14.Linux_CentOS5_iptables_2010_0328.hwp
|
|
- 동주 문
- 7 years ago
- Views:
Transcription
1 Linux_Service_Security Guide Firewall Server l l l l l iptables 기본구조 iptables 정책 iptables 명령어 iptables 간단한실습 iptables 방화벽정책실습 (Firewall Configuration Tools) system-config-securitylevel or system-config-securitylevel-tui or lokkit
2 iptables 기본구조 l 리눅스 2.4 커널버전이상에서사용하는서버방화벽이다. l 리눅스 2.2 커널버전에서는 ipchains 사용하였는데구조와사용하는방법은비슷하다. [ 그림 ] iptables Packet Filtering Process (1) iptables 개요 l iptables 논리적인 3개의사슬 (chains) 으로구성되어있고, 각각 INPUT, OUTPUT, FORWARD 라는이름을가지고있다. l 또한관리자가정의하여새로운사슬도생성할수있다. ( 기본사슬의이름은대문자이다.) iptables -L Chain INPUT (policy ACCEPT) (2) iptables 구성 l INPUT 사슬 : 리눅스박스를향해들어오는패킷들이거치는체인 l FORWARD 사슬 : 리눅스박스를거쳐 OUTPUT 체인을향하는체인 l OUTPUT 사슬 : 리눅스박스를나가는패킷들이들어가는체인
3 iptables 정책 (1) iptables 정책개요 l l iptables의정책 : 패킷통과허가 / 차단 ACCEPT : 패킷을허용하는옵션 REJECT : 패킷을허용하지않는다는메세지를보내면서거부한다. 사슬전체정책설정 (-P) 에서는사용할수없다. DROP : 패킷을완전히무시 [ 그림 ] 패킷허용 / 차단
4 iptables 명령어 l iptables 설정 - 전체사슬에대한설정 ( 대문자옵션사용 : -P, -L 등 ) - 각사슬에대한규칙을설정 ( 소문자옵션사용 : -s, -p 등 ) ( 명령어형식 ) iptables [-t <table-name>] <command><chain-name> <parameter-1><option-1> <parameter-n><option-n> (1) 전체사슬에대한작동 -N -X -P -L -F -Z 옵션 설명 -N, --new-chain chain Create a new user-defined chain by the given name. There must be no target of that name already. 새로운사슬을만든다. -X, --delete-chain [chain] Delete the optional user-defined chain specified. There must be no references to the chain. If there are, you must delete or replace the referring rules before the chain can be deleted. The chain must be empty, i.e. not contain any rules. If no argument is given, it will attempt to delete every non-builtin chain in the table. 비어있는사슬을제거한다. 3개의기본사슬은제거할수없다. -P, --policy chain target Set the policy for the chain to the given target. See the section TARGETS for the legal targets. Only built-in (non-userdefined) chains can have policies, and neither built-in nor user-defined chains can be policy targets. 사슬의정책을설정한다. (EX: ACCEPT, DROP) -L, --list [chain] List all rules in the selected chain. If no chain is selected, all chains are listed. As every other iptables command, it applies to the specified table (filter is the default), so NAT rules get listed by iptables -t nat -n -L Please note that it is often used with the -n option, in order to avoid long reverse DNS lookups. It is legal to specify the -Z (zero) option as well, in which case the chain(s) will be atomically listed and zeroed. The exact output is affected by the other arguments given. The exact rules are suppressed until you use iptables -L -v 현재사슬의규칙을나열한다. -F, --flush [chain] Flush the selected chain (all the chains in the table if none is given). This is equivalent to deleting all the rules one by one. 사슬으로부터규칙을제거한다. -Z, --zero [chain] Zero the packet and byte counters in all chains. It is legal to specify the -L, --list (list) option as well, to see the counters immediately before they are cleared. (See above.) 사슬내의모든규칙들의패킷과바이트의카운트를 0 으로만든다.
