nV News Forums

 
 

nV News Forums (http://www.nvnews.net/vbulletin/index.php)
-   Networking And Security (http://www.nvnews.net/vbulletin/forumdisplay.php?f=58)
-   -   Securing Linux (http://www.nvnews.net/vbulletin/showthread.php?t=97006)

grey_1 08-21-07 08:00 PM

Securing Linux
 
Pretty straight forward. So many of the tutorials and suggestions I find are out of date or at odds with each other.

I'll have two linux and 1 win box on a small home network, and would like some suggested reading tips on the best way to really start becoming familiar with security on these things.

Thanks in advance.

evilghost 08-21-07 08:18 PM

Re: Securing Linux
 
The first thing you need to do is disable unneeded listening daemons. I usually do this by issuing a "netstat -apvtul" which means "all program verbose tcp udp listening". Identify what you don't need and disable that daemon. There's various ways to do this, on a Debian system, I find it easy to just "cd /etc/init.d" and "update-rc.d -f [daemon] remove". RedHat based systems you can use "sysvinit".

The second thing you need to do is establish a good ingress (inbound) and egress (outbound) firewall policy. Things like FireStarter can allow you to configure iptables via GUI, however, I find it better to actually understand iptables so you can configure it manually.

I've got much more to say but I need to determine the context. For example, do you allow SSH inbound? If so, you can use keybased authentication, don't permit root login, only use protocol version 2, change the default listen port, and use something like fail2ban to prevent brute force attacks. You can also use port-knocking.

grey_1 08-21-07 08:35 PM

Re: Securing Linux
 
Quote:

Originally Posted by evilghost
The first thing you need to do is disable unneeded listening daemons. I usually do this by issuing a "netstat -apvtul" which means "all program verbose tcp udp listening". Identify what you don't need and disable that daemon. There's various ways to do this, on a Debian system, I find it easy to just "cd /etc/init.d" and "update-rc.d -f [daemon] remove". RedHat based systems you can use "sysvinit".

The second thing you need to do is establish a good ingress (inbound) and egress (outbound) firewall policy. Things like FireStarter can allow you to configure iptables via GUI, however, I find it better to actually understand iptables so you can configure it manually.

I've got much more to say but I need to determine the context. For example, do you allow SSH inbound? If so, you can use keybased authentication, don't permit root login, only use protocol version 2, change the default listen port, and use something like fail2ban to prevent brute force attacks. You can also use port-knocking.

Thanks eg! This is exactly the type of stuff I'm looking for.

Removing the daemons not a problem, the iptables I want to learn. Time to get past the 'button monkey' stage. :D

SSH inbound will be allowed, but only temporarily so I can gain a passing familiarity with it.

Fail2ban I had to google. I like it, are there any limitations on updating it's ip list...er...updating the iptables?

I feel like a kid at christmas. I should have the third rig up tomorrow, + my laptop will be used now and again, through a linksys BEFSR41 I was given, seems nice and pretty configurable. Heh, got to learn that too!

evilghost 08-21-07 08:41 PM

Re: Securing Linux
 
I use fail2ban, it's quite powerful, I use it to detect 404 and 401 errors on my webserver and ban them immediately, if they connect to an IP and not a vhost. It works very well at mitigating the brute-force and script-kiddie attacks. I also use it for SSH, but again, I run it on a high TCP port, not TCP 22, and I don't see brute force attacks. That, and I'm using key-based authentication, not password authentication.

OSSEC-HIDS is a great IDS for a local machine and it's log analysis engine is outstanding; think of it as Snort for logs.

