The document discusses various methods for hardening Linux security, including securing physical and remote access, addressing top vulnerabilities like weak passwords and open ports, implementing security policies, setting BIOS passwords, password protecting GRUB, choosing strong passwords, securing the root account, disabling console programs, using TCP wrappers, protecting against SYN floods, configuring SSH securely, hardening sysctl.conf settings, leveraging open source tools like Mod_Dosevasive, Fail2ban, Shorewall, and implementing security at the policy level with Shorewall.
Security Incident Event Management
Real time monitoring of Servers, Network Devices.
Correlation of Events
Analysis and reporting of Security Incidents.
Threat Intelligence
Long term storage
IT-Security "Must Have": Hardening as Part of a holistic Security StrategyNoCodeHardening
Why is system hardening so important for your company? How can you significantly increase the level of your IT security? This presentation gives you the answers.
LTS Secure Security Information and Event Management (SIEM), is a technology that provides real-time analysis of security alerts generated by network hardware and applications.
Security Incident Event Management
Real time monitoring of Servers, Network Devices.
Correlation of Events
Analysis and reporting of Security Incidents.
Threat Intelligence
Long term storage
IT-Security "Must Have": Hardening as Part of a holistic Security StrategyNoCodeHardening
Why is system hardening so important for your company? How can you significantly increase the level of your IT security? This presentation gives you the answers.
LTS Secure Security Information and Event Management (SIEM), is a technology that provides real-time analysis of security alerts generated by network hardware and applications.
Over the last 5 years, Data Centers, your most important asset, have evolved massively. The pace of change continues to ramp with new Architectures, Virtualization, Fabrics and Clouds. How do you evolve your data centers and ensure they are secure, and prove they are secure, for compliance and audit? Using a practical and pragmatic approach, we will present and demonstrate how Cisco can help you tackle your security challenges, leveraging the intelligent network infrastructure and the broadest security portfolio in the industry (ASA5585, ASA SM, ASA 1000v, VSG and TrustSec with ISE).
ASA Firepower NGFW Update and Deployment ScenariosCisco Canada
This session will focus on typical deployment scenarios for the Adaptive Security Appliance family running FirePower Services. Also, a feature overview and comparison of the ASA with Firepower services and the new Firepower Threat Defense (FTD) image will be included with updates on the new Firepower hardware platform. Deployment use cases will include Internet Edge, various segmentation scenarios, and VPN. A configuration walk-through and accepted best practices will be covered. This session is designed for existing ASA customers and targets the security and network engineer. They will learn the benefit of a FirePower NGFW in network edge and Internet use cases
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014SAMeh Zaghloul
Sameh Zaghloul
Technology Manager @ IBM
+2 0100 6066012
zaghloul@eg.ibm.com
SDN: Technology that enables data center team to use software to efficiently control network resources
SDN Overview
SDN Standards
NFV – Network Function Virtualization
SDN Scenarios and Use Cases
SDN Sample Research Projects
SDN Technology Survey
SDN Case Study
SDN Online Courses
SDN Lab SW Tools
- OpenStack Framework
- OpenDayLighyt – SDN Controller
- FloodLight – SDN Controller
- Open vSwitch – Virtual Switch
- MiniNet – Virtual Network: OpenFlow Switches, SDN Controllers, and Servers/Hosts
- OMNet++ Network Simulator
- Avior – Sample FloodLight Java Application
- netem - Network Emulation
- NOX/POX - C++/ Python OpenFlow API for building network control applications
- Pyretic = Python + Frenetic - Enables network programmers and operators to write modular network applications by providing powerful abstractions
- Resonance - Event-Driven Control for Software-Defined Networks (written in Pyretic)
SDN Project
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
Donovan Tindall of Honeywell at the S4x15 Operations Technology Day (OTDay). A meaty, but practical technical session on how to use Active Directory to help manage and secure your ICS.
SIEM is an abbreviation of “Security Information and Event Management”. It comprises of two parts:
Security Information Management
Security Event Management
Everything you wanted to know about iSCSI, but were afraid to ask. Presneted by David Black PhD who was a fundamental influence on the development of the protocol. This presentation is really fantastic!
