Månedsarkiv: juli 2004

MAC Filtering with iptables

Keep unwanted machines off your network with MAC address whitelisting Media Access Control (MAC) address filtering is a well-known method for protecting wireless networks. This type of filtering works on the default deny principle: you specify the hosts that are … Læs resten

Udgivet i Knowledge Base, Linux, Networking, Old Base | Skriv en kommentar

Authenticated Gateway with OpenBSD

Use PF to keep unauthorized users off the network. Firewalling gateways have traditionally been used to block traffic from specific services or machines. Instead of watching IP addresses and port numbers, an authenticated gateway allows you to regulate traffic to … Læs resten

Udgivet i Knowledge Base, Networking, Old Base, OpenBSD | Skriv en kommentar

Simple firewall with openbsd

Use OpenBSD’s firewalling features to protect your network. PacketFilter, commonly known as PF, is the firewalling system available in OpenBSD. While it is a relatively new addition to the operating system, it has already surpassed IPFilter, the system it has … Læs resten

Udgivet i Knowledge Base, Networking, Old Base, OpenBSD | Skriv en kommentar

Simple IPTABLE firewall

Protect your network with Linux’s powerful firewalling features. Linux has long had the capability for filtering packets, and it has come a long way since the early days in terms of both power and flexibility. The first generation of packet-filtering … Læs resten

Udgivet i Knowledge Base, Linux, Networking, Old Base | Skriv en kommentar

Statiske mac tabeller

Use static ARP table entries to combat spoofing and other nefarious activities. As discussed in [Hack #31], a lot of bad things can happen if someone successfully poisons the ARP table of a machine on your network. The previous hack … Læs resten

Udgivet i Knowledge Base, Networking, Old Base | Skriv en kommentar

Using ARPWATCH

Find out if there’s a “man in the middle” impersonating your server. One of the biggest threats to a computer network is a rogue system pretending to be a trusted host. Once someone has successfully impersonated another host, they can … Læs resten

Udgivet i Knowledge Base, Networking, Old Base | Skriv en kommentar

Enforce user and groups resource limits

Make sure resource-hungry users don’t bring down your entire system. Whether it’s through malicious intent or an unintentional slip, having a user bring your system down to a slow crawl by using too much memory or CPU time is no … Læs resten

Udgivet i Knowledge Base, Linux, Old Base | Skriv en kommentar

Restricted Shell Environments

Keep your users from shooting themselves (and you) in the foot. Sometimes a sandboxed environment [Hack #10] is overkill for your needs. If you want to set up a restricted environment for a group of users that only allows them … Læs resten

Udgivet i Knowledge Base, Linux, Old Base | Skriv en kommentar

Control login access with pam

Seize fine-grained control of when and where your users can access your system. In traditional Unix authentication there is not much granularity available in limiting a user’s ability to log in. For example, how would you limit the hosts that … Læs resten

Udgivet i Knowledge Base, Linux, Old Base | Skriv en kommentar

Automated systrace policy creation

Let Systrace’s automated mode do your work for you. In a true paranoid’s ideal world, system administrators would read the source code for every application on their system and be able to build system-call access policies by hand, relying only … Læs resten

Udgivet i Knowledge Base, Old Base | Skriv en kommentar