Premium Essay

Apply Hardening Security for Linux

In:

Submitted By mozurjus
Words 393
Pages 2
1. When configuring services, what Linux directory typically contains server configuration files? cn=config is the is the subtree location where the default configuration is stored as a series of LDAP entries.

2. What command disables remote access to the MySQL Database? Is this a security hardening best practice?
Remote access is disabled by default. Hardening security is recommended by installing the whole security package: Antivirus and Antispam, Firewall, and all of the security packages recommended by your operating system.

3. What is a Linux runlevel for a specific service or application? What command allows you to define the runlevel for a service or application?
Runlevel 0 = halt
Runlevel 1 = Single user mode
Runlevel 2 = Basic multi-user mode (without networking)/User defineable
Runlevel 3 = Full (text based) multi-user mode/Mulit-user mode
Runlevel 4 = Not used
Runlevel 5 = Full (GUI based) multi-user mode/Full multi-user mode
Runlevel 6 = reboot
/etc/rc.d

4. What is the Apache Web Server? Review the /etc/httpd/conf/httpd.conf configuration file, and point out a setting that could enhance security.
The worlds most popular Web server. mod_reqtimeout.c = Set timeout and minimum data rate for receiving requests/set this to RequestReadTimeout header=10 body=30 (Allow 10 seconds to receive the request including the headers and 30 seconds for receiving the request body)

5. OpenSSH is the de facto method to remotely access Linux systems. Explain why the use of telnet is discouraged.
Passwords are sent in plain text using telnet, where SSH it was encrypted.

6. What are Symbolic links?
A symbolic link (soft link), is a special kind of file that points to another file (eg. shortcut).

7. Why is it recommended to disable Symbolic Links in MySQL?
So that the databases cannot me moved to another location (You can move databases or

Similar Documents

Free Essay

Securing Linux Lab Assignment

...DEMO LAB > then click the hyperlink to launch the demonstration. Part #1 Apply Hardened Security for Linux Services & Applications Learning Objectives and Outcomes Upon completing this lab, students will learn about the following tasks: * Harden Linux server services when enabling and installing them, and keep a security perspective during configuration * Create an Apache Web Server installation and perform basic security configurations to assure that the system has been hardened before hosting a web site * Configure and perform basic security for a MySQL database, understanding the ramifications of a default installation and recommending hardening steps for the database instance * Install, setup and perform basic security configuration for Sendmail to be able to leverage the built-in messaging capabilities of the Linux System * Enable and implement secure SSH for encrypted remote access over the network or across the Internet of a Linux server system Overview This lab is an extension of the previous hands-on labs, and it incorporates security hardening for Linux services and applications loaded in the physical server. This demonstration will configure security and hardened services and applications to ensure C-I-A of these services. It will take the steps to configure and secure an Apache web server and MySQL database and the components necessary to security harden the implementation of both. The students will also see how to use and configure...

Words: 2020 - Pages: 9

Premium Essay

Install a Core Linux Operating System on a Server

...hyperlink to launch the demonstration. Part # 1 Install a Core Linux Operating System on a Server Learning Objectives and Outcomes Upon completing this lab, students should know more about the following tasks: * Install a base Linux operating system using a Fedora core Linux server for production use on the VM server farm * Create secured partitions within the core Linux server for desired security hardening, performance, and application support * Enable a network time server during installation to maintain a synchronized time setting throughout the system * Set a hostname that is descriptive of the role of the server to maintain standard and concise naming conventions during installation * Create a non-privileged user account for system administration access as a secure alternative to logging in as root user Overview In this lab the students will see how to install and partition a Fedora Core Linux Server. The installation process, applying passwords, creating partitions, and system administrator access controls will be part of the operating system configuration requirements. The demonstration will show how to use the terminal or terminal emulator for command line configurations and implementation. Lab Assessment Questions & Answers 1. During the install, the option to sync with a NTP (Network Time Protocol) server was checked. From a security perspective, why is it important for a system to keep accurate time...

Words: 1168 - Pages: 5

Premium Essay

Is3440 Linux Security Lab 1

...# 1 Install a Core Linux Operating System on a Server Learning Objectives and Outcomes Upon completing this lab, students should know more about the following tasks: * Install a base Linux operating system using a Fedora core Linux server for production use on the VM server farm * Create secured partitions within the core Linux server for desired security hardening, performance, and application support * Enable a network time server during installation to maintain a synchronized time setting throughout the system * Set a hostname that is descriptive of the role of the server to maintain standard and concise naming conventions during installation * Create a non-privileged user account for system administration access as a secure alternative to logging in as root user Overview In this lab the students will see how to install and partition a Fedora Core Linux Server. The installation process, applying passwords, creating partitions, and system administrator access controls will be part of the operating system configuration requirements. The demonstration will show how to use the terminal or terminal emulator for command line configurations and implementation. Lab Assessment Questions & Answers 1. During the install, the option to sync with a NTP (Network Time Protocol) server was checked. From a security perspective, why is it important for a system to keep accurate time? In a security perspective it is important...

