HHT: Network Security Part 1
Requested by a few people.
Part 1 will be required software/materials. Part 2 will be a "hands-on" networking primer. If there's interest after Part 2, I will make more.
I can't do a generic tutorial for all OS's, and I realize noone wants to install and learn a new OS. So, I'll teach you how to use a linux livedvd. A livedvd is an operating system on a dvd. There's no installing involved. You don't write anything to disk, so you're Windows installation isn't affected. Backtrack linux has a livedvd, and it contains everything you will need to get started.
1) Computer (duh) with a bios that can boot from a dvd drive.
2) DVD drive.
3) A copy of Backtrack linux (see below).
4) A usb hard drive or pendrive (optional but recommended).
Get the livedvd here: http://www.backtrack-linux.org/downloads/
You want BackTrack 4 R1 Release ISO
Verify the md5sum to insure you have an uncorrupted copy. Software for Windows - http://www.etree.org/md5com.html
Write the .iso to a dvd. See the manual for your dvd writing software on how to write an image file.
If you only have one computer you might want to print the following or write it down.
Load the livedvd and restart your computer. You will probably have to enter the bios and set the boot sequence to use the dvd/cdrom drive first. After a few seconds or so you will see a list of options to boot. Pick the first option - Start in framebuffer 1024x768
Booting is slow because you are booting from removable media and not a hard disk. After all of the modules are loaded you will end up at a login: [email protected]:~#
We can do everything we need to do right here in this one terminal, but I think you would prefer an xwindows session so type:
The xserver will start, then KDE (KDE is a desktop environment). For this tutorial we will stick with the default, but just for future reference, there are a lot of different desktop environments and window managers for linux. You can make it look however you want.
First things first. We'll change the default password. On the bottom of the screen you will see the taskbar. 5th icon from the left is Konsole (put your mouse over the icons to see the descriptions). Click that. Type the following:
It will prompt you to type a new password and then confirm it. If you typed it correctly you will see:
Next we will get our networking started. There's a handy little bash script to try first. In your Konsole (terminal) type the following:
passwd: password updated successfully
This will run through the interfaces listed in /etc/network/interfaces
This may or may not work. If you're not sure whether this worked or not, (after the script has stopped running) type the following into your terminal:
If you see:
ping www.google.com -c 3
then it didn't work. If you see something other than what I typed above, double check it. Open Firefox and try to open a website.
ping: unknown host www.google.com
To setup your wireless connection, click on KMenu (the equivelent of the Start menu in Windows). Go to Internet --> Wicd Network Manager. wicd will start. It's self-explanatory.
If you need to set up a static IP you will have to modify a shell script (it's not as intimidating as it sounds). First we will open the script in our terminal:
Network devices in linux are called eth (for ethernet), wlan (wireless), lo (loopback), followed by a number. The first ethernet device is called eth0. The second is eth1, etc. If you only have one nic and a static ip address you can delete everything in the interfaces script except:
Now we plugin our configuration:
iface eth0 inet
Obviously change it to your addresses. Also notice that I changed the second line to read "static" rather than "dhcp."
iface eth0 inet static
Press the Control key with the "X" key to save the file. It will ask you if you want to save the file. Type "Y" for yes or "N" for no (if you made a mistake). It will ask you for the name of the file to save. Just hit enter for the default. There. You just modified your first shell script. Easy huh? One more thing to do for a static IP address though. You need to set a nameserver:
All you really need to specify here is your nameserver(s). You can also add domain and search as well. Here I will specify primary, secondary and tertiary nameservers, domain and search:
Again, you only need your nameserver(s) here. Ctrl-x, Y, enter, enter to save the file.
Now you can run:
Those are the 3 most common network configurations. If you need help for another configuration just ask and I'll get you up and running.
At some point you may want to access your hard drive to get a file or save a file. Remember, we are running a livedvd. When you reboot, everything is lost. You can't save files to the dvd, and unless you mount another device you won't be able to save anything. Mounting and unmounting is a security feature of unix type operating systems. By default most unix systems don't know about floppy drives, cdroms, usb devices, etc. until you tell the operating system it's there. In the next example I'll show you how to make a directory for your Windows partition, set a mount point on your file system and then mount the Windows hard drive.
First type the following in your terminal:
Most likely you will only see the following:
The numbers will be different, but you should see either hda or sda. In linux we don't call hard drives C: or D:. We call them hda or hdb (IDE drives are hda and scsi or sata drives are sda). We also list the partition after the hard drive. So hda1, hda2, etc. Right now we are only concerned with your Windows installation, so we see 2 parttions on hda. Notice hda1 is a little bit smaller than hda. That's the partition that has Windows on it. Remember that (hda1). If you have a scsi or sata drive, remember to change the code below from hda to sda.
7 0 1927080 loop
3 0 78150744 hda
3 1 78140128 hda1
First we will create a directory for Windows:
Now we can mount that device to our new directory:
Now you can see all of your Windows files by typing:
mount /dev/hda1 /mnt/hda1
If the above did not work for you, let me know and I'll help you fix it.
If you have a usb device you want to mount then read on. If not, skip to the next part. Plug in your usb device then in your terminal type:
The "less" will prevent everything from scrolling by. You can read dmesg one page at a time. Press spacebar to go to the next page, or you can use the page-up/page-down keys. Control-Z stops less and brings you back to a command prompt. Another little bash trick is to send the output to a file rather than to the screen:
Now you can open it up as a text file:
dmesg > NameOfYourFile
Anyway...what we are looking for here is anything that says "usb." If your hard drive is IDE and you mounted your Windows partition as hda1 then you don't need to do this step. Your usb device will be sda1. If you have a scsi or sata drive, you need to do this step. Look for "usb" and "sda." When you find it you can plug that into the following example:
To see it mounted do:
mount /dev/sda1 /mnt/usb
To see the contents of the usb media do:
Like I said before, if you reboot, everything will be lost and you'll have to do this over again. It might be a good idea though so you can practice.
One last thing for this lesson....Right now you are running as root (superuser). For most of the network security software I'll be showing you root is required. If you plan on surfing the internet or doing other stuff online (especially irc) you will need to create a regular user. Let's say your username is gamahiro. You would do this:
When that is finished type:
useradd -m -G users,audio,cdrom,plugdev,video -s /bin/bash gamahiro
Now to switch to my user account I type:
To switch back to root I type:
I hope you remember your root password that we set way back at the beginning If you ever get confused, and can't remember who you are for some reason, just type:
If you have any questions feel free to ask. Here's some links for you to brush up on your unix skills:
PS: I typed most of this off of the top of my head. If there are any errors, let me know and I'll edit the post. Thanks.