Free Essay

Linux Security Lab #1

In:

Submitted By Tshawkat01
Words 1044
Pages 5
1) During the install, the option to sync with a NTP server was checked. From a security perspective, why is it important for a system to keep accurate time?
So, there can be a log if server went down and accurate time when and changes occurred 2) During the install, a password has been set for the “root” user. What is the root user, and when is it appropriate to use this account

The root account is the most privileged account on a Linux system. This account gives you the ability to carry out all facets of system administration, including adding accounts, changing user passwords, examining log files, installing software, etc. If, you changing password you should do it in root user, but for security reason you should never user root account since it’s an administrator account. 3) During the install, X-Window and Desktop Manager were installed. However, in a production environment it is recommended not to run the X- Windows environment. Explain the purpose of this recommendation
Linux is a command base program and X- Window is GUI therefore it is not recommended.
During Linux installation, deselecting X Window packages, especially the base packages, will return errors concerning failed dependencies. You can safely deselect all of these applications, in addition to X itself 4) During the installation process it asks what the option given to create the partition are? Name them
Ext 2 and Ext 4 5) Why is it important to partition a Linux system correctly?
Like any partitions, if the unproved distribution causes system not to be balance, possibly crash the system. For security, once a disk is divided into several partitions, directories and files of different categories may be stored in different partitions 6) What is the significance of SWAP partition in Linux system? What different way can the swap space be configured, and why would you recommend one over the other?
For server (web) performance swap space is an area on a disk that temporarily holds a process memory image. When physical memory demand is sufficiently low, process memory images are brought back into physical memory. 7) What are some of the benefits and features that are available to Linux users by selecting the ext4 file system for the partitioning of Linux system?
Ext4 file system has more features than ext3 and are generally performance better. Some of the feature are Sub-second timestamps, space preallocation, Journal checksumming, Large (>2T) file support, large (>16T) filesystem support, Defragmentation support 8) How is the password file used, and what fields make up its content? Explain
/etc/passwd file stores essential information, which is required during login i.e. user account information. /etc/passwd is a text file, that contains a list of the system's accounts, giving for each account some useful information like user ID, group ID, home directory, shell, etc. It should have general read permission as many utilities, like ls use it to map user IDs to user names, but write access only for the superuser (root). 9) What is the Fstab file used for and what field makes up its content? Explain
The /etc/fstab file is one of the most important files on any Linux system. It keeps track of disk devices and their mount points on the UNIX directory tree. Devices kept track with this file are the partition(s) where Linux is installed, the swap partition, any partitions created by other operating systems, floppy drive devices, zip drives, digital cameras, card readers, and other devices that are treated as disks by Linux.

10) Explain the significance of creating separate partition of the /var and /boot directories? What is contained within these directories
Disk partitioning is the creation of separate divisions of a hard disk drive using partition editors such as fdisk. Once a disk is divided into several partitions, directories and files of different categories may be stored in different partitions. Ease of use - Make it easier to recover a corrupted file system or operating system installation. Performance - Smaller file systems are more efficient. You can tune file system as per application such as log or cache files. Dedicated swap partition can also improve the performance (this may not be true with latest Linux kernel 2.6). Security - Separation of the operating system files from user files may result into a better and secure system. Restrict the growth of certain file systems is possible using various techniques. Backup and Recovery - Easier backup and recovery. Stability and efficiency - You can increase disk space efficiency by formatting disk with various block sizes. It depends upon usage. For example, if the data is lots of small files, it is better to use small block size. Testing - Boot multiple operating systems such as Linux, Windows and FreeBSD from a single hard disk.

11) How would selecting the option “encrypt files system” be useful?
It is very useful simply to avoid someone attacking your personal information so “encrypt file system” has great security counter measures; this file system has always protected data files within the system. 12) How can partitioning with Logical Volume Manager help as it relates to the CIA Traid of security?
Keep everything up to date and make sure all applications are running perfectly.

13) What security advantages can be realized when selecting the “minimal” software install option?
If I install the minimal of applications such as a smart phone will use less disk space the more applications I install will make my network slow, it will be best to check your process and if there are any applications running you should kill them immediately 14) How could you automate a Fedora install geared for security?
If I use yum to install hacking tools I can simply install a shell chip or create a script and automate in a script so only a certain amount of applications install automatically.
15)What is the purpose of “firstboot”? The purpose of a “first boot” is a program that runs after installing Fedora, the “first boot” enables us to configure and set up language, display welcome screen, license screen, as well as giving us the option to choose a keyboard layout, create your personal root password, setting up networking, security level, configuring time zone and date.

