi.docxedgar6wallace88877
PMI focuses business analysis as the first step in the project management model because understanding requirements upfront helps define the scope and prevent issues down the road. Poor business analysis can negatively impact a project's success if the wrong objectives are identified or user needs aren't understood correctly. Validating ideas with citations is important to support opinions on why analysis is important for setting projects up for success.
More Related Content
Similar to SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
CNS440 – Lab Assignment Week 2
Complete Lab 1: Performing Reconnaissance and Probing using Common Tools
Typically, attackers, malicious users, and/or hackers follow these steps in waging attacks:
1. Reconnaissance / Scanning
2. Vulnerability Analysis (enumeration)
3. Exploitation (the actual attack)
4. Post attack clean-up (anti-forensics)
In Lab 1, you will reconnaissance and scan a local network to identify the local hosts, open ports,
and services enabled on the local servers. You will use Wireshark to capture and analyze traffic,
Nessus to scan the network; review a sample of collection of data using the NetWitness
Investigator, connect to a remote Windows machine and explore two file transfer applications –
FileZilla and Tftpd64. You will use PuTTY to connect a Linux machine and run several Cisco
commands to display statistics for the network interfaces. You will use Zenmap (the graphical
version of the popular reconnaissance tool nmap) to scan the network and create a network
topology chart.
Section 1 is a hands-on demonstration – a lot of the steps are repeated in the Section 2 where you
have to actually experiment as part of your applied learning. You can go over Section 1 to get a
grip; keep the focus on Section 2. Upon Completion of Lab 1, you are required to provide the
following deliverables in the submission folder in D2L for this lab:
1. One .docx or .pdf document that contains:
1.1. A summary what you find most interesting and/or most challenging in the lab
1.2. All the screenshots as indicated in the Lab Manual for the lab in the online platform
2. All the remaining files, if there any, as indicated in the Lab Manual for the lab in the
online platform.
CNS440 – Lab Assignment Week 6
Complete Lab 10: Implementing an Information Systems Security Policy
In this lab, you will act as a member of the network security team. You have been given an
assignment to implement two security standards that have been accepted by the organization.
First you will enforce a newly adopted corporate password policy using the Group Policy
Management Console. Additionally, the new policy dictates that all servers on a given subnet
must be members of the Active Directory domain, but your organization has a Linux workstation
that is currently a standalone system. You will join the Linux machine to the Active Directory
domain using an open source tool, PowerBroker Identity Services Open.
Section 1 is a hands-on demonstration – a lot of the steps are repeated in the Section 2 where you
have to actually experiment as part of your applied learning. You can go over Section 1 to get a
grip; keep the focus on Section 2. Upon Completion of Lab 6, you are required to provide the
following deliverables in the Dropbox folder in D2L for this lab:
1. One .docx or .pdf document that contains:
1.1. A summary what you find most interesting and/or most challenging in the lab
1.2. All the scr.
This document provides an overview of SD-WAN and NSX SD-WAN by VeloCloud. It defines SD-WAN as using software and cloud technologies to simplify WAN services delivery to branch offices. Key benefits of SD-WAN include business agility, lower bandwidth costs using internet connectivity, and optimized connections to cloud applications. The document reviews SD-WAN features such as virtualizing networks, enabling secure overlays, and supporting automation through business policies. It provides examples of common business uses cases for SD-WAN and contrasts SD-WAN with traditional WAN optimization. Finally, it presents an at-a-glance overview of NSX SD-WAN by VeloCloud's capabilities and
This document discusses firewalls and packet filters. It defines a firewall as a device that provides secure connectivity between networks and can be hardware, software, or a combination. There are two main types of firewalls - hardware and software. It also describes how firewalls and packet filters work, including inspecting packets and applying rules to determine if packets should be allowed through or blocked. The functions of packet filters are to control traffic and provide security. Manufacturing companies that provide firewall and packet filtering solutions are also listed.
This document contains a list of probable questions related to operating systems, file systems, networking, Windows commands, and troubleshooting. Some of the topics covered include types of operating systems, differences between FAT and NTFS file systems, Active Directory, firewall types, OSI model layers, and RAID levels. The list provides definitions and explanations for many common computer and networking concepts.
The document lists several probable questions about operating systems and computer security topics. It includes definitions and comparisons of different types of operating systems like real-time, multi-user, multi-tasking, distributed, and embedded operating systems. It also summarizes the differences between FAT and NTFS file systems, enhancements in Windows 2003, defines what an active directory is, describes types of firewalls like network-level, circuit-level, application-level, and stateful multi-level firewalls, and compares hardware and software firewalls.
### Delivered at grrcon.com ###
One of the primary data sources we use on the Splunk Security Research Team is attack data collected from various corners of the globe. We often obtain this data in the wild using honeypots, with the goal of uncovering new or unusual attack techniques and other malicious activities for research purposes. The nirvana state is a honeypot tailored to mimic the kind of attack/attacker you are hoping to study. To do this effectively, the honeypot must very closely resemble a legitimate system. As a principal security research at Splunk, co-founder of Zenedge (Now part of Oracle), and Security Architect at Akamai I have spent many years protecting organizations from targeted as well as internet-wide attacks, and honeypots has been extremely useful (at times better than threat intel) tool at capturing and studying active malicious actors.
In this talk, I aim to provide an introduction to honeypots, explain some of the experiences and lessons learned we have had running Cowrie a medium interaction SSH honeypot base on Kippo. How we modified cowrie to make it more realistic and mimic the systems and attack we are trying to capture as well as our approach for the next generation of honeypots we plan to use in our research work. The audience in this talk will learn how to deploy and use cowrie honeypot as a defense mechanism in their organization. Also, we will share techniques on how to modify cowrie in order to masquerade different systems and vulnerabilities mimicking the asset(s) being defended. Finally, share example data produced by the honeypot and analytic techniques that can be used as feedback to improve the deployed honeypot. We will close off the talk by sharing thoughts on how we are evolving our approach for capturing attack data using honeypots and why.
