Security - Datamatiker 4. semester

---

Project maintained by DatSecDK Hosted on GitHub Pages — Theme by mattgraham

← Back

Week-01 Introduction and OWASP (A10)

The plan for this week is to get an overview of the course, and delve into the first topic. Every third week (more or less) we will have both Wednesday and Friday. Typically Fridays will be workshop days.

What to Read

Please open and skim:

OWASP Top 10 - 2017 The Ten Most Critical Web Application Security Risks PDF

Slides: 01-OWASP, A10, and Firewalls.pdf

Learning Goals

After this week you will be able to:

• Explain the difference between prevention, detection and recovery for systems you develop.
• Set up a firewall on ubuntu and examine the log files.
• Set up a remote logging server, and use that to register logins to an ubuntu server.

Exercises

An important thing to prevent attacks is to have a firewall in place. However, a firewall also allow us to see if our system is under attack by logging those attacks.

Ubuntu comes with a build in firewall called ufw (uncomplicated firewall).

• Create an Ubuntu droplet on digital ocean
• Enable the firewall (instructions are here). WARNING: make sure to allow SSH before starting the firewall 😀
• Enable logging for the firewall (this answer gives the commands)
• Find the log, and find out (this might be helpful - look at the end)
  • From which IP addresses do you get visitors
  • What ports do your visitors attempt to use
  • Where are those IP addresses located (https://www.ip-tracker.org) or

    apt-get update
    apt-get install geoip-bin
    geoiplookup cphbusiness.dk
    

    or just

    curl ipinfo.io/23.66.166.151
    

  • What services are behind those ports
• Let it run until next Wednesday and bring your answers to class. This magic linux script will tell which ports were examined, the next from which address:

  grep -Po '(?<=DPT=)[^ ]*' /var/log/ufw.log | sort | uniq -c
  grep -Po '(?<=SRC=)[^ ]*' /var/log/ufw.log | sort | uniq -c
  

Useful links:

• Regular expressions
• Bash Cheat Sheet

Exam questions

OWASP Rating Methodology

• Explain the two sets of Factors - Threat Agents and Vulnerability
• Give some examples of how you can change those parameters - for example for MySQL servers
• Explain how security risks are rated in OWASP
• Argue wether OWASP gives the complete picture of security risks on an application

Logging and monitoring

• Explain the difference between prevention, detection and recovery for systems you develop.
• Discuss how a firewall can produce log files.
• Explain how to set up a remote logging server, and use that to register logins to an ubuntu server.
• Explain how to use a cloud-based logging service to enable anomaly detection.