Words: 1494 - Pages: 6

Premium Essay

Test

...Technical Institute IS3340 Windows Security Onsite Course SYLLABUS Credit hours: 4.5 Contact/Instructional hours: 60 (30 Theory Hours, 30 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisite: NT2580 Introduction to Information Security or equivalent Course Description: This course examines security implementations for a variety of Windows platforms and applications. Areas of study include analysis of the security architecture of Windows systems. Students will identify and examine security risks and apply tools and methods to address security issues in the Windows environment. Windows Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas:    Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program:    IS4799 NT2799 IS4670 ISC Capstone Project Capstone ProjectCybercrime Forensics NSA    NT2580 NT2670  Introduction to  Information Security IS4680 IS4560 NT2580 NT2670 Email and Web Services Hacking and Introduction to  Security Auditing for Compliance Countermeasures Information Security Email and Web Services      NT1230 NT1330 Client-Server Client-Server  Networking I Networking II  IS3230 IS3350 NT1230 NT1330  Issues Client-Server Client-Server  SecurityContext in Legal Access Security Networking I Networking II   NT1110 ...

Words: 2305 - Pages: 10

Premium Essay

Configure Basic Security Controls on a Linux Server

...Configure Basic Security Controls on a Fedora Linux Server The students are required to submit their lab assignment answers through this website. All lab assignment questions listed are for each course's week lab activity. This may be a theory based or lab based activity. Lab assessment results and answers are due at the beginning of class the following week. Students are encouraged to perform and submit their lab assessment results immediately upon completion of the lab activity or prior to the due date. During this lab students will properly secure a Linux server system. They will perform steps to secure the bootloader, enable iptables and run SELinux to help lock down the Linux OS. The students will also apply ACLs to directories and files and then check those ACLs and permissions on the system. To accomplish the lab assignment below, students will need to obtain a copy of the Fedora Image provided to you by the Substitute Instructor and complete a basic VMware installation of Fedora. The questions in the lab book will be based on the installation experience. Assigned Pages: 10-26 Questions: 1 through 10. This assignment is due by the beginning of class for Unit 3. 1. What is GRUB and why is it important to lock it down? GRUB stands for Grand Unified Bootloader (1 of 2 boot menus' for the operating system) which is important to lock down is for security reasons. These reasons include being used to start other operating systems (eg. other versions of Linux or Microsoft...

Words: 745 - Pages: 3

Premium Essay

Linux

...Review Questions Chapter 6: Host Hardening 1. To know how to install an operating system with secure configuration options, you would use a... a. security baseline b. standard c. security template d. wizard 2. A systems administrator’s main role is to… a. manage a network b. implement security baseline on servers c. None of the above 3. In a Windows network, which of the following could be used to implement security measures on multiple computers through a domain? a. Policy Maker b. GPO c. Domain ACL 4. LINUX distributions are standardized which makes them easier to manage a. True b. False 5. Which of the following is true? a. A particular version of UNIX will offer multiple user interfaces. b. All UNIX user interfaces are command line interfaces c. Both of the above. d. Neither a. nor b. 6. UNIX command-line interfaces are called _____. a. versions b. distributions c. GUIs d. shells e. windows 7. Routers are sometimes hosts. a. True. b. False 8. Cisco’s operating system for its routers and most of its managed switches is... a. IOS b. UNIX c. LINUX d. Windows 9. To apply patches in Windows 2000 and later versions of Windows, you choose an option on the _______ menu. a...

Words: 445 - Pages: 2

Premium Essay

Information Security Policy

...WATERWORLD WATERPARKS Information Security Policy Version 1.0 Revision 191 Approved by John Smothson Published DATE March 23, 2011 CONFIDENTIAL/SENSITIVE INFORMATION This document is the property of WATERWORLD WATERPARKS. It contains information that is proprietary, confidential, sensitive or otherwise restricted from disclosure. If you are not an authorized recipient, please return this document to WATERWORLD WATERPARKS, Attention: IT Director. Dissemination, distribution, copying or use of this document in whole or in part by anyone other than the intended recipient is strictly prohibited without prior written permission of WATERWORLD WATERPARKS Executive Management. Revision History Changes | Approved By | Date | Initial Publication | John Smothson | 3-23-2011 | | | | | | | | | | | | | | | | | | | | | | | | | | | | Table of Contents 1 Introduction and Scope 8 1.1 Introduction 8 1.2 Payment Card Industry (PCI) Compliance 8 1.3 Scope of Compliance 8 2 Policy Roles and Responsibilities 10 2.1 Policy Applicability 10 2.2 Information Technology Manager 10 2.3 Information Technology Department 11 2.4 System Administrators 12 2.5 Users – Employees, Contractors, and Vendors 12 2.6 Human Resource Responsibilities 12 2.6.1 Information Security Policy Distribution 13 2.6.2 Information Security Awareness Training 13 2.6.3 Background Checks 13 3 IT Change Control Policy 15 3.1 Policy Applicability and Overview 15 3.2 Change Request Submittal...