Linux Server Hardening - Steps by StepsSunil Paudel
Linux Server Hardening
This document has the step by step of the way of hardening the server. We have used the metasploitable server, the vulnerable ubuntu server designed to be hacked, and have done the hardening. We have stopped all the unnecessary services and ports. We have assumed the server to be the web server only. Hence, only port 80 and 443 will be opened. Then the firewall rules have been set following by the apache web server hardening, encryption of the folder and files, disabling the unwanted users, forcing the password policies.
The role of students developing Nation, steps ,measures, inspirations, role models. how do students involve in transforming their nation and key thoughts
Over the last 5 years, Data Centers, your most important asset, have evolved massively. The pace of change continues to ramp with new Architectures, Virtualization, Fabrics and Clouds. How do you evolve your data centers and ensure they are secure, and prove they are secure, for compliance and audit? Using a practical and pragmatic approach, we will present and demonstrate how Cisco can help you tackle your security challenges, leveraging the intelligent network infrastructure and the broadest security portfolio in the industry (ASA5585, ASA SM, ASA 1000v, VSG and TrustSec with ISE).
ASA Firepower NGFW Update and Deployment ScenariosCisco Canada
This session will focus on typical deployment scenarios for the Adaptive Security Appliance family running FirePower Services. Also, a feature overview and comparison of the ASA with Firepower services and the new Firepower Threat Defense (FTD) image will be included with updates on the new Firepower hardware platform. Deployment use cases will include Internet Edge, various segmentation scenarios, and VPN. A configuration walk-through and accepted best practices will be covered. This session is designed for existing ASA customers and targets the security and network engineer. They will learn the benefit of a FirePower NGFW in network edge and Internet use cases
SDN 101: Software Defined Networking Course - Sameh Zaghloul/IBM - 2014SAMeh Zaghloul
Sameh Zaghloul
Technology Manager @ IBM
+2 0100 6066012
zaghloul@eg.ibm.com
SDN: Technology that enables data center team to use software to efficiently control network resources
SDN Overview
SDN Standards
NFV – Network Function Virtualization
SDN Scenarios and Use Cases
SDN Sample Research Projects
SDN Technology Survey
SDN Case Study
SDN Online Courses
SDN Lab SW Tools
- OpenStack Framework
- OpenDayLighyt – SDN Controller
- FloodLight – SDN Controller
- Open vSwitch – Virtual Switch
- MiniNet – Virtual Network: OpenFlow Switches, SDN Controllers, and Servers/Hosts
- OMNet++ Network Simulator
- Avior – Sample FloodLight Java Application
- netem - Network Emulation
- NOX/POX - C++/ Python OpenFlow API for building network control applications
- Pyretic = Python + Frenetic - Enables network programmers and operators to write modular network applications by providing powerful abstractions
- Resonance - Event-Driven Control for Software-Defined Networks (written in Pyretic)
SDN Project
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
Donovan Tindall of Honeywell at the S4x15 Operations Technology Day (OTDay). A meaty, but practical technical session on how to use Active Directory to help manage and secure your ICS.
SIEM is an abbreviation of “Security Information and Event Management”. It comprises of two parts:
Security Information Management
Security Event Management
Everything you wanted to know about iSCSI, but were afraid to ask. Presneted by David Black PhD who was a fundamental influence on the development of the protocol. This presentation is really fantastic!
Linux Server Hardening - Steps by StepsSunil Paudel
Linux Server Hardening
This document has the step by step of the way of hardening the server. We have used the metasploitable server, the vulnerable ubuntu server designed to be hacked, and have done the hardening. We have stopped all the unnecessary services and ports. We have assumed the server to be the web server only. Hence, only port 80 and 443 will be opened. Then the firewall rules have been set following by the apache web server hardening, encryption of the folder and files, disabling the unwanted users, forcing the password policies.
