LPI 010-160 – Networking Basics part 2
- Network Protection
These days, one of the most pressing issues involving technology revolves around system security and data protection. In this lesson, we’re going to discuss a few basic tips to help prevent your Linux system from getting compromised. First, shut down unused servers. Linux’s major security vulnerabilities aren’t inside of worms or viruses like they are with Windows. Instead, Linux risk is going to be sitting on the fact that outsiders can try to break in and abuse server programs that are running 24 hours a day, seven days a week. Therefore, it’s important not to run servers unnecessarily. If there’s some service you don’t need, turn it off.
Some distributions will automatically install and run servers in the background as daemons things like secure shell, the Apache web server, mail servers, and many more. The most thorough way to remove a server is to simply uninstall it using the appropriate package system as we talked about in our other videos. Or you can use the uninstall command for your relevant package manager inside the command line. Now, if you don’t want to uninstall the actual package, you can also shut down that service. Again, if you use Google and say how to shut down XYZ service on my distro, it’ll give you the answer step by step of how to do that.
The second thing you can do is enable a firewall. Now, a firewall is a program or system setting that’s going to police your network traffic going into or out of your system. This will allow or deny that traffic based on pre program criteria that you give it. Most Linux distributions enable your firewalls by default, but you may have a particular need where you need to adjust the settings to make it work just right for you. Third, use good passwords. If you have a system that’s running a login server of any type, you need to make sure you have a good password. That can minimize the risk of an outsider breaking in by simply guessing your password.
Now, to select a good password, you need to go and look at our password video coming up later in this course. Fourth, be suspicious. Users should be suspicious of untrusted sources of data. Things like phishing, which is an attempt to extract sensitive data from users by posing as a trusted individual or organization, can be used as well as other attacks where people try to trick users into giving up their passwords, financial data, and much more. Also, you have things like malicious software or malware. Now, while this is rare for Linux, there is malicious software and malware out there for it and it can be easy to produce if you know what you’re doing.
Therefore, it’s best for you to stick to official software sources and remember that emails, websites and other types of communications can be faked and can be used to trick you. Fifth, always keep your software up to date by using your package management tools described in our earlier videos. You can keep your system up to date with just a couple of clicks. You should regularly check for any software updates that may have come out because most of these are fixing security bugs and they can patch your system. These bugs are known problems that can be exploited by a hacker, attacker or outsider. And it can take over your Linux computer. By making sure you update to the latest security patches, you can plug those holes and fix those bugs.
- Connecting to a Network
In this demonstration, I want to show you how you can connect to the network using your Linux machine. We can do this two ways. We can do it using the GUI based program or the command line program. Now, the nice thing about the GUI is it makes it really easy. Up here in the upper right corner, you’ll see the network icon, and you’ll see here we have Wired Connected. If I click on this, I can simply turn off my network connectivity by doing that, if I want to be able to connect it again, just click on Wired Off and click Connect. That turns on the network again. And now I’m connected. Now if you need to do some kind of special configuration, you can just go to Wired Settings and from here you can connect and change how this is going to be connected.
Now if we click on the gear here, we’re going to see the configuration for this wired network. Under the detailed tab, we have information about it. You can see my link speed. This is 1000 megabits per second, or one gigabits per second. You see my IP address ten 0215. You see my iPV Six address, that long series of numbers there. You see my Mac address, that hardware address. You also see the default route, and you see DNS. I also have this set up to connect automatically and make it available to all users. If you want to, you can actually restrict background data usage as well. This is useful if you’re on a sort of metered connection, like a wireless connection that you pay for over your cell phone. You can restrict any background apps from using that data connection until you’re back on WiFi.
In my case, that’s not the case, so I’m going to leave that unchecked. Now, if we go over here to Identity, you can see the name of it. This is just called wired connection one. You’ll see the Mac address again, you can actually have a cloned address which is pretending to be somebody else’s Mac address if you want. And your maximum transmission unit size right now it’s set to automatic, which by default is around 1500. Under iPV four, I am currently set as automatic, meaning it’s going to use Dhcp. When I connect this computer to a network, it’s going to call out to the Dhcp server and say, I need an IP address, give it to me, and that will then have that handshake happen and we’ll get that information.
But if you needed to set up a manual IP address, because this was a server, for instance, you could do that as well by clicking on manual and then simply typing it in. Maybe it was going to be 192, 168, 110 is my server and my network mask is my subnet mask of 255-255-2550 and my gateway of 192 168 one one. If I hit apply, that now becomes my IP address and that dynamic one I had, which started with a ten, will then be dropped. In my case, I’m going to go ahead and leave the automatic address. But you can see how easy it is to change things in here because it’s all point or click. iPV six, same type of thing there. And then under security you can configure 802 one x, which will give you security over the network and allow you to have a username or password for authentication.
