Python networking expert needed

profilesajhal-1
Session5.pptx

IT 369: Session 5

LAMP Networking, Firewalls, and Securing Our Systems

Job Interview Q&A

As promised, we’ll include a little job interview context for each class.

Question from interviewer: What is the point of a firewall if all my applications require authentication?

Can we come up with 3-5 answers?

Housekeeping

Lab #3 & #4 due next week

Midterm is in two weeks and covers:

Labs 1 through 4

Chapters as listed in syllabus

Class Sessions 1 through 6

Format will include multiple choice, short answer, and a short essay

Today’s class is session #5, and will focus on extending our LAMP stack with a firewall so that we may secure our tiny web application.

What are we doing this week?

Chapter is on Networking

Review of our LAMP stack and environment

Where does this week’s topic fit into our course & environment?

What can I do to secure my data and application?

Where might I find detailed assistance to ensure secure coding?

Our LAMP Stack

You will need this layer to work for all subsequent labs.

Keep in mind the connectivity of all the various layers

Apache listens. Directs traffic to default Python program (index.py) by means of the apache configuration.

Python program (currently) only has one function: it connects to MySQL, fetches records, and displays them.

A continued expansion of this app would include inputs, navigation, more complex data structures, but this serves the objective.

Our LAMP Stack

Provides our application and data layers. Virtual machine provides the host.

In a fully production environment, we would likely separate some of these layers, but for this project, we will keep combined.

So, how do we better protect?

Competing priorities: “keep bad guys out” vs. “let in the good guys”

How to represent our system?

Start at the outermost layer and then we will move inwards.

The “cloud” drawing generally represents an unregulated network, frequently “the Internet”.

Firewalls often depicted using a brick wall or a fire symbol.

Terminals usually mean endpoints, and include screens.

Servers either towers or rack-mounted.

Connected Visualizations

Flow often a mix of physical connections and logical placeholders.

Can you identify each item on this image?

What does OUR environment look like?

Application and Data Visualization

Keeping in mind the LAMP drawing, trace the Yoga app as it stands.

Who are current Clients?

What vulnerabilities exist?

How and where can we start to harden our application?

Packets

Firewalls

What is a firewall?

Centralized control of inbound and outbound traffic to minimize unauthorized activity and to hide vulnerable systems from hackers.

Predetermined sets of rules (static).

Can be on the network or the host.

Traffic control, most often. Usually much less than a full Intrusion Detection System (IDS) or Intrusion Prevention System (IPS).

Limitations exist in simple firewalls because packet contents are not evaluated, spoofing can occur, and can be challenging to implement on a large and complex network.

Firewall Examples

Tons of firewall tools available

Windows uses Defender

Mac uses proprietary firewall built into services

Ubuntu & Mac ship with most services NOT listening, and firewall not turned on. Easy to enable.

Let’s walk through Windows & Mac quickly, and then we will review adding to our Ubuntu Linux virtual machines.

To test this within VirtualBox, you will need TWO VMs

Windows Defender

Allow

Firewall Violation

MAC

LAB #4 Hands On: Firewalls

UFW - “Uncomplicated Fire Wall”

Already installed as part of Ubuntu, but “off” by default

Easily added to any other Linux flavor

From the Ubuntu instance containing your LAMP stack, let’s install an SSH host, configure UFW, and test using a secondary Ubuntu (or Kali)

For this lab, you will want to make sure you have two VMs running using NAT NETWORK so they can see one another, and can see the Internet, and have different IP addresses.

Start by obtaining your IP addresses using ifconfig or ip command, and using PING to test connectivity between both. (CTRL-C to end)

Linux & UFW (Uncomplicated Firewall)

Check to ensure it is installed and status: sudo ufw status

Let’s review the configuration file: /etc/default/ufw

Now let’s set up and test:

Install open ssh server on your Ubuntu machine: sudo apt-get install openssh-server

Configure UFW to allow traffic on port 22: sudo ufw allow ssh

if you need to reset: sudo ufw reset (you will lose all rule changes)

Deny all:

sudo ufw default deny incoming

sudo ufw enable

Linux and UFW

From a secondary instance of Ubuntu (or Kali), type ssh <username>@10.0.2.7 (whatever your Ubuntu LAMP IP address is)

Respond to challenge with <pwd> and “yes”

Now you’re in.

(Optional) If you wanted to hack the file we created last time:

sudo nano /var/www/test/hw.html

To test, from attack machine, point browser to http://10.0.2.15/hw.html (using your target IP address of course)

[For the deliverable you only need to show that you can SSH in after configuring the firewall to allow. The file commands listed here are for instruction and are not required for lab.]

Linux and UFW

Let’s turn off the HTTP access from secondary machine

First, test that connecting to your LAMP stack gets you your app

Then, from LAMP machine, sudo ufw deny http

Check status: sudo ufw status verbose

Check connectivity from secondary machine browser

Restore HTTP: sudo ufw allow http

Check connectivity from secondary machine browser

So….?

What did we learn? You should be comfortable finding IP addresses, configuring UFW on and off as it relates to HTTP and SSH, and demonstrating that testing.

Could you answer these questions as a short answer on the final exam?

What risk did we take on by opening port 22?

What would a hacker need to get in?

Could a brute force attack successfully break in?

Additional Info: https://resources.infosecinstitute.com/topic/popular-tools-for-brute-force-attacks/

LAB #4 Deliverables (5 points)

Provide Screen Shots and a narrative of the following:

Demonstrate two VMs (both can be Ubuntu)

Demonstrate the usage of ufw to control ssh and http permissions from one VM to the LAMP VM

Configure UFW to first ALLOW the traffic (demonstrate)

Alter UFW to DENY each (demonstrate the failed attempt)

Re-enable the connectivity (show the successful attempt again)

Annotate your screen shots with a simple sentence for each screen shot

Demonstrate the usage of ufw

Use the Discussion Board and/or do research for issues

Where does this fit within security?

By limiting access, what have we accomplished?

How does this help us in creating a graphical representation of a system?

How does this help us in our approach to testing?

Secure Coding Checklist

The Open Web Application Security Project (OWASP) is a huge resource for us. We will use later, but now, let’s introduce the OWASP Secure Coding Practices Quick Reference Guide:

Available on OWASP.org, but also on Blackboard

Our goal is not that you will understand each coding concept, but that you are familiar with the tool that is this checklist.

You should be able to navigate this document on the midterm.