tcp/ip - Day 4

Goals

• look at NFS
• get an overview of tcpip security

POST

1. In this url http://www.somewhere.com/sales/texas/info.html
   • what is the full path of the document being requested?
   • what is the protocol?
   • what is the domain name?
   • what is the hostname?
   • what is the name of the document being requested?
   • what directory(s) is the document in?
2. In this url http://www.somewhere.com/ what document will be served?
3. In this url http://www.somewhere.com/email is the request for a file or directory?
4. how might you find out the name of your ethernet device?
5. what command might you use to take your ethernet device "offline"?
6. ... and then put it back online?

NFS

• NFS is a networked filesystem for unix boxes; originally developed by Sun.
• used to share filesystem resources: NAS, NAS, traditional fileservers, etc.
• centralize disc resources - can have virtualized filesystems
• roughly equivilant to SMB (windows file sharing)
• control
  • /etc/fstab: remote directories this machine should attempt to mount
    remote-host:remote-path local-mountpoint nfs options 0 0
  • /etc/exports: directories other machines should be allowed to mount
    local-path option option
/sharethis yourbox otherbox
• who are the users? known users, nobody
• automounter

TCP security

1. physically secure the box
2. shut down all services, offer only what is necessary
3. keep your distribution up to date
4. firewall the box (hardware, software)
5. run some form of intrusion detection (tripwire, etc)

some sample threats