Basic Linux Security

The document discusses basic Linux system security. It covers topics such as physical security, using the principle of least privilege, limiting use of the root account, using strong passwords, closing unneeded ports, encrypting network connections, installing package updates, using intrusion detection systems, advanced security techniques, and resources for further information.

Uploaded by

Vijay Kumar Reddy

Available Formats

Download as PPT, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

92 views

Basic Linux Security

Uploaded by

Vijay Kumar Reddy

Available Formats

Download as PPT, PDF, TXT or read online on Scribd

You are on page 1/ 12

Basic Linux/System Security

19 Jun 2001

New Jersey Infragard

Physical Security
Physical access to machines Switches instead of hubs

19 Jun 2001

New Jersey Infragard

Principle of least privilege

Fewest accounts necessary Fewest open ports necessary Fewest running applications

19 Jun 2001

New Jersey Infragard

Root Account
Used as little as possible
Master key to a building Apps use other accounts, if possible People use su, sudo

http://www.ists.dartmouth.edu/IRIA/knowle dge_base/linuxinfo/sudo.v80.htm

19 Jun 2001

New Jersey Infragard

Passwords
>=7 characters Mixed case, letters and symbols Not names or words Keep private Dont leave them out in the open Change once a month to 6 months Passphrases http://www.ists.dartmouth.edu/IRIA/knowledge_b ase/linuxinfo/essential_host_security.htm
New Jersey Infragard 5

19 Jun 2001

Open ports
Close all unneeded applications
netstat anp or lsof to see whats open Ntsysv, linuxconf to shut down

Firewalls as a special case for a network Disable, or at least limit, file sharing http://www.ists.dartmouth.edu/IRIA/knowle dge_base/linuxinfo/essential_host_security. htm
19 Jun 2001 New Jersey Infragard 6

Plaintext network connections

Email, telnet, web traffic Sniffers http://www.ists.dartmouth.edu/IRIA/knowle dge_base/linuxinfo/ssh-intro.htm

19 Jun 2001

New Jersey Infragard

Encrypted network connections

Ssh
Terminal session File copying Other TCP connections

http://www.ists.dartmouth.edu/IRIA/knowledge_b ase/linuxinfo/ssh-techniques.v0.81.htm IPSec

All packets traveling between systems or networks http://www.freeswan.org

https web servers http://httpd.apache.org/related_projects.html

19 Jun 2001 New Jersey Infragard 8

Package updates
Available from Linux distribution vendor
Sign up for announcements list Use automated update tools: up2date, red carpet

http://www.ists.dartmouth.edu/IRIA/knowle dge_base/linuxinfo/essential_host_security. htm

19 Jun 2001

New Jersey Infragard

Intrusion Detection System

Snort
Reports on attack packets based on a regularly updated signature file Install inside the firewall

http://www.snort.org

19 Jun 2001

New Jersey Infragard

Advanced techniques
Audited OS: OpenBSD http://www.openbsd.org Stack overflow protected OS: Immunix http://www.immunix.org Chroot applications, capabilities Virtual machines: VMWare and UML http://www.vmware.com, http://www.user-modelinux.sourceforge.net TCFS http://tcfs.dia.unisa.it
19 Jun 2001 New Jersey Infragard 11

Resources
Distribution security announcements list ISTS Knowledgebase http://www.ists.dartmouth.edu/IRIA/knowledge_b ase/index.htm
Worm characterizations and removal tools Linux and network security papers covering many of todays topics

Ssh key installer ftp://ftp.stearns.org Sans training http://www.sans.org Bastille Linux http://www.bastille-linux.org
19 Jun 2001 New Jersey Infragard 12

