You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
152 lines
5.6 KiB
152 lines
5.6 KiB
= Docs on SwarmLab.io !
|
|
Apostolos rootApostolos@swarmlab.io
|
|
// Metadata:
|
|
:description: SwarmLab Labs
|
|
:keywords: iot, swarm, Linux, OS, Sec
|
|
:data-uri:
|
|
:toc: right
|
|
:toc-title: Πίνακας περιεχομένων
|
|
:toclevels: 4
|
|
:source-highlighter: highlight
|
|
:icons: font
|
|
:sectnums:
|
|
|
|
|
|
|
|
{empty} +
|
|
|
|
|
|
.Lab docs
|
|
****
|
|
*Internet of Things*. Is as a networked interconnection of devices in everyday use that are often equippedwith ubiquitous mechanism.
|
|
|
|
*Security*. Is a set of mechanisms to protect sensitive data from vulnerable attacks and to guaranteeconfidentiality, integrity and authenticity of data.
|
|
****
|
|
|
|
:hardbreaks:
|
|
|
|
{empty} +
|
|
{empty}
|
|
|
|
:!hardbreaks:
|
|
|
|
|
|
|
|
== Prepare your development and test environment
|
|
|
|
=== http://docs.swarmlab.io/SwarmLab-HowTos/labs/Howtos/docker/install.adoc.html[Install docker^]
|
|
|
|
[TIP]
|
|
====
|
|
*Docker* is a set of platform as a service (PaaS) products that use OS-level virtualization to deliver software in packages called containers.
|
|
|
|
Containers are isolated from one another and bundle their own software, libraries and configuration files; they can communicate with each other through well-defined channels
|
|
====
|
|
|
|
|
|
:hardbreaks:
|
|
|
|
{empty} +
|
|
{empty} +
|
|
{empty}
|
|
|
|
:!hardbreaks:
|
|
|
|
|
|
== Internet of things (IoT)
|
|
|
|
|
|
=== http://docs.swarmlab.io/SwarmLab-HowTos/labs/IoT/Intro-IoT.adoc.html[Intro IoT^]
|
|
|
|
TIP: How It Works, Apps, Swarm: The Five Principles of Swarm Intelligence
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
:hardbreaks:
|
|
|
|
{empty} +
|
|
{empty} +
|
|
{empty}
|
|
|
|
:!hardbreaks:
|
|
|
|
|
|
|
|
|
|
|
|
== Security
|
|
|
|
[INFO]
|
|
====
|
|
|
|
*Security* is defined as a set of mechanisms to protect sensitive data from vulnerable attacks and to guaranteeconfidentiality, integrity and authenticity of data.
|
|
|
|
*Network security,* in a cloud environment *(IaaS, PaaS, and SaaS) OR Cloud of Things* consists of the security of the underlying *physical environment* and the *logical security* controls that are inherent in the service or available to be consumed as a service.
|
|
|
|
- Physical environment security ensures access to the cloud service is adequately distributed, monitored, and protected by underlying physical resources.
|
|
|
|
- Logical network security controls consists of link, protocol, and application layer services.
|
|
|
|
In a *cloud environment*, a major part of network security is likely to be provided by virtual security devices and services, alongside traditional physical network devices.
|
|
|
|
Typically, the inspection and control of network traffic do not pass through physical interfaces where classical control devices can analyze or block them.
|
|
|
|
This is the reason why effective controls require the integration with the software layer - _network security architecture, security gateways (firewalls, WAF, SOA/API), Security Products (IDS/IPS, Sub Tier Firewall, Security Monitoring and Reporting, Denial of Service (DoS) protection/mitigation, and secure “base services” like DNSSEC and NTP_.
|
|
====
|
|
|
|
|
|
=== http://docs.swarmlab.io/SwarmLab-HowTos/labs/sec/ex-1_iptables.adoc.html[Scan and network statistics^]
|
|
|
|
TIP: This tutorial demonstrates some common *nmap* port scanning scenarios and explains the output.
|
|
|
|
=== http://docs.swarmlab.io/SwarmLab-HowTos/labs/sec/ex-2_iptables.adoc.html[Network analysis^]
|
|
|
|
TIP: *tcpdump* is a common packet analyzer that runs under the command line. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. Distributed under the BSD license, tcpdump is free software.
|
|
|
|
|
|
=== http://docs.swarmlab.io/SwarmLab-HowTos/labs/sec/ex-3_iptables.adoc.html[Network Filter^]
|
|
|
|
[TIP]
|
|
====
|
|
Netfilter offers various functions and operations for *packet filtering*, *network address* translation, and *port translation*, which provide the functionality required for *directing packets* through a network and *prohibiting packets* from reaching sensitive locations within a network.
|
|
|
|
*iptables* is a command line utility for configuring Linux kernel firewall implemented within the Netfilter project. The term ''iptables'' is also commonly used to refer to this kernel-level firewall. It can be configured directly with iptables, or by using one of the many
|
|
|
|
====
|
|
|
|
|
|
==== http://docs.swarmlab.io/SwarmLab-HowTos/labs/sec/ex-3a_iptables-flow-chart.adoc.html[Traversing of tables and chains^]
|
|
|
|
[TIP]
|
|
====
|
|
|
|
When a packet first enters the firewall, it hits the hardware and then gets passed on to the proper device driver in the kernel.
|
|
|
|
Then the packet starts to *go through a series of steps in the kernel*, before it is either *sent to the correct application* (locally), or *forwarded to another host* - or whatever happens to i
|
|
|
|
====
|
|
|
|
=== http://docs.swarmlab.io/SwarmLab-HowTos/labs/sec/ex-4_iptables.adoc.html[Iptables with shorewall! - Three-Interface Firewall^]
|
|
|
|
[TIP]
|
|
====
|
|
*Shorewall* is an open source firewall tool for Linux that builds *upon the Netfilter (iptables/ipchains)* system built into the Linux kernel, making it easier to manage more *complex configuration schemes* by providing a higher level of abstraction for describing rules using text files.
|
|
====
|
|
|
|
=== http://docs.swarmlab.io/SwarmLab-HowTos/labs/sec/ex-5_iptables.adoc.html[virtual private network (VPN)^]
|
|
|
|
[TIP]
|
|
====
|
|
A *virtual private network (VPN)* extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were *directly connected to the private network*.
|
|
====
|
|
|
|
=== http://docs.swarmlab.io/SwarmLab-HowTos/labs/sec/ex-6_iptables.adoc.html[SSH Tunneling^]
|
|
|
|
[TIP]
|
|
====
|
|
*SSH Tunneling,* is the ability to use ssh to *create a bi-directional encrypted network connection* between machines over which data can be exchanged, typically TCP/IP.
|
|
====
|
|
|