DOCSLIB.ORG

BRKSEC-3300.Pdf

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
BRKSEC-3300.Pdf BRKSEC-3300 Advanced Firepower IPS Deployment Gary Halleen, Technical Solutions Architect Cisco Webex Teams Questions? Use Cisco Webex Teams (formerly Cisco Spark) to chat with the speaker after the session How 1 Find this session in the Cisco Events Mobile App 2 Click “Join the Discussion” 3 Install Webex Teams or go directly to the team space 4 Enter messages/questions in the team space cs.co/ciscolivebot#BRKSEC-3300 BRKSEC-3300 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 About Your Speaker Gary Halleen Email: [email protected] Security Architect Global Security Architect Team BRKSEC-3300 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4 About Your Speaker Gary Halleen Email: [email protected] Security Architect Global Security Architect Team 19 years at Cisco BRKSEC-3300 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4 About Your Speaker Gary Halleen Email: [email protected] Security Architect Global Security Architect Team 19 years at Cisco Amateur Radio: K7TRO BRKSEC-3300 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4 About Your Speaker Gary Halleen Email: [email protected] Security Architect Global Security Architect Team 19 years at Cisco Amateur Radio: K7TRO BRKSEC-3300 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4 About Your Speaker Gary Halleen Email: [email protected] Security Architect Global Security Architect Team 19 years at Cisco Amateur Radio: K7TRO BRKSEC-3300 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4 About Your Speaker Gary Halleen Email: [email protected] Security Architect Global Security Architect Team 19 years at Cisco Amateur Radio: K7TRO BRKSEC-3300 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4 Oregon – Pacific Wonderland BRKSEC-3300 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 5 Oregon – Pacific Wonderland BRKSEC-3300 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 5 Oregon – Pacific Wonderland BRKSEC-3300 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 5 Some of My Hobbies BRKSEC-3300 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 Some of My Hobbies BRKSEC-3300 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 Some of My Hobbies BRKSEC-3300 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 Some of My Hobbies BRKSEC-3300 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 Cisco Firepower Sessions: Building Blocks Tuesday Wednesday Thursday Friday BRKSEC-3035 BRKSEC-2064 BRKSEC-3455 Dissecting Firepower Platform NGFWv and ASAv Firepower FTD & Deep Dive in Public Cloud 08:30 08:30 09:00 Firepower Services BRKSEC-3328 BRKSEC-3300 BRKSEC-3032 BRKSEC-2020 FMC Internals: Firepower NGFW in Advanced IPS NGFW Clustering Making FMC Do the DC and Deployment Deep Dive 11:30 11:00 11:00 Enterprise More 11:00 BRKSEC-2112 Firepower Internet Edge Best Practices 14:30 We Are Here! BRKSEC-3352 Advanced Snort Rule Writing for Firepower 16:30 BRKSEC-3300 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 8 Agenda • Policy Interaction and Firepower Recommendations • Advanced Tuning Topics • IPS Events • Importing Snort Rules • IPS Pass Rule • Bypass Options • OpenAppID • Security Intelligence • SSL Inspection for IPS BRKSEC-3300 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 9 For Your Reference Introduction For the purposes of this session, these terms are treated the same. • Firepower • Firepower Threat Defense • ASA with Firepower Services BRKSEC-3300 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 10 Introduction Centralized On-box Cloud-based Upcoming Firepower Management Firepower Device Cisco Defense Center (FMC) Manager (FDM) Orchestrator (CDO) Enables comprehensive Enables easy on- Enables cloud-based security administration and box management of policy management of automation of multiple common security multiple deployments appliances and policy tasks BRKSEC-3300 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 11 Firepower Management Center (FMC) This session covers Firepower 6.2.x and later, managed with FMC. We will NOT cover the older Cisco IPS 7.0. Centralized