Security: keeping the resource is used properly by the rightful user.
Use of tools (including programs) can cause damage to either intentional or not. Use is not restricted to make but so efficient and not harmful.
Protection:
* Authentication: the user should be able to prove himself. Example: user and password. In the source added UNPAR network access (used computer) with the assumption that at one time one person can only be / should work with the same computer.
* Gateway: the gateway to the system with a firewall
* Attack: an attack on the system.
* Authorization: the user is allowed to use services and resources in accordance with their rights.
* Monitoring: monitoring of network
* Encrypted Communication: using encryption so that data can not diintip
Authentication. Database of users.
General information about the user stored in the file / etc / passwd
Enter the command # more / etc / passwd
root: *: 0:0: Bozz: / root: / bin / sh
Toor: *: 0:0: Bourne-again Superuser: / root:
daemon: *: 1:1: Owner of many system processes: / root: / sbin / Nologin
--- Cut ---
www: *: 10000:65533: WebMaster: / nonexistent: / sbin / Nologin
nobody: *: 65534:65534: Unprivileged user: / nonexistent: / sbin / Nologin
Gatut: *: 21001:21001: Gatut: / home2/gatut: / usr / local / bin / tcsh
Wardojo: *: 1004:20: Wardojo: / home2/wardojo: / usr / local / bin / tcsh
ari: *: 1005:20: Ari Nurcahyo: / home1/ari: / usr / local / bin / tcsh
tres: *: 1006:20: Maria Theresia Sri Prihatiningsih: / home2/tres: / usr / local / bin / tcsh
--- Cut ---
UNIX utilities: finger
By default, displays a list of the current user or other information about specific users.
[Gatut @ bsd02 Gatut] $ finger
[Gatut @ bsd02 Gatut] $ finger Gatut
Login Name TTY Idle Login Time Office Phone
Harijoso Gatut Gatut V p0 Center Wed 00:13
utilitas UNIX: w dan who
Knowing the current user.
[Gatut @ bsd02 Gatut] $ w
[Gatut @ bsd02 Gatut] $ who
UNIX utilities: last
Displays a list of the last user
[Gatut @ bsd02 Gatut] $ last
pemake ttyp0 10.210.2.51 Tue Jun 29 23:50 to 00:02 (00:11)
yuser ttyp9 167.205.136.3 Tue Jun 29 23:37 to 23:39 (00:02)
7397023 ttyp1 10.210.2.48 Tue Jun 29 23:07 to 23:24 (00:16)
--- Ff - cut --
Users should always consider the message "last logged in from:" when login in order to immediately known if there are other users using the user-id.
Authentication through the system (ie, passwords) are actually stored in encrypted form in a file that can not be seen by ordinary users, usually / etc / master.passwd or / etc / shadow.
Authentication can be done centrally, eg by the Network Information Service (NIS) also known as Yellow Pages (YP), Kerberos (eBones), RADIUS.
Authorization
Users who have proven to have the right to serve and use the resource. Because the user has full rights over the files it has, then the user must set up their own data.
UNIX utilities: chmod
Determining the file permissions and directory.
[Gatut @ bsd02 Gatut] $ chmod
[Gatut @ bsd02 / home] $ ls-l
total 4
drwxr-xr-x 26 Gatut staff 2048 Jun 30 00:03 Gatut
drwxr-xr-x 9 pemake users 1024 May 8 09:41 pemake
drwxr-xr-x 2 No one nobody 1024 Apr 16 11:53 No one
[Gatut @ bsd02 / home] $ chmod 0711 Gatut
[Gatut @ bsd02 / home] $ ls-l
total 4
drwx - x - x 26 Gatut staff 2048 Jun 30 00:03 Gatut
drwxr-xr-x 9 pemake users 1024 May 8 09:41 pemake
drwxr-xr-x 2 No one nobody 1024 Apr 16 11:53 No one
[Gatut @ bsd02 / home] $
There are many applications that work on the server working on behalf of the super-user, for example in order to read the password file or write data into the system (see back command "ps aux"). The more complex the application, the more likely there are errors (bugs). Programs that run on behalf of the super-user and one could be fatal. Therefore, usually the client-server applications as possible that require access to separate super-user rights.
Gateway
Gateway that connects the system to the outside can be a gateway to the inside, so there is risk of vandalism or theft of data by the public is much broader.
Firewall (wall of fire) that maintain the security gateway system.
* Packet filtering: only packets from and to the host, tcp, udp may communicate certain. Program to check and screening services so that only known and allowed by right.
* Gateway applications: sending and receiving mail gateway to simplify the examination and reduce the network load.
Attack
Open password for: theft, scattered notes, observations (how to type, peering package)
Deflect access: by changing ip, dns, or route access to the server turned false to trap passwords.
Error program: no ivory that was cracked Do not run unknown programs. The spread of the virus via email, java script, vb script. Burdening the server with great access.
Stepping stones: the access of a computer is usually located on the intranet is less restricted. If access to a computer in an open Intranet, the Internet users can log into the computer in the intranet, and then use the computer as a stepping stone.
Monitoring
Knowing what is happening as a preventive action by reading the notes system.
UNIX: records are usually stored in the directory / var / log.
/ var / log / messages The messages from the system
/ var / log / maillog Transaction email (SMTP)
Encrypted communication
Communications through the public network allows the conversation listening bugs.
Some of the software:
* Secure Shell: telnet replacement with encryption
* HTTPS: HTTP secure
Due to encryption, the data exchanged is greater.
