1
00:00:00,000 --> 00:00:17,140
Hey guys and welcome back to another skill. So in this skill right here what we're going

2
00:00:17,140 --> 00:00:24,039
to be focusing on is the concept of security and we will get to look at some security tools

3
00:00:24,039 --> 00:00:31,039
which we can use as well as some security resources we can utilize to find out information

4
00:00:31,039 --> 00:00:37,359
relating to security and then finally we will look at something called VPNs and how

5
00:00:37,359 --> 00:00:43,320
we can actually configure our own VPN. So with that said how about we roll up our sleeves

6
00:00:43,320 --> 00:00:47,840
and get started. Now the very first thing I want to talk to you about are some of the

7
00:00:47,840 --> 00:00:52,840
tools that we have available to us. Now the tools which I want to highlight should be

8
00:00:52,840 --> 00:00:59,520
familiar to you by now. The very first tool we have to be aware of is one called IP tables.

9
00:00:59,520 --> 00:01:05,719
Now you may recall that IP tables was what we use to ultimately implement a firewall.

10
00:01:05,719 --> 00:01:11,359
This is going to allow us to control particular traffic paths meaning we could either permit

11
00:01:11,359 --> 00:01:17,680
or deny particular traffic based on its destination. That could be a destination IP address or

12
00:01:17,680 --> 00:01:25,160
a destination IP address and port. That could also be dependent on a source address meaning

13
00:01:25,160 --> 00:01:33,280
a source IP or a source port. We could have a combination of rules based on sources and

14
00:01:33,280 --> 00:01:39,760
destinations as well as targeting particular protocols particular ports so on so forth.

15
00:01:39,760 --> 00:01:44,360
Really what we want to be remembering for this portion of the exam is that IP tables

16
00:01:44,359 --> 00:01:48,959
is going to allow us to control that traffic by implementing firewalls. Now the very next

17
00:01:48,959 --> 00:01:55,000
thing we want to look at is maybe an unusual one because you don't associate it with security

18
00:01:55,000 --> 00:02:00,960
in any type of way usually and that is Telnet. Now you may recall when we talked about SSH

19
00:02:00,960 --> 00:02:08,079
we learned that Telnet was really the precursor to SSH in a way. It allowed us to have remote

20
00:02:08,079 --> 00:02:14,319
access but the big thing with Telnet was that it was unencrypted. But one thing about Telnet

21
00:02:14,799 --> 00:02:20,439
that is very very useful is that it can allow us to easily test connectivity so we're not really

22
00:02:20,439 --> 00:02:26,680
going to be using Telnet to transport any type of sensitive data absolutely not. But if we want to

23
00:02:26,680 --> 00:02:34,280
maybe say test if our email server is reachable over a particular port and accessible well Telnet

24
00:02:34,280 --> 00:02:40,840
can be used to facilitate that basic test connection so really just for testing accessibility

25
00:02:40,879 --> 00:02:47,400
and availability Telnet can be a useful tool and that's kind of limited respect. Now the next

26
00:02:47,400 --> 00:02:54,439
thing we have is something called NC this is Netcat. Netcat really is the type of Swiss Army

27
00:02:54,439 --> 00:03:01,120
knife of network utilities it can do so so much. With Netcat we can ultimately test particular

28
00:03:01,120 --> 00:03:07,800
ports we can test particular protocols we can open up sockets and channels and ultimately

29
00:03:07,840 --> 00:03:13,640
generate connections between machines using this particular utility so we do want to understand

30
00:03:13,640 --> 00:03:20,120
what Netcat is what it can be used for these are the primary purposes. Now we also want to be aware

31
00:03:20,120 --> 00:03:27,000
of Nmap. Nmap is one of the favorite tools of hackers worldwide it is primarily going to be used

32
00:03:27,000 --> 00:03:33,240
as a port scanner although it can be used to actually perform some type of vulnerability scanning

33
00:03:33,560 --> 00:03:40,200
i.e. you can run Nmap against your own local server probing for vulnerabilities testing for

34
00:03:40,200 --> 00:03:47,879
open ports. Now other tools we have to be aware of one is called OpenVas. OpenVas is another

35
00:03:47,879 --> 00:03:54,040
vulnerability scanner so this is great to use let's maybe say you have some out of date software on

36
00:03:54,040 --> 00:04:00,840
your system maybe say you're using some type of insecure cipher suite on your cryptography whatever

37
00:04:00,840 --> 00:04:06,920
it may be. OpenVas can be used to ultimately detect and alert you to these issues and provide

38
00:04:06,920 --> 00:04:12,920
you a way to really harden and tighten up your security posture. Now another tool we have to

39
00:04:12,920 --> 00:04:20,600
be aware of is one called Snort. Snort is very very popular in the enterprise world. Now Snort

40
00:04:20,600 --> 00:04:27,720
is not a vulnerability scanner it is from the family of tools known as an intrusion detection system

