...demonstration. Part #1 Apply Hardened Security for Linux Services & Applications Learning Objectives and Outcomes Upon completing this lab, students will learn about the following tasks: * Harden Linux server services when enabling and installing them, and keep a security perspective during configuration * Create an Apache Web Server installation and perform basic security configurations to assure that the system has been hardened before hosting a web site * Configure and perform basic security for a MySQL database, understanding the ramifications of a default installation and recommending hardening steps for the database instance * Install, setup and perform basic security configuration for Sendmail to be able to leverage the built-in messaging capabilities of the Linux System * Enable and implement secure SSH for encrypted remote access over the network or across the Internet of a Linux server system Overview This lab is an extension of the previous hands-on labs, and it incorporates security hardening for Linux services and applications loaded in the physical server. This demonstration will configure security and hardened services and applications to ensure C-I-A of these services. It will take the steps to configure and secure an Apache web server and MySQL database and the components necessary to security harden the implementation of both. The students will also see how to use and configure the Sendmail application for secure local messaging...
Words: 2020 - Pages: 9
...is a dedicated system or appliance that sits in the network and segments an "internal" network from the "external" Internet. Most home or SOHO networks use an appliance-based device for broadband connectivity that includes a built-in firewall. Following is the description of three most important type of firewalls Personal Firewalls Personal firewalls are designed to protect a single host. They can be viewed as a hardened shell around the host system, whether it is a server, desktop, or laptop. Typically, personal firewalls assume that outbound traffic from the system is to be permitted and inbound traffic requires inspection. By default, personal firewalls include various profiles that accommodate the typical traffic a system might see. For example, Zone Alarm has low, medium, and high settings that allow almost all traffic, selected traffic, or nearly no traffic, respectively, through to the protected system. In a similar vein, IP Tables. which you can set up as a personal firewall as well as in a network firewall role during the setup of the Linux system, enables the installer to choose the level of protection for the system and the customization for ports that do not fall into a specific profile. One important consideration with personal firewalls is centralized management. Some vendors have identified that a significant barrier to deployment of personal firewall on every end system is the need for centralized management so that policies can be developed and applied...
Words: 1326 - Pages: 6
...Fedora 12 Security-Enhanced Linux User Guide Murray McAllister Scott Radvan Daniel Walsh Dominick Grift Eric Paris James Morris Security-Enhanced Linux Fedora 12 Security-Enhanced Linux User Guide Edition 1.4 Author Author Author Author Author Author Copyright © 2009 Red Hat, Inc. Copyright © 2009 Red Hat, Inc. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. For guidelines on the permitted uses of the Fedora trademarks, refer to https://fedoraproject.org/wiki/ Legal:Trademark_guidelines. Linux® is the registered trademark of Linus Torvalds in the United States and other countries. All other trademarks are the property of their respective owners...
Words: 26838 - Pages: 108
...securing a network server utilized primarily for data storage and internal application sharing as well as for securing numerous desktop computers connected to the network. Describe the access control that you would put in place for each and explain why. The more valuable your data, the more effort you should put into securing your firm's network servers. The following areas will help to maintain a server on the network. Firewall: It's important to ensure your server's built-in firewall is running and that you are also using at least one level of network firewall. This may be something as simple as a firewall on the router attached to the server. Placing a server on a network without a firewall is like leaving the front door wide open. Once the firewall is running, the next step is to turn off every port you don't need. If you are not using the port, you don't need it open on the firewall. Hardening: Getting the firewall running is only a start. A critical step is "hardening" the system. This is the process of trimming the machine of every piece of software it doesn't need to complete its assigned task. Every single piece of software is going to have an exploit. You want to reduce the machine down to the necessities to increase the security. This means removing software from the server box. If, for example, the machine is an e-mail server, then delete all office productivity applications, the Web browser, even games and utilities. In short, everything that does...
