4.how To Secure A Network With Linux
4.how To Secure A Network With Linux
Securing a network with Linux involves knowing techniques for how to:
• Message of the day file – /etc/motd. This is displayed with a user logs
inl
• /etc/issue: displayed before login prompt on the Linux console.
If you are running SystemD can displaying the services that are currently
running on your system with systemctl:
Screenshot of output from running systemctl on Linux.
Obviously not everything listed in the image above is a network services, but
you have some understanding of what is running on your system.
• systemctl stop
o Stopping a service stops it for now, but it will restart when the
system rebootts/restarts.
• systemctl disable SERVICE
o Prevents a system from restarting when the system
reboots/restarts.
Using the netstat will let you see which services are running.
In the image below, we run the netstat command, as sudo, with a number of
flags (nutlp).
Running the netstat command on Linux to view the listening programs.
In the image above, the following flags were used:
Port Scanning
Another way to see if something is listening on your system is to run a port
scan using something like nmap.
Running the lsof command to show the established and listening network connections.
• Now that we know the path that packets take through the system, you
can start creating rules and putting them in tables and chains
• Rules are comprised of a match and a target.
o Rules = Match + Target
● You can match a packet several different ways.
▪ Match on:
○ Protocol
○ Source/Dest IP or network
○ Source/Dest Port
○ Network interface that a packet comes in or out of the
system on.
○ You can make simple rules, or more complex one by using
a one criteria like this:
▪ protocol: TCP, source IP: 8.1.3.4, dest port: 80
▪ This rule matches TCP packets from the IP address
8.1.3.4 address and are destined for port 80. If a
packet doesn’t match all three rules, it is not
considered a match and the packet is examined by
the next rule in the chain.
Firewall Targets