Project Paper: How to Use Linux Operating Systems as a Network Security Device or Component - Essay Example

? Project Paper: How to Use Linux Operating Systems as a Network Security Device or Component Internet has offered the entire world with an opportunity to interconnect remotely. There are large and small networks that allow people to retrieve and distribute information across the network. However, the growing network traffic and the increasing threat from intruders’ ability to gain unauthorized access to information travelling over the network and potential threat of malicious substances have swayed the immediate attention of the concerned entities to secure their networks against such attacks. In this regard, the primary aim of network security is to prevent data loses and protect system from unwanted threats. Correspondingly, the constant improvements in Linux have provided network administrators an opportunity to secure the network effectively. Hence, this paper intends to identify the ways in which Linux operating system can be used as a network security device or component. I. What Is Network Security? The history of internet is short but its growth has been explosive. The size of internet users has grown to millions and every year the figure is increasing at a rapid pace. Today, commercial, banking, governmental and military operations are largely dependent on the internet for performing their varied tasks. Thus, the security of data has emerged as a critical issue for ensuring adequate safety of the network from possible intruders’ attacks. Consequently, the term network security has taken greater prominence. Network security is a broad term. It usually means securing and protecting data that are stored in the system or that are transmitted over a network (Harrington, 2005). A. Importance of Network Security When a network is connected to the internet to increase information sharing or for communicating, the network is vulnerable to potential intrusions and attacks. There lies large amount of personal, commercial, political and military information over the networking infrastructure worldwide. Thus, network security has emerged as an important factor for ensuring that information over the network remains private and confidential. Furthermore, network security is vital in order to ascertain that only authorized users are offered the means to communicate over the network. Network security is also crucial for ensuring integrity of messages transmitted over the network. In other words, network security is important for achieving authorized access, confidentiality, authentication and integrity of information transmitted over the network (Yu & Le, 2000) B. Consequences of Lack of Security Network security is a prevention measure that facilitates to secure the information transmitted over the network from potential threats such as viruses, spyware, hackers, phishing, spyware, adware and advertising Trojans among others. Lack of network security may have adverse and long lasting impact on the system, information travelling over the network and confidentiality of the information as well. Additionally, the lack of network security may also result in Denial of Service (DoS) wherein authorized users may not be able to access the system. It may also cause data leakage and loss of vital information (Adeyinka, 2011). II. Why use Linux as a Network Security Device. The global data communication is changing rapidly, the internet connection is becoming inexpensive and wide range of software is developed constantly. In such circumstances network security has emerged as a vital issue of concern for users across the world. Security has evolved as the basic requirement for overcoming the challenges of inherent insecurity owned by global networking infrastructure (Anitha, 2011). Responsively, Linux has offered an easy way to secure the network from various threats and attacks. Linux with its exceptional features have been viewed as an appropriate option for securing networks (Burghate & Mookhey, 2005). A. Built In Security Features Linux has exceeded the features available in application of UNIX and Windows. Linux provides functionality for service hardware, normally available in the most expensive mainframes. The latest Linux kernel comprises the structure of Security Enhanced Linux (SELinux). SELinux provides the most trusted computing environment available in the present day context. There are many other built in security features in Linux Kernel such as Astaro, Gibraltar, Immunix, SmoothWall, Trinux and Trustix Secure Linux. Astaro is a secure version of Linux that is well suited for appliances. It entails third generation “stateful packet inspection” firewall, virus scanning, content filtering, VPN, IDS and easy Web administration with automatic updates. Immunix consists of security tools such as StackGuard, SubDomian and CryptoMark that are designed to delivers security bug tolerance so that even if security vulnerability is found in one of the plug-ins delivered with Immunix, the vulnerability will not be exploitable by attackers. Gibraltar includes features like full IPv4, IPv6 IPX and Apple Talk protocol support as well as static routing for all supported protocols. SmoothWall facilitates full-fledged dial up router and firewall for a small office/home office (SOHO) network. Trinux comprises the latest version of network security tools that can be used to perform