?How to protect your Linux DNS server’s Zone Transfers, BIND and use DNSSEC extensions :Types of threats to a DNS server:Zone file compromiseZone information leakageCompromised dynamic updatesDNS client flooding (DoS)Cache poisoning-Best method to defend is by using ACL and limiting zone transfers b/w DNS servers.
-Updating to the latest version of BIND-BIND versions 8.2.2 and before have vulnerabilities.-BIND must not be run as root user rather it should it should be limited with least access.
-Name servers must be separated where necessary- One for querying and another for answering queries.-Recursive queries must be avoided.Use of DNSSEC extensions: -It is a security feature which has been introduced to defend against latest vulnerabilities in the system.-It can be considered as a set os specifications for securing information.-Using DNSSEC it can be guaranteed that users are connecting to proper websites linking to a particular domain.-It gives a validation path for the information. Purpose of SSH (Secure Shell):-Secure shell is a network protocol which basically means a set of rules a set of guidelines that tells your computer how to send data for one place to the other.-Basically when you’re sending data over something like telnet or FTP you’re sending it entirely unencrypted so if you type in a password on one end it goes plain text over the internet over your local network wherever you’re sending it to the server.-Someone in the middle can possibly see it can possibly take your password and then use it later.-Using something like SSH the chance of something like that happening is much much lower.-Just like telnet and FTP SSH can be used for transmitting data for transmitting commands from one place to another and for transmitting files it can be used anywhere in the world from one computer to another from different platforms to different platforms.-It’s entirely possible to take an application running on one of your Linux machines and through SSH pipe the data from that into another machine anywhere else in the world so you can see the application running on one computer somewhere else entirely.Linux SSH configuration files :-/etc/ssh/ssh_config ?-By configuring files for SSH shortcuts can be created for frequently accessed servers.-It also provides many advanced options.-X11 forwarding and SSH agent forwarding can be enabled using SSH configuration files.config file format:-Lines starting with # are commented out.-Keywords begin lines.-Options must be separated with =.Some common configuration options are:-Compression-Level, Connect-Timeout, Ciphers?, Control-PathSSH encryption keys:-OpenSSL can be used to encrypt information and transfer them over insecure connections, provided that the user has the public SSH key of the end user.-Using public SSH key ?can be secure and convenient.-Private Keys must be encrypted when SSh based authentication is being used.-This will secure your information even if someone has access to the keys as they are encrypted.-SSH Keygen utility can be used to encrypt private keys.Security differences between SSH 1 and SSH 2:-Both differ in use of algorithms .-Encryption algorithms supported by SSH1:DES3DES, IDEA?Blowfish -Encryption algorithms supported by SSH2 :3DES?Blowfish ?-Authentication algorithm used by SSH1 : RSA authentication Algorithm–Authentication algorithm used by SSH2: Digital Signature Algorithm -SSH2 provides better functionalities compared to SSH1 like SFTP.-SSH2 has continuous support from the development community whereas SSH1 does not.-SSH1 has had many vulnerabilities.?