List the private network address ranges defined by IANA
What does the accronym NAT stand for?
Network Address Translation.
How can a server with a private IP address connect to a server on the internet?
By connecting through a router (or server with router functionality) that performs Network Address Translation.
Which tool is used to set up, maintain, and inspect the tables of IPv4 packet filter rules in the Linux kernel?
Name the netfilter CHAINS
PREROUTING, INPUT, FORWARD, OUTPUT, POSTROUTING
Name the netfilter TABLES.
Filter, Nat, Mangle
What module is needed to perform stateful firewalling on FTP traffic?
What is needed for FTP to work through a firewall ("incoming")?
Name the connection states a packet can be in when arriving at a stateful firewall.
NEW, ESTABLISHED, RELATED, INVALID
What are the minimal iptables rules to enable responding to a ping originating from any server on the network?
Assuming that the network is attached to eth0:
What's the difference between FTP in active and passive mode?
In active mode, the client sends the server the IP address and port number on which the client will listen, and the server initiates the TCP connection.
In passive mode the client sends a PASV command to the server and receives an IP address and port number in return. The client uses these to open the data connection to the server.
What protocol is implemented by the routed daemon?
The RIP routing protocol.
Which 4 targets does iptables know by default?
ACCEPT, DROP, QUEUE, RETURN
Name at least three extended iptables targets
LOG, MARK, REJECT, TOS, MIRROR, SNAT, DNAT, MASQUERADE, REDIRECT
Which modules are included in iptables by default? (name 4)
tcp, udp, icmp, mac, limit, multiport, mark, owner, state, unclean, tos
Describe "DoS with IP address spoofing"
System A sends packets to system B. These packets have the forged source address of system C. As a result system B will send responses to system C.
How can DoS attacks be prevented?
DOS attacks cannot be prevented, but the impact can be reduced by applying filtering and rate limiting rules to the firewall.
What is SSH?
SSH is a secure replacement for rlogin and rsh.
Name the possible values for the sshd configuration option PermitRootLogin
yes, no, without-password, forced-commands-only
What is the prefered way to display x content from within an ssh session?
Enable X11 forwarding to foward X data to the local display over the SSH connection.
Name a security implication of using passphrase ssh keys and at least one way to reduce the impact.
Anyone with access to the passphraseless key has access because no passphrase is needed to use the key. Set a forced command for the key and preferably limit access to one (or a few) client host(s).
How can you make sure you don't have to type in your passphrase for each new connection (using the same key)?
Use ssh-agent to load the key(s) and enable agent forwarding.
What is SNORT?
Snort is a network Intrusion Detection System.
How can services on an internal servers with a private IP address be made available for access from the internet?
Configure port forwarding for incoming connections on the firewall.
What has to be done to enable passwordless logon?
Create a public/private key pair and add the contents of the public key to the authorized_keys file of the remote user.
What is the most important reason not to perform SOURCE NAT on incoming connections from the internet?
It hampers auditing of these connections on the receiving server because all traffic will seem to originate from the same client (the firewall).
How is running pure-ftpd different from running any other FTP server?
Unlike many daemons, Pure-FTPd doesn't read any configuration file (except for LDAP and SQL when used). Instead, it uses command-line options.
Do you need to run xhost to allow connections to the local X server if we want to display X output generated in an SSH session with X11 forwarding enabled?
No. Because the X output is seemingly created locally no xhost settings have to be changed to enable displaying the content.
How does port forwarding with SSH work?
SSH binds a local port, tunnels all traffic from that port through the open SSH connection associated with the bound local port to a port on a server on the other side of that connection.
What's the use of nmap?
Nmap can be used to scan a network to determine which hosts are up and what services they are offering.
OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management
Name a few sources for security alerts.