Management Firepower Management Center Multi-domain management Firewall & AVC Role-based access control NGIPS High availability AMP APIs and pxGrid integration Security Intelligence Manage across many sites Control access and set policies Investigate incidents Prioritize response BRKSEC-3300 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 12 For Your Firepower 6.3 Reference Platform Capabilities Operations Visibility & Security Multi-Instance for 4100/9300 Airgap/Export Licensing Events direct-from-device • Flexible approach for up to 14 • Controlled subscription licensing for • Integrate better with other Cisco instances closed networks and 3rd party SIEMs • Supports HA • Export licensing for government and • Connection and IPS military customers outside the TLS HW Accelerated Decryption United States FQDN based access control • Higher TLS inspection throughput • Enables control for dynamic cloud • Supported on all Firepower Local Management for FTD based apps platforms • Onbox manager for many commercial use-cases 2FA & RADIUS CoA for RA VPN in Fail-to-Wire Netmods for FP2100 • Supports HA, Passive Auth with FMC • Transition NGIPS to Firepower Audit Logging and Connection and • RA VPN Migration 2100s IPS syslogs from the device Improved Migrations Direct-to-Device APIs (2100 and • New migration tools below) • Automation and Orchestration for MSPs • Enable Integrations BRKSEC-3300 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 13 6.3 Multi-Instance for Firepower 4100/9300 • Allows organizations to deploy independent tenants for multiple departments or customers FTD FTD FTD FTD 1 2 3 4 • Resource and Management Separation • Instances are fully independent and fault tolerant • Smooth workflow enabling faster provisioning • 3-14 instances (FP9300 and FP4100s only) • Multi-Instance is free – no SKU BRKSEC-3300 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 14 Pick from many deployment modes Inline or Passive Fail-to-wire NetMods Additional options Inline Routed NetMod 101110 Inline Tap Transparent 101110 Passive Virtual or Physical Available on 2100, 4100 and 9300 BRKSEC-3300 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 15 Agenda • Policy Interaction and Firepower Recommendations • Advanced Tuning Topics • IPS Events • Importing Snort Rules • IPS Pass Rule • Bypass Options • OpenAppID • Security Intelligence • SSL Inspection for IPS BRKSEC-3300 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 16 Firepower Policies How often are Policies Modified? Frequently Little Rarely Access Control Policy Malware and File Policy Network Discovery Policy Intrusion Policy DNS Policy Network Analysis Policy SSL Policy Correlation Policy Identity Policy Health Policy Prefilter Policy BRKSEC-3300 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 Policy Order of Operation Access Prefilter Intrusion Control Policy (FTD only) (for AppID) Optional SSL Identity SI / DNS Access Intrusion File / Control Rules Malware BRKSEC-3300 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 18 Intrusion Policy The Intrusion Policy defines which Snort rules are used in packet inspection. BRKSEC-3300 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 19 Intrusion Policy The Intrusion Policy defines which Snort rules are used in packet inspection. BRKSEC-3300 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 19 Intrusion Base Policy Policy CVSS Score Vulnerability Age Connectivity over Security 10 Current year, plus 2 prior (2019, 2018, and 2017) Balanced Security and 9+ Current year, plus 2 prior Connectivity Rule Categories: Malware-CNC, Blacklist, SQL Injection, Exploit Kit Security over Connectivity 8+ Current year, plus 3 prior (2019, 2018, 2017, and 2016) Rule Categories: Malware-CNC, Blacklist, SQL Injection, Exploit Kit, App-Detect Maximum Detection 7.5+ 2005 and later Rule Categories: Malware-CNC, Exploit Kit BRKSEC-3300 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 20 Intrusion Policy You can manually Enable/Disable individual rules or configure actions. BRKSEC-3300 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 21 Intrusion Policy Several ways to search