Unit 2 Worksheet - Securing the Network Connection

Instructions

Fill out this sheet as you progress through the lab and discussions. Hold your worksheets until the end to turn them in as a final submission packet.

Resources / Important Links

Downloads

The worksheet has been provided below. The document(s) can be transposed to the desired format so long as the content is preserved. For example, the .txt could be transposed to a .md file.

There are 401 stigs for RHEL 9. If you filter in your STIG viewer for sysctl there are 33 (mostly network focused), ssh - 39, and network - 58. Now there are some overlaps between those, but review them and answer these questions

As systems engineers why are we focused on protecting the network portion of our server builds?
Why is it important to understand all the possible ingress points to our servers that exist?
- Why is it so important to understand the behaviors of processes that are connecting on those ingress points?

Discussion Post #2

Read this: https://ciq.com/blog/demystifying-and-troubleshooting-name-resolution-in-rocky-linux/ or similar blogs on DNS and host file configurations.

What is the significance of the nsswitch.conf file?
What are security problems associated with DNS and common exploits? (May have to look into some more blogs or posts for this)

Submit your input by following the link below.

The discussion posts are done in Discord threads. Click the 'Threads' icon on the top right and search for the discussion post.

Link to Discussion Posts

Definitions

sysctl:

nsswitch.conf:

DNS:

Openscap:

CIS Benchmarks:

ss/netstat:

tcpdump:

ngrep:

Digging Deeper

See if you can find any DNS exploits that have been used and written up in the diamond model of intrusion analysis format. If you can, what are the primary actors and actions that made up the attack?

Reflection Questions

What questions do you still have about this week?
How are you going to use what you've learned in your current role?

ProLUG Security Course