Berkeley Packet Filters

Berkeley Packet Filters (BPF) Security - Module XI

• Introduction - Topology - Features
  • Discuss course outline
  • Explore network topology
  • Identify key systems to be used
  • Discuss key BPF features
•  
• Type Qualifiers
  • Identify type qualifiers
  • Explore examples
  • Write filters for various scenarios
  • Test and debug filters
•  
• Directional Qualifiers
  • Discuss features and benefits
  • Identify directional qualifiers
  • Write filters for various scenarios
  • Test and debug filters
•  
• Protocol Qualifiers
  • Identify protocol qualifiers
  • Explore a number of protocols and options
  • Write filters for various scenarios
  • Test and debug filters
  • Combine type, directional and protocol qualifiers
  • Evaluate results
•  
• Rule (Filter) Negation | Alternation | Concatenation
  • Discuss features and benefits
  • Write alternated filters for various scenarios
  • Write concatenated filters for various scenarios
  • Write negated filters for various scenarios
  • Test and debug filters
  • Evaluate results
•  
• Rule (Filter) Segregation with Parenthetical Statements
  • Discuss features and benefits
  • Write parenthesized rules for various scenarios
  • Write alternative rules and contrast
  • Test and debug parenthesized and alternative rules
  • Evaluate results
•  
• TCPDump & Windump
  • Discuss features and benefits
  • Explore useful features of both utilities
  • Execute with key options
  • Apply additional BPFs
  • Evaluate results
•  
• BPFs with Snort® NIDS|NIPS
  • Discuss features and benefits
  • Install Snort®
  • Explore useful options
  • Apply predefined BPFs
  • Evaluate results
•  
• BPFs with WireShark Capture | Analysis Engine
  • Discuss features and benefits
  • Explore useful options
  • Invoke with useful options
  • Apply predefined BPFs
  • Extend and archive BPFs
  • Evaluate results
•  
• BPF Lists
  • Discuss features and benefits
  • Generate BPF lists for sample scenarios
  • Supply lists to utilities for processing
  • Archive lists for reuse
  • Evaluate results

Sums

• Various Tools
• Remote Confirmations
• File Metadata
• File Fragments
• Compress Content
• Archive Content
• DIR Hierarchy
• Password Sums
• Shared Secret
• Restrict History
• Downloaded Content
• Encrypt Content
• Site Credentials
• Site COOKIE
• Site COOKIE - Unique

CentOS9x Stream Administration

• Initial Environment
• ls, pwd, cd, cp, mv, rm, mkdir, rmdir, whoami
• alias, cat, file, chmod, chown, history
• STD(IN|OUT), Pipes, Redirection, Command Chaining
• ps, df, top, free
• Pagers, W-Commands
• Checksums
• Awk | Sed | Grep Usage
• BASH SHELL Environment
• Compression | Archival Tools
• SSH Equivalence
• SHELL Quoting
• Propagate Environment
• Secure Clients

• Identify Standard File Types
• Standard File Permissions
• Symbolic Links
• Transfer Permissions

• Identify SWAP environment
• Provision dedicated SWAP partitions
• Add | Remove SWAP from pool as needed
• Provision File System-based SWAP
• SWAP Share
• SWAP Persistence
• Identify default storage configuration
• Provision new storage as needed
• XFS - File System
• XFS - Grow File System
• Identify LVM defaults
• Add new partitions to LVM management
• Allocate storage to LVM Volume Groups
• Create Logical Volumes (LVs) as needed
• Overlay File System and mount where applicables
• LVM - Resize
• LVM - Mixed FS
• LVM - SWAP

• Features
• Install
• Defaults
• General Usage
• Update Accounts

• Defaults
• Shared PASS Gen
• Unique PASS Gen
• Encrypted PASS Gen
• Update Accounts
• Groups

• Discuss features | limitations
• Identify default system-wide schedule
• Peruse various default Cron Jobs
• Schedule simple job and monitor recurrence
• Evaluate results

• Peruse Default CONF
• Discuss Syslog Rules
• Explore Log Rotate defaults
• Ensure rotated logs are compressed
• Extend default retention scheme
• Force Log Rotation as needed

• Explore Default environment
• Install PKGs
• Dump important metadata from packages
• Apply Updates