for rules… BRKSEC-3300 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 22 Intrusion Policy Several ways to search for rules… BRKSEC-3300 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 22 Network Discovery Policy • Used to identify which networks Firepower should “learn” from. • Useful for applications, and especially for maintaining the Firepower Recommended Rules in the Intrusion Policy. BRKSEC-3300 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 23 Intrusion Policy and Network Discovery Policy Firepower Recommended Rules automatically tunes your Snort rules for the applications, servers, and hosts on your network. BRKSEC-3300 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 24 Intrusion Policy and Network Discovery Policy Firepower Recommended Rules automatically tunes your Snort rules for the applications,
Load more

Recommended publications
  • The Science DMZ
    The Science DMZ Brian Tierney, Eli Dart, Eric Pouyoul, Jason Zurawski ESnet Supporting Data-Intensive Research Workshop QuestNet 2013 Gold Coast, Australia July 2, 2013 What’s there to worry about? © Owen Humphreys/National Geographic Traveler Photo Contest 2013 7/2/13 2 Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science The Science DMZ in 1 Slide Consists of three key components, all required: “Friction free” network path • Highly capable network devices (wire-speed, deep queues) • Virtual circuit connectivity option • Security policy and enforcement specific to science workflows • Located at or near site perimeter if possible Dedicated, high-performance Data Transfer Nodes (DTNs) • Hardware, operating system, libraries all optimized for transfer • Includes optimized data transfer tools such as Globus Online and GridFTP Performance measurement/test node • perfSONAR Details at http://fasterdata.es.net/science-dmz/ Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science Overview Part 1: • What is ESnet? • Science DMZ Motivation • Science DMZ Architecture Part 2: • PerfSONAR • The Data Transfer Node • Data Transfer Tools Part 3: • Science DMZ Security Best Practices • Conclusions Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science The Energy Sciences Network (ESnet) A Department of Energy Facility Naonal Fiber footprint Distributed Team of 35 Science Data Network Internaonal Collaboraons Mul3ple 10G waves 5 Lawrence Berkeley National Laboratory U.S. Department of Energy | Office of Science ESnetSC Supports Supports Research DOE at More Office than 300 of Institutions Science Across the U.S. Universities DOE laboratories The Office of Science supports: 27,000 Ph.D.s, graduate students, undergraduates, engineers, and technicians 26,000 users of open-access facilities 300 leading academic institutions 17 DOE laboratories 6 Lawrence Berkeley National Laboratory U.S.
    [Show full text]
  • Linux Networking Cookbook.Pdf
    Linux Networking Cookbook ™ Carla Schroder Beijing • Cambridge • Farnham • Köln • Paris • Sebastopol • Taipei • Tokyo Linux Networking Cookbook™ by Carla Schroder Copyright © 2008 O’Reilly Media, Inc. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (safari.oreilly.com). For more information, contact our corporate/institutional sales department: (800) 998-9938 or [email protected]. Editor: Mike Loukides Indexer: John Bickelhaupt Production Editor: Sumita Mukherji Cover Designer: Karen Montgomery Copyeditor: Derek Di Matteo Interior Designer: David Futato Proofreader: Sumita Mukherji Illustrator: Jessamyn Read Printing History: November 2007: First Edition. Nutshell Handbook, the Nutshell Handbook logo, and the O’Reilly logo are registered trademarks of O’Reilly Media, Inc. The Cookbook series designations, Linux Networking Cookbook, the image of a female blacksmith, and related trade dress are trademarks of O’Reilly Media, Inc. Java™ is a trademark of Sun Microsystems, Inc. .NET is a registered trademark of Microsoft Corporation. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and O’Reilly Media, Inc. was aware of a trademark claim, the designations have been printed in caps or initial caps. While every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein.