41
00:04:27,800 --> 00:04:33,000
so the main difference here between so now a vulnerability scanner is something you could run

42
00:04:33,000 --> 00:04:39,800
on your own system to probe and test for weaknesses, weaknesses that could otherwise be exploited by

43
00:04:39,800 --> 00:04:47,240
someone else whereas an IDS an intrusion detection system that is going to actually catch anyone who

44
00:04:47,240 --> 00:04:52,680
is proactively trying to breach your system. So really a vulnerability scanner is something you

45
00:04:52,680 --> 00:04:58,920
would use yourself on your own system to test for particular weaknesses whereas the IDS is actually

46
00:04:58,920 --> 00:05:04,680
going to scan and monitor for incoming connections that could be malicious i.e someone who actually

47
00:05:04,680 --> 00:05:10,120
is trying to exploit a vulnerability in your system and actively breach the perimeter. So really

48
00:05:10,120 --> 00:05:15,480
OpenVas that is the vulnerability scanner you want to be aware of whereas Snort is the IDS you want

49
00:05:15,480 --> 00:05:24,520
to be aware of one other IDS you want to know is one called Fail2Ban. Now what Fail2Ban does really

50
00:05:24,520 --> 00:05:30,840
it's going to ultimately ban IP addresses and the way you actually ban these particular IP

51
00:05:30,840 --> 00:05:36,280
addresses is you specify them in the form of a log file. Now if that log file happens to contain a

52
00:05:36,280 --> 00:05:42,600
particular IP address then if someone tries to connect in to your system from that IP address

53
00:05:42,600 --> 00:05:48,360
which you identify as malicious Fail2Ban is going to ultimately jail them so they're not going to

54
00:05:48,360 --> 00:05:54,840
be able to make that connection. So let's quickly look at the installation of Fail2Ban if we just

55
00:05:54,840 --> 00:06:00,600
just maximize this and the way we can install Fail2Ban is we can say sudo apt install and it's

56
00:06:00,600 --> 00:06:07,480
just fail2ban and it would be helpful if I could actually type not just mysqlpd that should be apt

57
00:06:07,480 --> 00:06:15,080
not aot of course there we go and type in the passwords hit enter just say yes to install the

58
00:06:15,080 --> 00:06:20,600
software and the installation should complete. So now once that is done one thing we want to

59
00:06:20,600 --> 00:06:27,720
be aware of is a particular location of our primary configuration file for Fail2Ban this is going to be

60
00:06:27,720 --> 00:06:34,360
our jail configuration file so if we go into the exit directory you should now have a new directory

61
00:06:34,360 --> 00:06:41,560
called fail2ban if we go in here and do an ls we can see here we have this jail.conf file so what I

62
00:06:41,560 --> 00:06:48,120
can do here is if I just go into jail.conf this is the primary file which you can use to control

63
00:06:48,120 --> 00:06:54,120
fail2ban so we can control things such as the band time i.e how long we want to actually ban

64
00:06:54,120 --> 00:07:00,280
a particular connection we can also specify the number of retries oh sorry about that we can also

65
00:07:00,279 --> 00:07:05,639
specify the number of maximum retries before a failure is going to be initiated so let's just

66
00:07:05,639 --> 00:07:12,599
maybe say we happen to have as we can see here five attempts if someone makes five different

67
00:07:12,599 --> 00:07:18,119
attempts to log into the system that are bad and are rejected say for example they're trying to do a

68
00:07:18,119 --> 00:07:24,119
brute force attack trying different credentials that host is going to be banned from initiating a

69
00:07:24,199 --> 00:07:30,120
connection at all so this can be a way we can actually stop and prohibit any type of brute force

70
00:07:30,120 --> 00:07:34,759
attacks on our system but really if we stroll through this entire configuration file we have a

71
00:07:34,759 --> 00:07:39,959
bunch of different things we can choose again the main thing we want to be aware of is the utility

72
00:07:39,959 --> 00:07:46,120
of what fail2ban can do and the location of that particular configuration file jail.conf within the

73
00:07:46,120 --> 00:07:51,480
etsy fail2ban directory now one thing I should actually just note just for the purposes of the

74
00:07:51,480 --> 00:07:57,160
examination we probably want to be aware of is this option here ignore ip this is actually

75
00:07:57,160 --> 00:08:03,879
commented out meaning that it is not active right now if we actually uncomment this what we can do

76
00:08:03,879 --> 00:08:09,879
is provide a list of ip addresses to never ban this is in effect allowing us to implement a

77
00:08:09,879 --> 00:08:15,480
waitlist so really those are the main tools that we have to be aware of from our point of view of

78
00:08:15,480 --> 00:08:20,280
security now what we want to look at are some of the basic security resources that we have to be

79
00:08:20,279 --> 00:08:25,399
aware of for the purposes of the lpik2 examination and well that's what we'll be looking at in the

80
00:08:25,399 --> 00:08:36,199
very next nuggets I hope this has been informative for you I'd like to thank you for viewing