Hacking The The U.s. Midterm Elections | The Threat Report News

elections taught us that thewhole voting system is in need of a major cybersecurity upgrade. protect the upcoming2018 midterms? The answer is still unclear with multiplevoting machine vendors experiencing vulnerability issues and admitting to cybersecurity flawsin their systems. Another potential issue has been the explosionof fake websites for political candidates being used as.
The bright spot is a notable group.

Of votingvendors and tech companies have come together to battle such attacks.
This story still has to play out but comecritics are calling for the U.

Follow Canada’s lead and return to paper ballots..

Unisys Survey Found Most Americans Concerned About Election Security

And the numbers don’t lie 86% of Americans according to a new study released literally moments ago say they are concerned that our election systems could be compromised the number here in the Midwest even higher 89% equally is surprising that among these voters the concern is so great that nine percent of them say they’re not going to vote at.
All and another 13 percent say.

They may not time was the only electronics involved in voting was the plug leading to an overhead light but after the hanging chads of 2000 the push to modernize was real with.

Computers King concern over being compromised the concerned security.

Experts say it’s also real in August an 11 year old was able to hack into a replica of the Florida state election website and change voting results and it did it in under 10 minutes so what about here in Ohio first off we still physically have paper ballots that could be checked against the results from the scanners and those scanners in your local school gym.

Are not connected to the Internet they are standalone that doesn’t necessarily mean they’re invincible to a cyberattack but it does significantly reduce their vulnerability to a remote cyberattack the mere fact though that nearly 90% of voters in the unisys study are concerned is a.

Victory itself for those wanting to disrupt the elections because it plants a seed of doubt about the integrity of the process and.

To the nine percent who may not trust polling places election officials say take advantage of what Ohio offers early voting it’s a secure and convenient way to vote and it’s also safe for the e-team John Kasich.

Secretary Of State Talks Election Security

MANY OF YOU WILL HEAD OUT TO THE POLLS TO VOTE EARLY.

(PHIL) BUT DO YOU KNOW FOR SURE THAT YOUR VOTE IS SAFE? NEWS 8 STATEHOUSE BUREAU CHIEF, DAVID WILLIAMS, SAT DOWN WITH INDIANA’S SECRETARY OF STATE TO TALK ELECTION SECURITY. (DAVID) SECRETARY OF STATE, CONNIE LAWSON, SAYS THE WAY ELECTIONS ARE MANAGED AND RUN.
CONTINUALLY EVOLVE, BECAUSE SHE SAYS, THIS A RACE WITHOUT A.
(REPORTING) ((CONNIE LAWSON/ INDIANA SECRETARY OF STATE / “VOTERS, WE HAVE DONE EVERYTHING WE POSSIBLY CAN DO HERE IN INDIANA TO SECURE YOUR VOTE. I’D LIKE YOU TO KNOW FIRST OF ALL, OUR VOTING MACHINES ARE TESTED BEFORE THEY’RE EVER USED HERE IN INDIANA.”: )) INDIANA’S CHIEF ELECTIONS OFFICER, SECRETARY OF STATE, CONNIE LAWSON SAYS BALL.

STATE TESTS ALL INDIANA VOTING EQUIPMENT VIA THEIR VOTING OVERSIGHT PROGRAM.

PLUS, EVERY COUNTY TESTS BY SIMULATING AN ELECTION.

(( SOS LAWSON @ 18:22:49 “THEY WILL VOTE ON THE MACHINES TO MAKE SURE THE MACHINES ARE RECORDING THE VOTES AND THAT THE VOTES CAST FOR EACH CANDIDATE ARE CORRECT.
SECURITY DID A TWO-WEEK RISK AND VULNERABILITY TEST, AS WELL.