5 (2) 사슬내부의규칙에대한작동 옵션 -A -I -R -D 설명 -A, --append chain rule-specification Append one or more rules to the end of the selected chain. When the source and/or destination names resolve to more than one address, a rule will be added for each possible address combination. 사슬에새로운규칙을추가한다. 해당사슬에맨마지막규칙으로등록된다. -I, --insert chain [rulenum] rule-specification Insert one or more rules in the selected chain as the given rule number. So, if the rule number is 1, the rule or rules are inserted at the head of the chain. This is also the default if no rule number is specified. 사슬에규칙을맨첫부분에설정한다. -R, --replace chain rulenum rule-specification Replace a rule in the selected chain. If the source and/or destination names resolve to multiple addresses, the command will fail. Rules are numbered starting at 1. 사슬의규칙을교환한다. -D, --delete chain rule-specification -D, --delete chain rulenum Delete one or more rules from the selected chain. There are two versions of this command: the rule can be specified as a number in the chain (starting at 1 for the first rule) or a rule to match. 사슬의규칙을제거한다. (3) 필터링지정방법 옵션과관련된규칙 ( ㄱ ) -s( 발신지 ), -d( 도착지 ) 사용 -s 옵션 설명 -s, --source [!] address[/mask] Source specification. Address can be either a network name, a hostname (please note that specifying any name to be resolved with a remote query such as DNS is a really bad idea), a network IP address (with /mask), or a plain IP address. The mask can be either a network mask or a plain number, specifying the number of 1 s at the left side of the network mask. Thus, a mask of 24 is equivalent to A "!" argument before the address specification inverts the sense of the address. The flag --src is an alias for this option. -d 출발지아이피 / 네트워크를지정할때사용한다. -d, --destination [!] address[/mask] Destination specification. See the description of the -s (source) flag for a detailed description of the syntax. The flag --dst is an alias for this option. ( 예 1) 도메인으로표시하는방법 -s -d localhost ( 예 2) IP 주소로표시하는방법 -s 목적지아이피 / 네트워크를지정할때사용한다. ( 예 3) 넷마스크값으로표시하는방법 -s /24 -s / iptables -A INPUT -s 0/0 -j DROP 모든 IP 주소 (0/0) 로부터들어오는패킷들을모두 DROP 한다.
6 ( ㄴ ) -j( 점프 ) 사용 -j 옵션 설명 -j, --jump target This specifies the target of the rule; i.e., what to do if the packet matches it. The target can be a user-defined chain (other than the one this rule is in), one of the special builtin targets which decide the fate of the packet immediately, or an extension (see EXTENSIONS below). If this option is omitted in a rule (and -g is not used), then matching the rule will have no effect on the packet s fate, but the counters on the rule will be incremented. 특정한정책을설정한다. iptables -A INPUT -s j DROP 로부터들어오는모든패킷에대해거부한다. ( ㄷ )!(not 의미 ) 사용 Not 의의미로사용한다. iptables -A INPUT -s! localhost -d j ACCEPT localhost 가아닌호스트에서 호스트로가는모든패킷에대해허락한다. ( ㄹ ) -p( 프로토콜 ) 사용 -p 옵션 설명 -p, --protocol [!] protocol The protocol of the rule or of the packet to check. The specified protocol can be one of tcp, udp, icmp, or all, or it can be a numeric value, representing one of these protocols or a different one. A protocol name from /etc/protocols is also allowed. A "!" argument before the protocol inverts the test. The number zero is equivalent to all. Protocol all will match with all protocols and is taken as default when this option is omitted. 프로토콜을설정할때사용한다. 보통 TCP, UDP, ICMP 같은이름들이사용된다. 대소문자를구별하지않는다.!(not) 과도같이사용할수있다. iptables -A INPUT -p tcp -dport 23 -j ACCEPT TCP 프로토콜에대한목적지포트가 23 번 (TELNET) 에대해서모든패킷을허락한다. ( ㅁ ) -i( 인바운드인터페이스 ) 사용 -i 옵션 설명 -i, --in-interface [!] name Name of an interface via which a packet was received (only for packets entering the INPUT, FORWARD and PREROUTING chains). When the "!" argument is used before the interface name, the sense is inverted. If the interface name ends in a "+", then any interface which begins with this name will match. If this option is omitted, any interface name will match. 패킷이들어오는인터페이스를설정할때사용한다. 즉 INPUT, OUTPUT 사슬에서주로사용한다. ( ㅂ ) -o( 아웃바운드인터페이스 ) 사용 -o 옵션 설명 -o, --out-interface [!] name Name of an interface via which a packet is going to be sent (for packets entering the FORWARD, OUTPUT and POSTROUTING chains). When the "!" argument is used before the interface name, the sense is inverted. If the interface name ends in a "+", then any interface which begins with this name will match. If this option is omitted, any interface name will match. 패킷이나가는네트워크장치를지정할때사용한다. 보통 OUTPUT, FORWARD 사슬에서사용된다.
