Scribd
Upload
15 views

Lesson 12 - Setting Up System Security

This document discusses setting up system security including configuring a router, secure shell, security tasks, and OpenVPN. It covers topics like port scanning, OpenVAS, intrusion detection systems, network address translation, firewalls, iptables, and connecting securely via OpenSSH and OpenVPN.

Uploaded by

Linh Hà
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
15 views

Lesson 12 - Setting Up System Security

This document discusses setting up system security including configuring a router, secure shell, security tasks, and OpenVPN. It covers topics like port scanning, OpenVAS, intrusion detection systems, network address translation, firewalls, iptables, and connecting securely via OpenSSH and OpenVPN.

Uploaded by

Linh Hà
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 33

Setting up System

Security

This document is created by Nguyen Hoang Chi [email protected]


Objectives covered
212.1 Configuring a router (w:3)

212.3 Secure shell (SSH) (w:4)

212.4 Security tasks (w:3)

212.5 OpenVPN (w:2)

2
This document is created by Nguyen Hoang Chi [email protected]
1 Server Network Security

This document is created by Nguyen Hoang Chi [email protected]


Port scanning

4
This document is created by Nguyen Hoang Chi [email protected]
Port scanning

5
This document is created by Nguyen Hoang Chi [email protected]
Port scanning

6
This document is created by Nguyen Hoang Chi [email protected]
OpenVAS

7
This document is created by Nguyen Hoang Chi [email protected]
Intrusion Detection Systems – fail2ban

8
This document is created by Nguyen Hoang Chi [email protected]
Intrusion Detection Systems – Snort

9
This document is created by Nguyen Hoang Chi [email protected]
Intrusion Detection Systems – Snort

10
This document is created by Nguyen Hoang Chi [email protected]
External Network Security – NAT

11
This document is created by Nguyen Hoang Chi [email protected]
External Network Security – Firewall

12
This document is created by Nguyen Hoang Chi [email protected]
External Network Security – iptables

13
This document is created by Nguyen Hoang Chi [email protected]
External Network Security – iptables

14
This document is created by Nguyen Hoang Chi [email protected]
External Network Security – iptables

Accept outgoing package

Drop outgoing package


15
This document is created by Nguyen Hoang Chi [email protected]
External Network Security – iptables

Rule options for iptables

16
This document is created by Nguyen Hoang Chi [email protected]
External Network Security – iptables

Restore iptables rules

Backup iptables rules

17
This document is created by Nguyen Hoang Chi [email protected]
External Network Security – routing

The FORWARD chain allows Linux to forward packets to a


remote host, but that feature must be enabled in the kernel

Set the kernel parameter Check the current value

18
This document is created by Nguyen Hoang Chi [email protected]
EXERCISE
Time for labs

19
This document is created by Nguyen Hoang Chi [email protected]
Connecting Securely to a
2
Server

This document is created by Nguyen Hoang Chi [email protected]


OpenSSH

OpenSSH Files

OpenSSH server configuration options


21
This document is created by Nguyen Hoang Chi [email protected]
OpenSSH

22
This document is created by Nguyen Hoang Chi [email protected]
OpenSSH

23
This document is created by Nguyen Hoang Chi [email protected]
OpenVPN

24
This document is created by Nguyen Hoang Chi [email protected]
OpenVPN

openvpn configuration files

openvpn configuration options

25
This document is created by Nguyen Hoang Chi [email protected]
OpenVPN

OpenVPN includes several scripts to help generate the Static key encryption method
required certificates and keys:

26
This document is created by Nguyen Hoang Chi [email protected]
OpenVPN - Static key encryption method
Copy secret.key to client

Config file
Config file

On VPN server On VPN client 27


This document is created by Nguyen Hoang Chi [email protected]
OpenVPN - Static key encryption demo

PRIVATE NETWORK

192.168.56.99 192.168.56.98

Vpn client Vpn server 192.168.57.110


Local server
Ubuntu 10.0.0.1 10.0.0.2 CentOS 192.168.57.2 Ubuntu

28
This document is created by Nguyen Hoang Chi [email protected]
OpenVPN – Demo OpenVPN configuration

29
This document is created by Nguyen Hoang Chi [email protected]
3 Security Resources

This document is created by Nguyen Hoang Chi [email protected]


US-CERT

https://us-cert.cisa.gov

31
This document is created by Nguyen Hoang Chi [email protected]
Other resources

Bugtraq mailling list

32
This document is created by Nguyen Hoang Chi [email protected]
THANKS!
ANY QUESTIONS?

33
This document is created by Nguyen Hoang Chi [email protected]

You might also like