SURE THERE AREN’T ANY WAYS FOR SOMEONE TO CONNECT TO THE STATE’S VOTER REGISTRATION SYSTEM AND STAFFERS PASSWORDS ARE STRONG. (( LAWSON@ 18:23:22″ IN FACT THEY TRIED TO PENETRATE OUR STATEWIDE VOTER REGISTRATION SYSTEM AS A TEST, AND THEY COULD NOT GET IN, BECAUSE WE ARE USING A TWO-FACTOR. IF THE DEPARTMENT OF HOMELAND SECURITY COULDN’T ACESS STATEWIDE VOTER REGISTRATION SYSTEM, I DON’T THINK THE HACKERS WILL KNOW HOW TO GET IN.”/ : )) THAT TWO FACTOR AUTHENTICATION MEANS AFTER STAFFERS ENTER THEIR USERNAME AND PASSWORD, THEY GET AN EMAIL OR TEXT WITH A 6- DIGIT NUMBER TO VERIFY. LAWSON SAYS THE STATE’S ONLINE VOTER REGISTRATION SYSTEM ALSO HAS INTRUSION DETECTION TECHNOLOGY. (( LAWSON @ 18:24:13 “WHAT THAT DOES IS IT DETECTS TRAFFIC AND PEOPLE THAT TRY TO ACCESS THE STATEWIDE VOTER REGISTRATION SYSTEM. IT SENDS A SIGNAL BACK TO THE DEPARTMENT OF HOMELAND SECURITY SO THEY CAN IMMEDIATELY CONTACT US.”/ : )) LUCKILY NO ONE’S TRIED TO. LAWSON SAYS ALL THE STATE’S ONLINE DATABASES AND ELECTION WEBSITES WORK OFF A DATABASE COPY.

(( 18:25:43 “IT’S UPDATED ABOUT EVERY 3-10 MINUTES. IT PROTECTS THE ACTUAL DATABASE.”/ : )) (DAVID) LAWSON SAYS EVERY VOTE CAST IN INDIANA ON ONE.

OF THE MACHINES HAS A PAPER TRAIL. SHE ALSO SAYS NONE OF THE VOTING OR TABULATION MACHINES ARE CONNECTED TO THE INTERNET. LAWSON SAYS IF YOU WERE TAKEN OFF THE VOTER REGISTRATION DATABASE BY ACCIDENT. SHE SAYS ALL YOU HAVE TO DO IS GO TO THE POLLS, SIGN AN AFFIDAVIT SAYING YOU NEVER MOVED, AND YOU ALWAYS INTENDED TO COME BACK TO YOUR RESIDENCE AND VOTE. (PHIL) THE INDIANA SENATE CANDIDATES.

Ecc Cryptocurrency Takes Privacy To New Level – Encrypted Messages And File Storage

Secrets everybody has them yes so do you now think carefully which trusted daily companion holds more secrets about you your best friend or your mobile phone in this day and age your data is your life and your life is your data everything you type share like by watch and hear every location you visit even your photo collection yes.

Your most precious and intimate moments being measured tracked analyzed and stored as we speak business models are being made more profitable governments are becoming more powerful and criminals are.

Lurking all because of your valuable personal data there is no such thing as a free app you just didn’t know you were paying we believe that privacy is one of life’s basic requirements for that exact reason we dedicated ourselves to creating a new.

Path for you a pet that bypasses this omission and a militant data collection machine we aim for absolute digital.

Privacy and security by making blockchain services available to the masses to do that we created a multi-chain platform with the ECC coin as the financial core to function as a commercial infrastructure for future services all services are being designed with focus.

On user friendliness and commercial interest whilst being saved and decentralized rolling out services such as messaging and file storage are just the start when the foundation has been laid our ultimate goal.

Is to open-source our platform to other developers for them to create new services on top of ours all our services are equipped with address named service.

Capabilities which let you transfer currency or data using a nickname instead.

Of those long wallet addresses fast simple and safe we are ecc a community driven movement dedicated to creating a brand-new cyber world full of endless possibilities ECC unchaining the Internet.

Fix: Your Internet Security Settings Prevented One Or More Files From Being Opened

Hello everyone how are you doing this is mdtech here another quick tutorial today I’m going to show you guys how to resolve is a file cannot be open and it pertains to your internet security settings so this can we appreciate forward tutorial and even though we’re going to be performing it on a Windows 10 machine it should work.

For other versions of Windows as well so we’re just going to jump right into it and then we’re going to start by heading over to the Start menu and we’re going to type.

In Internet Options should be a little bit of both control panel you can also access this by going through.

The control panel window but I just would prefer to go through the Start menu I think it’s a little bit quicker so we’re going to just select that so in this new properties window we’re going to go over to the security tab at the top and then we’re going to left-click on the custom level button near the bottom scroll down here until we get to launching applications and unsaved files should be bound let’s say launching applications.