Lab - Injection Attacks: Objectives
0% (1)
Lab - Injection Attacks: Objectives
6 pages
Lab2: Public Key Infrastructure: Task1: Becoming A Certificate Authority (CA)
No ratings yet
Lab2: Public Key Infrastructure: Task1: Becoming A Certificate Authority (CA)
9 pages
4.3.2.3 Lab - Using Steganography
No ratings yet
4.3.2.3 Lab - Using Steganography
3 pages
Secure Web Application Development Lifecycle Practitioner (SWADLP) Certification
No ratings yet
Secure Web Application Development Lifecycle Practitioner (SWADLP) Certification
10 pages
PHP Security
No ratings yet
PHP Security
89 pages
Guide To Operating Systems Security
No ratings yet
Guide To Operating Systems Security
2 pages
Linux Security & Auditing: K. K. Mookhey Founder-CTO Network Intelligence India Pvt. LTD
No ratings yet
Linux Security & Auditing: K. K. Mookhey Founder-CTO Network Intelligence India Pvt. LTD
43 pages
Operating System Security
No ratings yet
Operating System Security
4 pages
Operating System LAb 1
No ratings yet
Operating System LAb 1
7 pages
CSSP Database Security
No ratings yet
CSSP Database Security
36 pages
Introduction To Server Client
No ratings yet
Introduction To Server Client
21 pages
Oracle Database Security Overview
No ratings yet
Oracle Database Security Overview
20 pages
The Basics of Linux
No ratings yet
The Basics of Linux
63 pages
3-Tier Architecture: Praveen Anuranjan Rohit
No ratings yet
3-Tier Architecture: Praveen Anuranjan Rohit
19 pages
3 Tier Client Server Concept TP
No ratings yet
3 Tier Client Server Concept TP
15 pages
SQL Injection
No ratings yet
SQL Injection
10 pages
OWASP Amass - A Solid Information Gathering Tool
No ratings yet
OWASP Amass - A Solid Information Gathering Tool
44 pages
Lab - 1 - Network Scanning
No ratings yet
Lab - 1 - Network Scanning
1 page
Dvwa Sqlinjection
No ratings yet
Dvwa Sqlinjection
4 pages
OWASP Top 10 Sample Report
No ratings yet
OWASP Top 10 Sample Report
94 pages
SQL Injection Attack Lab
No ratings yet
SQL Injection Attack Lab
8 pages
Lab No:01 Title:: Introduction To Database and Tool Usage
No ratings yet
Lab No:01 Title:: Introduction To Database and Tool Usage
5 pages
PHP Security Crash Course - 2 - XSS
100% (4)
PHP Security Crash Course - 2 - XSS
58 pages
Week 3 - SQL Injection
No ratings yet
Week 3 - SQL Injection
17 pages
OS Command Injection - EBOOK - v2
No ratings yet
OS Command Injection - EBOOK - v2
42 pages
Nessus and OpenVAS
No ratings yet
Nessus and OpenVAS
4 pages
INE Host and Network Penetration Testing Post Exploitation Course Files
No ratings yet
INE Host and Network Penetration Testing Post Exploitation Course Files
111 pages
PHP Security CPanel
No ratings yet
PHP Security CPanel
5 pages
Mis Fallos en Ejptv2.PDF - Es.en
No ratings yet
Mis Fallos en Ejptv2.PDF - Es.en
6 pages
Network+ Guide To Networks 5 Edition
No ratings yet
Network+ Guide To Networks 5 Edition
102 pages
A Practical Guide To Secure and Harden Apache HTTP Server
No ratings yet
A Practical Guide To Secure and Harden Apache HTTP Server
26 pages
Nessus Lab V12nov07
No ratings yet
Nessus Lab V12nov07
6 pages
SQL Injection Lab
No ratings yet
SQL Injection Lab
11 pages
Practical PHP Security - Paper
No ratings yet
Practical PHP Security - Paper
25 pages
OWASP - Running WebGoat in LabRat
No ratings yet
OWASP - Running WebGoat in LabRat
7 pages
© 2018 Caendra, Inc. - Hera For PTP - SNMP Analysis
No ratings yet
© 2018 Caendra, Inc. - Hera For PTP - SNMP Analysis
13 pages
Department of Mathematics: Lab Engineer: Sara Mehmood
No ratings yet
Department of Mathematics: Lab Engineer: Sara Mehmood
7 pages
Computer and Network Security by Thomos
No ratings yet
