Host Security  «Prev  Next»

Lesson 14

Red Hat Port Scan Conclusion

A "white hat" penetration tester focused on host security in Red Hat Linux should have a thorough understanding of the following aspects to protect systems from intruders:
  1. Operating System Hardening
    • Disable unnecessary services and daemons to reduce the attack surface.
    • Regularly update and patch the system using tools like yum or dnf to close vulnerabilities.
    • Configure secure boot processes and ensure kernel security settings are optimized.
  2. User Account Management
    • Ensure robust password policies (minimum length, complexity, and expiration).
    • Limit user accounts with elevated privileges and use sudo instead of granting direct root access.
    • Disable or lock unused accounts.
  3. File and Directory Permissions
    • Set appropriate permissions using chmod, chown, and chgrp to restrict access to sensitive files.
    • Use ACLs (Access Control Lists) for finer-grained control over file and directory access.
    • Regularly audit file permissions for misconfigurations.
  4. Network Security
    • Implement and configure a firewall using firewalld or iptables to control incoming and outgoing traffic.
    • Use SELinux (Security-Enhanced Linux) to enforce mandatory access controls.
    • Minimize exposed ports and allow only required network services.
  5. Authentication and Logging
    • Enable multi-factor authentication (MFA) for critical accounts.
    • Regularly monitor logs using tools like auditd or journald for suspicious activities.
    • Configure secure logging and centralize logs to prevent tampering.
  6. Intrusion Detection and Prevention
    • Deploy intrusion detection systems (IDS) like Tripwire or AIDE to monitor changes in the file system.
    • Use fail2ban to protect against brute force attacks by monitoring access logs and banning IPs.
  7. Security Policies
    • Implement security benchmarks like CIS (Center for Internet Security) guidelines for Red Hat Linux.
    • Use SCAP (Security Content Automation Protocol) tools for automated compliance checks.
  8. Secure Remote Access
    • Use SSH keys instead of password-based authentication for remote access.
    • Restrict SSH to specific IPs and use non-default ports.
    • Enable host-based and user-based access restrictions.
  9. Kernel and Process Security
    • Limit access to kernel parameters using sysctl.
    • Restrict executable permissions on writable directories like /tmp and /var/tmp.
  10. Data Encryption
    • Encrypt sensitive files and directories using tools like gpg or LUKS for disk encryption.
    • Secure data in transit using protocols like TLS for web traffic and SCP/SFTP for file transfers.
  11. Backup and Disaster Recovery
    • Regularly backup critical data and test recovery processes.
    • Ensure backup systems are also secure and isolated from the main system.
  12. Penetration Testing Tools
    • Utilize tools like Nmap, Metasploit, and Nessus to identify vulnerabilities.
    • Perform regular security audits and vulnerability assessments to keep the system secure.
By focusing on these areas, a white hat penetration tester can identify vulnerabilities, recommend mitigations, and maintain a robust security posture on Red Hat Linux systems.
Crackers are constantly running port scans looking for vulnerable systems. This module discussed the tools required to tighten your system against hacker attacks.
By securing your system you have reduced, but not eliminated, the risk of a break-in, so by knowing the typical things crackers do and the ways to detect attacks, you will be able to minimize the damage to your system in the event of an attack.
  • Learning Objectives Having completed this module, you should be able to:
    1. Explain why it is important to protect your console
    2. Describe security concerns related to network access
    3. Explain how crackers get into a system
    4. Describe what crackers do
    5. List ways to detect attacks
    6. Describe insecure remote login services
    7. Describe secure remote login services
    8. Controlling the root login process
    9. Explain the use of the sudo command
    10. Find modified and sticky files
    11. Describe the cron facility
    12. Describe RPM verification

Glossary Terms

  1. Backdoor: A hole placed in you r security by a cracker. It allows the intruder to gain easy access to your system by bypassing normal security.
  2. Cracker: An individual who breaks into systems or breaks copy protection of software products.
  3. Daemon: A daemon is a program that waits for a request from another program. The daemon then performs the desired action, such as creating an http session, or opening and maintaining a communications socket. Some common daemons include httpd, telnetd, and ftpd.
  4. MD5 check: Uses a message digest algorithm to determine file integrity.
  5. Sniffer: A program that looks at all traffic on the network, trying to gain access to other systems.
  6. Social engineering: The use of social techniques, such as masquerading as a system's administrator, in order to gain access to confidential user information like a password.
In the next module, you will learn about process and user accounting.

Security Holes - Quiz

Before moving on to the next module, click the Quiz link below to test your understanding of host security.
Security Holes - Quiz

SEMrush Software14