This document discusses using Ansible to manage PostgreSQL databases. It begins with an introduction to Ansible, explaining that it is an agentless automation tool used for configuration management, deployment, and orchestration. It then provides an overview of installing and using Ansible to provision infrastructure on Amazon Web Services and install PostgreSQL with streaming replication across multiple servers. Key components of Ansible like templates, variables, tasks, and playbooks are demonstrated in an example repository for automating PostgreSQL configuration management.
The document provides an overview of the Apache Struts 2 framework. It discusses that Struts 2 is a popular Java web framework based on the MVC pattern. It is a complete rewrite of the original Struts framework. The document then covers the core components of Struts 2 including actions, interceptors, the value stack, results, and view technologies. It also provides details on setting up the Struts 2 development environment including installing Java, Tomcat, Eclipse, and the Struts 2 libraries.
The document discusses firewall implementation for a company called Acme. It describes how Acme can set up firewalls to restrict access between internal and external networks and between different internal departments. Packet filtering, proxy servers, and demilitarized zones are implemented to enforce access controls and monitor network traffic flow while protecting sensitive data. The completed Acme intranet design includes multiple firewalls configured in screened subnets and dual-homed gateways to secure remote access and internal information flows.
The document discusses firewalls and how they can protect computer networks from unauthorized access. It describes different types of firewalls including packet filters, application gateways, circuit-level gateways, and stateful packet inspection. It also outlines common firewall configurations like screened networks, dual-homed gateways, and screened subnets. The document provides details on how each type of firewall works and their advantages and disadvantages.
This document discusses firewalls and their types. It begins by explaining that firewalls protect networks by guarding entry points and are becoming more sophisticated. It then defines a firewall as a network security system that controls incoming and outgoing network traffic based on rules. The document outlines different generations of firewalls and describes four main types: packet filtering, stateful packet inspection, application gateways/proxies, and circuit-level gateways. It details the characteristics, strengths, and weaknesses of each type. Finally, it emphasizes that networks are still at risk of attacks and that firewalls have become ubiquitous, so choosing the right solution depends on needs, policies, resources.
Firestarter is an open source graphical firewall program for Linux. It aims to combine ease of use with powerful features for both desktop and server use. The main interface has status, events, and policy pages. The firewall wizard guides initial configuration. By default, Firestarter blocks incoming traffic but allows outgoing. Events show blocked attempts, and policies can be created to allow specific traffic. It provides firewalling, network address translation, and optional DHCP for internet connection sharing.
The document provides instructions for a lab on Snort and firewall rules. It describes:
1) Setting up the virtual environment and configuring networking on the CyberOps Workstation VM.
2) Explaining the differences between firewall and IDS rules while noting their similarities, such as both having matching and action components.
3) Having students run commands to start a malware server, use Snort to monitor traffic, and download a file from the server to trigger an alert, observing the alert in the Snort log.
Red Hat Linux 5 Hardening Tips - National Security Agencysanchetanparmar
This document provides a summary of tips for hardening the default installation of Red Hat Enterprise Linux 5. It recommends securing physical access to servers, minimizing installed software, regularly updating systems, disabling unnecessary services, removing SUID/SGID permissions and X Windows, configuring firewalls and SELinux, and securing SSH access. The full document provides more detailed guidance for implementing these security configurations.
This document provides an introduction to firewalls. It discusses what firewalls are, the differences between hardware and software firewalls, and how software firewalls work. Specific examples of personal firewall software are given, and considerations for using this type of firewall software are outlined. Brief overviews are provided of the firewalls included in Windows XP and Mac OS X operating systems. The document also describes Northeastern University's firewall service and the process for implementing a firewall for a department.
A gateway server is a server through which the computers in a LAN access the Internet. This is
usually done through NAT. It should also provide firewall protection for the LAN and it can also serve
as a DNS and DHCPD server for the LAN. Some years ago I have been involved in a project for building gateway servers like this, using
slackware on old PCs. In this article I will try to explain the things that I have done on this project and
how I did them.
From Linux kernel livepatches to encryption to ASLR to compiler optimizations and configuration hardening, we strive to ensure that Ubuntu 16.04 LTS is the most secure Linux distribution out of the box.
These slides try to briefly explain:
- what we do to secure Ubuntu
- how the underlying technology works
- when the features took effect in Ubuntu
This document provides an overview of pentesting iOS apps. It discusses setting up an environment for analysis, including installing tools. It then covers static analysis techniques like inspecting app binaries and local data storage. Dynamic analysis techniques are also covered, like monitoring API calls, the filesystem, and network traffic. The document provides tips on bypassing protections like certificate pinning and resources for further learning.
The document discusses several topics relating to securing Unix web servers and firewalls. It provides instructions on monitoring system files and backups to detect intrusions and protect important data. It also examines the purpose of firewalls in restricting network traffic and the key factors to consider when selecting a firewall system, such as the operating system, protocols supported, filter types, logging and administration interfaces.
Similar to SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx (20)
Write a page to a page and half for each topic and read each topic a.docxedgar6wallace88877
Write a page to a page and half for each topic and read each topic and there attachment carefully and summarize
1-Mon Oct 28: The Conflict over Religious Authority in Post-Safavid Iran
Attached Files:
Attachment : Momen Akhbari School (1).pdf
Moojan Momen,
An Introduction to Shi’i Islam,
ch.6, 12.
2- Wed Oct 30: Imperial Reform Movements
Attached Files:
Tanzimat Decree (1).pdf
Tobacco Concession (2)pdf
25 Reform Movements (3) pptx
Cleveland,
Modern Middle East,
ch.5-6
Primary Sources:
Gulhane Edict (1839)
Hatt-i Humayun (1856)
Tobacco Concession
3- Fri Nov 1: Social and Intellectual Movements in the Early 20th Century
Attached Files:
alAfghani (1)
Abduh Theology of Unity (2)
.
