Chapter 7

System
Security
1
 what is system security?
• System security in system administration refers to the
measures taken to protect the computer systems, networks,
and data from unauthorized access, theft, damage, or
disruption.
• System security involves implementing various security
measures, such as firewalls, antivirus software, intrusion
detection systems, access controls, encryption, and backups,
to ensure the confidentiality, integrity, and availability of the
system and its data.
2
 Cont’d
• System administrators are responsible for implementing and
maintaining system security by

and
procedures.
• Effective system security is crucial for protecting sensitive
information, preventing unauthorized access to the system,
and ensuring business continuity in the event of a security
breach or other disaster.
3
 Application Security and Login Security
• Application security refers to the measures taken to protect software
applications from security threats, such as unauthorized access, data
theft, and other malicious attacks. This includes implementing
security controls, such as access controls, authentication, and
encryption, to ensure that applications are secure and that sensitive
data is protected.
• Login security, on the other hand, refers to the measures taken to
protect user login credentials, such as , from
unauthorized access. This includes implementing password policies,
such as requiring strong passwords and regular password changes,
and using multi-factor authentication to ensure that only authorized
users can access the system or application. 4
 Cont’d
• Both application security and login security are important
aspects of overall system security and are essential for
protecting sensitive data and preventing unauthorized access
to the system.
• System administrators are responsible for implementing and
maintaining these security measures to ensure that
applications and login credentials are secure and that the
system is protected from security threats.

5
 Boot Loader Security (LILO and
GRUB)
• Boot loader security refers to the measures taken to protect the boot
loader, which is a program that loads the operating system into
memory, from unauthorized access or modification.
• There are two commonly used boot loaders in Linux systems:
LILO (Linux Loader) and GRUB (Grand Unified Bootloader).
• LILO (Linux Loader) is an older boot loader that has been largely
replaced by GRUB.
• LILO security measures include setting a password to prevent
unauthorized access to the boot loader configuration file and
ensuring that the boot loader is installed on a secure partition of the
6
hard drive.
 Cont’d
• GRUB (Grand Unified Bootloader) is a more modern boot loader that
is widely used in Linux systems.
• GRUB security measures include setting a password to prevent
unauthorized access to the boot loader configuration file, enabling
secure boot mode to ensure that only trusted operating system
components are loaded, and verifying the digital signature of the boot
loader to ensure that it has not been tampered with.
• Boot loader security is an important aspect of system security, as it
helps prevent unauthorized access to the system and ensures that the
operating system and other system components are loaded securely
and have not been tampered with.
7
 TCP Wrappers Configuration
• TCP Wrappers Configuration is a security feature in Linux-based
operating systems that provides access control and logging for network
services.
• It is a host-based access control system that allows system administrators
to define which hosts or networks are allowed to access specific network
services, such as SSH or FTP, and which hosts or networks are denied
access.
• TCP Wrappers Configuration works by intercepting incoming network
requests and checking them against a set of access control rules defined in
the /etc/[Link] and /etc/[Link] files. The rules in the [Link]
file specify which hosts or networks are allowed to access a specific
service, while the rules in the [Link] file specify which hosts or
networks are denied access.
8
 Cont’d
• TCP Wrappers Configuration provides a flexible and powerful way
to control access to network services and can be used to enhance
system security by preventing unauthorized access to sensitive
network services.
• In addition, TCP Wrappers Configuration also provides logging
capabilities, allowing system administrators to monitor network
activity and detect potential security threats. 9
 Iptables Firewalling
❖iptables is a user-space utility program that allows a system
administrator to configure the IP packet filter rules of the Linux
kernel firewall , implemented as different Netfilter modules.
• Iptables is a firewall program for Linux.
• It will monitor traffic from and to your server using tables .
• These tables contain sets of rules, called chains, that will filter
incoming and outgoing data packets.
• iptables protects Linux systems from data breaches, unauthorized
access, and other network security threats.
• Administrators use iptables to enforce network security policies and
protect a Linux system from various network-based attacks.
10
 Cont’d
Different b/n firewalls and iptables
• A firewall can filter requests based on protocol or target-based
rules. On the one hand, iptables is a tool for managing firewall
rules on a Linux machine .
How to check iptables in Linux?
• There are two different ways to view your active iptables rules: in
a table or as a list of rule specifications. Both methods provide
roughly the same information in different formats.
• To list out all of the active iptables rules by specification, run the
iptables command with the -S option:
sudo iptables -S. 11
 Iptables Firewalling: Preliminaries
Iptables Firewalling: Preliminaries refers to the initial steps that need to be
taken before configuring the iptables firewall on a Linux-based operating
system.
These preliminaries include:
It is important to have a basic
understanding of firewalling concepts and terminology, such as packet
filtering, rules, and policies, before configuring the iptables firewall.
It is important to understand the network
topology, including the number of hosts, subnets, and network services,
before configuring the iptables firewall.
It is important to identify the network
services that need to be protected by the iptables firewall, such as SSH, FTP,
or HTTP. 12
 Cont’d
4. It is important to define the security
policy for the network services, including the access control rules and
policies, before configuring the iptables firewall.
5. It is important to determine
the iptables configuration that will be used, such as a default deny
policy or a default allow policy, before configuring the iptables
firewall.
By completing these preliminary steps, system administrators can ensure
that the iptables firewall is configured to provide effective protection
for the network services and to prevent unauthorized access to the
13
system.
 Iptables Scenarios
Iptables Scenarios refer to the various use cases or scenarios in which the
iptables firewall can be configured to provide network security.

