Firewall and Service Management on Linux - Essay Example

Firewall and Service Management on Linux Netstat Netstat (network statistics) is a command line utility for monitoring network connections both inbound and outbound. It can also be used for viewing routing tables and interface statistics. Netstat is very useful when doing network troubleshooting and performance measurement. netstatshows open ports and whether any programs are listening on ports (Dean, 2013).Netstat can be used to help determine whether there are unauthorized sockets open to or from a system. This could indicate malicious activity being directed towards your system, or if the system is connecting to other systems for the purpose of sending data out, for any number of possible reasons, including data theft, or participation in a botnet as an example. There are several options available for use with netstat. netstat -a option lists all listening ports of tcp and udp connections. It might be useful sometimes to be able to list them all when analyzing a client’s system, given that it gives the big picture. However, when context is needed, some more filtering should be done to get a better idea of the issues one is dealing with. Thus other commands need to be used in order to provide better context. However, if a port is open that the client system is not using then the port needs to be closed to protect the client system from an attacker. netstat –at shows all TCP (Transmission Control Protocol) port connections only. TCP statistics can show when a client system is being attacked, such as during denial of service attacks. TCP parameters which show dropped connection requests increase rapidly when under attack. netstat –ant shows the output without running a DNS query, which would slow down the command response time. Instead, it will only show the IP address without showing domain names. This might be more useful when time is of essence, and one needs answers fast in case of an attack on a client system. netstat –nl shows all listening connections. However, this might be counterproductive as it also gives too much information without context. netstat –nlpu shows the process that owns listening UDP socket connections.sudonetstat –nlpu shows the process owner and process ID (PID). This is useful in determining which program is running a process. This can help determine whether it is a rogue process or not, and can help in hardening client systems. sudonetstat –nlpue displays the user ID and the associated Inode. This can show additional details about the user account that the suspicious socket it is associated with. The netstat command shows detailed statistics of each network connection, interface, routing tables, network protocols and it also displays other network-specific information. The netstat command helps us to deal with network issues in linux .Network administrators are also encouraged to have enhanced performance measurement when they use the netstat command. Systemctl Systemctl is a command line utility that can be used to control various aspects of services on a system (start or stop, run at startup). systemctl can also be used to display details about services running on your system, or provide details about why a service failed to start. These are important abilities to have when trying to do an application audit on a system. Services are typically run for a long time without shutting down and usually they start when the system starts and stop when it shuts down. They are frequently network-facing, which makes them vulnerable to remote attacks. Some services run with great privileges granted to them, which can be unhealthy. Some of the options available under systemctl are: mansystemctl - lists all running services. This helps determine if a particular service is running unnecessarily.For example, a client system does not require to have the Bluetooth service running all the time, and such a service will show up when this option is used, and thus the admin will know whether to shut it down. systemctl – version this shows the version details about systemctl. This information is useful in order to know how to go about configuration of services. systemctl status - shows information about a particular service. This information helps in finding out what to do about the service, whether to let it stay as it is, or to stop it. systemctl stop - is used to stop a service in case it is not necessary to have it running all the time. A service such as Bluetooth is one which can be stopped without any adverse consequencies. systemctl status- display the details about a service. It can be used to verify whether it is running or it has shutdown. It might be necessary to find out since the service might not shutdown if it was being used by a particular application systemctl disable - this option disablesa service from starting at boot. When high security is needed, access is limited to some particular necessary services, and thus some of them should be disabled as early as possible, so that a reboot does not restart them. systemctl restart -is used to restart a service when needed. Unnecessary and unwanted network services should be disabled from the system. When allowing access for new services, the firewall also has to be configured. This is done in order to ensure that the system is as secure as possible (Fedora documentation). Hardening" services restricts the ability of a compromised service to damage a client system. There are several ways to accomplish this objective. One way is to run services with the least possible privilege. This allows services to run with only the most basic privileges that are required. Service isolation can also be done to harden client systems. This allows some particular services to be isolated from other services or even client applications. This is done by using a unique service identity. This restricts access to its resources by other services or applications. Service identity can also restrict access of a service access to the resources of other services or applications. As an example, an antivirus service maintains exclusive access to its signature definition files through use of service isolation. References Dean, T. (2013). Network+ guide to networks (6th ed.). Boston: Course technology/cengage learning. Fedora Documentation :Chapter 7. Services and Daemons. (n.d.). Fedora Project. Retrieved April 26, 2014, from http://docs.fedoraproject.org/en-US/Fedora/15/html/Deployment_Guide/ch-Services_and_Daemons.html Read More