And unsaved files so we want to set it to prompt make sure it’s set to prompt so once you’ve made sure that your setting is on prompt there click on OK now you want to left-click on local internet right here and then left click.

On the cite button right here you want to disable all these options here so if anything’s checked you want to uncheck them and then equipment okay so now that we’re so underneath the local intranet area given our last clip on custom level down here now again we’re going.

To be going down to the launching application to NC file area same as we did for the internet area right here launching applications in unsaved files set it to.

Prompt and then click on ok and then you’re going to be asked if you are sure you want to change the settings for this zone left click on yes now we’re going to do the same thing for trusted.

Sites click on it and let’s go down and left click on custom level again we’re going to scroll down here until we get to launching applications and on C file make sure that step two problems which it is in this case and then finally restricted sites again click on that and.

Then go to a custom level scroll down here so you get to launching applications and on C file if it’s said to disable right here you want to move it over to prompts which.

Then you’ll be promptly sure you want to change your settings again click on yes I know it sounds very redundant that we did it four times but.
Trust me you need to do it for this and once you’re.

Done doing this you want to click on apply and ok and it should save your settings and hopefully your problem has been resolved so I hope this brief tutorial helped you guys out and I will catch you in the next video goodbye.

Secure Your Home With Mydlink Pro Wireless Camera Kit

If you’re thinking of a smarter way to keep your home and belonging secure then this new Wire free camera kit from d-link is definitely one to consider the new my d-link pro is a Wire free camera kit that offers motion detection its grateful indoors or outdoors is it install and the best thing about it for me is a.

Long-lasting rechargeable battery and its compatibility with a.

Lexer Google assistant and even even triple T inside the box you get everything you need to get started you get a quick installation card with the.

QR codes that you need to scan during installation process you got F in a cable DC power adapter for the Wi-Fi hub and micro USB power adapter for the cameras a mounting arm and two mounting brackets one Wi-Fi hub and of course two Wire free cameras as.

Well setting up the cameras is very straightforward as well first you need to download a mydlink app from the Play Store or Apple Store plug in your hub to the power source and.

Inter despair the net port that you’ve already got in your ethnic box then press and hold the sync button on the cameras till you see solid green lights then perform the.
Rest of installation using a free app also bear in.

Mind though that to use the app key we need to register with d-link and so you can log in and access your account wherever you are on the camera itself you.
Have a sync button and microphone.

For a two-way audio communication so you means you can talk and.

Listen as well you got infrared LEDs and operation LED.

As well and on the back of it there’s a mounting point a USB port and flip it over underneath it.

Is where you can attach the mounting arm if you wish to do so he offers an array of mounting options so it.

Won’t be a problem at all for you you can either.

It at all and just place it wherever you like to so it’s got enough flexibility as well thanks to this flat bottom it’s IP 65 rated as well so you can mount it outdoors with peace of mind – you don’t you won’t have to worry about water damage in it the mic dealing.

Cap is very easy to use you can get snapshots and video clips of you recording either by storing them in the cloud as well you can use a.

MicroSD card or even plug in an external.

Hard drive into the home hub.

What you’re recording in Full HD 1080p which is really good so you get a resolution.

Which allows you to then zoom in and out of your recording which is really good to.

Miss you can get into the details you.

Phone as way if you want to share it with the police or whatever reason you want to do so my dealing pro offers an advanced motion detection system with smart moving object detection together with PIR motion sensor you get less amounts of false alarms with a built in PIR motion detection in the text movement when a heat source like the human body passes by is ideal for highly accurate motion detection even in complete darkness my overall.

Experience has been really fantastic with a long battery life you can go on holiday without worrying about your home not being under your watchful eye or things that matter to you most it comes.

Floodlight Cam Installation: Step 1 – Install The Bracket

To get started loosen these knobs to point the lights straight up to get them out of the way during installation you can also use this lock collar at the base of each light to rotate it in the desired direction and secure it later you’ll then need to loosen the camera lock collar to rotate the camera 180 degrees so.

That it’s right-side up tighten the collar to hold the camera in place before you begin installation shut off power at the breaker to where your floodlight cam will be installed if you’re not sure which breaker controls the outlet where you’ll be performing.

The install then switch off your main breaker or consult with a licensed electrician as a warning installing flood bike cam involves working with high voltage electricity if you’re not comfortable or are inexperienced with the processes and tools described.