Some common iptables scenarios include:

This scenario involves configuring iptables to
filter incoming and outgoing packets based on their source and
destination IP addresses, ports, and protocols.
This scenario involves configuring iptables to
forward incoming traffic from one port to another, typically used to
allow external access to a specific network service, such as a web
server or email server. 14
 Cont’d
This scenario involves configuring
iptables to translate private IP addresses to public IP addresses, allowing hosts
on a private network to access the Internet.
This scenario involves configuring iptables
to allow secure remote access to a private network, typically using a VPN.
This scenario involves configuring
iptables to detect and prevent potential security threats, such as denial-of-
service attacks, port scanning, or malicious traffic.
This scenario involves configuring iptables to distribute
incoming traffic across multiple servers, typically used to improve performance
and scalability of network services.
15
 Cont’d
• By configuring iptables to support these various scenarios,
system administrators can enhance network security,
improve network performance and reliability, and ensure that
the network services are protected from potential security
threats.

16
 Packet filtering
• Packet filtering is a network security technique that involves
analyzing incoming and outgoing network packets and
allowing or blocking them based on a set of predefined rules.
• Packet filtering is typically implemented using a firewall,
which is a network security device that is placed between the
internal network and the external network (such as the
Internet). The firewall examines each incoming or outgoing
packet and compares it to a set of rules to determine whether
the packet should be allowed to pass through or should be
blocked. 17
 Cont’d
• The rules used in packet filtering are based on various criteria, such
as the source and destination IP addresses and ports, the protocol
being used (such as TCP or UDP), and the type of traffic (such as web
traffic or email traffic).
• Packet filtering can be used to protect network services from potential
security threats, such as denial-of-service attacks, port scanning, or
malicious traffic. By allowing only authorized traffic to pass through
the firewall, packet filtering helps to prevent unauthorized access to
the network and ensures that the network services are available to
legitimate users.
18
 Port-Forwarding/Redirection and
NAT/IP Masquerading
• Port forwarding/redirection and NAT/IP masquerading are two related
network configuration techniques used to allow external access to a
private network.
• Port forwarding/redirection involves configuring a network device,
such as a router or firewall, to forward incoming traffic from a
specific port to a different port on a different device on the private
network.
• This technique is typically used to allow external access to a specific
network service, such as a web server or email server, that is running
on a device on the private network. 19
 Cont’d
• NAT (Network Address Translation) and IP masquerading involve
translating private IP addresses to public IP addresses in order to
allow devices on a private network to access the Internet. This is
done by configuring the network device to assign a unique public
IP address to each device on the private network and to translate
the private IP addresses to the public IP addresses when traffic is
sent to the Internet.
• IP masquerading is a specific form of NAT that is commonly used
in Linux-based operating systems. It involves configuring the
Linux kernel to translate the private IP addresses to a single public
IP address, allowing devices on the private network to access the
Internet while appearing to have the same IP address. 20
 Cont’d
• Both port forwarding/redirection and NAT/IP masquerading
are commonly used to allow external access to private
network services and to enable devices on private networks to
access the Internet. However, they also introduce potential
security risks, as they can allow unauthorized access to the
private network.
• It is important to configure these techniques carefully and to
implement appropriate security measures, such as firewalls
and access controls, to ensure that the network is secure.
21
 Packet-Processing Model
• The Packet-Processing Model is a method used in computer
networking to describe how data packets are processed in a network
device, such as a router or switch.
• The model defines a series of steps that a packet goes through as it is
received, analyzed, and forwarded to its destination.
• These steps typically include
.
• The goal of the packet-processing model is to ensure that packets are
processed efficiently and correctly, while also providing the necessary
functionality and security features required by modern networks.
22
 Intrusion Detection and Mandatory
Access Control (MAC) with LIDS
• Intrusion Detection and Mandatory Access Control (MAC) are
important security features in computer systems.
• LIDS (Linux Intrusion Detection System) is an open-source tool that
provides both of these features for Linux-based systems.
• Intrusion Detection refers to the process of monitoring network traffic
and system logs to detect and respond to unauthorized access or
malicious activity.
• LIDS includes several intrusion detection features, such as log
monitoring, file integrity checking, and network traffic analysis, that
can help detect and prevent attacks. 23
 Cont’d
• Mandatory Access Control (MAC) is a security model that restricts
access to resources based on a set of predefined rules or policies.
LIDS implements MAC by using security policies that specify which
users or processes are allowed to access specific resources, such as
files, directories, or network interfaces.
• This helps prevent unauthorized access and ensures that sensitive data
remains protected.
• Generally, LIDS is a powerful tool that can help enhance the security
of Linux-based systems by providing intrusion detection and
mandatory access control features.
24
 Thanks

End of Chapter 7
? 25