Franske ITC-2480 Lab 12

From ITCwiki
Revision as of 20:29, 8 April 2014 by BenFranske (talk | contribs) (Created page with "=Introduction= In this lab you will learn about several Linux utilities which can be used for monitoring Linux and other systems for security and service uptime purposes. =Lab...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Introduction

In this lab you will learn about several Linux utilities which can be used for monitoring Linux and other systems for security and service uptime purposes.

Lab Procedure

Prerequisites

  1. Open an SSH console to your Linux system using the PuTTY software, login with your standard user account
  2. The IP address of a partner's system which you have permission to portscan

Monitoring connections with netstat

  1. One common activity you would want to do when evaluating the security of a system is to find out what ports the system is accepting connections on. For this reason most operating systems have some kind of utility to display active network connections and open ports, Linux is no exception. The netstat utility can show you currently active network connections as well as open ports on your local system.
  2. Take a look at the man page for the netstat command. Specifically, figure out what the -n -a -t and -u options do.
  3. Run the netstat -natu command on your system and observe the output.
  4. Try to identify what the purpose of each open port on your system is. Note, there are many online guides to common uses for ports.
  5. You'll find that there are a number of ports open on your system. Some of these we have opened to provide a specific service such as SMTP, DNS, Webserver, etc. but some such as the sunrpc port are open simply by default on a fresh install. There are a number of different strategies you can use to secure your system including disabling a service, binding it to an internal-only IP address, or blocking access with a firewall rule. If your firewall is setup with an implicit (or explicit) reject any rule at the bottom of the input chain and you have not specifically opened a port it should not be accessible from other systems. How can we test that though? The netstat utility is useful at making a list of ports somehow open on the system but it does not show us how those ports react if someone outside actually tries to connect.

Scanning ports using nmap

  1. The nmap Network Mapper utility is a very powerful security scanning utility available on Linux. Before we begin this section of the lab it is important to remember that scanning a system is often seen as an attack against the system and should not be done unless you are the administrator of both the system that you are scanning from and the system you are scanning or have the explicit permission of the system administrator of those systems! In some areas people have been legally charged and prosecuted for scanning of systems which they are not authorized to do. You have been warned!
  2. Unlike netstat, nmap is not part of the default Debian installation so you will need to install the nmap package before proceeding.
  3. nmap is complex and powerful. Entire books and extensive documentation are available which you may want to reference but we'll only be exploring some of the more basic features in this introduction.