In this video we recommend that you hire a licensed electrician also be sure to comply with your local building and wiring codes once you’re sure power is off remove your existing floodlight unscrew it and then carefully pull it off the junction box it’s attached to if the wires are connected with wire nuts turn the wire nuts counterclockwise to detach them then remove your existing floodlight and set it aside.

If your existing floodlight has a bracket connected to your junction box remove this as well if you’re not replacing an existing light fixture you’ll need to install a four inch round waterproof junction box or hire an electrician to install one be sure to mount the junction box on a vertical wall not on an.

Eaves or overhead if you’re installing a new junction box for floodlight cam the optimal height is three meters or about nine feet off the ground check the weatherproof caps on your junction box to see if they’re installed in our watertight if.

The caps aren’t watertight you’ll need to use a silicone caulk to create a weatherproof seal it’s important that no water gets into the junction box now.

A safety and the proper operation of your ring floodlight cam the fixture must be properly grounded if you’re not familiar with the methods for properly grounding this type of fixture consult with a licensed electrician before installing the bracket make sure the ground.

Wire coming out of your junction box which is often a green or copper wire comes about two inches out if you have a metal junction box this wire should be.

Connected to the ground screw in the back of your junction box and have at least two extra inches of length if your ground wire is long enough proceed to install the.

Bracket if the ground wire from your junction box isn’t long enough then run the ground wire from the floodlight.

Cam through the hole in the middle of the bracket and connect it to the existing ground inside your junction box either wrap floodlight cams ground around the screw in your junction box or use the extra wire now we’ve provided to connect it to the existing ground wire in your junction box do this before installing the bracket since the ground in your.

Junction box may be hard to get to after installing the bracket at least two screws are needed to securely hold the mounting bracket although four screws are included if you’d like to use more after installing the mounting bracket check that the foam gasket on the mounting bracket is flush all the.

Way around the junction box and that your existing wires come through the big opening in the middle of the.

Mounting bracket this foam creates a waterproof seal between the junction box and the floodlight cam fixture you’re.
Now ready to wire your floodlight cam..

Sc Dealer Program – Hands-on Dealer Training Courses

You oh man i mean this this it helps a lot because before you know when you actually use our product is a lot of stuff and you’re in the field we try to figure out for yourself but actually gain the experience of acknowledgement class you get to go through it much faster yeah and as we’re i was like.

It’ll be best because you have to sell that product.

Much better and tell exactly what about phones because when i think of an IP base I could pretty much.

Tell use a digital age and what the benefits of it is but actually.

Seeing the benefits and their limitations as well before you actually sell for us it makes a big difference the example I sold a likely based access control doses until a customer ones um it what great but the problem I had with aspects of the reporting was given issue so I know for sure then Phineas it’s.

So I really cannot say that.

I will have those same issues by just a matter of seven the.

Product know what I can do to be able to sell it and show what I can run can do.

Expert Tips & Techniques For Closing Unix Linux Security Gaps

Welcome and thank you for joining our webinar today expert tips and techniques for closing Unix Linux security gaps featuring guest speaker information security trusted adviser Ron Warner you’re also joined by beyond trust David grins and after Ron’s portion David will run us through a brief overview and demo if we have time of Beyond trust our broker server suite.

For that my name is Sarah your webinar host today hello everybody a kind reminder to please submit your questions via the go-to meeting console any time throughout the webinar and we will cover.

Your questions at the end during our Q&A time so you’ll find it in the right side of the console with the little questions section and you can go ahead and submit your questions throughout also today’s session is being recorded and you will receive a follow-up email containing links to the recording and the slides.

Shown here today within one to two business days from now additionally the slides can be downloaded right now via the.

Handout section in the GoToWebinar console additionally if you are attending for CPE credits and have a nice Saka account you can download the attendance verification document in the handouts section now in order to.

Submit proof that you attended today’s session so please note that you’re responsible for reporting your own SCP hours earned to aisaka okay now that all of the housekeeping items are out of the way let’s hand it on over to Ron who’s going to.

Jump right in Ron you ready to take on this crowd today or what let’s do it sir thank you so much great intro good morning good afternoon good day to you all thank you for joining me on this adventure through Linux security I’m Ron werder a couple quick facts about me related to this talk first of all early in my career I actually worked with Thompson and Richie they’re the guys who created UNIX at 18 T Bell Labs and I grew.