Write a page discussing why you believe PMI is focusing BA as the fi.docxedgar6wallace88877
PMI focuses business analysis as the first step in the project management model because understanding requirements upfront helps define the scope and prevent issues down the road. Poor business analysis can negatively impact a project's success if the wrong objectives are identified or user needs aren't understood correctly. Validating ideas with citations is important to support opinions on why analysis is important for setting projects up for success.
Write a page of personal reflection of your present leadership compe.docxedgar6wallace88877
This document asks the reader to write a journal entry reflecting on their present leadership competencies, possible adjustments to their leadership approach, and how it relates to concepts of communication, leadership, and power and politics. The reflection should demonstrate a high level of understanding by adequately integrating authoritative sources with in-text citations in APA format.
Write a page of compare and contrast for the Big Five Personalit.docxedgar6wallace88877
Write a page of compare and contrast for the Big Five Personality Model against the MBTI. Attached some info below.
Based on what you have learned thus far, how might the MBTI lack for strong supporting evidence as opposed to the Big Five Model? Thoroughly explain.
After doing so discuss how the Big Five Traits could predict behavior at your place of employment. What could be some advantage of doing so?
What might be some disadvantages? Thoroughly explain.
Please be sure to validate your opinions and ideas with intext citations and references in APA format.
.
Write a page of research and discuss an innovation that includes mul.docxedgar6wallace88877
Write a page of research and discuss an innovation that includes multiple innovation types (per Keely). Discuss the types of innovation involved and comment on how you feel this combination could potentially create a sustainable competitive advantage for the business. Be sure to include references in APA format with intext citations.
.
Write a page answering the questions below.Sometimes projects .docxedgar6wallace88877
Write a page answering the questions below.
Sometimes projects fail. Such failure can be contributed to unreasonable time constraints, poorly estimated financial estimates, poorly systematized planning process or organizational goals not understood at lower organizational levels.
As a project manager, what key factors are absolutely vital to prevent such failure?
Discuss the role of the leader and manager in a project environment or project initiative.
Be sure to identify how the duties of project managers reinforce the role of leadership. Use real-life examples.
Please be sure to validate your opinions and ideas with citations and references in APA format.
.
Write a one-paragraph summary of one of the reading assignments from.docxedgar6wallace88877
Write a one-paragraph summary of one of the reading assignments from the textbook.
Reading assignments to choose from are
from Beowulf - trans. Burton Raffel
Children - Slawomir Mrozek
The Jar - Luigi Pirandello
Death of a Tsotsi - Alan Paton
Judges Must Balance Justice vs. Young Lives - Patricia Edmonds
Youth Violent Crime Keeps Climbing - J.L. Albert
Action Will Be Taken: An Action-Packed Story - Heinrich Boll
from The Life of Henry the Fifth - William Shakespeare
Speech, May 13, 1940 - Winston Churchill
The Thrill of the Grass - W.P. Kinsella
from Night - Elie Wiesel
This Too Is Everything - Shu Ting
A Marriage Proposal - Anton Chekhov
There's plenty more reading assignments in the book. If you can help me but need more choices let me know. Thanks
.
Write a one-paragraph summary of this article.Riordan, B. C..docxedgar6wallace88877
Write a one-paragraph summary of this article.
Riordan, B. C., Flett, J. A. M., Hunter, J. A., Scarf, D., & Conner, T. S. (2015). Fear of missing out (FoMO): the relationship between FoMO, alcohol use, and alcohol-related consequences in college students.
Journal of Psychiatry and Brain Functions
,
2
(1), 9. https://doi.org/10.7243/2055-3447-2-9
.
Write a one-paragraph response to the following topic. Use the MLA f.docxedgar6wallace88877
Write a one-paragraph response to the following topic. Use the MLA format, and do not write in the first or second person. In addition, do not use contractions. Give specific details and examples to support your stance.
Many people in America still struggle with the concept of interracial dating. Is dating people of other races a sign of tolerance or of self-hatred? Should individuals date within their own race as a show of cultural pride or date other races as a way of combating racism and moving closer to equality? Originate your own ideas with vivid details and examples to support your stance. No secondary sources should be included in this response.
.
Write a one-page rhetorical analysis in which you analyze the argume.docxedgar6wallace88877
Write a one-page rhetorical analysis in which you analyze the argument in the passage from “The Crisis” through three lenses:
•Identify the parts of his argument and explain how they work together to build an effective argument
•Identify and explain the impact of persuasive techniques
•Explain how Paine “enters the conversation” about the topic in his argument
.
Write a one pageliterature review of your figure( FIGURE A.docxedgar6wallace88877
Write a one page
literature review of your figure
( FIGURE ASSIGNED 6 d-g)
Abstract: What is the question they were trying to answer, and what were their overall conclusions
Introduction: Introduce, briefly, the endomembrane system and how proteins move back and forth. Describe the importance of the KDEL sequence. What is the question they are trying to answer in your figure? How does this question relate to the larger context of the whole paper?
Body: What technique are they using? Briefly describe the technique. For each experiment tell me specifically what the variables are from that technique for that experiment (so which antibody are they using, and how did they prepare the samples) . How can that particular antibody or preparation help them to answer their question. What were their observations? What do they see?
Conclusions: What do they conclude from this figure or part of a figure?
This description, must be IN YOUR OWN WORDS. Focus, on the parts of the signaling cascade that they are trying to understand.
.
Write a one page-paper documenting the problemneed you wish to .docxedgar6wallace88877
Write a one page-paper documenting the problem/need you wish to address for the
Community Need Project Proposal, due in Week 6
, and the important stakeholders related to your project. Why is this a need in your community? Who is involved in this problem and why are they important?
homelessness in San Antonio TX
.