Computer and Network Security by Thomos
60 pages
Submitted By-Anurag Deyasi Information Technology SSEC, Bhilai
No ratings yet
Submitted By-Anurag Deyasi Information Technology SSEC, Bhilai
39 pages
Chapter 23 Database Security
No ratings yet
Chapter 23 Database Security
11 pages
Vulnérabilities DVWA
0% (1)
Vulnérabilities DVWA
32 pages
1 Abstract: Both Host Names Are IP Addresses and Their Host Name Strings Match Exactly or
100% (1)
1 Abstract: Both Host Names Are IP Addresses and Their Host Name Strings Match Exactly or
20 pages
Database Security
No ratings yet
Database Security
26 pages
VPN General
No ratings yet
VPN General
55 pages
What Is Metasploit Framework and How To Use Metasploit
No ratings yet
What Is Metasploit Framework and How To Use Metasploit
17 pages
OWASP Top 10 2021 Complete Syllabus
No ratings yet
OWASP Top 10 2021 Complete Syllabus
5 pages
ISO 9001: 2008 Certified Company
No ratings yet
ISO 9001: 2008 Certified Company
50 pages
Linux Privilege Escalation Overview
No ratings yet
Linux Privilege Escalation Overview
21 pages
Immunity Debugger
No ratings yet
Immunity Debugger
10 pages
Web Application Security
No ratings yet
Web Application Security
48 pages
Oracle Database Security: Presented by Wilson Crider
No ratings yet
Oracle Database Security: Presented by Wilson Crider
94 pages
Module 04b Shellcode
No ratings yet
Module 04b Shellcode
25 pages
OpenVAS Metasploit
No ratings yet
OpenVAS Metasploit
15 pages
10 Web Application Security 20110827
No ratings yet
10 Web Application Security 20110827
57 pages
PHP Security Crash Course - 5 - Session Management
100% (5)
PHP Security Crash Course - 5 - Session Management
28 pages
Configure Audit Service To Send Audit Messages To Another Server
No ratings yet
Configure Audit Service To Send Audit Messages To Another Server
24 pages
File Upload
No ratings yet
File Upload
4 pages
Msfpayload
No ratings yet
Msfpayload
14 pages
Catastrophe
From Everand
Catastrophe
Warren Beatty
No ratings yet
Trackpad Ver. 2.0 Class 4
From Everand
Trackpad Ver. 2.0 Class 4
Nidhi Arora
No ratings yet
voter Information: Note 1: This Output Is Computer Generated and Is Provided Only For The Information To The Voter
No ratings yet
voter Information: Note 1: This Output Is Computer Generated and Is Provided Only For The Information To The Voter
1 page
Transcript of Proposal For SMART Motor Two Wheeler - Package Policy
No ratings yet
Transcript of Proposal For SMART Motor Two Wheeler - Package Policy
2 pages
Hotel VCHR Paris
No ratings yet
Hotel VCHR Paris
1 page
Employee Health Scheme Empanelled Hospitals List: WWW - Teachersbadi.in
No ratings yet
Employee Health Scheme Empanelled Hospitals List: WWW - Teachersbadi.in
15 pages
Advanced Linux-Chapter IX-Shell Script
No ratings yet
Advanced Linux-Chapter IX-Shell Script
24 pages
Installation Config
No ratings yet
Installation Config
584 pages
Enterprise Network Implementation
No ratings yet
Enterprise Network Implementation
19 pages
IBM Tivoli Storage Manager For Databases Data Protection For Oracle For UNIX and Linux Installation and User's Guide Version 5.4.1
No ratings yet
IBM Tivoli Storage Manager For Databases Data Protection For Oracle For UNIX and Linux Installation and User's Guide Version 5.4.1
116 pages
Linux High Availability Cluster Selection
No ratings yet
Linux High Availability Cluster Selection
34 pages
Linux Softwares and Use
No ratings yet
Linux Softwares and Use
28 pages
Linux High Availability Cluster Selection
No ratings yet
Linux High Availability Cluster Selection
34 pages
Case Study of Linux - Linux Kernel Version 2.6
No ratings yet
Case Study of Linux - Linux Kernel Version 2.6
23 pages