Transcript Networking & Security

Linux:
Networking & Security
Feng Gao
104504
2000-08-31
Objective (1)
Give an overview of the networking capacities of
the Linux OS
Networking protocols
Capacity for file sharing & printing
Capacity for Internet/Intranet services
Capacity for remote execution of application
Capacity for acting as network interconnection
Capacity for network management
Objective (2)
Talk about some security tools for Linux network
Monitoring tools
Network services
System integrity
Management & limitation
Brief Introduction of Linux OS
 A Unix like operating system
 Completely open source code
no royalty or licensing fees
the source code can be modified to fit users’ needs




Fast, powerful, and extremely stable
Cross hardware and platform
Tons of application software
Created by and for the Internet
Why Linux is a choice for network
 Cheap & portable
Ideal for many small to medium businesses
 Open source code
Tons of applications are freely available
Modifiable whenever/wherever needed
 Robustness
Who uses Linux?
Besides ISPs and other Web companies, the following
companies had some Linux servers installed in 1997.
Ford Motor Co.
NASA
Disney
General Electric
IRS
UPS
NASDAQ
Boeing
many leading US
Universities
Used for gateways, routers, file and print servers,
database servers, computation servers, development
servers, CAD, besides being used as Web servers.
Part I
Linux Networking
Network protocols
supported by Linux
 TCP/IP
 IPv6 ( IP version 6 )
 IPX/SPX
 AppleTalk Protocol
 WAN networking Protocols
 Isdn4linux
 PPP, SLIP, PLIP
 ATM
 More 
File sharing and printing
Sharing with Apple environment
using AppleTalk family protocols ( NetaTalk)
Sharing with Windows environment
using Samba ( an implementation of SMB protocol)
Sharing with Novell environment
using IPX/SPX
Sharing with Unix environment
using NFS ( Network File system)
Internet / Intranet services
Mail
Mail Servers ( eg.Sendmail, smail, qmail, etc.)
Remote access to mail (POP, IMAP)
Fetchmail
Web Servers
Apache
Stable, Robust
Yahoo, Altavista, Geocities, Hotmail are based on this server
Internet/Intranet services
Web Browsers
Netscape Navagator, Mozilla , lynx, etc.
FTP servers & clients
News service
Domain Name System ( DNS )
NIS ( Network Information Service )
(cont’)
Remote execution of application
Telnet
Use a remote computer as if just at the site
Remote commands
Execution of a command on a remote machine
The X window system
The X server controls the display and I/O
The X client do the real computing work
VNC ( Virtual Network Computing)
eg. Execute in a Windows machine and output
displayed in a Linux machine
Acting as Network Interconnection
Bridge
Router
Firewall
Proxy Server
IP Masquerade
Load Balancing
Traffic Shaping
Port Forwarding
Virtual private
networks
Network Management
Network management applications
Webmin
Linuxconf
SNMP (Simple Network Management Protocol )
allows for remote monitoring and configuration of
routers, bridges , network cards, switches …
Part II
Security tools
for Linux network
Monitoring tools
Scan to determine if the machine is vulnerable
to a specific exploit on that server
Connect to target machine on all ports they can
Help to fix the found problems
Examples:
SATAN ( Security Administrator’s Tool for Analyzing
Networks )
ISS( Internet Security Scaner )
SAINT ( updated version of SATAN )
Nessus, xSid, Logcheck, PortSentry
Network Services
Problem
The more services the system offers, the more places
for attackers to find a hole
Network Services
(cont’)
Strategy
Disable or remove services not needed
Use tcp_wrappers to wrap all the TCP services
Use SSH to replace old, insecure remote programs
such as telnet, rlogin, rdist, rcp
SSH
A secure login program that revolutionized remote
management of networks hosts over the Internet
A powerful program that uses strong cryptography
for protecting all transmitted confidential data
System integrity
Problem
A typical Linux server handles about 30,400 files
In its busy times administrators can’t check the
integrities of all system files
A cracker can easily install or modify some files
System Integrity ( cont’ )
Security tools
Tripwire
Tripwire ASR ( Academic Source Release )
Create a database first  Check the integrity of a
system at any time  Compare the current system
and the stored database  Find if malicious changes
exist
Management & Limitation
GnuPG
A tool for secure communication and data storage
Can be used to encrypt data and create digital
signatures
Quota
A system administration tool for monitoring and
limiting users’ and groups’ disk usage
With quota, the users are forced by the system
administrator to not consume unlimited disk space on
a system
Summary
We’ve talked about:
The network capacities of Linux OS :
Support of many network protocols
File sharing and printing
Internet / Intranet Services
Remote execution of application
Acting as network interconnection
Network managemet
Summary
Also talked about:
Some security tools for Linux network:
Monitoring tools
Network services
System integrity
Management & Limitation