Write a one page report on Chapter 1 and 2 with the same style of mo.docxedgar6wallace88877
Write a one page report on Chapter 1 and 2 with the same style of module 1 assignment and it's requirement. Please add subtitle to your paper including a name for your paper, major topics under consideration, conclusion (a paragraph of personal
experience
) and a reference list. Keep your citations and references as a evidence for the midterm and final.
.
Write a one page reflection about the following1) Identify .docxedgar6wallace88877
Write a one page reflection about the following:
1) Identify the key messages about being female that you saw in tv and magazine adds, including movies.
2) Do you feel the media/images affect both sexes the same? If not, why not?
3) Have you found your sense of self affected by media images? In what ways?
.
Write a one page paper on the question belowSome of the current.docxedgar6wallace88877
Write a one page paper on the question below:
Some of the current trends in the delivery of value (channels, logistics, supply chain) include e-commerce; VMS; use of multi-channel approaches; mobile commerce; social retailing; and more. From your own research, discuss how two companies are using are using these techniques to improve their delivery of value to consumers.
.
Write a one page paper (double spaced) describing and discussing the.docxedgar6wallace88877
Write a one page paper (double spaced) describing and discussing the following ethical concepts found in chapter 1; logical, factual and normative. You may use definitions or scenarios in your writing. The goal of this paper is to gain a level of understanding of all three (logical, factual and normative).
Textbook:
1.
Logical, or formal, statements
are definitions or statements derivable from
definitions, including the entirety of mathematical discourse (e.g., “2
+
2
=
4,”
or “A square has four equal sides”). Such statements can be
verified by a for
-
mal procedure
(“recourse to arithmetic”) derived from the same definitions
that control the rest of the terms of the field in question (i.e., the same axioms
define “2,” “4,” and the procedure of “addition”; the four equal sides and right
angles define the “square”). True formal statements are
analytic
:
they are true
logically, necessarily, or by the definitions of the terms
. False statements in
this category are
self–contradictory
. (If you say, “2
+
2
=
5,” or start talking
about “round squares,” you contradict yourself, for you assert that which can-
not possibly be so—you conjoin ideas that are incompatible). A logically true
or logically valid statement can never be false, or disproved by any discovery
of facts; it will never be the case that some particular pairs of 2 do not add up
to 4, or some particular squares turn out to be circular—and if you think you’ve
found such a case, you’re wrong! “2
+
2
=
4” is true, and squares are equi-
lateral rectangles, as philosophers like to say,
in all possible worlds
. For this
reason we say that these statements are “
true a priori
”: we can know them to
be correct prior to any examination of the facts of the world, without having to
count up lots of pairs of pairs, just to make sure that 2
+
2 really equals 4.
2.
Factual, or empirical, statements
are assertions about the world out there, the
physical environment of our existence, including the entirety of scientific dis-
course, from theoretical physics to sociology. Such statements are
verifiable by
controlled observation
(“recourse to measurement,” “recourse to weighing”)
of that world, by experiment or just by careful looking, listening, touching,
smelling, or tasting. This is the world of our senses, the world of space, objects,
time and causation. These empirical statements are called
synthetic,
for they
“put together” in a new combination two ideas that do not initially include or
entail each other. As a result they cannot be known a priori, but can be deter
-
mined only
a posteriori, that is, after investigation of the world
. When they
are true, they are
true only contingently, or dependently, as oppo.
write a one page about this topic and provide a reference.Will.docxedgar6wallace88877
write a one page about this topic and provide a reference.
Will making changes to the built environments (adding parks, sidewalks, healthy food stores, playgrounds, green-spaces, safer streets, etc.) of low-income neighborhoods be adequate enough to help community members combat health disparities based upon income or race? Why or why not?
.
Write a one or more paragraph on the following question below.docxedgar6wallace88877
Write a one or more paragraph on the following question below:
The three characteristics required by an individual to be considered a dependent of another taxpayer by the IRS.
The four tests stipulated by the IRS that a taxpayer must satisfy to claim a dependent as a qualifying child
What do you think are the reasons the IRS included the four tests for a qualifying child to be claimed as a dependent?
.
Write a one or more page paper on the following belowWhy are .docxedgar6wallace88877
Write a one or more page paper on the following below:
Why are systems for collaboration and social business so important and what technologies do they use? Explain the benefits of collaboration and social business. Describe what organizational culture is necessary for business processes and collaboration.
.
Write a one page dialogue in which two characters are arguing but .docxedgar6wallace88877
Write a one page dialogue in which two characters are arguing but are speaking every thought, every iteration of subtext. Then go back and cut the dialogue so that no line is longer than five words without losing any of the meaning.
1. I'd like for you to submit both versions of your dialog.
The first version (with all the subtext written out) and the second version (with only 5 words per line.)
2. Be sure to write it in dialog format.
That means it should look like the plays in our text--
James: Starting with the character's name?
Carrie: And with little or no narration outside of the dialog?
Prof.: Yes to both questions!
3. Notice how little narration / stage direction there is in most of the sample dialogs.
Your dialog should be almost entirely dialog!
Try to resist the urge to get carried away explaining every little detail of what the characters are doing.
And resist the urge to add modifiers like (angrily) (with great emotion) (etc.) before each line of dialog.
You want to put everything into the dialog itself-- the emotion should be obvious from what the characters say!
.
Leveraging Generative AI to Drive Nonprofit InnovationTechSoup
In this webinar, participants learned how to utilize Generative AI to streamline operations and elevate member engagement. Amazon Web Service experts provided a customer specific use cases and dived into low/no-code tools that are quick and easy to deploy through Amazon Web Service (AWS.)
Walmart Business+ and Spark Good for Nonprofits.pdfTechSoup
"Learn about all the ways Walmart supports nonprofit organizations.
