Time
1 hour 37 minutes
Difficulty
Intermediate
CEU/CPE
2

Video Transcription

00:00
Hello. My name is Isaac. Welcome to lean out security.
00:04
In this video, we will discuss some linens utilities.
00:08
So here's a quick pre assessment question.
00:11
Which of the following tools is an anti virus utility?
00:15
The correct answer is C. Clam. 80.
00:22
Utilities are additional software that provide specific service is
00:27
some linens. Utilities include clam A V and snorts
00:33
Clam. A V is an anti versatility for scanning the Lena's file system against viruses.
00:39
Viruses can infect files and system configurations. If left unchecked,
00:44
the clam 80 antivirus can easily be installed using the pseudo at install clam, maybe command
00:51
to update the virus definitions for the clam 80
00:54
The system controlled Stop climb 80. Fresh climb is first applied to stop the service before the fresh climb.
01:02
Command is easy
01:03
after the update, the service can be started with a system control start climb, maybe fresh clam command.
01:12
The Climb 80 also has a graphical user interface that can be installed by seeing the command up installed clam tea cake.
01:22
So the graphical user interface climb maybe can be run from the command prompt by issuing the command clam tea cake
01:32
that will bring up the clamp take a graphical user interface, and the user's canning professes can be set from the setting step.
01:40
In comparison with other operating systems, Lena's is generally known to be less prone to virus attacks, and most Linux users do not install anti virus on their system.
01:51
However, with the rising threats to cybersecurity, users can get the security assurance for a safer workspace by installing this free climb 80 utility on their Lennox machines.
02:06
Snort is a network intrusion detection and prevention system that can be configured to inspect packets based on specific rules
02:14
on in its operating system. The snort utility is able to normalize input traffic before applying the snot rule.
02:23
So the snort engine runs with two powerful capabilities. Being able to pre process packets for anomaly detection at the Internet protocol and transport layers stack and also applying detection rules on the packets as specified in the snot rules based
02:42
snort Logical structure consists of a header and a body.
02:46
The header defines actions to be taken on packets that matched the route
02:51
so the action may be to send an alert, drop a packet or allow the packet to pass through
02:57
the body. Devise a criteria for matching packets to the rule.
03:00
This consists of several options the defiant specific details to search for in a packet.
03:07
The content option congeal into the packet to find exact matches for data strings, which an analyst maybe looking for as indicators off suspicious activity.
03:20
So these options provide keywords in the body to identify specific content
03:28
that's not rule. Utility can be customized to feed the particular network environment Where the snot rule is implemented,
03:35
Snort is shipped with default rules that identify security policy violations, well known attacks signatures and i ps evasion methods.
03:46
Attackers usually deployed i ps evasion techniques to avoid being detected by specific I P s rules.
03:53
One minute it Attackers used to avoid detection is a protocol level misinterpretation.
04:00
So with protocol level misinterpretation,
04:01
the attacker can use many techniques to make a harmful payload. Looks safe to the I. P s rule. And one such technique, Attackers deploy is to observe an I. P s that uses a little Indian format and then manner plate the format off the exploit payload to use big Andean diplomatic.
04:19
So the big engine formatting stores high order bites in lower memory space and low order buys in higher address pace, which is a reverse off the little Indian format.
04:30
So when the I PS sees the payload in Big Andy and format in reason as though it were in a little engine format and therefore does not detect the correct information that would have masked the IPO's room.
04:45
So Snort uses reverse engineering techniques to detect this type of protocol level. Misinterpretation.
04:53
Sort is an open source network intrusion prevention system that can be downloaded a source code on Elinor's machine and compiled on linens distribution
05:03
so the manual technique can be used. But this is a rather more tedious task than using the installation package manager.
05:12
For example, on my you boon to virtual machine, I stole the snort on the system
05:16
by simply typing the pseudo app. Get install, snore command.
05:24
So when this installation is complete, the Snow Rules and Snort directory path is installed. Honor the E T. C directory path,
05:32
navigating to the Snot Rules folder and listen. The content will display the default rules that come ship with a snort utility.
05:41
Opening the rules using a nano, a teacher will display the rules header and body of the snort rule selected.
05:48
So we earlier discussed how content is one of the key words used in the snort rule body.
05:55
There are many other key words that can be used to drill into the packet prospect stick matching criteria
06:00
so we can see how the reference keyword is used to include references to external sources of information. For example, the Common Vulnerabilities and Exposure CD can be referenced as a plug in to inspect the packet based on a particular CV entry of well known vulnerabilities.
06:19
For example, the Snow Room a reference the CVI database to check packets against the CV 2019 98 48 for signatures off a vulnerability that allows Lieber office in Lenox, Djibouti, to grant unauthorized access for remote code execution.
