Security Strategies in Linux Platforms and Applications Lesson 9 Networked Application Security
-
Upload
hope-munoz -
Category
Documents
-
view
26 -
download
0
description
Transcript of Security Strategies in Linux Platforms and Applications Lesson 9 Networked Application Security
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Security Strategies in Linux Platforms and Applications
Lesson 9
Networked Application Security
Page 2Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Learning Objective
Describe how to secure Web services, applications, and access.
Page 3Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Key Concepts
Common Web applications and services, such as Apache Web Server, Squid, DNS BIND, and mail agents
Configuring secure Web servers and Web sites
Digital certificates and certificate authorities (CAs)
Page 4Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
DISCOVER: CONCEPTS
Page 5Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Web Services and Applications
Apache MySQL Squid
DNS BIND
Mail agents
Page 6Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
The LAMP Stack
Linux
Apache
MySQL
P
Page 7Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Asterisk
Open source VoIP software
Uses Session Initiation Protocol (SIP) and the Real-time Transport Protocol (RTP)
Centered around the dialplan
Page 8Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
DISCOVER: PROCESS
Page 9Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Configure a Secure Apache Web Server
Method 1• Limit Web site accessibility to a certain IP
address network:
Order deny,allowDeny from allAllow from 192.168.0.0/255.255.255.0
Page 10Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Configure a Secure Apache Web Server
Method 2• Restrict access to a specific Web site or
directory:
AuthName “Authorized users only”AuthType DigestAuthUsersFile /etc/httpd/conf.d/apacheusersRequire valid-user
Page 11Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Configure Protection on a Web Site
Customize the ssl.conf file for the desired secure Web site
Configure a certificate authority (CA)
For a self-signed certificate, use the openssl command
Page 12Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Port Forwarding with SSH
MySQL DatabaseServer (Port 3306)
OpenSSHServer (Port 22)
Firewall blocksall traffic to Port3306
MySQL database management Graphical user interface (GUI) tool
Port 22 Port 3306
Page 13Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
DISCOVER: ROLES
Page 14Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
DNS Organization of the Internet
Page 15Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
An Internal Network, a DMZ, and the Internet
Page 16Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
DISCOVER: RATIONALE
Page 17Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Why Limit Network Printers?Monitor usage
Must be able to track who prints what for management and budgetary reasons
Contain costs• Color printing is still much more expensive
than b&w; limit who can print to networked color printers
Prevent a security breach• An attacker can hijack a networked printer and
take control of the entire network
Page 18Security Strategies in Linux Platforms and Applications© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Summary
Common Web applications and services, such as Apache Web Server, Squid, DNS BIND, and mail agents
Configuring secure Web servers and Web sites
Digital certificates and certificate authorities (CAs)