© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.

Security Strategies in Linux Platforms and Applications

Lesson 13

Testing and Reporting

Page 2Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.

Learning Objective

Test and gather security reports.

Page 3Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.

Key Concepts

Security testing toolsTools to monitor open ports Security management on physical and

virtual systemsReporting features in common tools

Page 4Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.

DISCOVER: CONCEPTS

Page 5Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.

What to Test

Firewalls Services

Passwords Access Control

Page 6Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.

A List of Open Serviceswith Version Information

Page 7Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.

Open Source Testing Tools

Wireshark

Snort

Netcat

Metasploit

Hping2

Page 8Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.

Commercial Testing Tools

Nessus

SAINT

Page 9Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.

An Excerpt from a Nessus Report

Page 10Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.

An Excerpt from a SAINT Report

Page 11Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.

Virtual Machine Manager

Page 12Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.

Excerpt from the DefaultRed Hat Version of aide.conf

Page 13Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.

Audit Service

Install the service with the yum install audit command.

Configure the service to run on boot with chkconfig auditd on.

Use auditctl command to create audit rules.Use ausearch command to search for activity in the audit rules.

Page 14Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.

DISCOVER: PROCESS

Page 15Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.

telnet netstat lsof

nmap

Checking for Open Ports

Page 16Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.

Identify What Your System Listens to with netstat -atun

Page 17Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.

The netstat –atun Command on a Bastion Server

Page 18Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.

Testing Samba Syntaxwith testparm

Page 19Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.

The lsof -ni Command on a Multipurpose System

Page 20Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.

DISCOVER: ROLES

Page 21Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.

Port Monitoring and Log ConfigurationPort monitoring:

• Indexes and monitors ports• Investigates unauthorized ports

Log configuration:• Configures logs on local and remote

logging servers and runs log scanners, such as logwatch

Page 22Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.

DISCOVER: CONTEXTS

Page 23Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.

The Right Place for Security Tools

On a secure systemRun from a live CD/DVDLive tools:• BackTrack• Knoppix Security Tools Distribution (STD)• Network Security Toolkit (NST)

Page 24Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.

Ubuntu Pentest Edition

Page 25Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.

Summary

Security testing toolsTools to monitor open ports Security management on physical and

virtual systemsReporting features in common tools