Up in New Jersey so it’s easy to get a job there and I ended up meeting and working with them which was awesome second of all I.

Actually created my first UNIX security checklist in 2000 back in the day linux/unix s admin we didn’t have a separate security department we wanted to secure our stuff we learned how to do it ourselves so I did it created a checklist and actually this talk is based on it while.

The commands have changed the concepts and process hasn’t so what are we doing here well the majority of internet web systems run on some form of Linux are they all sufficiently secure good question that’s what I’m here to talk with you about today the process and some of the commands to lockdown Linux systems my objective is to.

Provide you with some nuggets on how to secure Linux systems in your world there are many different flavors of Linux the different OSS are called.

Flavors which you see on the screen I’m fairly agnostic when it comes to my favorite in this talk I’ll be using Ubuntu mainly because that’s the easiest for me to run on my VM but you might just have a different one that you use you use at your home or with your work so pick the flavor that you want to use.

Learn the command specific to it because there are some differences which I’ll be showing through this talk during the next 30 minutes or so I’ll be providing you with the process for Sogeti for setting a secure baseline.

For your Linux systems I’ll dress common issues with what’s called I quadruple a identity access authentication authorization and auditing and finishing with some ideas on how to automate there’s a lot of manual techniques it wouldn’t be nice if we could just automate what we’re doing.
And then ship it out all of the Linux systems in our environment I have.

A lot to cover and we’ll be moving very quickly some of the things I’ll be glossing over in the interest of time so I can spend time on the good stuff if you have questions please ask through the chat a few caveats to start first of all if we have any UNIX aside mins who have been around for a while some of these things are gonna seem like Oh Doug Captain Obvious what.

We missed the basics the basic blocking and tackling to use a football term the basic of how to dribble a basketball we need to make sure we’re covering those basics shouldn’t just assume that they are being done so I have.

This phrase that I use called check your assumptions cya no not that cya so don’t just assume you’re doing the basics actually go through and make sure.

That they are all being accomplished few more caveats your mileage may vary this is a security checklist that I.

Have I’m providing you with food for thought.

The choice is up to you as to what you do the idea is to balance security with usability and functionality I’m not going to be able to cover everything I have this feeling someone’s gonna come back and saying you miss this and I’ll probably be like.

Yeah I know this is to give you a structure for securing Linux systems to get whether it’s a boon to Fedora Red Hat suzay you name it this is basically based on precedents or risk in terms of the order in which you’ll see here in a moment as always so this is one of the top security mantras is trust but verify don’t trust anything I say but verify it.

Go and check your own security check let’s check with your Linux system ins go through your own.

Due diligence and test a couple of others I’ll be demoing if I have time for demo so I’ll be demoing using loon to other Linux flavors are similar your mileage again may vary if you see the courier new font that means it’s a linux command and you should be able to type it into a command prompt I’ll be running some of.
These as route or using the sudo command try not to use.

Su sometimes it’s just you sure if I do warning you’re running very dangerously if you run as root try to run with.

Minimal privileges also old-school I’ve been running UNIX for well over 25 years anyway I like the terminal command line rather than a GUI I still to use VI you can use them get it or nano if you want and then I do have references throughout and at the.

End alright let’s jump into my checklist here this are the top things you should consider doing when securing a Linux system I put it is – at the top hi pop 10 high-level steps I’ll be walking through each of these steps through this presentation I just wanted to provide you with this high-level overview of what we’ll be covering over the next few minutes so let’s dive right in start with number 1 inventory.

Is step number 1 for NIST cybersecurity framework and for the Center for internet security controls know what you have for hard.

Word know what you have for software know.

Where your data is be able to answer who who has access to your systems what are your systems used for where are they where are they physically and where are they on your network why are they even around what use are they you got to know what you got to know how to secure it might have to map out your network I recommend using a CMDB configuration management database sometimes you can automate it sometimes just a simple spreadsheet with the machine name function.

IP addresses MAC addresses who’s responsible often a question I will receive though is how do i generate a secure IT infrastructure inventory this screen shows some tools over on the left-hand side.

These are ones that I found through my exploration and your mileage may vary some of them are free some are pay for but.

Just to give you an idea of inventory.

