Difference between revisions of "Lab 7 Warnings / Debrief"
Line 26: | Line 26: | ||
<u>'''Establishing a Safe SSH Connection: Public Key Authentication'''</u> | <u>'''Establishing a Safe SSH Connection: Public Key Authentication'''</u> | ||
− | + | As a system administrator, you have the ability to generate or create public and private keys to ensure safe and secure ssh connections. The system administer can generate these keys for the first time, of if they suspect that a hacker has compromised the server, can remove the existing keys and generate new keys. A common type of attack, Arp Poisoning (Man in the Middle Attack), can be used to redirect packets to a third party while maintaining the illusion that the connection is secure. Therefore, understanding about the generation and management of public/private keys are important to the security of servers. | |
+ | |||
+ | [[Image:spoof.png|thumb|right|485px|If you receive a message like the one displayed above, you should investigate why it is happening as it could indicate a '''serious security issue''', or it could just mean that something on '''the host has changed'''(i.e. the OS was <u>reinstalled</u>)]] | ||
When a user connects to a host using ssh, the host sends a fingerprint or digital signature to the client to establish its identity. The first time a connection is established the identity must be stored for subsequent connections. The fingerprints are stored separately for each user in a file called <code>~/.ssh/known_hosts</code> . <br /><br />From now on when you connect to that host the client will compare the received fingerprint against the list of known hosts before connecting. If the fingerprint does not match it could indicate somebody had setup a system to impersonate the computer you wish to connect to and you would receive a message similar to depicted in the diagram on the right. | When a user connects to a host using ssh, the host sends a fingerprint or digital signature to the client to establish its identity. The first time a connection is established the identity must be stored for subsequent connections. The fingerprints are stored separately for each user in a file called <code>~/.ssh/known_hosts</code> . <br /><br />From now on when you connect to that host the client will compare the received fingerprint against the list of known hosts before connecting. If the fingerprint does not match it could indicate somebody had setup a system to impersonate the computer you wish to connect to and you would receive a message similar to depicted in the diagram on the right. | ||
Revision as of 10:37, 23 July 2015
Contents
Preparing for Lab 7
Purpose of Lab 7
Setting up a computer network is very important, but there are many other operations that occur on a daily basis that can include trouble-shooting, repairing network connection issues as well as maintaining network security. System administrators need to protect or "harden" their computer networks from "penetration" from unauthorized computer users. Hardening a computer system can range from running an IDS (Intrusion Detection System) to monitoring and flagging suspicious activity to implementing screen savers on workstations.
In this lab, you will learn how to use ssh, scp, sftp commands to securely access and share data between authorized personnel. In addition, you will learn various methods of running and configuring an ssh server which include: using Public Key Authentication, setting up an SSH tunnel in order to securely run graphical applications safely among computers in the network, disabling root login, and changing the default ssh communication port to mislead potential penetration testers (also known as "pen-testers" or "hackers").
INVESTIGATION 1:
CONFIGURING AND ESTABLISHING AN SSH CONNECTION
So far, you have learned to use the ssh utility to establish a secure connection to a remote server to perform tasks, administer the server, etc. For these common operations, you have issued the ssh command, which is the client application for ssh. In order to connect to a remote server (like your VMs, Matrix, etc) they need to be running the SSH service. In this lab, you will learn how to run an SSH server in a VM, then confirm that you can connect into the server by using the ssh client application.
We can use the netstat utility as a trouble-shooting / confirmation tool to view the SSH service and determine which STATE the SSH service is performing:
- LISTENING (waiting for a ssh connection attempt)
- ESTABLISHED (connection established)
- CLOSED (connection is closed)
- WAITING (time between connection closed, and changing to LISTENING mode)
Establishing a Safe SSH Connection: Public Key Authentication
As a system administrator, you have the ability to generate or create public and private keys to ensure safe and secure ssh connections. The system administer can generate these keys for the first time, of if they suspect that a hacker has compromised the server, can remove the existing keys and generate new keys. A common type of attack, Arp Poisoning (Man in the Middle Attack), can be used to redirect packets to a third party while maintaining the illusion that the connection is secure. Therefore, understanding about the generation and management of public/private keys are important to the security of servers.
When a user connects to a host using ssh, the host sends a fingerprint or digital signature to the client to establish its identity. The first time a connection is established the identity must be stored for subsequent connections. The fingerprints are stored separately for each user in a file called ~/.ssh/known_hosts
.
From now on when you connect to that host the client will compare the received fingerprint against the list of known hosts before connecting. If the fingerprint does not match it could indicate somebody had setup a system to impersonate the computer you wish to connect to and you would receive a message similar to depicted in the diagram on the right.
Common Mistakes / Warnings
Preparing for Lab Sign-Off
In order to properly complete your lab and move to the next lab, you must have your instructor "sign-off" on your lab
- Each "signed-off" lab (before due date) is worth 1% of your final grade.
- Signing-off on labs help to spot errors that can cause problems with future labs.
- Do you ask the instructor what to check for! Read at the bottom of the lab the requirements, and have all proof available for instructor to view at same time.
- Failing to be prepared and asking instructor what to check when assignment is mark will result in deduct of marks!
- For example, open multiple terminals with command results. If properly set-up ahead of sign-off, the process should only take instructor approx 20 seconds to sign-off your lab.
- If you do not have your lab-logbook, you MUST show your work and your lab log-book to your instructor for sign-off in the next class. This may cause a late penalty if past the required due date.