The role of students developing Nation, steps ,measures, inspirations, role models. how do students involve in transforming their nation and key thoughts
How Many Linux Security Layers Are Enough?Michael Boelen
Talk about Linux security and the related possibilities to secure your systems. Several areas are discussed, like what is possible, how to select the right security measures and tips to implement them.
Some subjects passing by in the presentation are file integrity (IMA/EVM), containers like Docker, virtualization.
The referenced tool Lynis can be downloaded freely from https://cisofy.com/downloads/
Simple tips to improve Server SecurityResellerClub
Simple tips to improve Server Security
In these times, it’s very essential to secure your servers from the outside as well as from customers using the server. This session will show some basic methods on how to protect your server(s).
Pulkit Gupta
CEO & Chief Architect
Softaculous
Youth Percpective in Pakistan and comparative analysis with the youth policies of different European, Australian and Asian Countries and How we can convert the youth as the Strength of Pakistan. Please comments how you find this presentation!
Akash Mahajan, Appsecco
Ansible offers a flexible approach to building a SecOps pipeline. System hardening can become just another software project. Using it we can do secure application deployment, configuration management and continuous monitoring. Security can be codified & attack surfaces reduced by using Ansible.
Who is this talk for?
This talks and demo is relevant and useful for any practitioner of DevSecOps.
It introduces the concepts of declarative security
Showcases one of the tools (Ansible) to embrace DevSecOps in a friction free no expense required manner
Implements security architecture principles using a structured language (YAML) as part of the framework (playbooks) which is ‘Infrastructure As Code’
Gives a clear roadmap on how to find the best practices for security hardening
Covers how continuous monitoring can be applied for security
Technical Requirements
While 30 minutes short for letting attendees do hands-on, the following will be required
- A modern Linux distribution with Python and Ansible installed
- Basic idea of running commands on the Linux command line
Introducing bastion hosts for oracle cloud infrastructure v1.0maaz khan
Bastion hosts leverage easy and secure connectivity from your On-premise to OCI regions. They are created in Public subnet with a Public IP. They secure hosts like db and applications servers in private subnet using a multi-tiered approach. They can be very effective for customers who are reluctant initially to use IPSec VPN or FastConnect to connect to OCI but still want to have POC done with their on-premise data.
This presentation will cover following -
1. Introduction to Bastion Hosts
2. Securing connectivity between bastion hosts and On-premise connectivity.
3. Securing Bastion hosts on public network to safeguard cloud resources.
4. Alternatives to Bastion hosts.
Martin Čmelík
Security-Portal.cz, Securix.org
http://www.security-session.cz
Přednáška: Hardening Linuxových systemů a představení distribuce Securix GNU/Linux
Přednáška se bude věnovat možnostem zabezpečení Linuxových systémů od té nejnižší až po aplikační vrstvu. Představí možnosti zvýšení bezpečnosti použitelných na všech linuxových distribucích až po MLS (Multi-Level Security) systémy typu Grsec a PaX, které jsou schopné detailního vymezení opravnění a přístupu k resourcům každé aplikace.
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docxcarliotwaycave
INFA 620Laboratory 4: Configuring a Firewall
In this exercise you will be working with firewalld (see https://www.linode.com/docs/security/firewalls/introduction-to-firewalld-on-centos), a front-end to controlling Iptables. Iptables is a flexible firewall utility built for Linux operating systems (see https://www.howtogeek.com/177621/the-beginners-guide-to-iptables-the-linux-firewall/). It is too low level, however, and, as such, hard to use and configure the rules for filtering traffic. firewalld provides higher-level command line and graphical interfaces over Iptables to ease the pain of configuring the firewall features provided by Linux. For this lab exercise, we will only be using only the high-level command line interface. firewalld provides a dynamically managed firewall with support for network/firewall “zones” to assign a level of trust to a network and its associated connections, interfaces or sources. It has support for IPv4 and IPv6. There is a separation of the runtime and permanent configuration options.