    [Show full text]
  • การติดตั้ง Webserver โดยใช้ Freebsd
    การติดต้งั WebServer โดยใช ้ FreeBSD 8.2 Rev001: Apr 1,2011 § การตดติ งั้ WebServer โดยใช ้ FreeBSD 8.2 § กรณีศกษาึ www.mu-ph.org โดย เสรมพิ นธั ุ ์ นตยิ นรา์ Email: [email protected] 1 เมษายน 2554 [** Rev01 : Apr 01,2011 **] * * * * * * * * * Objective: ต้องการทาํ WebServer ของ องค์กร ให้ทุกฝ่ ายในองค์กรม ี WebSite ใช้งาน โดยให้เนือท้ ฝี่ ่ ายละ 1 GBytes Specifications ของเครื่องที่ใช้ www# dmesg Copyright (c) 1992-2011 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 8.2-RELEASE #0: Fri Feb 18 02:24:46 UTC 2011 [email protected]:/usr/obj/usr/src/sys/GENERIC i386 Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Intel(R) Xeon(TM) CPU 2.40GHz (2392.06-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0xf29 Family = f Model = 2 Stepping = 9 Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI, MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE> Features2=0x4400<CNXT-ID,xTPR> real memory = 1073741824 (1024 MB) avail memory = 1036226560 (988 MB) ACPI APIC Table: <DELL PE1600SC> FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs FreeBSD/SMP: 4 package(s) x 1 core(s) cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 cpu2 (AP): APIC ID: 6 cpu3 (AP): APIC ID: 7 แบ่ง partition ดังนี ้ www# df Filesystem 1K-blocks Used Avail Capacity Mounted on /dev/amrd0s1a 1012974 176512 755426 19% / devfs 1 1 0 100% /dev /dev/amrd0s1h 63488502 4 58409418 0% /backups /dev/amrd0s1g 1012974 12 931926 0% /tmp /dev/amrd0s1e 5077038 832996 3837880 18% /usr /dev/amrd0s1f 50777034 4 46714868 0% /usr/local/www /dev/amrd0s1d 15231278 278 14012498 0% /var www# โปรแกรมทลงี่ 1.
    [Show full text]
  • Webserver-Freebsd-7-2.Pdf
    µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2 § дѥішѧчшѤѸк WebServer ѱчѕѲнҖ FreeBSD 7.2 § діцѨћѩдќѥ www.mu-ph.org ѱчѕ ѯѝіѧєёѤьыѫҙ ьѧшѕҙьіѥ Email: [email protected] 12 ѝѧкўѥзє 2552 * * * * * * * * * Objective: шҖѠкдѥіъѼѥ WebServer еѠк Ѡкзҙді ѲўҖъдѐѫ ҐѥѕѲьѠкзҙдієѨ WebSite ѲнҖкѥь ѱчѕѲўҖ ѯьѪѸѠъзьјѣѨѷ 5 GBytes Specifications °Á¦ºÉ°¸ÉÄo CPU: Intel(R) Xeon(R) CPU E5405 @ 2.00GHz (1995.01-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0x1067a Stepping = 10 Ram 2G HardDisk IDE 500G ¨³ 250 εª­°o° o°Â¦ 500G ­¦oµ / , swap ¨³ /backups o°¸É­° 250G ­¦oµ /var , /tmp , /usr ¨³ /usr/local Lan card 1 Ä (onboard) Ân partion ´¸Ê www# df Filesystem 1K-blocks Used Avail Capacity Mounted on /dev/ad5s1a 507630 146844 320176 31% / devfs 1 1 0 100% /dev /dev/ad7s1g 400913540 16644420 352196038 5% /backups /dev/ad7s1e 1012974 12 931926 0% /tmp /dev/ad7s1f 10154158 1150928 8190898 12% /usr /dev/ad5s1d 231978828 4 213420518 0% /usr/local /dev/ad7s1d 60931274 1066 56055708 0% /var www# ѱюіѰдієъѨѷјк 1. ÂoŠ¢j¤¸ÉεÁ} 2. Compile Kernel Á¡ºÉ°Ä®o¦°¦´ Firewall ¨³ Quota 3. Update ports tree 4. µ¦·´Ê Firewall 5. µ¦Îµ Quota 6. ·´Ê mysql50-server 7. ·´Ê Apache22 8. ·´Ê PHP5 9. ·´Ê PHP5-extensions 10. ·´Ê ZendOptimizer 11. ·´Ê webmin 12. ·´Ê phpmyadmin 13. ·´Ê vsftp 14. ·´Ê awstats 15. ·´Ê ntp 16. ·´Ê clamav 17. ·´Ê hostsentry 18. ·´Ê portsentry 19. ·´Ê lynx 20. ·´Ê phpbb3 21. ·´Ê denyhosts 22. µ¦ Backup Áª µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2 Ã¥ Á­¦·¤¡´»r ¥· r¦µ Page 1 µ¦·´Ê WebServer Ã¥Äo FreeBSD 7.2 јѼѥчѤэъѨѷ 1).
