Security Services and Configuration

files for Different Server Services

SUBMITTED BY: SUDHANSHU KHARKWAL (4254310)

NEHCHAL SINGH (4258000)
ALISHA (4258876)

SUBMITTED TO: MRS. PARWINDER KAUR

 DHCP SERVER

Dynamic Host Configuration Protocol (DHCP)

is a core infrastructure service on any network
that provides IP addressing and DNS server
information to PC clients and any other device.
DHCP is used so that you do not have to
statically assign IP addresses to every device on
your network and manage the issues that static
IP addressing can create.
STEP BY STEP GUIDE TO INSTALL
DHCP ROLE AND CONFIGURE

To start first need to log in to the server with

administrator privileges. Then start the server
Manager by clicking on Server Manager icon
on task bar. Then go to Roles

Then click on Add Roles option to open Add

roles Wizard.

Then it will load the Roles Wizard and select the

DHCP Server From the list and click next to
continue.

Then it will give description about the role. Click

next to continue.
STEP BY STEP GUIDE TO INSTALL
DHCP ROLE AND CONFIGURE

In next Window it can configure

to support IPv6 as well.
Then it will give the confirmation
window before begin the install.
Click on Install.
Once installation finishes DHCP
server interface can open from
Start > Administrative Tools >
DHCP
 What is Apache?

is a powerful, flexible, HTTP/1.1 compliant web server

implements the latest protocols, including HTTP/1.1
(RFC2616)
is highly configurable and extensible with third-party
modules
provides full source code and comes with an
unrestrictive license
implements many frequently requested features
 INSTALLATION
Step 1: Double-Click the Apache Executable and Get the
Welcome Screen

Click Next
Make sure there's
nothing that you
can't agree to. Once
you accept, you'll be
held to the terms of
the license.
 INSTALLATION
Step 7: You're Done

Click Finish and go

check out your new
Apache Web server.
Pluggable Authentication Modules (PAM)

Programs that grant users access to a system

use authentication to verify each other's
identity (that is, to establish that a user is who
they say they are).
PAM uses a pluggable, modular architecture,
which affords the system administrator a great
deal of flexibility in setting authentication
policies for the system.
 PAM Configuration File Format

Each PAM configuration file contains a group of directives

formatted as follows:

<module interface> <control flag> <module name> <module

arguments>
 Module Interface

Four types of PAM module interface are currently available. Each of these
corresponds to a different aspect of the authorization process:
auth This module interface authenticates use, it requests and verifies
the validity of a password. Modules with this interface can also set
credentials, such as group memberships or Kerberos tickets.
account This module interface verifies that access is allowed, it may
check if a user account has expired or if a user is allowed to log in at a
particular time of day.
password This module interface is used for changing user passwords.
session This module interface configures and manages user sessions.
 What is a Firewall?

A choke point of control and monitoring

Interconnects networks with differing trust
Imposes restrictions on network services
only authorized traffic is allowed
Auditing and controlling access
can implement alarms for abnormal behavior
Provides perimeter defence
 Classification of Firewall

Characterized by protocol level it controls in

Packet filtering
Circuit gateways
Application gateways
Stateful multilayer
 Firewalls Packet Filters

Work at the network level of the OSI model

Each packet is compared to a set of criteria before it

is forwarded

Packet filtering firewalls is low cost and low impact on

network performance
 Firewalls - Stateful Multilayer
Stateful multilayer inspection firewalls
combine the aspects of the other three types
of firewalls

They filter packets at the network layer,

determine whether session packets are
legitimate and evaluate contents of packets
at the application layer
 SELinux
Malicious or broken software can have root-
level access to the entire system by running as
a root process.

SELinux (Security Enhanced Linux) provides

enhanced security.

Through SELinux policies, a process can be

granted just the permissions it needs to be
functional, thus reducing the risk
 SELinux
SELINUX can take one of these three
values
enforcing - SELinux security policy is
enforced.
permissive - SELinux prints warnings
instead of enforcing.
disabled - SELinux is fully disabled
 User Accounts and Strong Password Policy

Use the useradd / usermod commands to create

and maintain user accounts.
Make sure you have a good and strong password
policy.
a good password includes at least 8 characters
long
mixture of alphabets, number, special
character, upper & lower alphabets etc.
Most important pick a password you can
remember.
SSH (Secure Socket Shell)
 Configuration of SSH Server

After the installation is complete, edit

the /etc/ssh/sshd_config file. But before you start editing any
configuration file always backup the original file:
sudo cp -a /etc/ssh/sshd_config /etc/ssh/sshd_config_backup

Now, use the following command to edit the file:

sudo nano /etc/ssh/sshd_config
 Configuration of SSH Server

To increase your security further you can optional customize a

couple more settings. The first is PermitRootLogin. Set this to no to
disallow anybody to login as root.
# Authentication:
LoginGraceTime 120
PermitRootLogin no

The second optional change to increase security is to list the

users who are allowed to access the system remotely through
SSH. To do this, add the following line to the end of
the sshd_config file:
AllowUsers user1 user2
THANK YOU