Similar Documents

Premium Essay

Is3440 Linux Security Lab 1

...Week 1 Lab This lab consists of two parts: Make sure you label each section accordingly and answer all the questions. For this lab it is recommended that you review the Demo Lab presentations in the Unit 1 and Unit 2 Learning Space. Click the PRACTICE link > DEMO LAB > then click the hyperlink to launch the demonstration. Part # 1 Install a Core Linux Operating System on a Server Learning Objectives and Outcomes Upon completing this lab, students should know more about the following tasks: * Install a base Linux operating system using a Fedora core Linux server for production use on the VM server farm * Create secured partitions within the core Linux server for desired security hardening, performance, and application support * Enable a network time server during installation to maintain a synchronized time setting throughout the system * Set a hostname that is descriptive of the role of the server to maintain standard and concise naming conventions during installation * Create a non-privileged user account for system administration access as a secure alternative to logging in as root user Overview In this lab the students will see how to install and partition a Fedora Core Linux Server. The installation process, applying passwords, creating partitions, and system administrator access controls will be part of the operating system configuration requirements. The demonstration will show how to use the terminal or terminal emulator for...

Words: 1494 - Pages: 6

Free Essay

Lab 1 Is3440 Linux Security

...--------------------------------------------------------------------------------------------------------------------- 1. During the install, the option to sync with a NTP (Network Time Protocol) server was checked. From a security perspective, why is it important for a system to keep accurate time? The most interesting importance of NTP would be the auto key system, if your system doesn’t keep correct time a attacker who needs to change time so that a replay attack can happen could be very damaging, that is why today’s version of NTP shields against this in several ways. 2. During the install, a password has been set for the “root” user, and when is it appropriate to use this account? It is highly recommended that you only use this account when there are tasks that require root privileges such as moving files or directories into or out of system directories. 3. During the install, X-Window and a Desktop Manager were installed. However, in a production environment it is recommended NOT to run the X-Windows Environment. Explain the purpose for this recommendation? In a production environment hardware requirements and not to run the X-Windows Environment may sometimes vary, X-Window is intended for primarily workstation use only example personal computing on a Linux box. The X-Window was intended and developed for the network GUI only, X-Windows by itself doesn’t even have an interface. 4. During the install process it asks what the options given to create the partition...

Words: 1158 - Pages: 5

Free Essay

Construct a Linux Host Firewall and Monitor for Ip Traffic

...130 LAB #9 | Construct a Linux Host Firewall and Monitor for IP Traffic LAB #9 – ASSESSMENT SPREADSHEET Construct a Linux Host Firewall and Monitor for IP Traffic Course Name and Number: Student Name: Instructor Name: Lab Due Date: Internal Firewall Policy Definition Configure your “TargetUbuntu02” desktop Linux internal host IP stateful firewall according to the following policy definition. Test and validate your implementation after you configure it based on the policy definition. The following is your Ubuntu internal firewall policy definition: Deny incoming traffic Deny the following specific applications: TFTP Telnet SNMP ICMP FTP Allow the following specific applications under “Advanced” settings: SSH SMTP POP3 HTTPS HTTP Make a screen capture of the changes you made to the configuration and paste it into the text document. Use the File Transfer button to download the text file to your local computer and submit it as part of your deliverables. Assessment Worksheet 131 9 Construct a Linux Host Firewall and Monitor for IP Traffic LAB #9 – ASSESSMENT WORKSHEET Construct a Linux Host Firewall and Monitor for IP Traffic Course Name and Number: Student Name: Instructor Name: Lab Due Date: Overview In this lab, you configured the Gufw Ubuntu host IP stateful firewall as an internal service running on the Linux desktop. By defining what IP traffic is allowed and what IP traffic is denied, you implemented another layer of security in your overall...

