2. Telnet
Bi-directional interactive text-oriented communication
facility using a virtual terminal.
Port 23(TCP).
Client-Server Architecture
Vulnerability:
Plain text sent over the connection
No authentication to ensure connection between
two desired hosts.
3. Secure Shell(SSH)
Cryptographic Network Protocol.
Secure data-communication.
Remote Command execution.
Cipered text(encrypted) is sent over the connection.
Port 22(TCP)
Applications:
Secure Access to shell Accounts.
4. File Transfer Protocol(FTP)
Transfer files from one host to another.
Client-serverArchitecture.
Port 20(Data-channel)
Port 21(Client-Server)
Vulnerability:
Brute Force Attacks
Packet Capture(Sniffing).
Spoof Attacks.
5. Domain Name Service(DNS)
Hierarchical distributed naming system for devices
on internet or on the private network.
Translates domain name to IP Addresses and vice-
versa.
Port 53(UDP).
Zones:
Forward Zone-Translates Name to its IP.
Reverse Zone-Translates IP to its Name.
6. Domain Name Service(DNS)
Common Keywords:
A-Address records
NS-Nameserver records
MX-Mail Exchanger records.
Vulnerabilities:
DNS Cache Poisoning.
DNS Spoofing.
8. Dynamic Host Configuration
Protocol(DHCP)
Port 67(Connection to Server).
Port 68(Connection to Client).
Types of Allocations:
Static ,Dynamic and Automatic.
Vulnerabilites:
No way to validate Identity of DHCP Server.
Resource Exhaustion Attacks from malicious DHCP
Clients.
9. Apache Web Server
Most Popular Web Server(Worldwide).
Can be implemented on all OS'es.
Port 80(HTTP),443(HTTPS).
Support compiled modules(mod_ssl,mod_status).
Support Virtual Hosting.
Support Web Authentication Mechanisms.
Supports PHP,Perl,HTML,other web-based
languages.
11. Server Message Block(SMB)
File and Printer Services for Windows Clients.
Primary Domain Controller for Windows Clients.
Encrypted Data communication by default.
Protocol NetBios-
NameService(ns)
NetBios-
Datagram(dgm)
NetBios-
Session(ssn)
Active
Directory(ad)
Port No. 137(UDP,TCP) 138(UDP) 139(TCP) 445(TCP)
12. Postfix Webmail Server
Mail Transfer agent that routes and deliver emails.
MIME Encapsulation,SASL Authentication.
Delivery Status Notifications(DSN).
Port 25(SMTP).
Features:
Defense against malware and spambots.
Combines with Message storage access(Dovecot).
Provides GUI with Squirrel(Web-based email
Client).
13. Proxy Server
Intermediate between the Client and Originial
Server.
Advantages:
Monitoring and filtering.
Improves Caching,Performance and Load
Balancing.
Protect the Actual Server from Attacks.
Spoon Feeding to Slow Clients.
Accessing services anonymously.
17. Cryptography
Converts Plain text to Ciphered text.
Confidentiality,Integrity,Accuracy.
SSL Security with Apache(port 80/HTTPS).
Mechanisms-
Encryption -plain to ciphered text.
Decryption-ciphered to plain text.
18. Cryptography
Types
Encryption:
AES-128,192,256 bit keys,block size 128
bits,highly secured.
DES-56 bit keys,block size of 64 bits,Less Secured.
Cryptogaphy Advantages Security No. of Keys Alias Name
Symmetic Key Simpler and
Faster.
Less Secured. 1 Key(Shared) Secret Key
Cryptography
Asymmetric Key More Secured
Authentication
Complex(Highly
Secured)
2 Keys(Public
,Private)
Public Key
Cryptography
19. Sudoers
Security Policy in Linux Architecture.
Users: Normal Users. Super Users.
Users can execute commands on behalf of super
users using 'sudo'.
Uses Caching.
Command:
User_alias Hostname_alias=(User_spec)
Cmnd_alias.
20. Access Control List(ACL)
Sets Different permissions to different users on the
same directory.
Grant Permissions to user,group even if they are not
belong to the actual group.
Types
Default ACL's-Setting ACL's on a specific
Directory.
Access ACL's-Granting permissions to any file or
Directory.
21. Secured Enhanced Linux(SELinux)
Linux Kernel Security Module.
Enforces minimum privileges to services to do their
jobs.
Helpful when Server is under Attack.
Types:
Permissive-access denied services can be operated
even if it is enabled.
Enforcing-enforces access denials to services.
Disabled-disables SELinux protection permanently.