Security Issue

Protecting your Linux box
mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Post by mudasir »

AOA,
Why AD,

If he is using linux?
Then what other solution i should go with...[/quote]
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
raheelahmad
Naik
Posts: 87
Joined: Tue Mar 06, 2007 4:58 am
Location: Karachi
Contact:

Post by raheelahmad »

you can Use SAMBA as a domain control plus you can also use Fedora Directory Server which is like MS AD .

AD can not be configured on linux , but one way to confgure AD on linux is WINE Server if you use wine , you will be in much trouble ... friend.there are other security issues with wine itself ....

Fedora Directory server is a better option ...


Regards.
-
Raheel Ahmad
mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Post by mudasir »

AOA,

Thanks for sharing such informations with me. I will try to configure Fedora Directory Server ASAP, and wil let all you Guyz know wheather it works for me ot not


Again Thanks alot for heloing me.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
nomankhn
Colonel
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Post by nomankhn »

Dear Mudasir,

Then i am waiting for FDS.


Regards,
Noman Liaquat
mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Post by mudasir »

AOA,

Currenlt my LAPTOP's Combo Drive just died, so i will be replacing it very soon, after that i will start Working on FDS....
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
raheelahmad
Naik
Posts: 87
Joined: Tue Mar 06, 2007 4:58 am
Location: Karachi
Contact:

Post by raheelahmad »

mudasir wrote:AOA,

Currenlt my LAPTOP's Combo Drive just died, so i will be replacing it very soon, after that i will start Working on FDS....
what about FDS dude .........
-
Raheel Ahmad
mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Post by mudasir »

AOA,

Still i am unable to do any work on FDS, my Semester Exams are starting up. So after that i will INSHALLAH start work on FDS
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
kbukhari
Major General
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Location: Lahore
Contact:

Post by kbukhari »

raheelahmad wrote:Dear friend , while checking the script farrukh has posted in forum I come to know that your problem will still exists in your network , you have to write the script which can stop MAC Spoofing which can be done as you said by binding IP to MAC plus you have to modify the script which before adding the allowed MAC to list will search if the mac already exists against any IP if yes block it else let it in ,if spoof your server MAC what will be happen if i am on same network ? flooding .. Spoofing ..

I hope this will help you ... much ...

please let us know your response ... I can write the script for you but on weekend sorry for delay ...

regards.
Dear raheel
there is no way to search Mac spoofing ip will bind on a Mac address think if I can spoof a Mac then its not too difficult for me to find an IP. If I use same ip and Mac of an other users? Then how server could search me?
In this scenario I have to option
1. Move on Layer 3 network (Which is two much expansive)
2. Move on PPPoE authentication which is not much difficult in Linux
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
raheelahmad
Naik
Posts: 87
Joined: Tue Mar 06, 2007 4:58 am
Location: Karachi
Contact:

Post by raheelahmad »

kbukhari wrote:
raheelahmad wrote:Dear friend , while checking the script farrukh has posted in forum I come to know that your problem will still exists in your network , you have to write the script which can stop MAC Spoofing which can be done as you said by binding IP to MAC plus you have to modify the script which before adding the allowed MAC to list will search if the mac already exists against any IP if yes block it else let it in ,if spoof your server MAC what will be happen if i am on same network ? flooding .. Spoofing ..

I hope this will help you ... much ...

please let us know your response ... I can write the script for you but on weekend sorry for delay ...

regards.
Dear raheel
there is no way to search Mac spoofing ip will bind on a Mac address think if I can spoof a Mac then its not too difficult for me to find an IP. If I use same ip and Mac of an other users? Then how server could search me?
In this scenario I have to option
1. Move on Layer 3 network (Which is two much expansive)
2. Move on PPPoE authentication which is not much difficult in Linux
What are you talking about ...................
-
Raheel Ahmad
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

raheelahmad wrote:What are you talking about ...................
is there something wrong with your keyboard...................? once again, raheel, don't quote yourself.

active directory or fedora directory server are extremely heavyweight solutions to this minor problem. pppoe is much simpler to implement, and has easy to use client support in linux, windows, and other operating systems.
nomankhn
Colonel
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Post by nomankhn »

Kashif Bahi,

Logon ko sahi tarhan bataya karo. Guide them properly.

Regards,
Noman Liaquat
mudasir
Captain
Posts: 565
Joined: Tue Oct 17, 2006 5:23 am
Location: Dubai
Contact:

Post by mudasir »

AOA,

Thanks for telling me other options, whenever i will get time i will certainly start work on all the options.

Again Thanks to everyone.
Kind Regards
Mudasir Mirza (RHCE)
(+971)55-1045754
http://www.crystalnetworks.org
http://www.diglinux.com
raheelahmad
Naik
Posts: 87
Joined: Tue Mar 06, 2007 4:58 am
Location: Karachi
Contact:

kbukhari

Post by raheelahmad »

I am unable to understand why you are talking about ppoe , if it is possible with ppoe please provide solution.

In MS AD or FDS , you can restrict users with profile and policies can be applied,but you cannot make it 100% Secure, anyone with littpe knowledge about spoofing can spoof man n IP & on linux its not a big deal to spoof mac...

I hope you guys are getting my point ......


Regards,
RA.
-
Raheel Ahmad
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Re: kbukhari

Post by lambda »

raheelahmad wrote:I am unable to understand why you are talking about ppoe , if it is possible with ppoe please provide solution.
just set up a pppoe server, and configure it to hand out ip addresses in a fixed range (like with dhcp). give each user a username/password, use the builtin tools on their system (windows, linux, whatever) to authenticate with the username/password. once you have their assigned ip address, you can let them access the internet (add an iptables rule to the nat table, for example).

there are many guides for this sort of stuff -- just search for "pppoe server".
In MS AD or FDS , you can restrict users with profile and policies can be applied,but you cannot make it 100% Secure, anyone with littpe knowledge about spoofing can spoof man n IP & on linux its not a big deal to spoof mac...
there's no way to sniff the actual username/password if you use chap authentication. that's your security. also, again, active directory or any other directory service is a heavy-weight solution. it requires you to do a lot of configuration on the user's system -- something you'll need to repeat if they reinstall or get a new computer or whatever. but pppoe? no problem.
raheelahmad
Naik
Posts: 87
Joined: Tue Mar 06, 2007 4:58 am
Location: Karachi
Contact:

Post by raheelahmad »

nice chat wid you guyz .. i wish the problem of the questionair is nearly solved.... !
there are many solutions to the question asked, depends on how the administrartor deal with it depending upon budget and managment approval .... I hope you guyz agreed with me ... :?:
-
Raheel Ahmad
Post Reply