For this section, review the information from the chapter and try to expand on the topics. This will allow you to increase your knowledge of the different topics. To stimulate your thinking, try some of the following topics:
- The tcp wrappers can be considered as a simple firewall. It is a host-access control system and also can be used to secure a service. The tcp wrappers contains two files named
hosts.allowandhosts.deny. Research this feature, try to implement it on one of your virtual machines, and then attempt to scan the network services once they are wrapped. An example of a wrapped service that has been scanned by Nmap is shown in the following image:
Using the image as an example, configure the settings and scan the ports that are wrapped to achieve the same results. Once you have done this, see if there are any characteristics that you can identify when you scan ports that are wrapped compared to the ones that are not wrapped. This is part of being an advanced penetration tester. That is, you have to deploy a number of different defensive mechanisms and then test them to see how they react when scanned and probed.
- The next challenge is to create the concept of port knocking as discussed earlier in this chapter. Attempt to set up the port knocking concept to protect the ssh daemon on one of your virtual machines. The process is to create a sequence of ports that will be "knocked" on; once the sequence has been received the firewall will open the port that is waiting for the knock. While there are some controversial views on the effectiveness of port knocking with respect to security, there is a chance that you may encounter an administrator who has implemented it. Since that possibility does exist, it is a good idea to see how the ports react when the technique is deployed. An example of an architecture that has configured the protection of port knocking is shown in the following image:
As the image shows, this configuration creates the port knocking sequence of four ports: 1111, 2222, 3333, and 4444. Once the port sequence is received, the iptables firewall will open port 22 for a period of 15 seconds and then it will close again. See if you can configure this to work, and then once you have tested it, scan the machine, and look at the sessions at the packet level to see if you can identify any characteristics of port knocking being configured. As an expansion of port knocking, see if you can capture the sequence when it works, and then deliberately send a sequence without the correct sequence and analyze the differences.