For this lab exercise, we will be using two machines, one machine will behave like an Enterprise and the other machine will behave like machines outside an enterprise. We will call this machine as External, external to the enterprise. The firewall, as part of the enterprise will control traffic both coming into the enterprise and going out of the enterprise (to External).
NIXENT01 (Enterprise) is a CentOS 7 machine.CentOS is a Linux distribution that attempts to provide a free, enterprise-class, community-supported computing platform. Firewalld will be running on this host.
NIXEXT01 (External) is Kali Linux. Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering. You have already used this machine for Lab2 and Lab 3 in analyzing packets using Wireshark. (Wireshark is available as part of Kali distribution.)
Although there are only two machines, we are going to pretend that the Enterprise has three machines (three IP addresses) and each machine has certain services running on those machines, as follows:
NIXENT01 (Enterprise)
Service
Associated IP Address
domain, telnet
192.168.10.10
http, https
192.168.10.20
ftp, imap2, imaps, pop3, pop3s, urd
192.168.10.30
Similarly, we are going to emulate three machines on the External machine with three IP addresses, each running only certain services as follows:
NIXEXT01 (External)
Service
Associated IP Address
domain, telnet
192.168.10.210
http, https
192.168.10.220
ftp, imap, imaps, pop3, pop3s, urd
192.168.10.230
The instructions to use the remote UMUC machine in the DaaS environment is provided in the Accessing Remote DaaS Lab under Course Content.
Allocating the Lab Machines
Once you open the Lab Broker using the instructions given in ...
What is buffer overflow?
How a buffer overflow happens
How to avoid overrun?
Buffer overflow are responsible for many vulnerabilities in operating system as well as application programs.
It’s a quiet technical freaky , it includes program source code , assembler listing , and debugging usage , which almost scares away lot of people without solid programming knowledge.
Cause :
Buffer overflow attack have been there for a long time. It still exists partly because of the carelessness of the developer in the code.
Prevention :
Avoid writing bad codes
History of Linux
Brain behind development
Why Linux
GNU
Why GNU ?
Where can you find Linux?
Linux is Best!!
Core components of Linux
File system
Drive letter’s
Security
Facts about Linux
this presentation is all about the computer introduction, especially for the newbies or for the kids.. These slides can also be used in the schools or tuition to educate the children
A very nice presentation from jodie
A cloud, in very simple terms, is a place where information technology (IT) resources such as computer hardware, operating systems, networks, storage, databases, and even entire software applications are available instantly, on-demand
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
2. Roadmap
Securing from physical access.
Securing from remote access
Power of open-source
???????????????
3. Top Vulnerabilities
Default installations of operating system
and applications
Accounts with no password or weak
password
Non-existent or incomplete backup
A large number of open ports
Not filtering packets for correct incoming
and outgoing addresses
Non-existent or incomplete logging
Vulnerable CGI programs
4. Security as a Policy
It is important to point out that you cannot implement security if you
have not decided what needs to be protected, and from whom.
How do you classify confidential or sensitive information?
Does the system contain confidential or sensitive information?
Exactly whom do you want to guard against?
Do remote users really need access to your system?
Do passwords or encryption provide enough protection?
Do you need access to the Internet?
How much access do you want to allow to your system from the
Internet?
What action will you take if you discover a breach in your
security?
5. BIOS
It is recommended that you set a Boot password to
disallow booting from disk drives , mass storages
and set passwords on BIOS features.
This will block undesired people from trying to boot
your Linux system with a special boot disk and will
protect you from people trying to
change BIOS feature like allowing boot from usb
drive or booting the server without prompt password.
6. Password Protecting GRUB
To do this, first choose a strong password, open a
shell, log in as root, and then type the following
command:
/sbin/grub-md5-crypt
After the password is generated copy the text and add it
to following file.
/boot/grub/grub.conf
Add an entry in the file
“password --md5 <password-hash>”
7. Choose a right Password
Also, a password checking mechanism should be present to reject
a weak password when first choosing a password or changing an
old one
Edit the login.defs file vi /etc/login.defs and change the line that
read:
” PASS_MIN_LEN 5 >>>>> PASS_MIN_LEN 8”
The login.defs is the configuration file for the login program. You
should review or make changes to this file for your particular
system. This is where you set other security policy settings like
password expiration defaults or minimum acceptable password
length.