7 ( ㅅ ) -t( 테이블 ) 사용 옵션 설명 -t, --table table This option specifies the packet matching table which the command should operate on. If the kernel is configured with automatic module loading, an attempt will be made to load the appropriate module for that table if it is not already there. The tables are as follows: filter: This is the default table (if no -t option is passed). It contains the built-in chains INPUT (for packets destined to local sockets), FORWARD (for packets being routed through the box), and OUTPUT (for locally-generated packets). -t nat: This table is consulted when a packet that creates a new connection is encountered. It consists of three built-ins: PREROUTING (for altering packets as soon as they come in), OUTPUT (for altering locally-generated packets before routing), and POSTROUTING (for altering packets as they are about to go out). mangle: This table is used for specialized packet alteration. Until kernel it had two built-in chains: PREROUTING (for altering incoming packets before routing) and OUTPUT (for altering locally-generated packets before routing). Since kernel , three other built-in chains are also supported: INPUT (for packets coming into the box itself), FOR- WARD (for altering packets being routed through the box), and POSTROUTING (for altering packets as they are about to go out). table 을선택할때사용한다. filter, nat, mangle 세가지중에선택할수있다. 커널에해당테이블을지원하는코드가들어있어야한다. 모듈자동적재를선택하면그와관련된커널모듈이적재된다. 기본은 filter 이므로 nat 사용하려면 nat 라고지정해야한다. (o) --sport, --dport 사용 옵션 설명 --sport --source-port,--sport [!] port[:port] --dport --destination-port,--dport [!] port[:port]
8 iptables 간단한실습 ( 기본적인사용법 ) iptables -L iptables -F iptables -F INPUT iptables -P INPUT DROP iptables -P INPUT ACCEPT iptables -A INPUT -p tcp --dport 23 -j ACCEPT service iptables save service iptables start service iptables stop service iptables restart service iptables status chkconfig --list iptables chkconfig iptables on [EX1] 기본적인사용법 1 현재 iptables 확인 iptables -L Chain INPUT (policy ACCEPT) 2 INPUT 체인에대한기본정책설정 iptables -P INPUT DROP iptables -L Chain INPUT (policy DROP) 3 INPUT 체인에룰 (Rules) 추가 iptables -A INPUT -p tcp --dport 23 -j ACCEPT iptables -L Chain INPUT (policy DROP) ACCEPT tcp -- anywhere anywhere tcp dpt:telnet service iptables status Table: filter Chain INPUT (policy DROP) num 1 ACCEPT tcp / /0 tcp dpt:23 num num
9 4 /etc/sysconfig/iptable 파일에저장 service iptables save Saving firewall rules to /etc/sysconfig/iptables: [ OK ] cat /etc/sysconfig/iptables Generated by iptables-save v1.3.5 on Tue Mar 30 02:44: *filter :INPUT DROP [2:470] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [6522:278819] -A INPUT -p tcp -m tcp --dport 23 -j ACCEPT COMMIT Completed on Tue Mar 30 02:44: > 이파일에저장이되면부팅시에도이설정이다시올라온다. 5 iptables Flush iptables -F ( iptables -F INPUT) iptables -L Chain INPUT (policy DROP) 6 iptables 현재 start service iptables start Flushing firewall rules: [ OK ] Setting chains to policy ACCEPT: filter [ OK ] Unloading iptables modules: [ OK ] Applying iptables firewall rules: [ OK ] Loading additional iptables modules: ip_conntrack_netbios_n[ OK ]ntrack_ftp -> 서비스가 start 되면설정파일 (/etc/sysconfig/iptables) 을다시읽어메모리상으로로딩한다. iptables -L Chain INPUT (policy DROP) ACCEPT tcp -- anywhere anywhere tcp dpt:telnet 7 iptables 서비스현재 stop service iptables stop Flushing firewall rules: [ OK ] Setting chains to policy ACCEPT: filter [ OK ] Unloading iptables modules: [ OK ] -> /etc/sysconfig/iptables 파일이삭제된것은아니다. -> 따라서부팅이되면서비스가다시올라온다. chkconfig --list grep iptables iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off chkconfig iptables off chkconfig --list grep iptables iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off -> 부팅시에 iptables OFF chkconfig iptables on chkconfig --list grep iptables
10 iptables 방화벽정책실습 방화벽정책을세워보자. l /etc/sysconfig/iptables 파일을사용하지않고따로스크립트 (EX: /root/bin/iptables.sh) 를만들어서사용하였다. l iptables 설정은 ( ㄱ ) 네트워크방화벽 ( 예 : 라우터 ) 쪽에서설정할수있거나 ( ㄴ ) 서버방화벽쪽에서설정할수있거나 ( ㄷ ) 일반 PC에서설정할수있다. l 이문서에서는서버방화벽형태의룰 (rules) 에대한부분만을다룬다. Master => XX (NAT) => XX (Bridged) Client X => X (Bridged) Client X => X (Bridged) Window => XX [ 그림 ] 실습구성도 서버엔지니어가관리하는서버가존재한다고본다면, 그서버는여러가지접근제어서비스 (Access Control Service) 를받는경우가많다. 예를들어이런서비스는방화벽, IPS( 침입차단시스템 ), IDS( 침입탐지시스템 ), 스크리닝라우터, 라우터의 ACL 등이다. 하지만이런서비스는외부에서내부를보호하기위한목적으로주로사용하고있다. 내부에있는서버가다른내부의서버에대한접근제어에는취약한점이많다. 이런경우내부의악의적인사용자들에게서버들이노출되기때문에위험하다. 이런경우서버방화벽을켜고사용하게되면악의적인내부사용자들을쉽게방어할수있게된다. 특정한서버와만통신할수있도록설정하는것이다.