Systems you also see on your screen just end mat and map is one of those tools that should be in every IT and security persons tool bag should be on your thumb drive should be one you always keep up to date and have readily available I use it to map out my home network.

Making sure my kids Evon attached anything they shouldn’t use it to make sure my neighbors.

Aren’t attaching to my Wi-Fi etc know what I have on even my home network you can leverage this on a work network as well just to create a software inventory and hardware inventory of the different systems along with operating systems available a lot of commands available.

Through nmap if you’re a GUI person you can use.

Nmap as well so that’s inventory step – command.

Line get comfortable with the Linux command line and the editors most commands for securing the system are run from a Linux command prompt rather than a GUI much more efficient plus it’s easier to script out I’ll talk about automation at the end of this talk if you’re learning Linux find a good Linux command sheet sheet actually have link through the slides where you can find some cheat sheets of Linux common commands one of my favorite commands that.

I use on Linux and UNIX is the.

Man command the man command is your friend no it’s not sexist it’s short for manual gives you the manual for the commands on Linux choose you exact syntax of other commands so on your screen and I just did a man of man to kind.

Of give you the idea yeah running his route I’ve already talked about to be very careful when doing it you’ll see I often provide the.

Actual command prompt for each of these steps next step.

Now we’re getting into actual security secure the BIOS with your system so when you’re initially installing a Linux system you should take the following steps to protect the.

Underlying hardware and system drives first protect the BIOS.

This is when the system your operating system is initially booting it’s the basic input/output system so you want to lock that down in the host with a bootloader password I’ll be discussing this a little bit later on as this reduces the risk to the underlying infrastructure from accidental or malicious.

Changes now some of you might say well my Linux servers they’re all physically secured this provides that belt-and-suspenders if for some reason physical security is compromised.

Get at your physical server you.

Want to make sure they can’t just boot up indirect root access on the console to the system that bootloader password protects the underlying infrastructure you also hope should consider encrypting the hard drive using logical volume manager again if for some reason the hard drive is compromised you know it.

Is encrypted also when you’re removing the system from inventory if it’s pre encrypted once you get rid of the keys theoretically that’s a good way to clean up the backend hard drive you might also want to scrub it other ways in I like belts and suspenders with my Linux systems next step under step 3 is partition the system disks create system separate system file directories for your route.

Drive boot your user opt for home temp this is for both performance as well as security then there’s USB drives if they’re not going to be used disable the port don’t even allow it to be to someone even accidentally plug in a USB Drive and it’s physical security followed by logical security if anyone tries to plug in a USB into a port on your.

Linux system won’t work now you might just come back and say well what if I need it you can always reenable it in my back-end notes that actually have some of the commands on how to do this that I’d be happy to share later but in the interest of time I’m just gonna keep moving forward step 4 system updates again it’s a basic step for security but you’d be surprised so do me a favor take out your.

Smartphone most likely your smartphone is running some type of back-end flavor of Linux particularly if it’s Android anyways your smartphone 100% up to.

Date is the operating system how about all of your applications yeah that’s my point sometimes we’re not as up-to-date as we think we may be so this may seem.

Captain Obvious moment so updating the operating system is a fundamental security step it’s often the quickest easiest way to reduce vulnerabilities and the system’s threat surface for package installation used.

One of the commands based on your Linux distribution so like I have to get.

We’re at is used within Debian Ubuntu Linux Mint you might be using rpm if you’re on Red Hat or Yom DNF dandified yum is on fedora our clinic has pac-man or zipper on open SUSE so find the package manager that fits your distribution learn.

How to use it the second part so once you’ve updated it so update and I’ll show some commands on how to update on my next slide the second part of the step is to remove anything that you don’t need remove any unnecessary software packages.

That aren’t being used Linux servers are traditionally single purpose systems having additional software weighs them down and presents a potential security liability it keeps your threat footprint as small as possible so get rid of stuff if you don’t need if you don’t need it now try to.

The commands on how to do this a little bit later on how do you update on Linux on a boon – here are some of the commands just as the example using apt-get the different other flavors of Linux that you say rpm or.

Yum it’s very similar so I have to get update to update the system or upgrade list all available packages at cash is one of those commands you can use to see what’s been cashed within this operating system you can use it to search so searching for particular applications so if you want to remove Ani on any unnecessary ones you can view them first using app cache then searching checking your package information app cache show and then that particular package in this case that’s.