Words: 665 - Pages: 3

Premium Essay

Install a Core Linux Operating System on a Server

...Week 1 Lab This lab consists of two parts: Make sure you label each section accordingly and answer all the questions. For this lab it is recommended that you review the Demo Lab presentations in the Unit 1 and Unit 2 Learning Space. Click the PRACTICE link > DEMO LAB > then click the hyperlink to launch the demonstration. Part # 1 Install a Core Linux Operating System on a Server Learning Objectives and Outcomes Upon completing this lab, students should know more about the following tasks: * Install a base Linux operating system using a Fedora core Linux server for production use on the VM server farm * Create secured partitions within the core Linux server for desired security hardening, performance, and application support * Enable a network time server during installation to maintain a synchronized time setting throughout the system * Set a hostname that is descriptive of the role of the server to maintain standard and concise naming conventions during installation * Create a non-privileged user account for system administration access as a secure alternative to logging in as root user Overview In this lab the students will see how to install and partition a Fedora Core Linux Server. The installation process, applying passwords, creating partitions, and system administrator access controls will be part of the operating system configuration requirements. The demonstration will show how to use the terminal or terminal emulator for...

Words: 1168 - Pages: 5

Premium Essay

Wk 3 Lab

...Week 3 Lab Part 1: Web and Database Attacks & Malware and Malicious Software Learning Objectives and Outcomes Upon completing this lab, students will be able to: * Identify web application and web server backend database vulnerabilities as viable attack vectors * Develop an attack plan to compromise and exploit a web site using cross-site scripting (XSS) against sample vulnerable web applications * Conduct a manual Cross-site Scripting (XSS) attack against sample vulnerable web applications * Perform SQL injection attacks against sample vulnerable web applications with e-commerce data entry fields * Mitigate known web application and web server vulnerabilities with security countermeasures to eliminate risk from compromise and exploitation Overview This Lab will demonstrate a Cross-site Scripting (XSS) exploit and an SQL Injection attack on the test bed web application and web server using the Damn Vulnerable Web App (DVWA) loaded on an Apache Web Server on “TargetUbuntu01” Linux VM server. They will first identify the IP target host, identify known vulnerabilities and exploits, and then attack the web application and web server using XSS and an SQL Injection to exploit the web application using a web browser and some simple command strings. Assignment Requirements Watch the Demo Lab in Learning Space Unit 5 and then answer questions 1-10 below. Lab Assessment Questions & Answers 1. Why is it critical...

Words: 1054 - Pages: 5

Premium Essay

Configure Basic Security Controls on a Linux Server

...Configure Basic Security Controls on a Fedora Linux Server The students are required to submit their lab assignment answers through this website. All lab assignment questions listed are for each course's week lab activity. This may be a theory based or lab based activity. Lab assessment results and answers are due at the beginning of class the following week. Students are encouraged to perform and submit their lab assessment results immediately upon completion of the lab activity or prior to the due date. During this lab students will properly secure a Linux server system. They will perform steps to secure the bootloader, enable iptables and run SELinux to help lock down the Linux OS. The students will also apply ACLs to directories and files and then check those ACLs and permissions on the system. To accomplish the lab assignment below, students will need to obtain a copy of the Fedora Image provided to you by the Substitute Instructor and complete a basic VMware installation of Fedora. The questions in the lab book will be based on the installation experience. Assigned Pages: 10-26 Questions: 1 through 10. This assignment is due by the beginning of class for Unit 3. 1. What is GRUB and why is it important to lock it down? GRUB stands for Grand Unified Bootloader (1 of 2 boot menus' for the operating system) which is important to lock down is for security reasons. These reasons include being used to start other operating systems (eg. other versions of Linux or Microsoft...

Words: 745 - Pages: 3

Free Essay

Securing Linux Lab Assignment

...Week 3 Lab This lab consists of two parts. Make sure you label each section accordingly and answer all the questions. For this lab it is recommended that you review the Demo Lab presentations in the Unit 5 and Unit 6 Learning Space. Click the PRACTICE link > DEMO LAB > then click the hyperlink to launch the demonstration. Part #1 Apply Hardened Security for Linux Services & Applications Learning Objectives and Outcomes Upon completing this lab, students will learn about the following tasks: * Harden Linux server services when enabling and installing them, and keep a security perspective during configuration * Create an Apache Web Server installation and perform basic security configurations to assure that the system has been hardened before hosting a web site * Configure and perform basic security for a MySQL database, understanding the ramifications of a default installation and recommending hardening steps for the database instance * Install, setup and perform basic security configuration for Sendmail to be able to leverage the built-in messaging capabilities of the Linux System * Enable and implement secure SSH for encrypted remote access over the network or across the Internet of a Linux server system Overview This lab is an extension of the previous hands-on labs, and it incorporates security hardening for Linux services and applications loaded in the physical server. This demonstration will configure security and hardened services...