    [Show full text]
  • Leveraging Data from Open-Source Intrusion Detection Systems for Enhancing Security of Systems
    Leveraging Data from Open-Source Intrusion Detection Systems for Enhancing Security of Systems Viren Chhabria A Dissertation Presented to the University of Dublin, Trinity College in partial fulfilment of the requirements for the degree of Master of Science in Computer Science (Data Science) Supervisor: Dr. Stephen Farrell August 2019 Declaration I, the undersigned, declare that this work has not previously been submitted as an exercise for a degree at this, or any other University, and that unless otherwise stated, is my own work. Viren Chhabria August 14, 2019 Permission to Lend and/or Copy I, the undersigned, agree that Trinity College Library may lend or copy this thesis upon request. Viren Chhabria August 14, 2019 To my mother, Bhavna R Chhabria and father, Rajkumar T Chhabria, for their endless love and support! Acknowledgments I would like to express my sincere gratitude to my supervisor Dr. Stephen Farrell for his constant support and supervision. His knowledge and experience helped me over- come challenging situations during the course of this dissertation. A big thank you to my parents and family for enabling me to pursue my MSc program at Trinity College Dublin and supporting me throughout this wonderful journey. I would like to thank Prof. Khurshid Ahmad, for mentoring, motivating and support- ing me. Last, but not the least, I would like to thank my friends. Ankita for motivating me throughout the project. Arun and Debrup for providing me innovative ideas and technical guidance. Rohit, for helping me with machine learning during the project. Dr. Husanbir Singh Pannu for motivating me and providing tips for efficient writing.
    [Show full text]
  • Reflection for Secure IT for UNIX
    User's Guide Reflection for Secure IT for UNIX Version 8.0 SP2 Copyrights and Notices © 2016 Attachmate Corporation, a Micro Focus company. All rights reserved. No part of the documentation materials accompanying this Micro Focus software product may be reproduced, transmitted, transcribed, or translated into any language, in any form by any means, without the written permission of Micro Focus or its affiliates. The content of this document is protected under copyright law even if it is not distributed with software that includes an end user license agreement. The content of this document is furnished for informational use only, is subject to change without notice, and should not be construed as a commitment by Micro Focus. Micro Focus assumes no responsibility or liability for any errors or inaccuracies that may appear in the informational content contained in this document. Micro Focus, the Micro Focus logo, FileXpress, and Reflection are registered trademarks of Micro Focus or its subsidiaries or affiliated companies in the United Kingdom, United States and other countries. All other trademarks, trade names, or company names referenced herein are used for identification only and are the property of their respective owners. 1Installation 7 Which Package do I Need? . 8 Replace an Earlier Version or other Existing Secure Shell Program . 9 Install and Uninstall on Linux . 10 Set up High Availability Red Hat Clusters . 11 Install and Uninstall on Oracle Solaris 10 . 12 Install and Uninstall on Oracle Solaris 11. 13 Install and Uninstall on HP-UX. 17 Install and Uninstall on IBM AIX . 17 Migrate Settings from Existing Configuration Files.