The package netcat provides all of the.

Details associated with netcat moving forward on to step five and a little bit later on I’ll try to run show some of these through a demo but in the interest of time and I’m just going to keep trucking along another simple step to securing underlying operating system is to.

Install the mandatory access control on the kernel this protects the host system from being compromised you can use one of two tools either selinux or app rner armor talk about both here in a moment but they.

Isolate applications from interacting or interfacing with each other each also allows more control over access if you’re studying for.

Security certification like cissp or security plus you need to know the difference between Mac and DAC mandatory access control meaning.

It’s enforced versus discretionary access control or DAC meaning it’s up to the systems administrator it’s up to the end-user this enforces Mac within the Linux operating system I found a partner a barber it’s a little bit easier to install and configure so that’s the one I tend to use note you cannot have both running at the same time let me explain a little bit about selinux and again I’ve provided some links.

On the screens and on your slides where you can go to learn more because that’s part of my intent through this presentation is to give you nuggets and to encourage you to learn more about the Linux operating system previously mentioned su Linux is a mandatory access control or Mac system it was actually.

Developed by NSA it replaces DAC discretionary access common on most Linux systems SELinux and Mac’s resolve the issues of mandatory access control it resolves the issue by confining.

Privileged processes and automating security policy creation SC Linux defaults to.

Denying anything that is not explicitly allowed so note that if you were running SELinux you could accidentally caused your own.

Denial of service because it denies.

Anything that you don’t allow so you’ll need to specifically allow things through selinux SE Linux uses to global modes permissive and.

Enforcing permissive mode allows the system to function like discretionary access control system while logging every violation to SELinux so it’ll allow but just provides logging so that’s more like an intrusion detection system rather than intrusion protection the enforcing mode enforces a strict denial of access to anything that isn’t explicitly allowed to explicitly allow certain behavior on a.

Machine you as this assignment have to write policies that allow it I could spend a lot more time just on selinux and locking it down this is one of those tools and applications as a security or sysadmin on Linux systems you should be familiar with c-line notes getting started with selinux guide to learn more about su Linux the other tool for mandatory access.

Control that I briefly mentioned earlier is app armour app armour is included by default with and Mbutu it’s similar to SEO Linux while they work differently both provide that Mac security it in effect allows developers to restrict accidents.

Processes can take so you can’t have a process that runs outta control or is used to perform some feature or function that it wasn’t meant to be used for it does run silently in.

The background so you might I don’t even be aware of what it’s doing exactly some of the best security is the quiet security at Barber locks down vulnerable processes restricting the damaged.

Security vulnerabilities and these processes can cause you can also use it to lock down applications like Firefox for increased security so I’ll run.

App armor to kind of put a sandbox around Firefox so even if I go out to a malicious website on accident using Firefox on the Linux system really limits the damage through app armor to view app armor status you can use sudo a parmer underscore.

Status or a a dash status is the command go to the in Bluetooth site to learn more about.

A farmer as well as how to geek I provide their resource as well by the way I love how to geek I’m always on that website learning about many different aspects of being a geek moving forward with step 6 briefly mentioned earlier.

About locking the boot directory see the Linux boot directory contains critical files related to the kernel so.

You need to make sure that this directory is blocked out set to.

Read only permissions this prevents accidental or.

Malicious changes to do this you can edit the what’s known as Etsy EFS tab and I.

Show the specific command on how to do that on your screen you also want to look at password protecting the grub bootloader.

This restricts damage of physical or bootloader access works in line with the previous steps step 3 you may especially need to.

Do this with some older Linux OSS another part of this step is disabling sorry applications from starting so in step four I talked about removing those packages you don’t need but let’s say you still want to keep a package you just want to make sure that it’s not running.

By default you have to explicitly allow it to start yeah the concept here is to go you can use service status all to see what is running what.

Are all the different services running within your Linux system and then.

Remove it from starting within the I net D by the way I net D links.

To or RC run level that the links to i net d this is the directory within linux were shows everything that’ll auto star you can also disable items from automatically starting use the system control command so its systemctl not system control but its.

Systemctl disable and then the name of the service is the command so.

You don’t want your users to be using email from your Linux system it should only be sending out email no one should be using a Linux.