8. The root account
The root account is the most privileged account on a Unix
system
For security reasons, never log in on your server
as root unless it is absolutely an instance that necessitates
root access
“TMOUT=7200”
The value we enter for the variable TMOUT= is in second and
represent 2 hours (60 * 60 = 3600 * 2 = 7200 seconds). It is
important to note that if you decide to put the above line in
your /etc/profile file, then the automatic logout after two hours
of inactivity will apply for all users on the system
Edit the file :
“/etc/profile”
10. TCP_WRAPPERS
By default Red Hat Linux allows all service
requests. Using TCP_WRAPPERS makes
securing your servers against outside intrusion is
a lot simpler and painless then you would expect
TCP_WRAPPERS is controlled from two files
and the search stops at the first match.
“/etc/hosts.allow”
“/etc/hosts.deny”
11. SYN denial of service
attacks
SYN cookie is a technique used to resist SYN flood attacks
and we call it as SynAttackProtect.
In order to initiate a TCP connection, the client sends a TCP
SYN packet to the server. In response, the server sends a
TCP SYN+ACK packet back to the client
“echo 1 > /proc/sys/net/ipv4/tcp_syncookie”
/etc/rc.d/rc.local – not have to type it again the next time you
reboot your system.
Add
/etc/sysctl.conf
# Enable TCP SYN Cookie Protection
14. Default Config Files and SSH Port
/etc/ssh/sshd_config - OpenSSH server configuration file.
/etc/ssh/ssh_config - OpenSSH client configuration file.
~/.ssh/ - Users ssh configuration directory.
~/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that
can be used to log into the user’s account
/etc/nologin - If this file exists, sshd refuses to let anyone except
root log in.
/etc/hosts.allow and /etc/hosts.deny : Access controls lists that
should be enforced by tcp-wrappers are defined here.
15. Only Use SSH Protocol 2
SSH protocol version 1 (SSH-1) has man-in-the-
middle attacks problems and security vulnerabilities.
Limit Users' SSH Access
Only allow <user1> and <user2> user to use the system via SSH,
add the following to sshd_config:
“PermitRootLogin no ”
” AllowUsers <user1>”
Alternatively, you can allow all users to login via SSH but deny
only a few users, with the following line:
“DenyUsers <user2>”
16. Change SSH Port and Limit IP Binding
By default SSH listen to all available interfaces and IP address on the
system. Limit ssh port binding and change ssh port (by default brute
forcing scripts only try to connects to port # 22). To bind to
192.168.1.5 and 202.54.1.5 IPs and to port 300, add or correct the
following line:
Port 300
ListenAddress 192.168.1.5
ListenAddress 202.54.1.5
Disable Empty Passwords
You need to explicitly disallow remote login from accounts
with empty passwords, update sshd_config with the following
line:
“PermitEmptyPasswords no”
18. sysctl is an interface that allows you to make changes to a
running Linux kernel. With /etc/sysctl.conf you can
configure various Linux networking and system settings
such as:
Limit network-transmitted configuration for IPv4
Limit network-transmitted configuration for IPv6
Turn on execshield protection
Prevent against the common 'syn flood attack‘
Turn on source IP address verification
Prevents a cracker from using a spoofing attack against
the IP address of the server.
Logs several types of suspicious packets, such as
spoofed packets, source-routed packets, and redirects.
19. # Avoid a smurf attack
net.ipv4.icmp_echo_ignore_broadcasts = 1
# Turn on protection for bad icmp error messages
net.ipv4.icmp_ignore_bogus_error_responses = 1
# Turn on syncookies for SYN flood attack protection
net.ipv4.tcp_syncookies = 1
# Turn on and log spoofed, source routed, and redirect
packets
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.log_martians = 1
# No source routed packets here
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
21. Power of Open source
Mod_Dosevasive in Apache
Fail2ban
Shorewall
Observium
22. Mod_Dosevasive in Apache
Mod_Dosevasive is an evasive maneuvers module for
Apache whose purpose is to react to HTTP DoS and/or
Brute Force attacks.
