Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
8 views18 pages

Unit 5

This document covers essential topics in network configuration, including types of networks (LAN, WAN, MAN), network topologies, common network devices, and IP addressing (IPv4 vs. IPv6). It also discusses SSH for secure connectivity and SELinux for enhanced security through mandatory access control. Key concepts such as subnetting, private and public IPs, and SSH configuration are highlighted throughout the document.

Uploaded by

Bhagwan Tidke
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
8 views18 pages

Unit 5

This document covers essential topics in network configuration, including types of networks (LAN, WAN, MAN), network topologies, common network devices, and IP addressing (IPv4 vs. IPv6). It also discusses SSH for secure connectivity and SELinux for enhanced security through mandatory access control. Key concepts such as subnetting, private and public IPs, and SSH configuration are highlighted throughout the document.

Uploaded by

Bhagwan Tidke
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 18

UNIT 5

NETWORK
CONFIGURATION
2

AGENDA
Network Interfaces and Configurations
IP Addressing and Routing
DNS Configuration
Configuring Firewall
Basic network types
1. LAN (LOCAL AREA NETWORK),
2. WAN (WIDE AREA NETWORK),
3. MAN (METROPOLITAN AREA
NETWORK)
Network Topologies

STAR,
BUS,
RING,
MESH:
HYBRID TOPOLOGIES:

(E.G., STAR-BUS HYBRID).


Common Network Devices

ROUTERS,
SWITCHES,
HUBS,
MODEMS, AND
ACCESS
POINTS.
IP Addressing
IPV4 VS. IPV6 :
IPV4 (INTERNET PROTOCOL VERSION 4) AND
IPV6 (INTERNET PROTOCOL VERSION 6) ARE
PROTOCOLS USED FOR ADDRESSING AND
ROUTING DATA ACROSS NETWORKS.
THEY DIFFER SIGNIFICANTLY IN TERMS OF
STRUCTURE, CAPACITY, AND FEATURES.
IP Addressing
•IPV4: Address Length: 32 bits.
Address Format: Written in dotted decimal notation, consisting of four
decimal numbers separated by periods (e.g., 192.168.1.1).
IPV4 PROVIDES APPROXIMATELY 4.3 BILLION UNIQUE
ADDRESSES (2^32 ADDRESSES).
IPv4 supports several address classes (A, B, C, etc.) for different types of
networks (private, public).
Private IP Ranges: IPv4 uses reserved private IP address ranges for internal
networks (e.g., 10.0.0.0 - 10.255.255.255, 192.168.0.0 - 192.168.255.255).
IP Addressing
•IPv6:Address Length: 128 bits.
Address Format: Written in hexadecimal notation, consisting of eight groups of four
hexadecimal digits separated by colons (e.g., 2001:0db8:85a3:0000:0000:8a2e:0370:7334).
Each group represents 16 bits (two bytes), making up the full 128-bit address.
Leading zeros in a group can be omitted, and consecutive zeros can be replaced with "::"
(only once) for simplification.
IPv6 provides an enormous address space of 340 undecillion (3.4 × 10^38) addresses
(2^128 addresses).
IPv6 uses simpler routing mechanisms. It doesn't need NAT (Network Address Translation)
as IPv6 addresses are abundant.
IPv6 uses simpler routing mechanisms. It doesn't need NAT (Network Address Translation)
as IPv6 addresses are abundant.
Implements Auto Configuration (Stateless Address Autoconfiguration), allowing devices
to automatically generate their own IP addresses without needing a DHCP server.
IP Address Types
•Private IPs (Class A, B, C) &
Public IPs.

•Subnetting: to divide networks


using subnet masks
(255.255.255.0): A subnet mask is a 32-bit
value, often written in dotted decimal notation, like
255.255.255.0. The 1s in the mask represent the
network and subnet portion, while the 0s represent the
host portion.
•Private IPs (Class A, B, C) vs. Public IPs.

•.
Configuring Network
SSH
SECURE SHELL (SSH) IS ONE OF THE MOST UBIQUITOUS
LINUX TOOLS.