There's tons of information I can give but it's hard to 'dd if=/dev/evilghost of=/dev/grey_1' without knowing what's applicable to you.

evilghost 08-21-07 08:45 PM

Re: Securing Linux
 
I also watch security trends, vulnerabilities, and issues via RSS. I use liferea and I'd be more than happy to share my RSS subscriptions with you.

grey_1 08-21-07 08:50 PM

Re: Securing Linux
 
Quote:

Originally Posted by evilghost
I use fail2ban, it's quite powerful, I use it to detect 404 and 401 errors on my webserver and ban them immediately, if they connect to an IP and not a vhost. It works very well at mitigating the brute-force and script-kiddie attacks. I also use it for SSH, but again, I run it on a high TCP port, not TCP 22, and I don't see brute force attacks. That, and I'm using key-based authentication, not password authentication.

OSSEC-HIDS is a great IDS for a local machine and it's log analysis engine is outstanding; think of it as Snort for logs.

There's tons of information I can give but it's hard to 'dd if=/dev/evilghost of=/dev/grey_1' without knowing what's applicable to you.

Lol, I got a kick out of that.

Basically my main rig running Deb, my second box running deb, my wifes winpc.

My second rig is going to be my learning box...starting with the security, then file sharing, server set up etc. I'm not worried about breaking the install on it. This entire setup is a learning exercise for me, the more the better, as it's very pertinent to my career as well as personal gratification from learning as much as I can.

A formal college would be best, but families needs are still priority with me. :) Ergo my plea to MikeC for this forum.

grey_1 08-21-07 08:52 PM

Re: Securing Linux
 
Quote:

Originally Posted by evilghost
I also watch security trends, vulnerabilities, and issues via RSS. I use liferea and I'd be more than happy to share my RSS subscriptions with you.

I'm interested, although I'm not sure I would understand what I'm reading at this point.

Lol, I'll pretty much be full time linux soon as I finish Bioshock :D so the learning will be faster.

evilghost 08-22-07 07:41 AM

Re: Securing Linux
 
I use the following RSS feeds:
Security Viewpoints - http://feeds.feedburner.com/advosys/viewpoints
Milw0rm - http://www.milw0rm.com/rss.php
Stephen Esser's PHP Security Blog - http://blog.php-security.org/feeds/categories/1-PHP.rss
SecuriTeam - http://www.securiteam.com/securiteam.rss
Packet Storm Security (last files) - http://packetstormsecurity.org/last.xml
SANS ISC - http://iscxml.sans.org/rssfeed_full.xml
SANS ISC SecNewsFeed - http://iscxml.sans.org/newssummary.xml
eEye Digital Security - Zero-Day Tracker - http://research.eeye.com/rss/zeroday.rss

evilghost 08-22-07 07:43 AM

Re: Securing Linux
 
Quote:

Originally Posted by grey_1
A formal college would be best, but families needs are still priority with me. :) Ergo my plea to MikeC for this forum.

In the security industry there's little value in formal education because:
1) The instructors usually don't understand the material themselves.
2) The material is outdated
3) Practical experience is more job valuable.

DiscipleDOC 08-22-07 08:36 AM

Re: Securing Linux
 
Quote:

Originally Posted by evilghost
There's tons of information I can give but it's hard to 'dd if=/dev/evilghost of=/dev/grey_1' without knowing what's applicable to you.

I use this command (or a variation) to zero out hard drives when we reimage them....

Quote:

Originally Posted by evilghost
In the security industry there's little value in formal education because:
1) The instructors usually don't understand the material themselves.
2) The material is outdated
3) Practical experience is more job valuable.

QFT. It's hard to get an education on cutting edge technology.

grey_1 08-22-07 01:51 PM

Re: Securing Linux
 
Quote:

Originally Posted by evilghost
In the security industry there's little value in formal education because:
1) The instructors usually don't understand the material themselves.
2) The material is outdated
3) Practical experience is more job valuable.

Good to hear, all the more reason to dig in here. I'll be back bugging you for help once I have this set up. :D


Thanks Bro.

nekrosoft13 08-23-07 10:11 AM

Re: Securing Linux
 
Quote:

Originally Posted by evilghost
The first thing you need to do is disable unneeded listening daemons. .


linux got DEMONS!!,



..... runs away..........


All times are GMT -5. The time now is 06:58 AM.

Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright 1998 - 2014, nV News.