Use of tools (including programs) can cause damage to either intentional or not. Use is not restricted to make but so efficient and not harmful.
Protection:
* Authentication: the user should be able to prove himself. Example: user and password. In the source added UNPAR network access (used computer) with the assumption that at one time one person can only be / should work with the same computer.
* Gateway: the gateway to the system with a firewall
* Attack: an attack on the system.
* Authorization: the user is allowed to use services and resources in accordance with their rights.
* Monitoring: monitoring of network
* Encrypted Communication: using encryption so that data can not diintip
Authentication. Database of users.
General information about the user stored in the file / etc / passwd
Enter the command # more / etc / passwd
root: *: 0:0: Bozz: / root: / bin / sh
Toor: *: 0:0: Bourne-again Superuser: / root:
daemon: *: 1:1: Owner of many system processes: / root: / sbin / Nologin
--- Cut ---
www: *: 10000:65533: WebMaster: / nonexistent: / sbin / Nologin
nobody: *: 65534:65534: Unprivileged user: / nonexistent: / sbin / Nologin
Gatut: *: 21001:21001: Gatut: / home2/gatut: / usr / local / bin / tcsh
Wardojo: *: 1004:20: Wardojo: / home2/wardojo: / usr / local / bin / tcsh
ari: *: 1005:20: Ari Nurcahyo: / home1/ari: / usr / local / bin / tcsh
tres: *: 1006:20: Maria Theresia Sri Prihatiningsih: / home2/tres: / usr / local / bin / tcsh
--- Cut ---
UNIX utilities: finger
By default, displays a list of the current user or other information about specific users.
[Gatut @ bsd02 Gatut] $ finger
[Gatut @ bsd02 Gatut] $ finger Gatut
Login Name TTY Idle Login Time Office Phone
Harijoso Gatut Gatut V p0 Center Wed 00:13
utilitas UNIX: w dan who
Knowing the current user.
[Gatut @ bsd02 Gatut] $ w
[Gatut @ bsd02 Gatut] $ who
UNIX utilities: last
Displays a list of the last user
[Gatut @ bsd02 Gatut] $ last
pemake ttyp0 10.210.2.51 Tue Jun 29 23:50 to 00:02 (00:11)
yuser ttyp9 167.205.136.3 Tue Jun 29 23:37 to 23:39 (00:02)
7397023 ttyp1 10.210.2.48 Tue Jun 29 23:07 to 23:24 (00:16)
--- Ff - cut --
Users should always consider the message "last logged in from:" when login in order to immediately known if there are other users using the user-id.
Authentication through the system (ie, passwords) are actually stored in encrypted form in a file that can not be seen by ordinary users, usually / etc / master.passwd or / etc / shadow.
Authentication can be done centrally, eg by the Network Information Service (NIS) also known as Yellow Pages (YP), Kerberos (eBones), RADIUS.
Authorization
Users who have proven to have the right to serve and use the resource. Because the user has full rights over the files it has, then the user must set up their own data.
UNIX utilities: chmod
Determining the file permissions and directory.
[Gatut @ bsd02 Gatut] $ chmod
[Gatut @ bsd02 / home] $ ls-l
total 4
drwxr-xr-x 26 Gatut staff 2048 Jun 30 00:03 Gatut
drwxr-xr-x 9 pemake users 1024 May 8 09:41 pemake
drwxr-xr-x 2 No one nobody 1024 Apr 16 11:53 No one
[Gatut @ bsd02 / home] $ chmod 0711 Gatut
[Gatut @ bsd02 / home] $ ls-l
total 4
drwx - x - x 26 Gatut staff 2048 Jun 30 00:03 Gatut
drwxr-xr-x 9 pemake users 1024 May 8 09:41 pemake
drwxr-xr-x 2 No one nobody 1024 Apr 16 11:53 No one
[Gatut @ bsd02 / home] $
There are many applications that work on the server working on behalf of the super-user, for example in order to read the password file or write data into the system (see back command "ps aux"). The more complex the application, the more likely there are errors (bugs). Programs that run on behalf of the super-user and one could be fatal. Therefore, usually the client-server applications as possible that require access to separate super-user rights.
Gateway
Gateway that connects the system to the outside can be a gateway to the inside, so there is risk of vandalism or theft of data by the public is much broader.
Firewall (wall of fire) that maintain the security gateway system.
* Packet filtering: only packets from and to the host, tcp, udp may communicate certain. Program to check and screening services so that only known and allowed by right.
* Gateway applications: sending and receiving mail gateway to simplify the examination and reduce the network load.
Attack
Open password for: theft, scattered notes, observations (how to type, peering package)
Deflect access: by changing ip, dns, or route access to the server turned false to trap passwords.
Error program: no ivory that was cracked Do not run unknown programs. The spread of the virus via email, java script, vb script. Burdening the server with great access.
Stepping stones: the access of a computer is usually located on the intranet is less restricted. If access to a computer in an open Intranet, the Internet users can log into the computer in the intranet, and then use the computer as a stepping stone.
Monitoring
Knowing what is happening as a preventive action by reading the notes system.
UNIX: records are usually stored in the directory / var / log.
/ var / log / messages The messages from the system
/ var / log / maillog Transaction email (SMTP)
Encrypted communication
Communications through the public network allows the conversation listening bugs.
Some of the software:
* Secure Shell: telnet replacement with encryption
* HTTPS: HTTP secure
Due to encryption, the data exchanged is greater.
No comments:
Post a Comment