Words: 2020 - Pages: 9

Premium Essay

Nt2580 Unit 1

...NT2580-M1 Introduction to Information Security Unit 1: Information Systems Security Fundamentals 2015-Summer, 6/20/2015, Saturday (9:00am – 1:30pm) Student Name ___________________________________ Lesson Plan Theory (in class, Lab #2)……………………………..…………………..……...2 Reading  Kim and Solomon, Chapter 1: Information Systems Security. Objectives……………..………………….……………………………….2 Student Assignments for this Unit Unit 1 Lab Perform Reconnaissance & Probing Using ZenMap GUI (Nmap) Lab #1: Performing Network Reconnaissance using Common Tools Overview and access vLab..............................................................................................3 Part 1: Exploring the Tools used in the Virtual Lab Environment……………16 Unit 1 Assignment Match Risks/Threats to Solutions Part 2: Connecting to a Linux Machine …………………. .........................44 Unit 1 Assignment Impact of a Data Classification Standard Part 3: Using Zenmap to Perform Basic Reconnaissance ……………………59 Appendix A. SYLLABUS………………………………………………..……..………….69 B. Forgot your password?………………………………………………..……..73 Instructor: Yingsang “Louis” HO Tel: 425-241-8080 (cell), (206) 244-3300 (school) Email: yho@itt-tech.edu NT2580_2015_Summer_M1_UNIT1.doc Page 1 of 76 Unit 1: Information Systems Security Fundamentals Learning Objective  Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts  Confidentiality, integrity, and availability...

Words: 3379 - Pages: 14

Free Essay

Is3440 - Unit 1 Lab Assessment Sheet

...Assessment Worksheet Installing a Core Linux Operating System on a Server IS3440 - Linux Security Course Name and Number: _____________________________________________________ Student Name: ________________________________________________________________ Instructor Name: ______________________________________________________________ Lab Due Date: ________________________________________________________________ Overview The foundation of host-based security starts with the installation of the operating system (OS). Contrary to popular opinion, there is no such thing as a secure operating system, but in this lab, you learned how to install the Linux CentOS operating system in a secure manner. You created a new virtual machine, partitioned the hard drive, and installed the Linux operating system. You also created a non-root user account and verified that key services were (or were not) running. Lab Assessment Questions & Answers 1. During the Minimal install, NTP (Network Time Protocol) server was not installed. From a security perspective, why is it important for a system to keep accurate time? To keep the system in sync and up to date for logging purposes such as any incidents that occur. Otherwise a time may not be correct when checking logs for an incident. 2. During the install, you set a password for the root user. What is the root user, and when is it appropriate to use this account? The root user is the system administrator. It is only appropriate...

Words: 503 - Pages: 3

Premium Essay

Unit 1 Lab

...Students will be provided with a copy of the VMware image of the Linux distribution and tools that will be used through out this course when I return to class on September 25, 2012. Accompanying this lab students will need to answer the questions from the Security Strategies in Linux Platforms and Applications lab book. To accomplish the lab assignment below, students will need to obtain a copy of the Fedora Image provided to you by the Substitute Instructor and complete a basic VMware installation of Fedora. The questions in the lab book will be based on the installation experience. Assigned Pages: 6-10 Questions: 1 through 15. This assignment is due by the end of class for Unit 1. 1. During the install, the option to sync with a NTP (Network Time Protocol) server was checked. From a security perspective, why is it important for a system to keep accurate time? Accurate time is important because of the date/time stamps (records) that occur on both log-in's and any changes that were made. This allows the logs to be checked to see what individual made the changes, or was logged-in at the time the changes were implemented. 2. During the install, a password has been set for the "root" user. What is the "root" user, and when is it appropriate to use this account? The "root" user is name or account that by default has access to all commands and files. It is also referred to as the root account, root user and the superuser. It would be appropriate to use this account...