Words: 1826 - Pages: 8
...Proceedings of the 44th Hawaii International Conference on System Sciences - 2011 Cloud Hooks: Security and Privacy Issues in Cloud Computing Wayne A. Jansen, NIST Abstract In meteorology, the most destructive extratropical cyclones evolve with the formation of a bent-back front and cloud head separated from the main polar-front, creating a hook that completely encircles a pocket of warm air with colder air. The most damaging winds occur near the tip of the hook. The cloud hook formation provides a useful analogy for cloud computing, in which the most acute obstacles with outsourced services (i.e., the cloud hook) are security and privacy issues. This paper identifies key issues, which are believed to have long-term significance in cloud computing security and privacy, based on documented problems and exhibited weaknesses. • applications can be developed upon and deployed. It can reduce the cost and complexity of buying, housing, and managing hardware and software components of the platform. Infrastructure-as-a-Service (IaaS) enables a software deployment model in which the basic computing infrastructure of servers, software, and network equipment is provided as an on-demand service upon which a platform to develop and execute applications can be founded. It can be used to avoid buying, housing, and managing the basic hardware and software infrastructure components. 1. Introduction Cloud computing has been defined by NIST as a model for enabling convenient, on-demand...
Words: 7808 - Pages: 32
...Table of Contents Beginning Red Hat Linux 9 ...............................................................................................................................1 Introduction.........................................................................................................................................................4 Who Is This Book For?...........................................................................................................................4 What You Need to Use This Book.........................................................................................................4 What Is Linux? ........................................................................................................................................5 Linus Torvalds and the Birth of Linux.............................................................................................5 Why Choose Linux?.........................................................................................................................6 What Is Red Hat Linux 9?................................................................................................................7 What Is Covered in This Book?..............................................................................................................8 Conventions in This Book......................................................................................................................9 Customer Support...............
Words: 155032 - Pages: 621
...WATERWORLD WATERPARKS Information Security Policy Version 1.0 Revision 191 Approved by John Smothson Published DATE March 23, 2011 CONFIDENTIAL/SENSITIVE INFORMATION This document is the property of WATERWORLD WATERPARKS. It contains information that is proprietary, confidential, sensitive or otherwise restricted from disclosure. If you are not an authorized recipient, please return this document to WATERWORLD WATERPARKS, Attention: IT Director. Dissemination, distribution, copying or use of this document in whole or in part by anyone other than the intended recipient is strictly prohibited without prior written permission of WATERWORLD WATERPARKS Executive Management. Revision History Changes | Approved By | Date | Initial Publication | John Smothson | 3-23-2011 | | | | | | | | | | | | | | | | | | | | | | | | | | | | Table of Contents 1 Introduction and Scope 8 1.1 Introduction 8 1.2 Payment Card Industry (PCI) Compliance 8 1.3 Scope of Compliance 8 2 Policy Roles and Responsibilities 10 2.1 Policy Applicability 10 2.2 Information Technology Manager 10 2.3 Information Technology Department 11 2.4 System Administrators 12 2.5 Users – Employees, Contractors, and Vendors 12 2.6 Human Resource Responsibilities 12 2.6.1 Information Security Policy Distribution 13 2.6.2 Information Security Awareness Training 13 2.6.3 Background Checks 13 3 IT Change Control Policy 15 3.1 Policy Applicability and Overview 15 3.2 Change Request Submittal...
Words: 28277 - Pages: 114
...CHAPTER Firewall Fundamentals 2 T o some network administrators, a firewall is the key component of their infrastructure’s security. To others, a firewall is a hassle and a barrier to accomplishing essential tasks. In most cases, the negative view of firewalls stems from a basic misunderstanding of the nature of firewalls and how they work. This chapter will help dispel this confusion. This chapter clearly defines the fundamentals of firewalls. These include what a firewall is, what a firewall does, how it performs these tasks, why firewalls are necessary, the various firewall types, and filtering mechanisms. Once you understand these fundamentals of firewalls, you will be able to look beyond the unschooled opinions, common mythology, and marketing hype surrounding them, and the crucial benefits of effective firewall architecture will become clear. Like any tool, firewalls are useful in solving a variety of problems and in supporting essential network security. Chapter 2 Topics This chapter covers the following topics and concepts: • What a firewall is • Why you need a firewall • How firewalls work and what they do • What the basics of TCP/IP are • What the types of firewalls are • What ingress and egress filtering is • What the types of firewall filtering are • What the difference between software and hardware firewalls is • What dual-homed and triple-homed firewalls are • What the best placement of a firewall is 43 Chapter 2 Goals When you complete...