System to read email for example so I would use the system controls just cuddle to disable email anyone from being able to read email on.

My Linux system step seven I told you we’re gonna be rocketing through each of these steps securing the network layer so we were.

Securing the base operating system now we need to understand what is connecting to our Linux system.

To view the hardware associated with the.

Linux system that’s the LS HW bash class network command displays the network configuration at the hardware level then you can use the basic if config to see your IP addresses a firewall won’t.

Necessarily stop everything so you want to secure your network from the inside out not so leery look why on a firewall other steps you can take is to create a default gateway the way there’s no other gateways that can be used for outgoing or incoming communication network communication to your Linux system you do that.

By editing Etsy network interface file um you’ll if you’re not familiar with Linux by the way the Etsy or etc’ directory is where most of the configuration files reside a good idea to get very familiar with what is contained within the Etsy directory another consideration for securing a network.

Are DNS resolutions traditionally the resolve complic configuration file that rarely needed to be changed or automatically changed by DHCP client hooks so keep in mind if you’re looking at setting up your IP address maybe you want to use a static IP address rather than dynamic do you really trust your DHCP server that’s part.

Of the network configurations you should be considering as part of your Linux lockdown for locking down and.

Securing DNS I recommend setting some specific DNS.

Servers within your infrastructure that way your Linux servers cannot you’re reducing that possibility of DNS poisoning if you’re always pointing to your trusted DNS servers the system D resolved the command handles that name server configuration and it should.

Be interacted with through the system D resolve command the netplan configures the system D resolve D to generate a list of name servers and domains that are automatically put into the resolve comp file I also look to secure my network through disabling IP forwarding this ensures that a server with multiple interfaces for example a hard proxy so there’s multiple NICs on the system it can never we’ll never be.

Able to forward packets unless I explicitly allow it and therefore never can serve as an inadvertent router I also looked at DC disable ICMP redirect acceptance that way my server Linux server.

Cannot be used to maliciously craft ICMP redirect messages and cause a denial of service attack on my internal network if ICMP redirects are not used on the network for route updates and if the server is not acting as a router or gateway then ICMP redirect send and accept should be disabled on your Linux system last is.

To ignore ICMP or broadcast redirects that’s by adding some specific lines in the ED CSIS cuddle comm.

So that’s /e t c / sy s CT l dot c onf is the file there’s specific commands you.

Want to add into your sis cuddle comm to ignore ICMP requests and ignore broadcast requests also edited to disable send packet redirects as well and you can’t rely on.

This firewall to do everything there’s certain ways to lock down your Linux servers network but speaking about a firewall let’s talk about firewalls briefly first is the uncomplicated firewall that comes with Linux you can.

Make sure it started so UF w is the Linux system firewall provides that extra network protection ufw is an interface for IP tables offers an easier way to regulate incoming and outgoing traffic you enable it with the UFW enable command depending on what you want to allow through you can then change it as well you see other.

Your screen ligh node again has another.

Good article this one on how to configure a firewall with ufw if you’re not familiar with it that out review how to leverage ufw as one of the tools that are already in your toolkit you can use to secure your Linux system iptables is the backend for you FW you can also use it to secure your Linux networking configuration to view what is currently loud it’s the IP tables – capital l command IP table connections has specific responses so you can.

Choose one of these three responses for IP tables first is to accept allow the connection second is to drop the connection like it never happened this is best if you don’t want the source to realize your system even exists you can use an Mac to trick firewalls to show that.

Systems you know whether they are accepting or rejecting packets if packets are just dropped then your back-end system won’t even be seen through the firewall so that’s when you might want to use drop the third option is reject don’t allow the connection but send back an error this is best if you don’t want a particular source to connect to your system but you want them to know that your firewall blocked them.

More information about IP tables is available from the how-to geek article beginner’s guide to IP tables step 8 access and authentication this step reduces the threat vectors associated with user level or admin level access on the Linux system first part review all the users established by default and disable or remove.

Any that are not needed for the functionality of the systems make sure any users you do need have a password what you can then you do is use some type of a password vault for those passwords for any accounts that are required for systems administration that’s.

This admin level accounts second step is to configure authentication set if you install selinux or app armor this is included with those packages if not you’ll need to modify the pluggable authentication modules or Pam configuration files found in etsy pam d.

You can also use pam with a centralized LDAP service the.