You will hear from Liz Willett, the Head of Nonprofits, and hear about what Walmart is doing to help nonprofits, including Walmart Business and Spark Good. Walmart Business+ is a new offer for nonprofits that offers discounts and also streamlines nonprofits order and expense tracking, saving time and money.
The webinar may also give some examples on how nonprofits can best leverage Walmart Business+.
The event will cover the following::
Walmart Business + (https://business.walmart.com/plus) is a new shopping experience for nonprofits, schools, and local business customers that connects an exclusive online shopping experience to stores. Benefits include free delivery and shipping, a 'Spend Analytics” feature, special discounts, deals and tax-exempt shopping.
Special TechSoup offer for a free 180 days membership, and up to $150 in discounts on eligible orders.
Spark Good (walmart.com/sparkgood) is a charitable platform that enables nonprofits to receive donations directly from customers and associates.
Answers about how you can do more with Walmart!"
Temple of Asclepius in Thrace. Excavation resultsKrassimira Luka
The temple and the sanctuary around were dedicated to Asklepios Zmidrenus. This name has been known since 1875 when an inscription dedicated to him was discovered in Rome. The inscription is dated in 227 AD and was left by soldiers originating from the city of Philippopolis (modern Plovdiv).
This presentation was provided by Racquel Jemison, Ph.D., Christina MacLaughlin, Ph.D., and Paulomi Majumder. Ph.D., all of the American Chemical Society, for the second session of NISO's 2024 Training Series "DEIA in the Scholarly Landscape." Session Two: 'Expanding Pathways to Publishing Careers,' was held June 13, 2024.
Chapter wise All Notes of First year Basic Civil Engineering.pptxDenish Jangid
Chapter wise All Notes of First year Basic Civil Engineering
Syllabus
Chapter-1
Introduction to objective, scope and outcome the subject
Chapter 2
Introduction: Scope and Specialization of Civil Engineering, Role of civil Engineer in Society, Impact of infrastructural development on economy of country.
Chapter 3
Surveying: Object Principles & Types of Surveying; Site Plans, Plans & Maps; Scales & Unit of different Measurements.
Linear Measurements: Instruments used. Linear Measurement by Tape, Ranging out Survey Lines and overcoming Obstructions; Measurements on sloping ground; Tape corrections, conventional symbols. Angular Measurements: Instruments used; Introduction to Compass Surveying, Bearings and Longitude & Latitude of a Line, Introduction to total station.
Levelling: Instrument used Object of levelling, Methods of levelling in brief, and Contour maps.
Chapter 4
Buildings: Selection of site for Buildings, Layout of Building Plan, Types of buildings, Plinth area, carpet area, floor space index, Introduction to building byelaws, concept of sun light & ventilation. Components of Buildings & their functions, Basic concept of R.C.C., Introduction to types of foundation
Chapter 5
Transportation: Introduction to Transportation Engineering; Traffic and Road Safety: Types and Characteristics of Various Modes of Transportation; Various Road Traffic Signs, Causes of Accidents and Road Safety Measures.
Chapter 6
Environmental Engineering: Environmental Pollution, Environmental Acts and Regulations, Functional Concepts of Ecology, Basics of Species, Biodiversity, Ecosystem, Hydrological Cycle; Chemical Cycles: Carbon, Nitrogen & Phosphorus; Energy Flow in Ecosystems.
Water Pollution: Water Quality standards, Introduction to Treatment & Disposal of Waste Water. Reuse and Saving of Water, Rain Water Harvesting. Solid Waste Management: Classification of Solid Waste, Collection, Transportation and Disposal of Solid. Recycling of Solid Waste: Energy Recovery, Sanitary Landfill, On-Site Sanitation. Air & Noise Pollution: Primary and Secondary air pollutants, Harmful effects of Air Pollution, Control of Air Pollution. . Noise Pollution Harmful Effects of noise pollution, control of noise pollution, Global warming & Climate Change, Ozone depletion, Greenhouse effect
Text Books:
1. Palancharmy, Basic Civil Engineering, McGraw Hill publishers.
2. Satheesh Gopi, Basic Civil Engineering, Pearson Publishers.
3. Ketki Rangwala Dalal, Essentials of Civil Engineering, Charotar Publishing House.
4. BCP, Surveying volume 1
How to Make a Field Mandatory in Odoo 17Celine George
In Odoo, making a field required can be done through both Python code and XML views. When you set the required attribute to True in Python code, it makes the field required across all views where it's used. Conversely, when you set the required attribute in XML views, it makes the field required only in the context of that particular view.
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) CurriculumMJDuyan
(𝐓𝐋𝐄 𝟏𝟎𝟎) (𝐋𝐞𝐬𝐬𝐨𝐧 𝟏)-𝐏𝐫𝐞𝐥𝐢𝐦𝐬
𝐃𝐢𝐬𝐜𝐮𝐬𝐬 𝐭𝐡𝐞 𝐄𝐏𝐏 𝐂𝐮𝐫𝐫𝐢𝐜𝐮𝐥𝐮𝐦 𝐢𝐧 𝐭𝐡𝐞 𝐏𝐡𝐢𝐥𝐢𝐩𝐩𝐢𝐧𝐞𝐬:
- Understand the goals and objectives of the Edukasyong Pantahanan at Pangkabuhayan (EPP) curriculum, recognizing its importance in fostering practical life skills and values among students. Students will also be able to identify the key components and subjects covered, such as agriculture, home economics, industrial arts, and information and communication technology.
𝐄𝐱𝐩𝐥𝐚𝐢𝐧 𝐭𝐡𝐞 𝐍𝐚𝐭𝐮𝐫𝐞 𝐚𝐧𝐝 𝐒𝐜𝐨𝐩𝐞 𝐨𝐟 𝐚𝐧 𝐄𝐧𝐭𝐫𝐞𝐩𝐫𝐞𝐧𝐞𝐮𝐫:
-Define entrepreneurship, distinguishing it from general business activities by emphasizing its focus on innovation, risk-taking, and value creation. Students will describe the characteristics and traits of successful entrepreneurs, including their roles and responsibilities, and discuss the broader economic and social impacts of entrepreneurial activities on both local and global scales.