security research, conduct vulnerability testing and assess network traffic. Trustix secure Linux contains OpenSSL, OpenSSH, and Apache with SSL, POP3, and IMAP with SSL support, ProFTP, ftpd-BSD and PostgresSOL (Cabrera, 2009; IBM Corporation, 2000). The Linux model of security traces back directly to UNIX which was the first multi-tasking portable operating system. The Linux operating system has inherited the security features contained in UNIX. Linux relies on specific web browser and thus any error in a particular web browser will not cause any damage. Linux also does not depend on Remote Procedure Call (RPC) model which commands another program to do something that can be executed from remote machine. It is possible to disable all RPC concerning with services and maintain its functionality (IBM Corporation, 2000). B. Plenty of Third-Party Security-Oriented Software. Linux distribution can be considered to be more secure than Windows. It is not only due to the unique features present in Linux kernel but also because of its ability to install a number of third party security-oriented software. Linux Kernel supports different security modules, which ensures the adequate security of information stored in the system and disseminated over the network. There are a plenty of third party security oriented software for Linux that enhance the ability of Linux to secure the networks from potential threats and intruders attacks. These third party software’s can be identified as anti-virus, anti-malware, Encryption, firewalls, intrusion detections, network, monitoring, network traffic analyser, packet crafting, port scanner, vulnerability scanner, log file analysers, password management, data removal and VPN tools. A few third party security oriented software include Avast for virus protection, chkrootkit for checking signs for rootkit, GnuPG security software that encrypt and sign data and communication, ClarkConnect a dedicated firewall, Snort network intrusion prevention software and Nagios, a host and networking monitoring tool (LinuxLinks.com, 2009). C. Network and Host-Based Intrusion Detection Intrusion detection system is either recognized as the network based intrusion detection system or host based intrusion detection system. Network intrusion detection system attempts to locate malicious and suspicious intent over the internet traffic. On the other hand, host based intrusion detection system looks for attack signatures in log files (Valeur, Vigna, Kruegel & Kemmerer, 2004; Lippmann & Cunningham, n.d.). In relation to this, Linux intrusion detection system (LIDS) is a patch that can completely secure files on the system. When the LIDS patch is placed, specified files on the system cannot be moved or altered in any manner, not even by the root. LIDS has several features including a port scan detector, which alerts the users about the possible intrusion attempts. Essentially, LIDS can put restrictions on file or folder access for users as well as restrictions on the system capabilities granted processes. Furthermore, while communicating over the network, if any possible threat is indicated, the network based intrusion detection system generates alert and the user is notified about the misuse of the any particular information or messages (Valeur, Vigna, Kruegel & Kemmerer, 2004; Lippmann & Cunningham, n.d.). III. Security Applications Linux has appeared as a prominent foundation for supporting rapidly expanding IT environments. Due to its gaining popularity in almost all the sectors, the use of its in mitigating the security concerns has also grown. In order to mitigate the challenges of security, numerous security applications are available today (Burghate & Mookhey, 2005). A. Nessus (Vulnerability Auditor) Nessus is a free, dominant and convenient to use remote security scanner. It provides free vulnerability definitions, also called as plugins. Nessus plugins use its own scripting language to define how it tests for vulnerability. Nessus provides intelligence scanning and vulnerability listings along with reliable resolutions. It also performs configuration audits and checks whether the system in the network has the latest software patches. Nessus can be installed in any Linux distribution for vulnerability assessments. Vulnerability assessment is the process of detecting and reporting vulnerabilities (Zurutuza, Uribeetxeberria, Lizarraga & Mendizabal, 2004). B. Nmap (Port Scanner) Nmap is the tool for determining the hosts that are running and services that are being run by the hosts. Nmap is a valuable diagnostic tool and a network administrator. Once, the network is charted out using tools such as Lan MapShot, the Nmap can be used to determine the type of services and host running in the network. The primary purpose of using nmap is to determine open ports and services in a host, identifying operating system running on a host and altering he source of the scan. Nmap is available in Linux as a graphical user interface. It is a text based utility that runs from command shell. Nmap generally uses three stages of scanning process. Firstly, Nmap pings the system wherein users can choose between legacy ICMP Echo request and nmap’s own technique for determining live hosts. Secondly, by default a reverse lookup is performed to identify the hostname related with the system’s IP address. Thirdly, Nmap performs port scanning using the selected technique. The major strength of