Security Issue

Protecting your Linux box

Postby mudasir » Fri Sep 07, 2007 6:39 pm

AOA,

Why AD,

If he is using linux?


Then what other solution i should go with...[/quote]
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
 
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Website: http://www.crystalnetworks.org
Location: Dubai

Postby raheelahmad » Fri Sep 07, 2007 7:24 pm

you can Use SAMBA as a domain control plus you can also use Fedora Directory Server which is like MS AD .

AD can not be configured on linux , but one way to confgure AD on linux is WINE Server if you use wine , you will be in much trouble ... friend.there are other security issues with wine itself ....

Fedora Directory server is a better option ...


Regards.
-
Raheel Ahmad
raheelahmad
Naik
 
Posts: 87
Joined: Tue Mar 06, 2007 4:58 am
WLM: ahmad.raheel@hotmail.com
Yahoo Messenger: ahmad.raheel@yahoo.com
Location: Karachi

Postby mudasir » Fri Sep 07, 2007 11:11 pm

AOA,

Thanks for sharing such informations with me. I will try to configure Fedora Directory Server ASAP, and wil let all you Guyz know wheather it works for me ot not


Again Thanks alot for heloing me.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
 
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Website: http://www.crystalnetworks.org
Location: Dubai

Postby nomankhn » Sat Sep 08, 2007 3:49 pm

Dear Mudasir,

Then i am waiting for FDS.


Regards,
Noman Liaquat
nomankhn
Colonel
 
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Postby mudasir » Sun Sep 09, 2007 12:34 am

AOA,

Currenlt my LAPTOP's Combo Drive just died, so i will be replacing it very soon, after that i will start Working on FDS....
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
 
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Website: http://www.crystalnetworks.org
Location: Dubai

Postby raheelahmad » Wed Sep 19, 2007 11:13 am

mudasir wrote:AOA,

Currenlt my LAPTOP's Combo Drive just died, so i will be replacing it very soon, after that i will start Working on FDS....



what about FDS dude .........
-

Raheel Ahmad
raheelahmad
Naik
 
Posts: 87
Joined: Tue Mar 06, 2007 4:58 am
WLM: ahmad.raheel@hotmail.com
Yahoo Messenger: ahmad.raheel@yahoo.com
Location: Karachi

Postby mudasir » Wed Sep 19, 2007 11:32 pm

AOA,

Still i am unable to do any work on FDS, my Semester Exams are starting up. So after that i will INSHALLAH start work on FDS
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
 
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Website: http://www.crystalnetworks.org
Location: Dubai

Postby kbukhari » Thu Sep 20, 2007 9:41 am

raheelahmad wrote:Dear friend , while checking the script farrukh has posted in forum I come to know that your problem will still exists in your network , you have to write the script which can stop MAC Spoofing which can be done as you said by binding IP to MAC plus you have to modify the script which before adding the allowed MAC to list will search if the mac already exists against any IP if yes block it else let it in ,if spoof your server MAC what will be happen if i am on same network ? flooding .. Spoofing ..

I hope this will help you ... much ...

please let us know your response ... I can write the script for you but on weekend sorry for delay ...

regards.

Dear raheel
there is no way to search Mac spoofing ip will bind on a Mac address think if I can spoof a Mac then its not too difficult for me to find an IP. If I use same ip and Mac of an other users? Then how server could search me?
In this scenario I have to option
1. Move on Layer 3 network (Which is two much expansive)
2. Move on PPPoE authentication which is not much difficult in Linux
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
kbukhari
Major General
 
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Website: http://kashifbukhari.com
Location: Lahore

Postby raheelahmad » Thu Sep 20, 2007 3:47 pm

kbukhari wrote:
raheelahmad wrote:Dear friend , while checking the script farrukh has posted in forum I come to know that your problem will still exists in your network , you have to write the script which can stop MAC Spoofing which can be done as you said by binding IP to MAC plus you have to modify the script which before adding the allowed MAC to list will search if the mac already exists against any IP if yes block it else let it in ,if spoof your server MAC what will be happen if i am on same network ? flooding .. Spoofing ..

