<!– @page { size: 8.5in 11in; margin: 0.79in } P { margin-bottom: 0.08in } –>
How to use IPSEC to filter packets ?
Internet Protocol security (IPSec) can be used to filter packets coming/going to the server. This can be done easily using Netsh IPSec tools.
Here first we need to add a ‘filterlist‘ which contains a group of ‘filter’s. Each ‘filter’ is associated with some ‘filteraction‘ like permit or block.
A “policy” is the IPSec policy under which the rule is being applied and a “rule” is the one which links a policy to a filterlist and a filteraction. So as a result the rule make the action specified in the filteraction apply to the filters present in the filterlist.
Suppose I want to block all connection from IP 192.168.192.100. I will go like this.
1. Launch the command prompt (Start >> run >> cmd)
2. Add the filterlist.
C:\Documents and Settings\Administrator> netsh ipsec static add filterlist name=myfilterlist
3. Add filteraction
C:\Documents and Settings\Administrator> netsh ipsec static add filteraction name=myaction action=block
4. Add filter
C:\Documents and Settings\Administrator> netsh ipsec static add filter filterlist=myfilterlist srcaddr=192.168.192.100 dstaddr=Me
5. Add policy
C:\Documents and Settings\Administrator> netsh ipsec static add policy name=mypolicy assign=yes
6. Add rule
C:\Documents and Settings\Administrator> netsh ipsec static add rule name=myrule policy=mypolicy filterlist=myfilterlist filteraction=myaction
Now all the connections from/to IP 192.168.192.100 is blocked.
Alternatively we can configure all these using graphical interface. For that login to the server and open local security management console ( start >> run >> secpol.msc).
Categories: Windows
Tagged: block IP, filter, filteracion, filterlist, firewall, ipsec netsh, policy, Windows
How to check user passwords against a dictionary attack?
You can be configured to verify that passwords (read as weak password) cannot be guessed easily using Linux PAM module called pam_cracklib.so. It will check the password against dictionary words. User is not allowed to set new password until and unless conditions satisfied (i.e. weak password is not allowed).
Open password configuration file according to your Linux distribution. And make modification as follows.
For Redhat/Fedora/CentOS Linux, cracklib PAM module is installed by default so no need to install anything. Just open config file:
# vi /etc/pam.d/system-auth
Append/modify as follows:
password required /lib/security/pam_cracklib.so retry=2 minlen=10 difok=6
For Debian or Ubuntu Linux, First install libpam-cracklib PAM module to enable cracklib support.
# apt-get install libpam-cracklib
or
$install libpam-cracklib
Now open config file:
# vi /etc/pam.d/system-auth
Append/modify as follows:
password required pam_cracklib.so retry=2 minlen=10 difok=6
Save and close the file
Where,
* retry=2 : Prompt user at most 2 times before returning with error
* minlen=10 : minimum length allowed for an account password is set to 10 characters. This is the minimum simplicity count for a good password. And you are allowed only 2 times using retry option.
* difok=6: How many characters can be the same in the new password relative to the old. User will see error – BAD PASSWORD: is too similar to the old one
* You can also apply following options to compute the ‘unsimplicity’ of the password.
o dcredit=N : Digits characters
o ucredit=N : Upper characters
o lcredit=N : Lower characters
o ocredit=N : Other characters
Please note that restrictions are only applied to normal users (not to root user).
For further reading : -
http://www.cyberciti.biz/tips/l
http://www.debianhelp.org/node/2708
Categories: Linux tutorials · Plesk · cPanel