IT PROVIDES SECURE CONNECTIVITY AMONG


WORKSTATIONS, SERVERS, MANAGED SWITCHES,
ROUTERS, AND ANY NUMBER OF OTHER DEVICES.

LINUX AND MACOS INCLUDE SSH, AND IT'S EASY TO


ADD TO WINDOWS.
SSH

SSH is a reliable and efficient way to communicate securely over the


internet, and is a vital tool for Linux system administration and
development.
SSH provides remote login, secure file transfer, port forwarding, X11
forwarding, and agent forwarding capabilities.
To use SSH, users must generate a pair of cryptographic keys, one
public and one private.
SSH configuration files can be customized to optimize the SSH
connection and improve security.
SSH supports various authentication methods, such as password
authentication, public key authentication, and multi-factor
authentication.
SSH AND SELINUX

SECURITY ENHANCED LINUX (SELINUX) IMPLEMENTS MANDATORY


ACCESS CONTROL (MAC).
EVERY PROCESS AND SYSTEM RESOURCE HAS A SPECIAL
SECURITY LABEL CALLED AN SELINUX CONTEXT.
A SELINUX CONTEXT, SOMETIMES REFERRED TO AS AN SELINUX
LABEL, IS AN IDENTIFIER WHICH ABSTRACTS AWAY THE
SYSTEM-LEVEL DETAILS AND FOCUSES ON THE SECURITY
PROPERTIES OF THE ENTITY.
SELINUX CONTEXTS HAVE SEVERAL FIELDS: USER, ROLE, TYPE,
AND SECURITY LEVEL. THE SELINUX TYPE INFORMATION IS
PERHAPS THE MOST IMPORTANT WHEN IT COMES TO THE SELINUX
POLICY, AS THE MOST COMMON POLICY RULE WHICH DEFINES THE
ALLOWED INTERACTIONS BETWEEN PROCESSES AND SYSTEM
RESOURCES USES SELINUX TYPES AND NOT THE FULL SELINUX
CONTEXT.
• ALL PROCESSES AND FILES ARE LABELED. SELINUX POLICY RULES DEFINE HOW
PROCESSES INTERACT WITH FILES, AS WELL AS HOW PROCESSES INTERACT WITH EACH
OTHER. ACCESS IS ONLY ALLOWED IF AN SELINUX POLICY RULE EXISTS THAT
SPECIFICALLY ALLOWS IT.
• SELINUX PROVIDES FINE-GRAINED ACCESS CONTROL. STEPPING BEYOND TRADITIONAL
UNIX PERMISSIONS THAT ARE CONTROLLED AT USER DISCRETION AND BASED ON LINUX
USER AND GROUP IDS, SELINUX ACCESS DECISIONS ARE BASED ON ALL AVAILABLE
INFORMATION, SUCH AS AN SELINUX USER, ROLE, TYPE, AND, OPTIONALLY, A SECURITY
LEVEL.
• SELINUX POLICY IS ADMINISTRATIVELY-DEFINED AND ENFORCED SYSTEM-WIDE.
• SELINUX CAN MITIGATE PRIVILEGE ESCALATION ATTACKS. PROCESSES RUN IN DOMAINS,
AND ARE THEREFORE SEPARATED FROM EACH OTHER. SELINUX POLICY RULES DEFINE
HOW PROCESSES ACCESS FILES AND OTHER PROCESSES. IF A PROCESS IS
COMPROMISED, THE ATTACKER ONLY HAS ACCESS TO THE NORMAL FUNCTIONS OF THAT
PROCESS, AND TO FILES THE PROCESS HAS BEEN CONFIGURED TO HAVE ACCESS TO.
FOR EXAMPLE, IF THE APACHE HTTP SERVER IS COMPROMISED, AN ATTACKER CANNOT
USE THAT PROCESS TO READ FILES IN USER HOME DIRECTORIES, UNLESS A SPECIFIC
SELINUX POLICY RULE WAS ADDED OR CONFIGURED TO ALLOW SUCH ACCESS.
• SELINUX CAN ENFORCE DATA CONFIDENTIALITY AND INTEGRITY, AND CAN
PROTECT PROCESSES FROM UNTRUSTED INPUTS.
THANK
YOU

You might also like