    [Show full text]
  • SANS Institute Linux Security Checklist
    Interested in learning more about securing Linux? SANS Institute Security Consensus Operational Readiness Evaluation This checklist is from the SCORE Checklist Project. Reposting is not permited without express, written permission. Linux Security Checklist Copyright SANS Institute Author Retains Full Rights Linux Security Checklist Prepared by: Lori Homsher Contributor: Tim Evans Table of Contents I ntroduction ............................................................................................................... 1 C hecklist ................................................................................................................... 2 B oot and Rescue Disk ........................................................................................... 2 S ystem Patches .................................................................................................... 2 D isabling Unnecessary Services ........................................................................... 3 C heck for Security on Key Files ............................................................................ 3 D efault Password Policy ........................................................................................ 3 L imit root access using SUDO .............................................................................. 4 O nly allow root to access CRON ........................................................................... 4 W arning Banners ..................................................................................................
    [Show full text]
  • PC-BSD Guide
    PC-BSD Guide Welcome to the PC-BSD Guide; brought to you by the Documentation Team: Jacob Cervantes - Paul J Baptie - Brian J. Barber - Karl Fischer - Dragon Flyer - Wayne Fowler - James Knightly - Roger O'Donnell - Terry Poulin - Terry Schima - Roberto Soriano - Gerard van Essen - Terrance Young This Guide is aimed at users new to PC-BSD, FreeBSD and Unix in general. As it is under constant development, you may come across mistakes and out-of-date information. If so, feel free to report them to us on the documentation forum or the Documentation Mailinglist . For the latest and most up-to-date version please visit the PC-BSD Guide online. We hope this guide is both simple and useful and make using PC-BSD an enjoyable experience. If you have suggestions for PC-BSD, you can either let us know on the forum , or send an e-mail to the Public Mailinglist , we value your opinion. Thank you for your support. Click on any of the links below or open/download the Guide as one file: HTML ( gz , 7z , zip ) PDF ( gz , 7z , zip ) RTF ( gz , 7z , zip ) ODT (gz , 7z , zip ) TEXT ( gz , 7z , zip ) 1 Introduction 1.1 Welcome to PC-BSD Welcome to PC-BSD and many thanks for your interest. Early 2005 Kris Moore, the founder of PC-BSD , presented the first beta version of PC-BSD to the community. What some FreeBSD advocates had been waiting for for years had finally arrived: an easy-to-use FreeBSD-based operating system for the desktop, with very little configuration necessary.
    [Show full text]
  • Secure Remote Administration with SSH
    7 Secure Remote Administration With SSH 7.0 Introduction In this chapter and the next chapter we'll look at some of the ways Linux offers to remotely administer a server, or to remotely access your workstation. Linux gives users great flexibility and functionality. You may have command-line only or a full graphical desktop, just as though you were physically present at the remote machine. OpenSSH is the tool of choice for remote command-line administration. It's secure, and easy to set up and use. It's also good for running a remote graphical desktop, because you can tunnel X Windows securely over SSH. This works well over fast local links. However, it's less satisfactory over a dialup or Internet connection because you'll experience significant lag. Rdesktop is a simple Linux client for connecting to Windows Terminal Servers, and to the Windows XP Professional Remote Desktop. This is useful for some system administration tasks, and for accessing Windows applications from Linux. For dialup users who want a remote graphical desktop over dialup, FreeNX is just the ticket. It is designed to deliver good performance over slow links. Currently you can use it to access a Linux PC from Linux, Windows, MacOSX, and Solaris. VNC is the reigning champion of cross-platform remote graphical desktops. With VNC you may do all sorts of neat things: run several PCs from a single keyboard, mouse, and monitor, mix and match operating systems, and do remote technical support. In this chapter we'll look at how to use OpenSSH. The next chapter is devoted to Rdesktop, FreeNX, and VNC.
