Advisor:

Resources:
moblock (or here for Debian/Ubuntu users)
blockcontrol
mobloquer

MoBlock is an open source application for the Linux platform that allows you to manage connections to and from your computer. If you have used or heard of the program PeerGuardian, MoBlock has a pretty similar function. The project caters to advanced Linux users and allows them fine-grain control over which hosts are allowed to connect to your computer and which hosts can be connected from the machine. We’ll look at how to install, configure and monitor MoBlock on your Linux machine.

Installation
01 The installation of MoBlock is pretty straightforward for users of Ubuntu Linux. Ubuntu has had MoBlock available in its package management systems for some time now. You will need to add a new set of repositories to download and install MoBlock and the other supporting tools with ‘apt-get’. As a first step, you need to add GPG keys.

For Hardy and Intrepid, type the following lines in a terminal window:

gpg –keyserver wwwkeys.eu.pgp.net –recv 58712F29
gpg –export –armor 58712F29 | sudo apt-key add -

For Jaunty and later versions, type the following lines in the terminal window:

gpg –keyserver keyserver.ubuntu.com –recv 9C0042C8
gpg –export –armor 9C0042C8 | sudo apt-key add -

02 Now edit the ‘apt-get’ source file and add the following repository entries. Run the command ‘# sudo vim /etc/apt/sources.list’ to edit the file.

If you are running Ubuntu 9.10 (Karmic Koala), add the following lines:

deb http://ppa.launchpad.net/jre-phoenix/ppa/ubuntu karmic main
deb-src http://ppa.launchpad.net/jre-phoenix/ppa/ubuntu karmic main

For Ubuntu 9.04 (Jaunty Jackalope), instead add this:

deb http://ppa.launchpad.net/jre-phoenix/ppa/ubuntu jaunty main
deb-src http://ppa.launchpad.net/jre-phoenix/ppa/ubuntu jaunty main

For other versions, please read the instructions in the Ubuntu documentation.

Swayam Prakasha explains the types of attacks that could happen over a network and their preventive measures. He also takes a look at various means of securing a web server

Advisor:
Swayam Prakasha has been working in information technology for several years, concentrating on areas such as operating systems, networking, network security, electronic commerce, internet services, LDAP and web servers. Swayam has authored a number of articles for trade publications, and he presents his own papers at industry conferences.

Network and information security refers to the confidence that unauthorised users cannot access the information and services available on a network. Security implies safety. It assumes data integrity, freedom from unauthorised access of resources and freedom from disruption of services. As far as security is concerned, we need to protect both physical and abstract resources, such as information. Protecting the latter is more difficult.
Information security is concerned with three main areas: confidentiality (information should be available only to those who rightfully have access to it), integrity (information should be modified only by those who are authorised to do so) and availability (information should be accessible to those who need it when they need it).

Authentication attack
On the internet, where data passes across intermediate routers and networks, source authentication can be easily attacked at one of the intermediate routers. For example, an impostor can gain control of a router, ‘R’, that lies between a valid client and a server. He can then alter the routes in R to direct return traffic to him and generate a request using the authorised client’s address as a source address. The server will, in this case, accept the request and send the reply to the authorized client. When it reaches R, the reply will be forwarded along the incorrect route to the impostor.

The above example illustrates the need for the server and client to not communicate with impostors. One way of ensuring this is to use the authentication mechanism (also known as IP address authentication). This is a simple security mechanism to verify identification. Here, a server is configured with a list of valid IP source addresses. And when a request arrives, the server makes sure that it’s from a valid client by matching the client’s IP address with the ones in the configured list. Only if the client is authorised does the server grant it the service requested for.

Another method is the public-key encryption mechanism. In this case, we will be using a pair of keys: a public key and a private key. The sender using the public key of the receiver will encrypt the message and when the receiver receives it, he decrypts it using his private key (which only he knows). Thus the sender can make sure that only the intended receiver will receive the message. The public key encryption can be used for authentication, confidentiality and integrity of the messages.

Top Vulnerabilities
1. Default installations of operating system and applications
2. Accounts with no password or weak password
3. Non-existent or incomplete backup
4. A large number of open ports
5. Not filtering packets for correct incoming and outgoing addresses
6. Non-existent or incomplete logging
7. Vulnerable CGI programs
8. Sendmail vulnerabilities
9. BIND weaknesses

Local security
Local users can create a lot of problems for your system. It is bad policy to provide accounts to people you don’t know or for whom you have no contact information. It is better to follow some rules of thumb when offering access to your Linux machine: give users minimum privileges, monitor when and where they log in, remove inactive accounts and prohibit the creation of group user IDs.

Root security
Since the root account has authority over the entire machine, you should use it only for specific tasks. Even a small mistake made while logging in as a root user can lead to significant problems. Follow the simple rules below and they will help you.
• When running complex commands, first run them in a non-destructive manner. A simple example is to do an ‘ls’ before doing an ‘rm’ so that you are sure about the files you are going to delete.
• Give users an interactive rm for deleting the files.
• Become ‘root only’ to do specific tasks. If you want to experiment with something, go back to a normal user shell.
• The command path, which specifies the directories in which the shell searches for the programs, is very important. Limit the command path and never include ‘.’ (signifying the current directory) in your command path.
• The /etc/securetty file contains a list of terminals that root can log in from. Be careful while adding an entry to
this file.

File system security
Keep in mind the following points to help protect your systems and data stored on them.
If you are exporting file systems using NFS, configure /etc/exports with the most restrictive access possible. Do not use any wild cards.
/var/log/wtmp and /var/run/utmp contain the log-in attempts for all users. Their integrity needs to be maintained, as they help in determining when and from where a user has entered your system.
World-writable files can serve as a security hole. Also, world-writable directories are dangerous as they allow an intruder to add/delete files. You must locate the world-writable files on your system and make sure that you know why they are writable.
It is also important to locate the unowned files. The presence of unowned files might also be an indication that an intruder has accessed your system. You can locate such files by using the following command:
$ find / \( -nouser -o -nogroup \) -print
You should be able to find the .rhosts file. Use this command to locate that file :
$ find /home -name .rhosts -print.
Before you change the permission on any system files, make sure you know what you are doing. NEVER make changes to the permission on a file just because it is the easy way to get things working.