Category:I802 Firewalls and VPN IPSec: Difference between revisions

From ICO wiki
Jump to navigationJump to search
Line 1: Line 1:
File:Redteam.jpg
File:Redteam.jpg


=Boring stuff=
[[File:Redteam.jpg]]
 
==Report template==
 
Send report as a plaintext e-mail to Lauri, in the title include: Report #number - your name - your team
 
In the content make sure you specify the timespan you're talking about (September of 2016, first half of October 2016 etc)
 
The content, no need for formal speech:
 
* What have been done so far by the team (eg. server hardware setup, virtual machine setup, service setup)
* What was your role for this timespan, note that we will shuffle the teams now and then
* What was your contribution, or in other words what did you do during this timespan
* What (security) incidents happened - red team found messing around with the servers, passwords changed, backdoor found etc.
 
==September wrapup & iptables lecture==
 
[https://docs.google.com/presentation/d/1mt0g_BN-l_Jz6HQ1D52WJIdMjPtkTt95CPYFejjiikE/ Lecture slides] [https://echo360.e-ope.ee/ess/portal/section/0fa18d0e-f1b2-44b7-878b-5e4c66e6040e video recording]
 
==October wrapup & X.509/TLS lecture==
 
[https://docs.google.com/presentation/d/1kqTyhhUu5CfwODmOTIC7odhlYfeEeJALTd4RX7XhPLE/edit?usp=sharing Lecture slides]
[https://echo360.e-ope.ee/ess/echo/presentation/3baf5fa7-71d7-40b7-8081-2dfb42b378a5?ec=true video recording #1]
[https://echo360.e-ope.ee/ess/echo/presentation/5e722941-09ad-484c-a267-a51360f43fd5?ec=true video recording #2]
 
 
==Hardening==
 
Last sessions 7. december and 14. december, no session on Robotex week (30. november).
 
Last steps to pass the course:
 
* Make sure blah.office DNS records work and services are accessible on default ports, eg http://blah.office:9001 is not cool. If necessary set up proxying web server or use iptables DNAT rule to overwrite the port number.
* Make sure your service is not running as root user or regular user.
* Make sure services are being monitored by Nagios
* Make sure service logs are forwarded to Graylog
* Check port forward rules on the routers, make sure only necessary services are accessible from the Internet
* Check listening services on each machine, make sure only necessary services are running using netstat -lntup if necessary not only stop the services but disable it as well so it's not started during next boot
* If a service can't be disabled prevent access using iptables, to save firewall rules over reboots: apt install iptables-persistent
* Make sure there are no user accounts with simple passwords
* Make sure there are no random user accounts with passwords, to check: cat /etc/shadow
* Preferrably use SSH public key authentication
* Run port scans on the public and internal IP addresses using nmap
* Make sure ~/.ssh/authorized_keys and /root/.ssh/authorized_keys does not contain any unrecognized keys, if necessary remove them
* Prevent brute force SSH attacks using [http://www.fail2ban.org/wiki/index.php/Main_Page fail2ban]
* Make sure [https://help.ubuntu.com/community/AutomaticSecurityUpdates security updates] are installed, make sure machine gets rebooted if kernel was upgraded and make sure service is restarted when service is upgraded.
 
For mailserver:
 
* Make sure it's not open relay, meaning that it won't accept mail for foreign domains
 
For webservers, eg if your service has a web interface:
 
* In your webserver check /etc/apache2/sites-enabled contents, make sure that only what's necessary is there.
* Set up certificates if you haven't done so using [https://letsencrypt.org/ Let's Encrypt]
* Make sure [https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security HSTS] is enabled
* Make sure weak ciphers are disabled, use some [https://www.ssllabs.com/ssltest/ SSL test to check]
 
By the last session on 14th of December prepare a comprehensive e-mail about the state of your service
 
* How to administer the service if applicable - what is the administrator username and password
* How to access the virtual machine - what DNS record or IP address should be used, what is the username and password. If public key authentication is used instead of passwords, figure out who will take over your service after this course and give him/her access to the machine.

Revision as of 23:48, 6 December 2016

File:Redteam.jpg

This category currently contains no pages or media.