Professional Documents
Culture Documents
Linux Networking & Security Fundamentals - Day Two: Welcome Back!!
Linux Networking & Security Fundamentals - Day Two: Welcome Back!!
Welcome back!!
1
DAVE PROWSE | HTTPS://PROWSE.TECH
DISCLAIMER & WARNING
2
DAVE PROWSE | HTTPS://PROWSE.TECH
Audience Poll
What continent are you located on? (individual information will not be stored)
A. North America
B. South America
C. Europe
D. Australia (Oceania)
E. Asia
F. Africa
G. Antarctica
3
AGENDA
4
DAVE PROWSE | HTTPS://PROWSE.TECH
Audience Poll
A. Debian
B. Ubuntu
C. Fedora
D. Red Hat
E. CentOS
F. OpenSUSE
G. Kali
H. Arch Linux
I. Manjaro
J. Gentoo
K. Slackware
L. Other (feel free to tell us in the group chat)
5
PART I
SECURITY 101
6
DAVE PROWSE | HTTPS://PROWSE.TECH
PART I
Security 101
IMPORTANT
THE PESSIMIST Nothing is ever 100% secure!
WHAT TO DO?
THE CIA
There is always a way around any
given security precaution.
7
DAVE PROWSE | HTTPS://PROWSE.TECH
PART I
Security 101
THE PESSIMIST
WHAT TO DO?
THE CIA
8
DAVE PROWSE | HTTPS://PROWSE.TECH
PART I
Security 101
THE PESSIMIST
WHAT TO DO?
THE CIA
9
DAVE PROWSE | HTTPS://PROWSE.TECH
PART I
Security 101
THE PESSIMIST
WHAT TO DO?
THE CIA
10
DAVE PROWSE | HTTPS://PROWSE.TECH
PART I
Security 101
11
DAVE PROWSE | HTTPS://PROWSE.TECH
PART I
Security 101
THE PESSIMIST
WHAT TO DO?
THE CIA
12
DAVE PROWSE | HTTPS://PROWSE.TECH
Quiz Question
Which of the following has essentially the same meaning as layered security?
A. user awareness
B. vigilance against hackers
C. defense in depth
D. principle of least privilege
13
PART I
Security 101
THE NETWORK
MAP
14
DAVE PROWSE | HTTPS://PROWSE.TECH
PART II
15
DAVE PROWSE | HTTPS://PROWSE.TECH
PART II
Working with
Services
systemctl
list-unit-files list-units
unit file commands unit commands
16
DAVE PROWSE | HTTPS://PROWSE.TECH
PART III
17
DAVE PROWSE | HTTPS://PROWSE.TECH
PART III
apt upgrade
Updates and apt list
Upgrades apt apt update
--upgradeable
apt install
<package(s)>
.deb
LEARN MORE:
dnf update
apt --help
man pacman
YaST2
man zypper pacman -Syu
pacman pacman -Syyu
.rpm zypper .pkg
.repo {refresh | install} .tar
18
DAVE PROWSE | HTTPS://PROWSE.TECH
Quiz Question
19
PART IV
FIREWALLS
20
DAVE PROWSE | HTTPS://PROWSE.TECH
PART IV
Firewalls Command Description
ufw status shows whether UFW is active or inactive
ufw enable starts and enables the firewall
Example rule:
ufw allow 22/tcp
21
DAVE PROWSE | HTTPS://PROWSE.TECH
PART IV
Firewalls
Command Description
systemctl status firewalld Checks the status of the service
UFW firewall-cmd --list-ports Displays open networking ports (if
any)
firewalld
firewall-cmd --add-port=80/tcp Opens port 80 on the system and
iptables & nftables makes it persistent across reboots
22
DAVE PROWSE | HTTPS://PROWSE.TECH
PART IV
Firewalls
Linux Kernel
User-space
UFW
Netfilter
tools
firewalld
- ip_tables iptables
iptables & nftables - ip6_tables ip6tables
- arp_tables arptables
- ebtables ebtables
- nftables nft
23
DAVE PROWSE | HTTPS://PROWSE.TECH
Quiz Question
For less complex administration, what is the best option for a front-end firewall
utility on an Ubuntu Desktop?
A. firewalld
B. iptables
C. ufw
D. nftables
24
PART V
USER SECURITY
25
DAVE PROWSE | HTTPS://PROWSE.TECH
PART V
User Security
26
DAVE PROWSE | HTTPS://PROWSE.TECH
PART V
User Security
27
DAVE PROWSE | HTTPS://PROWSE.TECH
PART V
User Security
Command Description
su - <username> Switches to that user account within the new user’s
home directory.
su <username> Switches to that user account but does not change the
Users & Passwords path (doesn’t open an actual new login shell associated
with that user)
su, sudo & sudoers
su - Switches to the root account
Hashing and PAM
sudo <command> Runs a command with sudo privileges (if the user is
part of sudoers
sudo -i Gives access to root account (if the user has full sudo
privileges).
Also, accesses the root account in Ubuntu and Fedora
(where the root account has no password by default)
28
DAVE PROWSE | HTTPS://PROWSE.TECH
PART V
User Security
User List /etc/passwd
Password list /etc/shadow
(crypto-hashed with SHA-512 by default)
Debian Example:
/etc/pam.d/common-password
29
DAVE PROWSE | HTTPS://PROWSE.TECH
PART VI
SECURING SSH
30
DAVE PROWSE | HTTPS://PROWSE.TECH
PART VI
Using SSH
SSH Review
sshd_config
31
DAVE PROWSE | HTTPS://PROWSE.TECH
PART VI
Using SSH
SSH Review
sshd_config
Commands:
ssh-keygen
ssh-copy-id <user>@remote-host
32
DAVE PROWSE | HTTPS://PROWSE.TECH
PART VI
Using SSH SSH Security Considerations
33
DAVE PROWSE | HTTPS://PROWSE.TECH
PART VIII
WRAP-UP
34
DAVE PROWSE | HTTPS://PROWSE.TECH
LINUX NETWORKING & SECURITY
FUNDAMENTALS