Words: 28277 - Pages: 114

Free Essay

It460

...network servers. The following areas will help to maintain a server on the network. Firewall: It's important to ensure your server's built-in firewall is running and that you are also using at least one level of network firewall. This may be something as simple as a firewall on the router attached to the server. Placing a server on a network without a firewall is like leaving the front door wide open. Once the firewall is running, the next step is to turn off every port you don't need. If you are not using the port, you don't need it open on the firewall. Hardening: Getting the firewall running is only a start. A critical step is "hardening" the system. This is the process of trimming the machine of every piece of software it doesn't need to complete its assigned task. Every single piece of software is going to have an exploit. You want to reduce the machine down to the necessities to increase the security. This means removing software from the server box. If, for example, the machine is an e-mail server, then delete all office productivity applications, the Web browser, even games and utilities. In short, everything that does not specifically support the server's role should be moved from its location on the network to a safer place internally. Auditing: Once you've firewalled and hardened your server, the next step is to check your work for any unknown leaks and weak spots. Software audit tools provide detailed analysis of just how tight you've sealed up your...

Words: 1826 - Pages: 8

Premium Essay

It255

...Technical Institute IT255 Introduction to Information Systems Security Onsite Course SYLLABUS Credit hours: 4 Contact/Instructional hours: 50 (30 Theory Hours, 20 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisites: IT220 Network Standards and Protocols, IT221 Microsoft Network Operating System I, IT250 Linux Operating System Course Description: This course provides an overview of security challenges and strategies of counter measures in the information systems environment. Topics include definition of terms, concepts, elements, and goals incorporating industry standards and practices with a focus on availability, vulnerability, integrity and confidentiality aspects of information systems. Introduction to Information Systems Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas:    Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS427 Information Systems Security Capstone Project 400 Level IS404 Access Control, Authentication & KPI IS411 Security Policies & Implementation Issues IS415 System Forensics Investigation & Response IS416 Securing Windows Platforms & Applications IS418 Securing Linux Platforms & Applications IS421 Legal & Security Issues IS423 Securing Windows Platforms & Applications 300...

Words: 4114 - Pages: 17

Premium Essay

Seeking Help

...Systems Security [Onsite] Course Description: This course provides an overview of security challenges and strategies of counter measures in the information systems environment. Topics include definition of terms, concepts, elements, and goals incorporating industry standards and practices with a focus on availability, vulnerability, integrity and confidentiality aspects of information systems. Prerequisite(s) and/or Corequisite(s): Prerequisites: IT220 Network Standards and Protocols, IT221 Microsoft Network Operating System I, IT250 Linux Operating System Credit hours: 4 Contact hours: 50 (30 Theory Hours, 20 Lab Hours) Introduction to Information Systems Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas:    Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS427 Information Systems Security 400 Level Capstone Project IS418 IS404 Access Control, Authentication & KPI IS421 Legal & Security Issues IS423 Securing Windows Platforms & Applications IS411 Security Policies & Implementation Issues IS415 System Forensics Investigation & Response IS416 Securing Windows Platforms & Applications Securing Linux Platforms & Applications 300 Level IS305 Managing Risk in Information Systems IS308 Security Strategies...

Words: 4296 - Pages: 18

Premium Essay

Mobile Application Security

...the Army is piloting their use as standard field issue to every soldier, complete with combat-focused applications [1]. However, smartphones and tablets raise new security issues. They are more likely to be lost or stolen, exposing sensitive data. Malware risks are increased because they connect to the Internet directly rather than from behind corporate firewalls and intrusion-protection systems. Security of mobile devices focuses on controlling access through the use of device locks and hardware data encryption. While this may be sufficient for individual users, it is insufficient for defense needs. Many documented examples exist of hacking of the device lock, as well as defeats of the hardware-level encryption. Once the device is unlocked, there is generally unfettered access to all apps and their associated data. Military applications require additional application-level access controls to provide data security. Unfortunately, there are gaps in the application-level security model of the two predominant mobile operating systems: iOS from Apple and Google Android. Our ongoing research1 looks to address these gaps by developing innovative approaches for fine-grained data protection and access control, taking into account mobile device usage patterns, device characteristics, and usability. Mobile Applications Security Threat Vectors Many threat vectors for infecting personal computers arise from social-engineering attacks that bypass anti-virus defenses. Similar techniques...