• Default CONF
• Add | Confirm IPs as needed

• Install
• Copy Configuration
• SELinux - Confirm
• TLS | SSL Services
• cURL Client Tests
• Virtual Hosts
• ENC Sites Only

• SFTP Only USER
• SFTP Only USER - NOLOGIN
• SFTP Only Group - Control
• NMap Intro

SysLOG with rSysLogD

• Discuss Features
• Default Environment
• Kernel Firewall LOG
• Split LOGs by Priorities
• UDP | TCP Logging
• Dual L4 Logging
• Multiple Hosts
• Basic Queueing
• Reliable Event Logging Protocol (RELP)
• RELP - Remote Only
• RELP Only
• Traditional to RELP
• SysLOG Clear-Text - Confirm
• Property Filters
• Expression Filters
• Relay Chain

Netfilter Tables

• Features
• SSHGuard
• Ruleset Basics
• Persistence
• Sample Rules
• Inbound Filtering
• Dormant Table
• Manage Tables | Chains | Rules
• Counters
• Sets
• LOG Basics
• LOG with Sets
• Closed-Port LOGs
• LOG Options
• Re-Route LOGs
• Jump Targets
• Chain Jumping
• GoTo Chains
• Meta Selectors

Debian 12x Administration

• Features
• Download
• Graphical Install
• Text Install
• Post-Install Tweaks

• Explore usage of the following useful commands
• tty | /dev/pts | w | whoami | who
• set | env | export | unset
• cat | echo | touch | rm
• pwd | ls | cd | mkdir | alias | umask
• head | tail
• dd
• find
• history
• STDIN, STDOUT, STDERR, UNIX Pipes, Redirection, Command Chaining
• ps, df, free, top, dd
• stat, which, w, who
• tar | gzip | bzip2 | xz
• ZSH Setup

• Network Tools | IP Configuration
• Examine default IP configuration
• Extend IP configuration to facilitate additional addresses
• Static IP Config
• Dual: Dynamic | Static Config
• Multiple Interfaces
• Dual Network Services
• Confirm communications

PHP One-Liners

• General Usage
• Count Lines
• Word Count
• Count Chars
• Split Lines into ARRAY
• Count Instances of Fields
• Transform Delimiters
• Anonymize LOGs
• Extract Unique SRCs
• Lines by Error Code
• LOG By Code
• Summarize Error Codes
• Pre-Seed Error Codes
• Random Strings
• Varied Passwords
• Expose Undefined Passwords
• Outdated Passwords
• Hash | Un-Hash

Cloud Storage with GlusterFS

• Discuss Features:
• Default Volume Type
• Common Volume Types
• Transport Types
• File System Support
• Storage Model

• Features
• Provision Storage
• Allocate GlusterFS Brick
• Persistence
• Generate IO
• Multiple File Systems
• Various Sizes
• Stop | Remove Volume
• Reconstitute Volume
• Server Mount
• Evaluate

OpenPGP with GPG

• Discuss Features:
• Primary Tool
• Private | Public Keys
• Public Key Cryptography Standards (PKCS)
• Encryption | Decryption
• Signing | Verification

• Features
• General Usage
• Create Content
• Encrypt
• PassPhrase Protect
• Binary | Text Encryption
• Share
• Decrypt

SSL-TLS with OpenSSL

• Discuss Features:
• Primary Tool
• Private | Public Keys
• Certificate Signing Requests (CSRs)
• Self-Signed Certificates
• Public Key Cryptography Standards (PKCS)
• Encryption | Decryption
• Random String Generation
• Message Digests
• SSL-TLS Client

• Features
• General Usage
• Retrieve Site Certificates
• Determine OCSP Configuration
• Probe supported TLS Versions
• Extract Certificate for local usage
• Retrieve Certificate with NMap
• Retrieve Certificate Chain

• Discuss
• Generate Private Keys
• Generate Correlating CSRs
• Confirm Keys | CSRs
• Self-Signed Certificates

SSH Variables

• Discuss Features
• Bare VARs
• SSH Client
• Double Quotes
• Single Quotes
• SSH Environment

SHELL Variables

• Discuss Features
• Terminal (TTY)
• CLI Arguments
• Process ID
• Backgrounded
• SHELL Local
• Environment
• Persistence
• Aliases
• Command Substitution
• Increment | Decrement
• Dynamism