2. protocol, and, for TCP and UDP traffic, port numbers. In this
lab, students will play with this type of
firewall, and also through the implementation of some of the
key functionalities, they can understand how
firewalls work. Moreover, students will learn how to use SSH
tunnels to bypass firewalls. This lab covers
the following topics:
• Firewall
• Netfilter
• Loadable kernel module
• SSH tunnel
Readings and related topics. Detailed coverage of Firewalls can
be found in Chapter 14 of the SEED
book, Computer Security: A Hands-on Approach, by Wenliang
Du. A related lab is the Firewall Bypassing
lab, which shows how to use VPN to bypass firewalls.
Lab environment. This lab has been tested on our pre-built
Ubuntu 16.04 VM, which can be downloaded
from the SEED website.
2 Lab Tasks
2.1 Task 1: Using Firewall
Linux has a tool called iptables, which is essentially a firewall.
It has a nice front end program called
ufw. In this task, the objective is to use ufw to set up some
firewall policies, and observe the behaviors of
your system after the policies become effective. You need to set
up at least two VMs, one called Machine A,
and other called Machine B. You run the firewall on your
Machine A. Basically, we use ufw as a personal
firewall. Optionally, if you have more VMs, you can set up a
3. firewall at your router, so it can protect
a network, instead of just one single computer. After you set up
the two VMs, you should perform the
following tasks:
SEED Labs – Linux Firewall Exploration Lab 2
• Prevent A from doing telnet to Machine B.
• Prevent B from doing telnet to Machine A.
• Prevent A from visiting an external web site. You can choose
any web site that you like to block, but
keep in mind, some web servers have multiple IP addresses.
You can find the manual of ufw by typing "man ufw" or search
it online. It is pretty straightforward to
use. Please remember that the firewall is not enabled by default,
so you should run a command to specifically
enable it. We list some commonly used commands in Appendix
A.
Before starting the task, go to the default policy file
/etc/default/ufw. find the following entry,
and change the rule from DROP to ACCEPT; otherwise, all the
incoming traffic will be dropped by default.
# Set the default input policy to ACCEPT, DROP, or REJECT.
Please note that if
# you change this you will most likely want to adjust your rules.
DEFAULT_INPUT_POLICY="DROP"
2.2 Task 2: Implementing a Simple Firewall
4. The firewall you used in the previous task is a packet filtering
type of firewall. The main part of this type of
firewall is the filtering part, which inspects each incoming and
outgoing packets, and enforces the firewall
policies set by the administrator. Since the packet processing is
done within the kernel, the filtering must
also be done within the kernel. Therefore, it seems that
implementing such a firewall requires us to modify
the Linux kernel. In the past, this had to be done by modifying
and rebuilding the kernel. The modern
Linux operating systems provide several new mechanisms to
facilitate the manipulation of packets without
rebuilding the kernel image. These two mechanisms are
Loadable Kernel Module (LKM) and Netfilter.
LKM allows us to add a new module to the kernel at the
runtime. This new module enables us to extend
the functionalities of the kernel, without rebuilding the kernel
or even rebooting the computer. The packet
filtering part of a firewall can be implemented as an LKM.
However, this is not enough. In order for the
filtering module to block incoming/outgoing packets, the
module must be inserted into the packet processing
path. This cannot be easily done in the past before the Netfilter
was introduced into the Linux.
Netfilter is designed to facilitate the manipulation of packets by
authorized users. Netfilter
achieves this goal by implementing a number of hooks in the
Linux kernel. These hooks are inserted into
various places, including the packet incoming and outgoing
paths. If we want to manipulate the incoming
packets, we simply need to connect our own programs (within
LKM) to the corresponding hooks. Once an
incoming packet arrives, our program will be invoked. Our
program can decide whether this packet should
5. be blocked or not; moreover, we can also modify the packets in
the program.
In this task, you need to use LKM and Netfilter to implement
the packet filtering module. This
module will fetch the firewall policies from a data structure,
and use the policies to decide whether packets
should be blocked or not. To make your life easier, so you can
focus on the filtering part, the core of
firewalls, we allow you to hardcode your firewall policies in the
program. You should support at least five
different rules, including the ones specified in the previous
task. Guidelines on how to use Netfilter can
be found in Section 3. In addition, Chapter 14 (§14.4) of the
SEED book provides more detailed explanation
on Netfilter.
Note for Ubuntu 16.04 VM: The code in the SEED book was
developed in Ubuntu 12.04. It needs
to be changed slightly to work in Ubuntu 16.04. The change is
in the definition of the callback func-
tion telnetFilter(), because the prototype of Netfilter’s callback
function has been changed in
Ubuntu 16.04. See the difference in the following:
SEED Labs – Linux Firewall Exploration Lab 3
// In Ubuntu 12.04
unsigned int telnetFilter(unsigned int hooknum, struct sk_buff
*skb,
const struct net_device *in, const struct net_device *out,
int (*okfn)(struct sk_buff *))
6. // In Ubuntu 16.04
unsigned int telnetFilter(void *priv, struct sk_buff *skb,
const struct nf_hook_state *state)
2.3 Task 3: Evading Egress Filtering
Many companies and schools enforce egress filtering, which
blocks users inside of their networks from
reaching out to certain web sites or Internet services. They do
allow users to access other web sites. In many
cases, this type of firewalls inspect the destination IP address
and port number in the outgoing packets. If
a packet matches the restrictions, it will be dropped. They
usually do not conduct deep packet inspections
(i.e., looking into the data part of packets) due to the
performance reason. In this task, we show how such
egress filtering can be bypassed using the tunnel mechanism.