Words: 4009 - Pages: 17

Premium Essay

Redhat

...edhat® ® Te r r y C o l l i n g s & K u r t W a l l UR ON IT OOLS IN Y T C E CD-R L TH O ED UD M Linux Solutions from the Experts at Red Hat ® ® P R E S S™ SEC Red Hat® Linux® Networking and System Administration Red Hat® Linux® Networking and System Administration Terry Collings and Kurt Wall M&T Books An imprint of Hungry Minds, Inc. Best-Selling Books G Digital Downloads G e-Books G Answer Networks e-Newsletters G Branded Web Sites G e-Learning New York, NY G Cleveland, OH G Indianapolis, IN Red Hat® Linux® Networking and System Administration Published by Hungry Minds, Inc. 909 Third Avenue New York, NY 10022 www.hungryminds.com Copyright © 2002 Hungry Minds, Inc. All rights reserved. No part of this book, including interior design, cover design, and icons, may be reproduced or transmitted in any form, by any means (electronic, photocopying, recording, or otherwise) without the prior written permission of the publisher. Library of Congress Control Number: 2001093591 ISBN: 0-7645-3632-X Printed in the United States of America 10 9 8 7 6 5 4 3 2 1 1O/RT/QT/QS/IN Distributed in the United States by Hungry Minds, Inc. Distributed by CDG Books Canada Inc. for Canada; by Transworld Publishers Limited in the United Kingdom; by IDG Norge Books for Norway; by IDG Sweden Books for Sweden; by IDG Books Australia Publishing Corporation Pty. Ltd. for Australia and New Zealand; by TransQuest Publishers Pte Ltd. for Singapore, Malaysia, Thailand...

Words: 220815 - Pages: 884

Free Essay

Ethical Hacking

...This page was intentionally left blank This page was intentionally left blank Hands-On Ethical Hacking and Network Defense Second Edition Michael T. Simpson, Kent Backman, and James E. Corley ———————————————————————— Australia • Brazil • Japan • Korea • Mexico • Singapore • Spain • United Kingdom • United States Copyright 2010 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. This is an electronic version of the print textbook. Due to electronic rights restrictions, some third party content may be suppressed. Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. The publisher reserves the right to remove content from this title at any time if subsequent rights restrictions require it. For valuable information on pricing, previous editions, changes to current editions, and alternate formats, please visit www.cengage.com/highered to search by ISBN#, author, title, or keyword for materials in your areas of interest. Copyright 2010 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated...

Words: 185373 - Pages: 742

Premium Essay

Cloud Hooks: Security and Privacy Issues in Cloud Computing

...Proceedings of the 44th Hawaii International Conference on System Sciences - 2011 Cloud Hooks: Security and Privacy Issues in Cloud Computing Wayne A. Jansen, NIST Abstract In meteorology, the most destructive extratropical cyclones evolve with the formation of a bent-back front and cloud head separated from the main polar-front, creating a hook that completely encircles a pocket of warm air with colder air. The most damaging winds occur near the tip of the hook. The cloud hook formation provides a useful analogy for cloud computing, in which the most acute obstacles with outsourced services (i.e., the cloud hook) are security and privacy issues. This paper identifies key issues, which are believed to have long-term significance in cloud computing security and privacy, based on documented problems and exhibited weaknesses. • applications can be developed upon and deployed. It can reduce the cost and complexity of buying, housing, and managing hardware and software components of the platform. Infrastructure-as-a-Service (IaaS) enables a software deployment model in which the basic computing infrastructure of servers, software, and network equipment is provided as an on-demand service upon which a platform to develop and execute applications can be founded. It can be used to avoid buying, housing, and managing the basic hardware and software infrastructure components. 1. Introduction Cloud computing has been defined by NIST as a model for enabling convenient, on-demand...

Words: 7808 - Pages: 32

Free Essay

Linux as a Personal Desktop Operating System

...Table of Contents Beginning Red Hat Linux 9 ...............................................................................................................................1 Introduction.........................................................................................................................................................4 Who Is This Book For?...........................................................................................................................4 What You Need to Use This Book.........................................................................................................4 What Is Linux? ........................................................................................................................................5 Linus Torvalds and the Birth of Linux.............................................................................................5 Why Choose Linux?.........................................................................................................................6 What Is Red Hat Linux 9?................................................................................................................7 What Is Covered in This Book?..............................................................................................................8 Conventions in This Book......................................................................................................................9 Customer Support...............

Words: 155032 - Pages: 621