06:39
The common Vulnerability scoring system. Version three measures of a score of 9.5 for the C E 2019 98 for eight vulnerability.
06:48
So this is a critical born bully for systems running you boon to linens 19.4 18.4 lt s and 16.4 Lt s
07:00
so the leaper off these positions up from versions 3.5 on five to version 6.2 point one or vulnerable to the C v E 2019 98 48.
07:13
Dating labor off this diversion 6.2 point five would patch that vulnerability.
07:19
But the plug ins that are supported on stored for reference to external sources of attack identification, Sze or the bug track and Ness's plug ins
07:29
this intact for using references in the snort body. It iss the reference,
07:34
then a colon,
07:36
then the identification system. Name that a comma, then identification number.
07:44
The Advance Intrusion Detection Environment Aid is the utility that checks for the integrity of the file system of a Linux operating system.
07:54
File integrity checking is achieved by making a copy of the file system configuration and starting it as a database that will be used to compare for any changes that may have occurred in the original file system.
08:07
So the integrity of a file can be verified. Even file copy in the database matches the file on disk.
08:13
The aid is a package that is available on the Linux distribution, represent tree and can be installed on the Debian and Red Hat. Lena's operating system distributions
08:24
for the Debian distributions. The advanced intrusion detection environment can be installed using the APP package manager and the young installed package manager is used to install a for red hat distributions.
08:39
The path for the configuration file for eight is through the director E TC aid
08:46
so that a configuration help the administrator to apply rules that detect changes made to file permissions using the Perm command.
08:54
All the rules for detecting changes in content of the file can also be applied using the content and data on Lee commands.
09:03
The command for creating the Integrity Checker database is a eight unit command,
09:07
so it's a compared the Integrity Checker database with a file on disk to detect any changes in the original settings, the Aid Check Command is issued.
09:20
The Hole's based intrusion detection system detects intrusions at an system which is usually the operating system of a computing device.
09:28
This is in contrast with the network based Intrusion Detection System, which detects unauthorized activity but inspecting packets traversing through the Layer three network.
09:37
So a host based intrusion detection system is installed not on the network device, but on the end point
09:45
denotes based operating systems can protect at any point with implementation of his in built far wall implementation.
09:54
The uncomplicated firewall is a holes based five hole that he's installed on your boon to Lynn of distribution.
10:01
The uncomplicated firewall is start off by default, so a system administrator will need to enable it as part of a device hardening strategy.
10:11
So to enable the uncomplicated firewall, use the following command pseudo u f w enable.
10:18
With the uncomplicated firewall, the administrator can filter network connections by allowing or denying spastic pores or i p addresses from establishing connectivity.
10:28
So the syntax allow setting rules for allowing or denying access based on port numbers appear dresses as well as service names.
10:37
For example, the S S eight service name can be used in place of a sport number.
10:46
Basically, enabling firewall includes allowing sshh, enabling logging and checking the status of the firewall by issuing the following commands. The command shell of the linens operating system has built in script interpreter. It can run text base command stored in a text application like labor Office,
11:05
the script can be excess with tools like Nano Tex, A Deter or G I and V. I am
11:11
so the default or built in script Interpreter Lin us Is the bash
11:18
predefined screwed. That former benchmark for device hardening can be executed through the linens. Interpreter shells
11:26
the script's Save an administrator the time of having to manually type in command for securing the system.
11:33
So uploading scripts automates the process off device hardening.
11:39
Other interpreters can be installed on the limits machine, and examples of script interpreters are the pilot script shell and the pearls for its shell.
11:48
The script interpreters have a wrist library of commands that can be used to write and execute scripts.
11:54
Python, for example, has over 70 library recommends.
11:58
So with these script languages, the prompt is available for executing scripts written in the language of the particular shell Interpreter
12:05
Bisons Creeps are stored in the shebang path
12:09
slash beans slash E T. C slash piping and pearls. Creeps are stored in the shebang path slash dean slash HCC slash pearl.
12:20
In today's brief lecture, we discussed clap A V and snort utilities.
12:26
We also had an overview of automating device hardening using interpreted scripts

Up Next

Linux Fundamentals for Security Practitioners

Linux Fundamentals for Security Practitioners provides an overview on how to properly configure a Linux OS to provide a secure computing environment for end users. We'll cover a combination of materials, focusing on Linux architecture, permissions, commands, directories, and shells to achieve a hardened Linux operating system configuration.

Instructed By

Instructor Profile Image
Isaac Bewarang
System Administrator at Plateau State University
Instructor