LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 04-13-2006, 12:34 AM   #1
microsoft/linux
Senior Member
 
Registered: May 2004
Location: Sebec, ME, USA
Distribution: Debian Etch, Windows XP Home, FreeBSD
Posts: 1,445
Blog Entries: 9

Rep: Reputation: 45
is it possible to do other security type stuff w/ IPCop?


I want to start playing with security, stuff like IDS, honeypots, etc. I'll be setting up an IPCop server shortly for my family, but I guess my question is, can I do this kind of stuff on IPCop? or should I set up my own private network, and play there? What's a basic "networked environment" that I'd need to recreate? What kind of stuff should I read?
 
Old 04-13-2006, 08:55 PM   #2
twsnnva
Member
 
Registered: Oct 2003
Location: Newport News, Va
Distribution: Debian
Posts: 246

Rep: Reputation: 30
Install 3 network cards in the IPCop box, and put the test systems on the DMZ (orange) network. IPCop has snort (IDS) built in, but since you want to learn about various technologies, manually setting up IDS on a seperate box would be more educational. Really all you need is one box on the DMZ, you should be able to experiment with that alone. You don't want to put theses systems on your internal network, if they do get hacked, your entire network could be compromised. Check out the security section on sourceforge.net, I just browse there every once in a while to see what new ideas and software people have come up with. As for reading, you may want to browse through the security forums here on linuxquestions.org.

Last edited by twsnnva; 04-13-2006 at 08:57 PM.
 
Old 04-13-2006, 09:47 PM   #3
microsoft/linux
Senior Member
 
Registered: May 2004
Location: Sebec, ME, USA
Distribution: Debian Etch, Windows XP Home, FreeBSD
Posts: 1,445
Blog Entries: 9

Original Poster
Rep: Reputation: 45
Is IPCop very easy? I'm sure I could use it, because I'm used to linux, but could my parent's use it once I leave for college? What about having a completely internal network for the security stuff, and just play w/ it internally, never having access to the outside?
 
Old 04-13-2006, 11:08 PM   #4
twsnnva
Member
 
Registered: Oct 2003
Location: Newport News, Va
Distribution: Debian
Posts: 246

Rep: Reputation: 30
IPCop is very simple, after the initial install everything is managed via a web interface. I've set IPCop up as the firewall at my folks house (as well as my house, and the main firewall at work). Really all you'll probably ever do after the initial install is apply the updates and check the logs...both are done via the web interface.

As for setting up the test systems on an internal network..sure. You mentioned honeypots earlier, honeypots are systems you set out to attract hackers...traps if you will. On a network not connected to the internet you obviously won't get any of this. I'm just recommending, if you do setup a honeypot, or run any publicily accessible services (apache, ssh, bind, etc..) it should not be on the same network as production systems. Some people will allow ssh into their main network, I personally will not. The only connection I allow into my main network is VPN, which in my case, requires the client to supply a certificate for the initial connection to be established, followed by another user certificate, and the users username/password. Yes, I'm paranoid
 
Old 04-13-2006, 11:31 PM   #5
microsoft/linux
Senior Member
 
Registered: May 2004
Location: Sebec, ME, USA
Distribution: Debian Etch, Windows XP Home, FreeBSD
Posts: 1,445
Blog Entries: 9

Original Poster
Rep: Reputation: 45
No no, paranoid is good. I think first I'm gonna play w/ iptables, authentication, and stuff like that. I've looked through the security forums here, but I'm not fully sure what I'm reading. Is there any "beginner's intro to security" type document? The whole security thing is extremely daunting, so many facets of it, all w/out very much "newbie" documentation. It's like starting linux all over again.

Where would you recommend someone just getting into security and stuff start?
 
Old 04-14-2006, 12:28 AM   #6
twsnnva
Member
 
Registered: Oct 2003
Location: Newport News, Va
Distribution: Debian
Posts: 246

Rep: Reputation: 30
I found this with a quick google. http://www.puschitz.com/SecuringLinux.shtml
It looks like it may be worthwile reading over. Iptables is probably as good a place to start as any. You should be able to find docs on that at netfilter.org. You already seem to understand one concept that many don't, that there is no one-stop security solution. Anyway, I don't claim to be a guru, but if you run into any specific problems during your testing, feel free to send me an email (I think it's available to registered users) and I'll help any way I can.
 
Old 04-14-2006, 12:45 AM   #7
microsoft/linux
Senior Member
 
Registered: May 2004
Location: Sebec, ME, USA
Distribution: Debian Etch, Windows XP Home, FreeBSD
Posts: 1,445
Blog Entries: 9

Original Poster
Rep: Reputation: 45
The other thing is, how does one go about testing their security? I am by no means a hacker/cracker/whatever you want to call it, and I have no aspirations to be. I just want to be able to know that what I've set up is actually secure.
 
Old 04-14-2006, 10:23 AM   #8
twsnnva
Member
 
Registered: Oct 2003
Location: Newport News, Va
Distribution: Debian
Posts: 246

Rep: Reputation: 30
There are various tools available to help with security testing. Check out http://www.nessus.org/, it's probably a pretty good place to start. A very common attack is brute force attack against ssh. Script kiddies run scripts that check for a listening ssh server, when one is found it just bombards it with random usernames and passwords. I'm sure if you look hard enough you could find one of these scripts to use against yourself. Since I'm on the subject I'll tell you what security steps I use against this type of attack. First, I have password requirements for my users. Passwords must be at least 8 characters long, must contain at least one uppercase, and one lowercase character, as well as 1 number, and one non alphanumeric character. After all that's done it's then passed to cracklib which checks to verify there are no common words or repeating sequences (i.e. aB1!aB1!). Users are also required to change their password no less then every 180 days and not more often then every 7 days. I also use a program called fail2ban, it constantly checks the ssh and apache log files, and if it detects more then 5 failed login attempts from the same IP in less then a 5 minute period, it creates an iptables rule that blocks the IP for 1 hour. I used to get 10,000+ failed attempts a day, with fail2ban I get around 30.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Mandrake, security and users not able to do stuff Fark Linux - Security 8 02-18-2004 04:43 PM
Basic security stuff mymojo Linux - Security 9 11-26-2003 12:49 PM
Other type of security issue DazeiHead Linux - Security 3 08-17-2003 08:20 PM
Closing ports & other security stuff WorldBuilder Linux - Security 3 06-01-2003 05:35 PM
SuSE 7.3 sound and security stuff loper Linux - Software 0 03-22-2002 12:59 AM


All times are GMT -5. The time now is 04:10 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration