security strategies in linux platforms and applications lesson 13 testing and reporting
DESCRIPTION
Security Strategies in Linux Platforms and Applications Lesson 13 Testing and Reporting. Learning Objective. Test and gather security reports . Key Concepts. Security testing tools Tools to monitor open ports Security management on physical and virtual systems - PowerPoint PPT PresentationTRANSCRIPT
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Security Strategies in Linux Platforms and Applications
Lesson 13
Testing and Reporting
Page 2Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Learning Objective
Test and gather security reports.
Page 3Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Key Concepts
Security testing toolsTools to monitor open ports Security management on physical and
virtual systemsReporting features in common tools
Page 4Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
DISCOVER: CONCEPTS
Page 5Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
What to Test
Firewalls Services
Passwords Access Control
Page 6Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
A List of Open Serviceswith Version Information
Page 7Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Open Source Testing Tools
Wireshark
Snort
Netcat
Metasploit
Hping2
Page 8Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Commercial Testing Tools
Nessus
SAINT
Page 9Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
An Excerpt from a Nessus Report
Page 10Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
An Excerpt from a SAINT Report
Page 11Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Virtual Machine Manager
Page 12Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Excerpt from the DefaultRed Hat Version of aide.conf
Page 13Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Audit Service
Install the service with the yum install audit command.
Configure the service to run on boot with chkconfig auditd on.
Use auditctl command to create audit rules.Use ausearch command to search for activity in the audit rules.
Page 14Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
DISCOVER: PROCESS
Page 15Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
telnet netstat lsof
nmap
Checking for Open Ports
Page 16Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Identify What Your System Listens to with netstat -atun
Page 17Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
The netstat –atun Command on a Bastion Server
Page 18Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Testing Samba Syntaxwith testparm
Page 19Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
The lsof -ni Command on a Multipurpose System
Page 20Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
DISCOVER: ROLES
Page 21Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Port Monitoring and Log ConfigurationPort monitoring:
• Indexes and monitors ports• Investigates unauthorized ports
Log configuration:• Configures logs on local and remote
logging servers and runs log scanners, such as logwatch
Page 22Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
DISCOVER: CONTEXTS
Page 23Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
The Right Place for Security Tools
On a secure systemRun from a live CD/DVDLive tools:• BackTrack• Knoppix Security Tools Distribution (STD)• Network Security Toolkit (NST)
Page 24Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Ubuntu Pentest Edition
Page 25Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Summary
Security testing toolsTools to monitor open ports Security management on physical and
virtual systemsReporting features in common tools