Security Design

CSIS 3756

Midterm 2

 

Due date: 11:59pm Tuesday, November 20.

 

1. Explain the difference(s) between iptables as a firewall, and inetd as a firewall. You don’t need to get into specifics of either; rather, I’m looking for the basic capabilities of each, and how they differ.
   
   
2. A recurring theme in setting up secure system services (in both Windows and UNIX) is that each service (e.g., web server, database server) has its own user ID. What advantages does this have?
   
   
3. Explain briefly how the hosts.allow and hosts.deny files work. Specifically, explain how to block a site and/or service, and how to allow one.
   
   
4. One method of securing UNIX services is to run their servers in a “chroot jail.” Explain the concept; again, you don’t need to get into details of commands, I’m looking for the general concept.
   
   
5. Describe how you can set up a web server that securely provides user-supplied files, while not having access to user files that are private.
   
   
6. Two methods of encrypting email are to use secure sockets (SSL) to encrypt the transmission to/from the mail server, and PGP to encrypt an entire message prior to transmission.
1. What does each method secure?
2. What are the drawbacks of each method?
   
   
7. (Extra credit) Show how to configure either iptables (via /etc/sysconfig/iptables) or inetd/tcpd (via hosts.allow and hosts.deny) to:
1. Allow SSH access from anywhere
2. Allow inbound http access from anywhere on campus (150.134.0.0/16)
3. Allow Samba (nmb, smb, winbind) access from our labs (150.134.160.0/24)
4. Block all other access