An additional capability of the module is that it is also
able to execute system commands when DoS attacks are
identified. This provides an interface to send attacking
IP addresses to other security applications such as local
host-based firewalls to block the offending IP address.
Mod_Dosevasive performs well in both single-server
attacks, as well as distributed attacks; however, as with
any DoS attack, the real concern is network bandwidth
and processor/ RAM usage.
23. The IP address of the client is checked in the temporary blacklist of the hash
table. If the IP address is listed, then the client is denied access with a 403
Forbidden.
LoadModule dosevasive20_module
modules/mod_dosevasive20.so
-------------------------------------------------------
| IfModule mod_dosevasive20.c |
| DOSHashTableSize 3097 |
| DOSPageCount 2 |
| DOSSiteCount 50 |
| DOSPageInterval 1 |
| DOSSiteInterval 1 |
| DOSBlockingPeriod 10 |
| -/IfModule |
------------------------------------------------------------------------
24. fail2ban
Fail2ban scans log files (e.g. /var/log/apache/error_log) and
bans IPs that show the malicious signs -- too many password
failures, seeking for exploits, etc.
Generally Fail2Ban is then used to update firewall rules to reject
the IP addresses for a specified amount of time, although any
arbitrary other action (e.g. sending an email) could also be
configured. Out of the box Fail2Ban comes with filters for
various services (apache, courier, ssh, etc).
Fail2Ban is able to reduce the rate of incorrect authentications
attempts however it cannot eliminate the risk that weak
authentication presents.
25. bantime = 3600
ignoreip = 127.0.0.1/8
maxretry = 3
# A host is banned if it has generated "maxretry" during the
last "findtime"
findtime = 600 # seconds
[ssh-iptables]
enabled = true
Filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=root,
sender=fail2ban@example.com, sendername="Fail2Ban"]
logpath = /var/log/secure
maxretry = 5
26. Shorewall
Shorewall (more appropriately the Shoreline Firewall)
is an open source firewall tool for Linux that builds
upon the Netfilter(iptables/ipchains) system built into
the Linux kernel, making it easier to manage more
complex configuration schemes by providing a higher
level of abstraction for describing rules using text
files.stromwall
27. Shorewall uses the concept of zones. You need to
define the network using a set of zones as follows
for the two network-interface configuration
#NAME DESCRIPTION
fw The firewall itself
wan The Internet
lan Your Local Network
28. routefilter - Turn on kernel route filtering for this interface i.e.
turn on anti-spoofing measurements.
blacklist - Check packets arriving on this interface against the
/etc/shorewall/blacklist file. The blacklist file is used to perform
static blacklisting. You can blacklist by source address (IP or
MAC), or by application.
tcpflags - Packets arriving on this interface are checked for certain
illegal combinations of TCP flags such as x mas or null or invalid
packets. Packets found to have such a combination of flags are
dropped (see the settings of TCP_FLAGS_DISPOSITION option
in shorewall.conf) after having been logged in /var/log/messages
file (see the setting ofTCP_FLAGS_LOG_LEVEL in
shorewall.conf).
logmartians - Turn on kernel martian logging (logging of packets
with impossible source addresses). It is strongly suggested that if
you set routefilter on an interface that you also set logmartians.
nosmurfs - Filter packets for smurfs (packets with a broadcast
address as the source) i.e. turn on anti-smurf protection.
29. “etc/shorewall/policy”
You express your default policy for connections from one zone
to another zone in the/etc/shorewall/policy. file. The basic
choices for policy are:
ACCEPT - Accept the connection.
DROP - Ignore the connection request.
REJECT - Return an appropriate error to the
connection request.
Connection request logging may be specified as part of a policy
and it is conventional (and highly recommended) to log DROP
and REJECT policies.
30.
31. Thank You
A secure Linux server depends on how the administrator configures it to be.