Words: 15367 - Pages: 62
...CHaPTer Firewall Fundamentals 2 T O SOME NETWORK ADMINISTRATORS, A FIREWALL is the key component of their infrastructure’s security. To others, a fi rewall is a hassle and a barrier to accomplishing essential tasks. In most cases, the negative view of fi rewalls stems from a basic misunderstanding of the nature of fi rewalls and how they work. This chapter will help dispel this confusion. This chapter clearly defi nes the fundamentals of fi rewalls. These include what a fi rewall is, what a fi rewall does, how it performs these tasks, why fi rewalls are necessary, the various fi rewall types, and fi ltering mechanisms. Once you understand these fundamentals of fi rewalls, you will able to look beyond the unschooled opinions, common mythology, and marketing hype surrounding them, and the crucial benefi ts of effective fi rewall architecture will become clear. Like any tool, fi rewalls are useful in solving a variety of particular problems and in supporting essential network security. Chapter 2 Topics This chapter will cover the following topics and concepts: • What a fi rewall is • Why you need a fi rewall • How fi rewalls work and what they do • What the basics of TCP/IP are • What the types of fi rewalls are • What ingress and egress fi ltering is • What the types of fi rewall fi ltering are • What the difference between software and hardware fi rewalls is • What dual-homed and triple-homed fi rewalls...
Words: 15354 - Pages: 62
...CHaPTer Firewall Fundamentals 2 T O SOME NETWORK ADMINISTRATORS, A FIREWALL is the key component of their infrastructure’s security. To others, a fi rewall is a hassle and a barrier to accomplishing essential tasks. In most cases, the negative view of fi rewalls stems from a basic misunderstanding of the nature of fi rewalls and how they work. This chapter will help dispel this confusion. This chapter clearly defi nes the fundamentals of fi rewalls. These include what a fi rewall is, what a fi rewall does, how it performs these tasks, why fi rewalls are necessary, the various fi rewall types, and fi ltering mechanisms. Once you understand these fundamentals of fi rewalls, you will able to look beyond the unschooled opinions, common mythology, and marketing hype surrounding them, and the crucial benefi ts of effective fi rewall architecture will become clear. Like any tool, fi rewalls are useful in solving a variety of particular problems and in supporting essential network security. Chapter 2 Topics This chapter will cover the following topics and concepts: • What a fi rewall is • Why you need a fi rewall • How fi rewalls work and what they do • What the basics of TCP/IP are • What the types of fi rewalls are • What ingress and egress fi ltering is • What the types of fi rewall fi ltering are • What the difference between software and hardware fi rewalls is • What dual-homed and triple-homed fi rewalls...
Words: 15354 - Pages: 62
...This page was intentionally left blank This page was intentionally left blank Hands-On Ethical Hacking and Network Defense Second Edition Michael T. Simpson, Kent Backman, and James E. Corley ———————————————————————— Australia • Brazil • Japan • Korea • Mexico • Singapore • Spain • United Kingdom • United States Copyright 2010 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. This is an electronic version of the print textbook. Due to electronic rights restrictions, some third party content may be suppressed. Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. The publisher reserves the right to remove content from this title at any time if subsequent rights restrictions require it. For valuable information on pricing, previous editions, changes to current editions, and alternate formats, please visit www.cengage.com/highered to search by ISBN#, author, title, or keyword for materials in your areas of interest. Copyright 2010 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated...