There are many ways to establish tunnels; in
this task, we only focus on SSH tunnels.
You need two VMs A and B for this task (three will be better).
Machine A is running behind a firewall
(i.e., inside the company or school’s network), and Machine B
is outside of the firewall. Typically, there is a
dedicated machine that runs the firewall, but in this task, for the
sake of convenience, you can run the firewall
on Machine A. You can use the firewall program that you
implemented in the previous task, or directly use
ufw. You need to set up the following two firewall rules:
• Block all the outgoing traffic to external telnet servers. In
reality, the servers that are blocked are usu-
ally game servers or other types of servers that may affect the
productivity of employees. In this task,
we use the telnet server for demonstration purposes. You can
7. run the telnet server on Machine B. If
you have a third VM, Machine C, you can run the telnet server
on Machine C.
• Block all the outgoing traffic to www.facebook.com, so
employees (or school kids) are not dis-
tracted during their work/school hours. Social network sites are
commonly blocked by companies
and schools. After you set up the firewall, launch your Firefox
browser, and try to connect to Face-
book, and report what happens. If you have already visited
Facebook before using this browser,
you need to clear all the caches using Firefox’s menu: Edit ->
Preferences -> Privacy
& Security (left pane) -> Clear History (Button on right);
otherwise, the
cached pages may be displayed. If everything is set up properly,
you should not be able to see Face-
book pages. It should be noted that Facebook has many IP
addresses, it can change over the time.
Remember to check whether the address is still the same by
using ping or dig command. If the
address has changed, you need to update your firewall rules.
You can also choose web sites with static
IP addresses, instead of using Facebook. For example, most
universities’ web servers use static IP
addresses (e.g. www.syr.edu); for demonstration purposes, you
can try block these IPs, instead of
Facebook.
In addition to set up the firewall rules, you also need the
following commands to manage the firewall:
$ sudo ufw enable // this will enable the firewall.
$ sudo ufw disable // this will disable the firewall.
$ sudo ufw status numbered // this will display the firewall
8. rules.
$ sudo ufw delete 3 // this will delete the 3rd rule.
SEED Labs – Linux Firewall Exploration Lab 4
8000 22
Telnet
client
Machine: home
Machine: work
ssh client ssh server
Machine: apollo
22
23
Telnet
server
Firewall
Figure 1: SSH Tunnel Example
Task 3.a: Telnet to Machine B through the firewall To bypass
the firewall, we can establish an SSH
tunnel between Machine A and B, so all the telnet traffic will go
through this tunnel (encrypted), evading the
inspection. Figure 1 illustrates how the tunnel works. The
following command establishes an SSH tunnel
9. between the localhost (port 8000) and machine B (using the
default port 22); when packets come out of B’s
end, it will be forwarded to Machine C’s port 23 (telnet port). If
you only have two VMs, you can use
one VM for both Machine B and Machine C.
$ ssh -L 8000:Machine_C_IP:23 [email protected]_B_IP
// We can now telnet to Machine C via the tunnel:
$ telnet localhost 8000
When we telnet to localhost’s port 8000, SSH will transfer all
our TCP packets from one end
of the tunnel on localhost:8000 to the other end of the tunnel on
Machine B; from there, the packets
will be forwarded to Machine C:23. Replies from Machine C
will take a reverse path, and eventually
reach our telnet client. Essentially, we are able to telnet to
Machine C. Please describe your observation and
explain how you are able to bypass the egress filtering. You
should use Wireshark to see what exactly is
happening on the wire.
Task 3.b: Connect to Facebook using SSH Tunnel. To achieve
this goal, we can use the approach
similar to that in Task 3.a, i.e., establishing a tunnel between
your localhost:port and Machine B, and ask B
to forward packets to Facebook. To do that, you can use the
following command to set up the tunnel: "ssh
-L 8000:FacebookIP:80 ...". We will not use this approach, and
instead, we use a more generic
approach, called dynamic port forwarding, instead of a static
one like that in Task 3.a. To do that, we only
specify the local port number, not the final destination. When
Machine B receives a packet from the tunnel,
it will dynamically decide where it should forward the packet to
10. based on the destination information of the
packet.
$ ssh -D 9000 -C [email protected]_B
SEED Labs – Linux Firewall Exploration Lab 5
Figure 2: Configure the SOCKS Proxy
Similar to the telnet program, which connects localhost:9000,
we need to ask Firefox to connect
to localhost:9000 every time it needs to connect to a web server,
so the traffic can go through our SSH
tunnel. To achieve that, we can tell Firefox to use
localhost:9000 as its proxy. To support dynamic port
forwarding, we need a special type of proxy called SOCKS
proxy, which is supported by most browsers. To
set up the proxy in Firefox, go to the menu bar, click Edit ->
Preferences, scroll down to Network
Proxy, and click the Settings button. Then follow Figure 2.
After the setup is done, please do the
following:
1. Run Firefox and go visit the Facebook page. Can you see the
Facebook page? Please describe your
observation.
2. After you get the facebook page, break the SSH tunnel, clear
the Firefox cache, and try the connection
again. Please describe your observation.
3. Establish the SSH tunnel again and connect to Facebook.
Describe your observation.
11. 4. Please explain what you have observed, especially on why the
SSH tunnel can help bypass the egress
filtering. You should use Wireshark to see what exactly is
happening on the wire. Please describe
your observations and explain them using the packets that you
have captured.
SEED Labs – Linux Firewall Exploration Lab 6
2.4 Task 4: Evading Ingress Filtering
Machine A runs a web server behind a firewall; so only the
machines in the internal network can access
this web server. You are working from home and needs to
access this internal web server. You do not have
VPN, but you have SSH, which is considered as a poor man’s
VPN. You do have an account on Machine A
(or another internal machine behind the firewall), but the
firewall also blocks incoming SSH connection, so
you cannot SSH into any machine on the internal network.