Nmap is attributed to its ability to support a wide range of scanning techniques (Bennieston, 2004). C. Wireshark (Network Sniffer) Wireshark (network sniffer) is a network packet analyzer. It is available in Unix/Linux as well as in Windows. It attempts to catch active packet data from a network interface and disclose files comprising packet data. Furthermore, the captured packet data is imported from text files containing hex dump of packet data. The captured packet data are further displayed in detail and are saved. It also exports a few or all the packet data in a file format and filters this packet data on the basis of many criteria. It uses pcap library that allows sniffing traffic from several different network types. Additionally, it also provides support for plugins. The implementation of plugins makes it easy to analyze traffic on the network (Banerjee, Vashishtha & Saxena, 2010). IV. Operating System Configurations Linux is an operating system in which the configuration of services is enclosed within plain text files, and within which the services are designed by editing the configuration text files manually. A. BackTrack Linux In order to configure BackTrack Linux, it is essential to download BackTrack operating system. After downloading BackTrack, it needs to be installed. Once the installation is completed, configuration process is required to be proceeded. In order to bring up network interface and be able to get online, it is vital to check for interfaces (eth0, eth1, wlan0, etc.) For a wireless network card running DHCP #iwconfig wlan0 mode managed key #iwconfig wlan0 essid #ifconfig wlan0 up #dhclient wlan0 For a wired network card running DHCP #ifconfig eth0 up #dhclient eth0 For a manual configuration instead of running the DHCP client #ifconfig eth0 #route add default gw 192.168.1.1 #echo nameserver 192.168.1.1 > /etc/resolv.conf After configuring, it is essential to test connection by running a ping command or opening a website in the browser. Source: (Dans Courses, 2013) B. Kali Linux Kali Linux is a Debain based Linux distribution for digital forensics and penetration testing. For installing and configuring Kali Linux, a minimum of 8GB disk space for the Kali Linux is required. The system is also required to have CD-Drive/USB boot support. After meeting the minimum requirement, it will require for downloading Kali Linux. When the Kali Linux is successfully downloaded, it needs to be burn. After burning Kali Linux, Select Graphical install from the menu Select language Select the location Configure the keyboard Put the name of machine and click continue Put password “super user” and click continue” Click “disk” (for this case) Select the hard disk partition Click entire partition (for this case) Click continue Select “Yes” then “Continue” Configure the package manager Install the GRUB Finish installation Then start Kali Linux to test Source: (Offensive Security, 2013) C. Network Security Toolkit Network security Toolkit (NST) is a Linux oriented live CD that delivers open source computer security and networking tools to execute basic security as well as networking diagnostics along with monitoring tasks. In order to get started with NST, first, it is required to download a copy of toolkit. Use any CD-ROM burning to construct a bootable CD-ROM from ISO file. Boot the system with the NST CD-ROM that is created. Define IP address for the network card. Use DHCP server to assign network automatically. In case, DHCP is not used, Ifconfig and Route command can be used to configure the IP address and gateway address manually or NST’s built-in-scripts and be opted. For configuring Ethernet parameters, manually following commands are required to be executed for deactivating the network interface. The IP address should be defined as 192.168.0.100 entailing a 24-bit netmask of 255.255.255.0. Then, the interface needs to be reactivated: ifconfig eth0 down ifconfig eth0 192.168.0.100 netmask 255.255.255.0 ifconfig eth0 up Source: (Edward, 2004). D. nUbuntu Users can configure network card during the installation of nUbuntu. However, ifconfig command can be used at the shell prompt or nUbuntu ‘graphical network configuration’ tool. Configuring DHCP Address for Your Network Card For configuring DHCP address the /etc/network/interfaces needs to be edited and following lines are required to be entered for replacing etho0 with the network interface card. sudo vi /etc/network/interfaces gksudo gedit /etc/network/interfaces # The primary network interface -- use DHCP to find our address auto eth0 iface eth0 inet dhcp Configuring Static IP Address in Network Card For configuring IP address the /etc/network/interfaces needs to be edited and following lines are required to be entered for replacing etho0 with the network interface card. sudo vi /etc/network/interfaces gksudo gedit /etc/network/interfaces # The primary network interface auto eth0 iface eth0 inet static address 192.168.3.90 gateway 192.168.3.1 netmask 255.255.255.0 network 192.168.3.0 broadcast 192.168.3.255 After entering all the details you need to restart networking services using the following command sudo /etc/init.d/networking restart Source: (Ubuntu Geek, 2013) E. Smooth-Sec (IDS) Smooth-sec is IDS Linux distribution based on Ubuntu. It is easy to install and it’s a powerful multi-threaded IDS engine. Smooth sec uses DHCP by default. DHCP reservation can be set on DHCP server or static address on