    [Show full text]
  • Malware: Viruses and Worms Lecture Notes on “Computer and Network
    Lecture 22: Malware: Viruses and Worms Lecture Notes on “Computer and Network Security” by Avi Kak ([email protected]) April 8, 2021 5:19pm ©2021 Avinash Kak, Purdue University Goals: • Attributes of a virus • Educational examples of a virus in Perl and Python • Attributes of a worm • Educational examples of a worm in Perl and Python • Some well-known worms of the past • The Conficker and Stuxnet worms • The WannaCry worm and the DoublePulsar backdoor • How afraid should we be of viruses and worms? CONTENTS Section Title Page 22.1 Viruses 3 22.2 The Anatomy of a Virus with Working 7 Examples in Perl and Python — the FooVirus 22.3 Worms 14 22.4 Working Examples of a Worm in 17 Perl and Python — the AbraWorm 22.5 Morris and Slammer Worms 34 22.6 The Conficker Worm 37 22.6.1 The Anatomy of the Conficker Worm 46 22.7 The Stuxnet Worm 52 22.8 The WannaCry Worm and the DoublePulsar 56 Backdoor 22.9 How Afraid Should We Be of Viruses 61 and Worms 22.10 Homework Problems 67 2 Computer and Network Security by Avi Kak Lecture 22 Back to TOC 22.1 VIRUSES • A computer virus is a malicious piece of executable code that propagates typically by attaching itself to a host document that will generally be an executable file. [In the context of talking about viruses, the word “host” means a document or a file. As you’ll recall from our earlier discussions, in the context of computer networking protocols, a “host” is typically a digital device capable of communicating with other devices.
    [Show full text]
  • Table of Contents 1/8
    Table Of Contents 1/8 Table Of Contents Default Config Files and SSH Port ...................................................................................................... 2 #1: Disable OpenSSH Server ............................................................................................................. 2 #2: Only Use SSH Protocol 2 .............................................................................................................. 2 #3: Limit Users' SSH Access ............................................................................................................... 3 #4: Configure Idle Log Out Timeout Interval ....................................................................................... 3 #5: Disable .rhosts Files ...................................................................................................................... 3 #6: Disable Host-Based Authentication ............................................................................................... 3 #7: Disable root Login via SSH ........................................................................................................... 3 #8: Enable a Warning Banner ............................................................................................................. 3 #8: Firewall SSH Port # 22 .................................................................................................................. 4 Netfilter (Iptables) Configuration ......................................................................................................................................
    [Show full text]
  • Logs and Logwatch
    Linux logging and logfiles monitoring with swatch Sebastian Büttrich, wire.less.dk edit: November 2009, Pacnog6 7 November 2005 ItrainOnline MMTK http://creativecommons.org/licenses/by-nc-sa/3.0/ 1 Sebastian Büttrich www.itrainonline.org Agenda • Linux logging • The most important logs • Swatch and other log watchers 7 November 2005 ItrainOnline MMTK 2 Sebastian Büttrich www.itrainonline.org Linux Logging • two daemons that control logging: klogd (sysklogd) and syslogd. • klogd deals with kernel messages. • syslogd deals with other system messages, such as applications. • You can configure the behavior of both by editing the files /etc/syslog.conf and /etc/sysconfig/syslog 7 November 2005 ItrainOnline MMTK 3 Sebastian Büttrich www.itrainonline.org Linux Logging directory • default directory for most logs is /var/log • logrotating (now default in Ubuntu) is essential, else you will strangulate your own resources (= have beautiful backlog, but run out of space) • Backup important logfiles to external place by using rsync or scp 7 November 2005 ItrainOnline MMTK 4 Sebastian Büttrich www.itrainonline.org Linux Essential log files • /var/log/messages: General system and kernel messages • /var/log/auth.log: Authenication logs • /var/log/kern.log: Kernel logs • /var/log/cron.log: Crond logs (cron job) • /var/log/maillog: Mail server ᄑlogs • /var/log/httpd/ or /var/log/apache: Apache access and error logs directory, typically: access.log, error.log • /var/log/boot.log : System boot log • /var/log/secure: Authentication log • /var/log/utmp or
    [Show full text]