Otherwise, you can use the same technique from
Task 3 to access the web server. The firewall, however, does
not block outgoing SSH connection, i.e., if you
want to connect to an outside SSH server, you can still do that.
The objective of this task is to be able to access the web server
on Machine A from outside. We will use
two machines to emulate the setup. Machine A is the internal
computer, running the protected web server;
Machine B is the outside machine at home. On Machine A, we
block Machine B from accessing its port 80
(web server) and 22 (SSH server). You need to set up a reverse
SSH tunnel on Machine A, so once you get
home, you can still access the protected web server on A from
12. home.
3 Guidelines
3.1 Loadable Kernel Module
The following is a simple loadable kernel module. It prints out
"Hello World!" when the module is
loaded; when the module is removed from the kernel, it prints
out "Bye-bye World!". The messages
are not printed out on the screen; they are actually printed into
the /var/log/syslog file. You can use
dmesg | tail -10 to read the last 10 lines of message.
#include <linux/module.h>
#include <linux/kernel.h>
int init_module(void)
{
printk(KERN_INFO "Hello World!n");
return 0;
}
void cleanup_module(void)
{
printk(KERN_INFO "Bye-bye World!.n");
}
We now need to create Makefile, which includes the following
contents (the above program is named
hello.c). Then just type make, and the above program will be
compiled into a loadable kernel module.
13. obj-m += hello.o
all:
make -C /lib/modules/$(shell uname -r)/build M=$(PWD)
modules
clean:
make -C /lib/modules/$(shell uname -r)/build M=$(PWD) clean
Once the module is built by typing make, you can use the
following commands to load the module, list
all modules, and remove the module:
SEED Labs – Linux Firewall Exploration Lab 7
$ sudo insmod mymod.ko (inserting a module)
$ lsmod (list all modules)
$ sudo rmmod mymod.ko (remove the module)
Also, you can use modinfo mymod.ko to show information
about a Linux Kernel module.
3.2 A Simple Program that Uses Netfilter
Using Netfilter is quite straightforward. All we need to do is to
hook our functions (in the kernel
module) to the corresponding Netfilter hooks. Here we show an
example:
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>
14. /* This is the structure we shall use to register our function */
static struct nf_hook_ops nfho;
/* This is the hook function itself */
unsigned int hook_func(void *priv, struct sk_buff *skb,
const struct nf_hook_state *state)
{
/* This is where you can inspect the packet contained in
the structure pointed by skb, and decide whether to accept
or drop it. You can even modify the packet */
// In this example, we simply drop all packets
return NF_DROP; /* Drop ALL packets */
}
/* Initialization routine */
int init_module()
{ /* Fill in our hook structure */
nfho.hook = hook_func; /* Handler function */
nfho.hooknum = NF_INET_PRE_ROUTING; /* First hook for
IPv4 */
nfho.pf = PF_INET;
nfho.priority = NF_IP_PRI_FIRST; /* Make our function first
*/
nf_register_hook(&nfho);
return 0;
}
/* Cleanup routine */
15. void cleanup_module()
{
nf_unregister_hook(&nfho);
}
SEED Labs – Linux Firewall Exploration Lab 8
4 Submission and Demonstration
Students need to submit a detailed lab report to describe what
they have done, what they have observed,
and explanation. Reports should include the evidences to
support the observations. Evidences include
packet traces, screendumps, etc. Students also need to answer
all the questions in the lab description. For
the programming tasks, students should list the important code
snippets followed by explanation. Simply
attaching code without any explanation is not enough.
SEED Labs – Linux Firewall Exploration Lab 9
A Firewall Lab Cheat Sheet
Header Files. You may need to take a look at several header
files, including the skbuff.h, ip.h,
icmp.h, tcp.h, udp.h, and netfilter.h. They are stored in the
following folder:
/lib/modules/$(uname -r)/build/include/linux/
IP Header. The following code shows how you can get the IP
16. header, and its source/destination IP ad-
dresses.
struct iphdr *ip_header = (struct iphdr
*)skb_network_header(skb);
unsigned int src_ip = (unsigned int)ip_header->saddr;
unsigned int dest_ip = (unsigned int)ip_header->daddr;
TCP/UDP Header. The following code shows how you can get
the UDP header, and its source/destination
port numbers. It should be noted that we use the ntohs()
function to convert the unsigned short integer
from the network byte order to the host byte order. This is
because in the 80x86 architecture, the host byte
order is the Least Significant Byte first, whereas the network
byte order, as used on the Internet, is Most
Significant Byte first. If you want to put a short integer into a
packet, you should use htons(), which is
reverse to ntohs().
struct udphdr *udp_header = (struct udphdr
*)skb_transport_header(skb);
src_port = (unsigned int)ntohs(udp_header->source);
dest_port = (unsigned int)ntohs(udp_header->dest);
IP Addresses in different formats. You may find the following
library functions useful when you convert
IP addresses from one format to another (e.g. from a string
"128.230.5.3" to its corresponding integer
in the network byte order or the host byte order.
int inet_aton(const char *cp, struct in_addr *inp);
in_addr_t inet_addr(const char *cp);
in_addr_t inet_network(const char *cp);
char *inet_ntoa(struct in_addr in);
struct in_addr inet_makeaddr(int net, int host);
17. in_addr_t inet_lnaof(struct in_addr in);
in_addr_t inet_netof(struct in_addr in);
Using ufw. The default firewall configuration tool for Ubuntu is
ufw, which is developed to ease iptables
firewall configuration. By default UFW is disabled, so you need
to enable it first.
$ sudo ufw enable // Enable the firewall
$ sudo ufw disable // Disable the firewall
$ sudo ufw status numbered // Display the firewall rules
$ sudo ufw delete 2 // Delete the 2nd rule