Archive for the Networking Category

Implementing Wireless Intrusion Detection System

Posted in Networking, Security with tags , on September 28, 2014 by muhrizky
Advertisements

NTP on Linux

Posted in Networking, Security with tags , on September 28, 2014 by muhrizky

A couple of months ago I have some task to create an environment of all network devices in order to be synchronize with differentiation of maximum 2 seconds. Which is impossible to set manually beside of using a Network Time Protocol (NTP) synchronization. This protocol works on Stratum number hierarchy where the lowest number should be the most reliable. NTP need TCP port 123 in order to communicate, do a further check on an exclusion inside the iptables script.

For those who wants a straight-forward setup, NTP can also run on Windows environment which is out-of-scope discussion within this blog. It was easy task anyway by using a left click of a mouse within a Windows interface.

Packages that we need to get from the repository are ntp and ntpdate.
Within Debian derivative run the command #apt-get install ntp ntpdatentp_install

In Slackware there is no automation for each installation, so that we exactly need to know those packages dependencies.

Next step is the most interesting computing experience for anyone who loves Linux environment, which is script editing in order to configure the synchronizing server. The script was located on /etc/ntp.conf then find a line that starts with:

# pool.ntp.org maps to about 1000 low-stratum NTP servers.
# Your server will pick a different set every time
# it starts up.  Please consider joining the
# pool http://www.pool.ntp.org/join.html
server 0.id.pool.ntp.org iburst
server 1.id.pool.ntp.org iburst
server 2.id.pool.ntp.org iburst
server 3.id.pool.ntp.org iburst

The security part was to restrict synchronization locally for a loopback adapter and for the primary host do a broadcasting.

# Local users may interrogate the ntp
# server more closely.
restrict 127.0.0.1
restrict ::1

# If you want to provide time to your
# local subnet, change the next line.
# (Again, the address is an example only.)
broadcast 172.16.7.3

Restart the service where currently this is pre-configured as an Init script, including for the setup of IP config (static IP, gateway, DNS) by run command #service ntp restartntp_services

The last one is to monitor the synchronization between the public Stratum which is only possible to be done after all the configuration script and command was good. Run the command #ntpq -pntp_query

The local Clients synchronization can be determine by run command #ntpdc -c monlist
ntp_client

Update!!! This command was vulnerable of DoS attack as it was mention by this CVE-2013-5211

Below is the propose script modification to be applied and very recommended to create the egress filtering on each data packet flow on your firewall in order to prevent any further DoS attack inside of the network.

# By default, exchange time with everybody, but don't allow configuration.
restrict default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1

# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
restrict 172.16.7.0 mask 255.255.255.224 notrust

Internet Protocol Security (IPSec)

Posted in Networking with tags , on October 31, 2008 by muhrizky

IPSec is one of several protocol that can be used for encrypt and authorize the data stream. IPSec can be implemented on a tunnel operation mode for Virtual Private Networks.

IPSec operates at the Internet Layer. This makes IPSec is also can be used for protecting all the higher level internet security protocols, for example SSL, TLS, and SSH that operates on a higher level of the Internet Protocol Suite.

layers-table

In a matter of compatibility, IPSec is currently supported by many Operating System on the market. For example on Microsoft Windows platform there are three modes of IPSec: Client, Server, and Secure Server. These three modes have different methods and implementation in case of request and or respond from server to the clients, but in general they all used an identical encryption. The encryption are Data Encryption Standard (DES) and 3DES with MD5 or SHA1 integrity checking. Furthermore, every users can also applied a different methods of authentication other than Kerberos which is the default authentication for Microsoft Windows, for example a valid Digital Certificates.