Words: 1655 - Pages: 7

Free Essay

Css 200 Ip2-Lab

...CSS200-1401B-01 Principals of Network Security Instructor: Gregory Roby Phase 2, Individual Project Date: March 08, 2014 By: Gil Palacio Lab #3 Overview: In this Lab I am learning how to use the Zenmap Graphical User Interface (GUI) for the free Nmap Security Scanner application. This application is an open source tool that automates network exploration to perform several different types of security audit scans of large IP networks (LAB 3, CTU. 2014). SO here is what I gather while doing this Lab: I added several IPs to putty in order to build information or to give information to the GUI that I am looking into. I copy pasted the two interfaces that are up,up in the 1st question from the Lab Assessment sheet of the putty profile created: Interface Ethernet0/0 "", is up, line protocol is up Hardware is 88E6095, BW 100 Mbps Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps) Available but not configured via nameif MAC address c84c.7556.de9e, MTU not set IP address unassigned 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 L2 decode drops 0 switch ingress policy drops 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collisions, 0 deferred 0 lost carrier, 0 no carrier 0 rate limit drops ...

Words: 1306 - Pages: 6

Premium Essay

It255

...Technical Institute IT255 Introduction to Information Systems Security Onsite Course SYLLABUS Credit hours: 4 Contact/Instructional hours: 50 (30 Theory Hours, 20 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisites: IT220 Network Standards and Protocols, IT221 Microsoft Network Operating System I, IT250 Linux Operating System Course Description: This course provides an overview of security challenges and strategies of counter measures in the information systems environment. Topics include definition of terms, concepts, elements, and goals incorporating industry standards and practices with a focus on availability, vulnerability, integrity and confidentiality aspects of information systems. Introduction to Information Systems Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas:    Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS427 Information Systems Security Capstone Project 400 Level IS404 Access Control, Authentication & KPI IS411 Security Policies & Implementation Issues IS415 System Forensics Investigation & Response IS416 Securing Windows Platforms & Applications IS418 Securing Linux Platforms & Applications IS421 Legal & Security Issues IS423 Securing Windows Platforms & Applications 300...

Words: 4114 - Pages: 17

Premium Essay

Test

...Technical Institute IS3340 Windows Security Onsite Course SYLLABUS Credit hours: 4.5 Contact/Instructional hours: 60 (30 Theory Hours, 30 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisite: NT2580 Introduction to Information Security or equivalent Course Description: This course examines security implementations for a variety of Windows platforms and applications. Areas of study include analysis of the security architecture of Windows systems. Students will identify and examine security risks and apply tools and methods to address security issues in the Windows environment. Windows Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas:    Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program:    IS4799 NT2799 IS4670 ISC Capstone Project Capstone ProjectCybercrime Forensics NSA    NT2580 NT2670  Introduction to  Information Security IS4680 IS4560 NT2580 NT2670 Email and Web Services Hacking and Introduction to  Security Auditing for Compliance Countermeasures Information Security Email and Web Services      NT1230 NT1330 Client-Server Client-Server  Networking I Networking II  IS3230 IS3350 NT1230 NT1330  Issues Client-Server Client-Server  SecurityContext in Legal Access Security Networking I Networking II   NT1110 ...

Words: 2305 - Pages: 10

Free Essay

Linux

...qwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwer...

Words: 1010 - Pages: 5

Premium Essay

Unit 1 Assessment Worksheet

...IS3445T Security for web applications | Evaluate Business World Transformation- Impact of the Internet and WWW | Unit 1 Lab 1 | | Daniel Alvarado Jr. | 6/24/2014 | | LAB ASSESMENT QUESTIONS & ANSWERS 1. From the results of the Lab #1 – Business Application Impact Analysis Worksheet, what do you consider to be the greatest type of risk and why? * Private own Bank/ due to financial information 2. Why is it critical to perform periodic web application vulnerability assessments and penetration test? * To reduce vulnerabilities and test environments/ in addition to securing operating systems 3. What kind of web application does Damn Vulnerable Web Application use? * PHP/open source APP * Web Based * Penetration Testing 4. Why is connecting your web servers and web application to the internet like opening Pandora’s Box? * Opens your system to vulnerability confidential information 5. What does the skipfish application do and why is it good security tool for web servers and web application testing? * High speed Web App Recon Tool 6. What is tcdump and why is it a good tool for application for testing the Ubuntu Linux web server and web application security? * Allows to see traffic protocol testing 7. What does the Firefox Live HTTP Headers Plug-in application do, and why is this a good tool for web server and web application security testing? * Debug Application * See Server response 8...

Words: 294 - Pages: 2