Configuring a Service with Host Based Security Restrictions

Hands-On Lab

 

Photo of Terrence Cox

Terrence Cox

Senior Vice President of Content

Length

01:00:00

Difficulty

Intermediate

Outside of using a Firewall, it is important to understsand that there are other methods of configuring a service with host based security restrictions. Using the hosts.allow and deny files, we will explore how TCP Wrappers works to secure our systems.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

You are being asked to secure the SSH service on the server instance you have been provided access to. As your company precludes the use of firewalls (because of the complexity of tracking and managing firewall rules on a number of systems) on internal systems inside your trusted zone, you will need to use another method to secure the SSH service.

The objective is to ALLOW connections externally (to the name or public IP address of the SERVER) but to DENY connections from the CLIENT over the private IP address, so that entire network should be excluded. For auditing purposes, your security team wants any denial to be logged for future reporting, please add that configuration to the appropriate location.

Once you have the appropriate configuration in place in the correct hosts files, reload the SSH configuration and verify the changes behave as expected. Once verified, you can turn your system over to the development team.