If your network uses that, most home networks won’t. But if you’re using a corporate network, this could be something you’d need to configure. I’ll go ahead and close that out. Also from here you can set up VPNs and you’d also see your wireless network devices. If you had a wireless card, because I’m using a virtual machine, I don’t have a wireless card here and so it’s not showing up as an option. All right, now that we’ve gone through and looked at that from a Gui perspective, let’s go ahead and look at it from the command line. How would I find that same type of information? Well, let’s go ahead and go into our command line. And from our command line, if we use IP address, show, this is going to say show me the IP address.
It’s kind of very easy to read because it’s standard English. And by doing that, you’re going to see I have two adapters. Adapter one and adapter two. Adapter one is my loopback. This is going to exist on every single system. The loopback always has the same IP address as well. It’s one twenty seven, zero one. And you can see that here on the third line, the inet address, which is going to be my IP address for version four, is version six IP addressing. It’s going to be colon one. Those are defaults that happen on every computer out there. Now, once we get down here to line number two or interface two, this is the wired Internet connection that we were just looking at. You can see that they’re calling it Enp zero s three.
This is a broadcast type device and a multicast type device and it is up. You’ll see your maximum transmission units of 1500 like we talked about before. And then we have some more detailed information that’s beyond the scope of this class. Now, if we go down here to Linkether, what do we have? Well, this is our Mac address. That is the physical address or layer two address for this computer. Here we have the Broadcast, which is all FS. Then we have our iPV four address. You’ll notice it’s 100 215, and then we have its Broadcast 100 2255. After that you’ll see your iPV Six address, which is this long series of numbers here. And that’s going to give you the basic information about this network adapter.
You could see it’s up, you could see its IP address and you have a good idea of what it’s using. Now, if you were troubleshooting a local network issue you wouldn’t necessarily be as concerned with those IP addresses. And maybe all you needed to see was the links at your layer two, which is your Mac addresses. To do that you use a thing called IP Link Show. And the IP Link is specifically focused on layer two switching as opposed to IP Address which shows you layer three routing. If you go ahead and do that you’ll see here that we get basically the first two lines of each interface. Instead of seeing everything we’re just going to see the information about that layer two network.
Another thing I want to show you how to do here we’re going to go ahead and clear our screen is to show you how to turn off or turn off an interface. So in the case of our interface when we did IP Address Show we saw that we had two interfaces and the second interface is that wired network connection that’s enp zero s three. If I want to turn that off I need to set it to the down position. So if I want to turn off that second adapter I’m going to have to use pseudo and be root. So Sudo is my super user do and then I’m going to use IP Link Set, the name of that enp zero s three and then I’m going to use the down command that’s going to say take this thing and turn it off. Now, as I hit Enter, watch the upper right hand corner of the screen. Watch that network icon.
It’s going to go away just like it did when I turned off the wired connection because that’s what I’m doing here. When I go ahead and hit Enter, there it goes. That adapter turns itself off. Now, if I want to look at that adapter again, let’s go ahead and do IP Address Show. And what do we see here on that second adapter? A lot of the information we had before has gone away because we don’t have layer three routing information anymore because this thing is now in the down position. It’s off, it’s been turned off before it was in the up position and therefore we had all of this routing information at layer three because we had network addresses assigned. Now we’ve lost that because we have it down.
So if I want to connect back to the Internet, how would I do that? Well, I would go ahead and use pseudo IP Link set the name of it, enp s three and then up because I want to turn it back on. And when I do that it’s going to go reach out, turn on that card, do a DHCP Address advertisement and pull a new Dhcp address. In this case, it’s probably going to be the same Dhcp address as we had before. The reason for that is because what ends up happening is the Dhcp server tends to remember who connected to it before. And if you come back online within a certain amount of time, they’ll just give you the same address. So if we go here to show you’ll, see, we do have the same address, 100, 215. And now our state here is up.
And so that card is back online, and we have a good network connection again. All right, one last thing that we haven’t done yet that I think is important for us to show you is how do we get a manual IP assigned to an Ethernet connection like Enp s Three. Well, let me go ahead and clear my screen. And what we’re going to do is use pseudo iPadR, which is IP address, and then add. And then we’re going to give it the IP we want to use. 192, 168, one, dot ten, which is that server IP I was using before, slash 24, which tells it what the subnet mask is. In this case, 255, dot 255, 255, dot zero. And then the device I want to use, which was enp zero, s three. If I go ahead and hit enter, that says the command happened. Let’s see if it works successfully. We’re going to do IP Address Show and hit enter.
And now you can see down here at the bottom, I have two IP addresses assigned to this card. Notice I have the Dhcp 110, 215, and I also have the new manual 1192, 168, 110. Now, if I want to get rid of that Dhcp one, I can go in using that same format of command sudo ipadder. And instead of using add, I’ll use delete the name of that IP address, the device, and I can pull it off that way. So you get the idea here of how we can do all this from the command line. Again, if you need to do this in real life, what you should do is use man and look at Man IP. That will give you all the information you need about the IP command. What I did here was I just scratched the surface to show you that anything you can do in the GUI, you can do from the command line, too.