I hope this will help you ... much ...

please let us know your response ... I can write the script for you but on weekend sorry for delay ...

regards.

Dear raheel
there is no way to search Mac spoofing ip will bind on a Mac address think if I can spoof a Mac then its not too difficult for me to find an IP. If I use same ip and Mac of an other users? Then how server could search me?
In this scenario I have to option
1. Move on Layer 3 network (Which is two much expansive)
2. Move on PPPoE authentication which is not much difficult in Linux



What are you talking about ...................
-

Raheel Ahmad
raheelahmad
Naik
 
Posts: 87
Joined: Tue Mar 06, 2007 4:58 am
WLM: ahmad.raheel@hotmail.com
Yahoo Messenger: ahmad.raheel@yahoo.com
Location: Karachi

Postby lambda » Thu Sep 20, 2007 4:54 pm

raheelahmad wrote:What are you talking about ...................
is there something wrong with your keyboard...................? once again, raheel, don't quote yourself.

active directory or fedora directory server are extremely heavyweight solutions to this minor problem. pppoe is much simpler to implement, and has easy to use client support in linux, windows, and other operating systems.
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby nomankhn » Thu Sep 20, 2007 5:47 pm

Kashif Bahi,

Logon ko sahi tarhan bataya karo. Guide them properly.

Regards,
Noman Liaquat
nomankhn
Colonel
 
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Postby mudasir » Fri Sep 21, 2007 12:27 am

AOA,

Thanks for telling me other options, whenever i will get time i will certainly start work on all the options.

Again Thanks to everyone.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
mudasir
Captain
 
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Website: http://www.crystalnetworks.org
Location: Dubai

kbukhari

Postby raheelahmad » Sat Sep 22, 2007 2:57 pm

I am unable to understand why you are talking about ppoe , if it is possible with ppoe please provide solution.

In MS AD or FDS , you can restrict users with profile and policies can be applied,but you cannot make it 100% Secure, anyone with littpe knowledge about spoofing can spoof man n IP & on linux its not a big deal to spoof mac...

I hope you guys are getting my point ......


Regards,
RA.
-

Raheel Ahmad
raheelahmad
Naik
 
Posts: 87
Joined: Tue Mar 06, 2007 4:58 am
WLM: ahmad.raheel@hotmail.com
Yahoo Messenger: ahmad.raheel@yahoo.com
Location: Karachi

Re: kbukhari

Postby lambda » Sat Sep 22, 2007 4:05 pm

raheelahmad wrote:I am unable to understand why you are talking about ppoe , if it is possible with ppoe please provide solution.
just set up a pppoe server, and configure it to hand out ip addresses in a fixed range (like with dhcp). give each user a username/password, use the builtin tools on their system (windows, linux, whatever) to authenticate with the username/password. once you have their assigned ip address, you can let them access the internet (add an iptables rule to the nat table, for example).

there are many guides for this sort of stuff -- just search for "pppoe server".

In MS AD or FDS , you can restrict users with profile and policies can be applied,but you cannot make it 100% Secure, anyone with littpe knowledge about spoofing can spoof man n IP & on linux its not a big deal to spoof mac...
there's no way to sniff the actual username/password if you use chap authentication. that's your security. also, again, active directory or any other directory service is a heavy-weight solution. it requires you to do a lot of configuration on the user's system -- something you'll need to repeat if they reinstall or get a new computer or whatever. but pppoe? no problem.
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby raheelahmad » Mon Sep 24, 2007 8:55 pm

nice chat wid you guyz .. i wish the problem of the questionair is nearly solved.... !
there are many solutions to the question asked, depends on how the administrartor deal with it depending upon budget and managment approval .... I hope you guyz agreed with me ... :?:
-

Raheel Ahmad
raheelahmad
Naik
 
Posts: 87
Joined: Tue Mar 06, 2007 4:58 am
WLM: ahmad.raheel@hotmail.com
Yahoo Messenger: ahmad.raheel@yahoo.com
Location: Karachi


Return to “%s” Security

Who is online

Users browsing this forum: No registered users and 1 guest