sensor. “# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces (5) # The loopback network interface auto lo iface lo inet loopback # The primary network interface #allow-hotplug eth0 #iface eth0 inet dhcp #Primary NIC auto eth0 iface eth0 inet static address 192.168.0.254 netmask 255.255.255. gateway 192.168.0.192” Source: (Tech Anarchy, 2013) F. Snort (IDS) Snort is a free lightweight network intrusion detection system for both UNIX and Windows. Firstly, snort software is needed to be downloaded. Before installing snort, it is essential to have dev packages of libpcap and libpcre. After installing, configuration file, rule file and log directory are required to be created as represented below: # mkdir /etc/snort # mkdir /etc/snort/rules # mkdir /var/log/snort # cat /etc/snort/snort.conf include /etc/snort/rules/icmp.rules # cat /etc/snort/rules/icmp.rules alert icmp any -> any any (msg:"ICMP Packet"; sid:477; rev:3;) After creating directory, execute snort # snort -c /etc/snort/snort.conf -l /var/log/snort/ Try pinging some IP from machine to check ping rule as represented below. 5 > l/l len: 0 l/l type: 0x200 0:0:0:0:0:0 pkt type:0x4 proto: 0x800 len:0x64 209.85.231.102 -> 209.85.231.104 ICMP TTL:64 TOS:0x0 ID:0 IpLen:20 DgmLen:84 DF Type:8 Code:0 ID:24905 Seq:1 ECHO In case different interface for the network connection is available then use dev -i option as represented below: # snort -dev -i ppp0 -c /etc/snort/snort.conf -l /var/log/snort/ Add -D option to run snort as a daemon. # snort -D -c /etc/snort/snort.conf -l /var/log/snort/ Source: (Moorthy, 2010) G. Linux Network Security Appliances There are numerous Linux network security appliances that protect the system and information over the network. A few Linux based network security appliances are Astaro Security Appliance, BackTrack Linux, IPFire, Lightweight Portable Security, Live Hacking DVD, EnGarde Secure Linux, NetSecL and Openwall GNU/Linux among others (Hess, 2011). V. Conclusion Today, internet has become as an integral part of everyone’s daily lives. The users of the internet have been increasing rapidly. At the same time, threats associated with information leakage over the network and intrusion attacks have become as a primary matter of concern. Hence, network security has gained tremendous attention in the recent past for securing vital information and system from malicious attacks. In this regard, Linux, an open operating system, has been viewed as an important solution for protecting information travelling over the network. Unique inbuilt features and continuous developments made related to Linux have encouraged IT professionals to use Linux as a network security component. References Adeyinka, O. (2011). Internet attack methods and internet security technology. Second Asia International Conference on Modelling & Simulation, 77-82. Anitha, A. (2011). Network security using linux intrusion detection system. International Journal of Research in Computer Science 2(1), 33-38. Burghate, N., & Mookhey, K. K. (2005). Linux-- security, audit and control features. United States: ISACA. Bennieston, A. J. (2004). NMAP - a stealth port scanner. NMap Tutorial, 1-10. Banerjee, U., Vashishtha, A., & Saxena, M. (2010). Evaluation of the capabilities of wireshark as a tool for intrusion detection. International Journal of Computer Applications 6(7), 0975-8887. Cabrera, J. (2009). Windows vs. Linux: a comparative study. Technical Writing –N4 1-14. Dans Courses. (2013). Install & configure backtrack. Retrieved from http://www.danscourses.com/Network-Penetration-Testing/install-a-configure-backtrack.html Edwards. M. (2004). A bootable network security toolkit. Retrieved from http://windowsitpro.com/systems-management/bootable-network-security-toolkit Harrington, J. L. (2005). Network security: a practical approach. United States: Academic Press. Hess, K. (2011). 10 secure linux distributions. Retrieved from http://www.serverwatch.com/server-trends/10-secure-linux-distributions-you-need-know-about.html IBM Corporation. (2000). Addressing security issues in linux. A Linux White Paper 1-39. Lippmann, R. P., & Cunningham, R. K. (n.d.). Improving intrusion detection performance using keyword selection and neural networks. MIT Lincoln Laboratory, 1-8. LinuxLinks.com. (2009). 80 of the best linux security applications. Retrieved from http://www.linuxlinks.com/article/20080429140249467/Security.html Moorthy, S. (2010). Snort: 5 steps to install and configure snort on linux. Retrieved from http://www.thegeekstuff.com/2010/08/snort-tutorial/ Offensive Security. (2013). Category: 03. Installing Kali Linux. Retrieved from http://docs.kali.org/category/installation Tech Anarchy. (2013). SmoothSec IDS. Retrieved from http://techanarchy.net/2013/08/smoothsec-ids/ Ubuntu Geek. (2013). Ubuntu networking configuration using command line. Retrieved from http://www.ubuntugeek.com/ubuntu-networking-configuration-using-command-line.html Valeur, F., Vigna, G., Kruegel, C., & Kemmerer, R. A. (2004). A comprehensive approach to intrusion detection alert correlation. IEEE Transaction on Dependable and Secure Computing 1(3), 146-169. Yu, J. H. & Le, T. K. (2000). Internet and network security. Journal of Industrial Technology 17(1), 1-7. Zurutuza, U., Uribeetxeberria, R., Lizarraga, J., & Mendizabal, I. V. (2004). Secu-audit: continuous computer security auditing experiences. Computer Science Department, Mondragon University, 1-5. Read More