Personal tools
You are here: Home Archive 2005 LinuxDays 2005 Security Tutorial
 
Document Actions

Security Tutorial

Security behind the Firewall


A firewall at the network border can not block advanced attacks or even detect them. Intrusion Detection mechanisms help Security Responsibles to identify this attacks and learn about new ones. That is where Network Intrusion Detection Systems and Honeypot Systems helps. This course will provide an introduction into this technologies.

To find a security hole before someone else does. This is thegoal of a Self-Penetration-Test. This tests today are one additional layer of defense.

Tools to be used are:

  • Snort 2
  • honeyd
  • UML (User Mode Linux)
  • Nessus
UML: User Mode Linux (UML) is a Linux-Kernel running in the host system user mode. You are able to run multiple virtuall Linuxsystems on one box.

Honeyd: is a medium interaction honeypot which is used to detect and analyze illegal network activities.

Snort: Intrusion Detection provides security behind the firewall. We will use Snort to discover attacks that successfull bypass the firewall.

Nessus: Attacking your network and find the vulnerabilities, before someone else does. Nessus is a Security Auditing Scanner which is strongly maintained.

Fornesic Analysis


What is digital Forensic, you will learn the different aproches between the Server-Forensic and an analysis of an Workplace. The digital forensic analysis is not only a technical process, you will learn how to fulfill the requirements by the law to make an report that is usefull for a court proceeding. This toturial give you the:

  • theoretical
  • organizationally
  • technical

Aspects of an forensic Analysis.

We will train an aalysis of an already hacked server, and scanning for security holes with free software on an hacked server.

some tools we use:

Foremost: A Linux tool to recover files in a image or a live system based on the header and footer. It supports forensic images from dd and from commercial tool sets like Encase and Safeback.

The Sleuth Kit (TSK): Formerly TASK, The @stake Sleuth Kit The Sleuth Kit combines the features of TCT and TCT Utils in one tool. Over the the time new features were included. One huge advantage of Sleuth Kit is its independence of the analysis platform.

gpart: Guesses the partition table of a hard disk. and writes it back.

For the technical part you need to know the Linux Systems Shell and all the Tools like SED,AWK, Shell scripting and fundamental perl programming skills.

Prerequisites:


The participants schould have a good knowledge in Linux, Networking and Baseic security Mechanisems, like they are presented in the Linuxdays Networking Tutorial.

Test your qualification by answering all of this questions:
  1. The network-, broadcast-address and the netmask of the IP 192.168.0.2/28
  2. Send a mail by a Telnet Client
  3. What IP protocolls are used in IPSec
  4. Commands to list open ports and configure the Network Interface

You are definitifely not ready for this tutorial, if you:

  1. don't know what is a network-, broadcast-address or netmask at all
  2. can not explain the differences between SMTP and POP3
  3. Can not tell 2 IP protocolls other than TCP and UDP
  4. don't know the commands to review the configuration of your network interface, the routing table or the open network connections of your linux box

Duration:


this course will start at 9:00 and end at 17:00

About the Speakers

Lukas Grunwald is the CTO of DN-Systems Enterprise Internet Solutions GmbH (Hildesheim/Germany) a globally acting consulting office working
mainly in the field of security and internet/eCommerce solutions for enterprises. Mr. Grunwald has been working in the field of IT security for nearly 15 years now. He is specializing in security of wireless and wired data and communication networks, Forensic Analysis, Audits and Active Networking. Mr. Grunwald regularly publishes articles, talks and press releases for specialist publications. He also participates actively in conferences such as Hackers at Large, Hacking in Progress, Network World, Internet World, Linux World (USA/Europe), Linux Day Luxembourg, Linux Tag, CeBIT and Blackhat Breefings.

Michael Hamm is Security Ingenieur at the CRP Henri Tudor. He work since 7 years in the field of Internet and Linux, the last 4.5 years mainly on Security. He publishes articles in a professionell magazin and frequently talk at Linux Day Luxembourg.
by admin last modified 2006-01-13 11:34
 
Powered by Plone