Words: 185373 - Pages: 742
...Splunk Enterprise and your machine data to deliver new levels of visibility, insight and intelligence for IT and the business. wire data, web servers, custom applications, application servers, hypervisors, GPS systems, stock market feeds, social media, sensors and preexisting structured databases. It gives you a real-time understanding of what’s happening and deep analysis of what’s happened across your IT systems and technology infrastructure, so you can make informed decisions. Splunk Enterprise has many critical uses across IT and the business: Application Delivery: provide end-to-end visibility across distributed infrastructures; troubleshoot across application environments; monitor for performance degradation; trace transactions across distributed systems and infrastructure Security, Compliance and Fraud: provide rapid incident response, real-time correlation and in-depth monitoring across data sources; conduct statistical analysis for advance pattern detection and threat defense Infrastructure and Operations Management: proactively monitor across IT silos to ensure uptime; rapidly pinpoint and resolve problems; identify infrastructure service relationships, establish baselines and create analytics to report on SLAs or track SLAs of service providers Business Analytics: gain visibility and intelligence on customers, services and transactions; identify trends and patterns in real time; fully understand the impact of...
Words: 8030 - Pages: 33
...Operating system : An operating system (OS) is a collection of software that manages computer hardware resources and provides common services for computer programs. The operating system is an essential component of the system software in a computer system. Application programs usually require an operating system to function. Time-sharing operating systems schedule tasks for efficient use of the system and may also include accounting software for cost allocation of processor time, mass storage, printing, and other resources. For hardware functions such as input and output and memory allocation, the operating system acts as an intermediary between programs and the computer hardware, although the application code is usually executed directly by the hardware and will frequently make a system call to an OS function or be interrupted by it. Operating systems can be found on almost any device that contains a computer—from cellular phones and video game consoles to supercomputers and web servers. Examples of popular modern operating systems include Android, BSD, iOS, Linux, OS X, QNX, Microsoft Windows, Windows Phone, and IBM z/OS. All these, except Windows, Windows Phone and z/OS, share roots in UNIX. Smartphone A Smartphone, or smart phone, is a mobile phone built on a mobile operating system, with more advanced computing capability and connectivity than a feature phone. The first smartphones combined the functions of a personal digital assistant (PDA), including email...
Words: 15551 - Pages: 63
...Abstract Cloud computing promises to increase the velocity with which applications are deployed, increase innovation, and lower costs, all while increasing business agility. Sun takes an inclusive view of cloud computing that allows it to support every facet, including the server, storage, network, and virtualization technology that drives cloud computing environments to the software that runs in virtual appliances that can be used to assemble applications in minimal time. This white paper discusses how cloud computing transforms the way we design, build, and deliver applications, and the architectural considerations that enterprises must make when adopting and using cloud computing technology. This page intentionally left blank. Sun Microsystems, Inc. Table of Contents Introduction................................................................................................... 1 Sun’s perspective ................................................................................................ 1 The Nature of Cloud Computing ....................................................................... 3 Building on established trends............................................................................. 3 Virtual machines as the standard deployment object ........................................ 3 The on-demand, self-service, pay-by-use model ................................................. 4 Services are delivered over the network......................................
Words: 11952 - Pages: 48
...Mertsaloff/Shutterstock Interior Design: Octopod Studios Developmental Editor: William Pollock Technical Reviewer: Jason Oliver Copyeditor: Pamela Hunt Compositor: Susan Glinert Stevens Proofreader: James Fraleigh Indexer: Nancy Guenther For information on distribution, translations, or bulk sales, please contact No Starch Press, Inc. directly: No Starch Press, Inc. 245 8th Street, San Francisco, CA 94103 phone: 415.863.9900; fax: 415.863.9950; info@nostarch.com; www.nostarch.com Library of Congress Cataloging-in-Publication Data Weidman, Georgia. Penetration testing : a hands-on introduction to hacking / Georgia Weidman. pages cm Includes index. ISBN 978-1-59327-564-8 (paperback) -- ISBN 1-59327-564-1 (paperback) 1. Penetration testing (Computer security) 2. Kali Linux. 3. Computer hackers. QA76.9.A25W4258 2014 005.8'092--dc23 2014001066 I. Title. No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the benefit of the trademark owner, with no...
Words: 117203 - Pages: 469