Linux: System Security (LPIC-2)

Course Overview
Hi everyone, and welcome. My name is Andrew Mallett, but you may also know me as The Urban Penguin. We look today at extending LPIC level 2 courses we have by adding in Topic 212, security services, and enrolling you as one of the men in black. Linux does not need securing. We all know that. Well, think again. Security of an operating system is all about the deployment and the ongoing monitoring, not so much its particular flavor. We will teach you what you need to know to manage security in Linux and how to protect your valuable IT assets. During this course, we're going to show you, among other topics, how you can create networks and routing tables, helping you isolate servers and services from threats. You'll be looking at firewall in Linux, blocking access to services, and providing internet access through to your clients using NAT. You'll also be looking at how we can access services from the internet using port forwarding. Finally, we're going to move on to assessing vulnerabilities on our system using OpenVAS, as well as using Snort to detect intruders on our system. By the end of this course, you will have gathered the knowledge required for Topic 212 of the Linux Professional Institute exam 202-450 along with the skills required to secure Linux servers on your network. In order to complete this course, you will need good Linux command- line skills and the ability to install Ubuntu 16. 04 Server.

Configuring Routing Between Networks
Hello, and welcome to this Pluralsight presentation. My name is Andrew Mallett, and in this module, we're going to take a look at configuring the routing between networks. The exam objectives that we're taking a look at in this module include tools and commands to manage routing tables. We'll be looking at private IP address ranges. So with this, we're going to be identifying the 10 address range, the 172. 16 address range, and the 192. 168 address range that we might already be a little familiar with in any case. We'll be taking a look at the proc filesystem and, in particular, to do with our IP forwarding, so /proc/sys/net/ipv4 for our IP version 4 and similarly for IP version 6. To help you, we're going to have a few demonstrations. So we're going to be enabling IP routing, we're going to be managing routes with the ip command, and we'll be looking at how we persist our routes in Ubuntu. So let's get ready for the next clip where we're going to take a look at our first demonstration where we're going to be working with the route tables.

Configuring Firewalls
Hello, and welcome to this Pluralsight presentation. My name is Andrew Mallett, and I'm delighted to be here as your instructor to help guide you through the module where we take a look at configuring firewalls. Yes, as we run through this exam objective, we'll be taking a look at how we can use iptables to create network address translation rules allowing access to external networks. We'll also be using iptables to enable port redirection. In this way, then we'll be able to access internal resources such as web servers using port on the router. And, of course, we'll be looking at our normal iptables usage where we can then start restricting access to certain services by opening and closing ports within our firewalls. We're going to come back in our next clip to be able to demonstrate to you how we set up network address translation.

Dynamic Firewalls with Fail2ban
Hello, and welcome to this presentation from Pluralsight. My name is Andrew Mallett, and I'm here as your instructor to help guide you through the module where we take a look at creating dynamic firewalls with the product Fail2Ban. Now there's only one objective that we're going to be looking at for the exam in this module, and that's quite simply looking at Fail2Ban. So what do we mean by this? Well, we're taking a look at firewalling against attacks. It may be that we do need pretty much every IP address within the internet to be able to connect into our server, perhaps for SSH access. We might not be able to control where these IP addresses are. And as people travel around for work, then they're going to need access through to our server. But, of course, having this level of access can then lead to a level of misuse or attempt to misuse this platform, so we need to block attempts that are being badly used. The problem is the attacks are likely to be in the hundreds per day. Just having a public SSH server online for a little while will show you how often people are trying to SSH in, as root perhaps, to your system. So we need to look at creating iptable rules dynamically based on activity, and that's what Fail2Ban does. Within our first demonstration, we'll come back in the next clip to just show you that login attempts and failed login attempts are going to be logged through to the auth log, and we can use this as our starting point to look for misuse of our system.

Securing OpenSSH
Hello, and welcome to this Pluralsight presentation. My name is Andrew Mallet, and I'm here as your instructor to guide you through the module Securing OpenSSH. As we work through the objectives here, we're simply just looking at Secure Shell, or SSH. Now many years ago, it was quite common when you were connecting to Linux or UNIX-based system including dedicated, say, printer boxes, they would come with the Telnet protocol listening on port 23. Now this was unencrypted and not necessarily as secure as it could be. Since those days, things have improved a little bit, and Telnet now is not as commonly used, and the de facto protocol used to access your server shell remotely is now SSH, or Secure Shell. By default, listening on port 22, SSH is able to improve upon Telnet, offering both key-based authentication and encryption. We're going to come back in our next clip where we're going to take a look at the configuration files used by both the SSH client and the SSH server.

Securing FTP Services
Hello, and welcome to this Pluralsight presentation where we're going to take a look at securing FTP servers, our File Transfer Protocol services. For the exam objectives, essentially we're looking at the exam objective Securing FTP Servers. And this is a weight of two in the exam, so you can only expect two questions about this objective. But we could also fall back to our iptables firewall and take a look at firewalling your FTP servers. We'll be installing the Pure-FTP server and the vsftpd daemon, so we'll be looking at two different variants of FTP servers that are available in most distributions of Linux. Now our File Transfer Protocol, or FTP servers, will listen on port 20 and 21, so this already adds a little bit of complexity when we start looking at creating our firewall rules. We'll be taking a look at the vsftp daemon, FTP server, and the Pure-FTP servers, and these are requirements that are laid out by the objectives of the exam. Other FTP servers exist, including ProFTP. In our first demonstration, we're going to be taking a look at building firewall rules on router2 before we go ahead and start installing an FPT server on our router2 system.

Monitoring Systems
Hello, and welcome to this Pluralsight presentation. My name is Andrew Mallett, and I'm here as your instructor to help guide you through the module where we take a look at monitoring systems. Now, of course, we're working towards our LPI level 2 certification and the 202 exam. The objectives that we're looking at here is our security tasks, but this expands into port scanning with the Nmap port scanner, taking a look at vulnerability scanning using OpenVAS, and looking at intruder detection systems with Snort. Now, of course, you've gathered from the title of this module that it's all about monitoring systems, and we want to really emphasize the importance of at least monitoring your systems to get some idea of how they're performing. Many Linux servers are going to be installed and left running whilst their services are performing okay. So you can install a web server. The web server appears to be working, so you're not going to be too concerned about it. But if you're not actually monitoring these systems, then how do you know that these systems haven't been breached, and how do you know that your systems are still secure? And we've seen time and time again, even with large commercial outfits, how through lack of monitoring their systems may be been breached and have been left breached for several months before it has been identified. So we're going to be taking a look at the very basics of how we can monitor our systems and some of the tools that we can use to gain some understanding of the security of our Linux systems.