Network Security

Network security is the practice of preventing and protecting against unauthorized intrusion into corporate networks.

Advanced firewalld and iptables

• firewalld: A dynamic firewall manager with a D-Bus interface. It is the default on RHEL-based systems.

  • Rich Rules: For more complex rules, you can use rich rules.

    sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" service name="ssh" accept'

• iptables: A user-space utility program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different Netfilter modules) and the chains and rules it stores.

  • Example Rule:

    # Allow incoming SSH connections from a specific IP address
    sudo iptables -A INPUT -p tcp -s 192.168.1.100 --dport 22 -j ACCEPT

Port Scanning and Vulnerability Assessment with nmap

nmap (Network Mapper) is a free and open-source utility for network discovery and security auditing.

• Scan for Open Ports:

  nmap <target>

• Service Version Detection:

  nmap -sV <target>

• Operating System Detection:

  nmap -O <target>

• Aggressive Scan: Includes OS detection, version detection, script scanning, and traceroute.

  nmap -A <target>

Intrusion Detection Systems (IDS)

An Intrusion Detection System (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations.

• Snort: A popular open-source IDS. It uses a rule-based language to detect malicious activity.
  • Example Rule:

    alert tcp any any -> any 80 (msg:"WEB-ATTACKS sql injection"; content:"/etc/passwd";)

    This rule will generate an alert if it sees the string /etc/passwd in a TCP packet destined for port 80.