11 서버방화벽구성 (Server Firewall Configuration) 실습준비 모든서비스차단 telnet 서비스허용 rlogin 서비스허용 SSH 서비스허용 ICMP 서비스허용 WEB 서비스허용 NFS 서비스허용 NTP 서비스허용 DNS 서비스허용 FTP 서비스허용 MAIL, POP3, IMAP 서비스허용 ( 가정 ) 다음사항을가정한다. l CentOS 5.4 환경에서테스트한다. l 모든서버에최신의패치가적용되어있는것으로가정한다. [EX1] 실습준비 l l 방화벽서버와통신가능확인모든서버에 nmap(port Scanning) 프로그램설치 ( X) Client (linux5x) l 서버가통신가능한상태인지 ping 명령어를통해확인 l 대표적인서비스몇가지, telnet, ftp, 서비스가서버와통신이가능한지확인한다. 1 서버와통신가능확인 (ping) ping -c XX PING XX ( XX) 56(84) bytes of data. 64 bytes from XX: icmp_seq=1 ttl=64 time=0.916 ms 64 bytes from XX: icmp_seq=2 ttl=64 time=0.682 ms XX ping statistics packets transmitted, 2 received, 0% packet loss, time 1533ms rtt min/avg/max/mdev = 0.682/0.799/0.916/0.117 ms 2 서버와통신가능확인 (telnet) telnet XX Trying XX... Connected to XX ( XX). Escape character is '^]'. linux2xx (Linux release el5 1 SMP Wed Mar 17 11:37:14 EDT 2010) (3) login: root Password: Last login: Tue Mar 30 02:24:00 from localhost You have new mail. <CTRL + D>
12 3 서버와통신가능확인 (ftp) ftp XX Connected to XX. 220 (vsftpd 2.0.5) 530 Please login with USER and PASS. 530 Please login with USER and PASS. KERBEROS_V4 rejected as an authentication type Name ( XX:root): root 331 Please specify the password. Password: (root 사용자암호입력 ) 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> quit 221 Goodbye. 4 서버의열린포트확인 nmap -st XX Starting Nmap 4.11 ( ) at :35 KST Interesting ports on XX: Not shown: 1665 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 25/tcp open smtp 53/tcp open domain 80/tcp open http 110/tcp open pop3 111/tcp open rpcbind 143/tcp open imap 443/tcp open https 857/tcp open unknown 873/tcp open rsync 901/tcp open samba-swat 993/tcp open imaps 995/tcp open pop3s MAC Address: 00:0C:29:9B:6E:76 (VMware) Nmap finished: 1 IP address (1 host up) scanned in seconds [ 참고 ] 포트번호의정의 (IANA) /etc/services [EX2] 모든서비스차단 ( XX) Firewall Server (linux2xx) mkdir /root/bin vi /root/bin/iptables.sh!/bin/bash iptables -F (1) Local ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT (2) Policy (3) All DROP iptables -P INPUT DROP l Statefull Tracking Using stateful rules reduces rule set complexity and increses security
13 chmod 755 /root/bin/iptables.sh /root/bin/iptables.sh iptables -L Chain INPUT (policy DROP) ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ( X) Client (linux5x) time ping -c XX PING XX ( XX) 56(84) bytes of data XX ping statistics packets transmitted, 0 received, 100% packet loss, time 0ms real user sys 0m10.044s 0m0.005s 0m0.032s time nmap -st XX Starting Nmap 4.11 ( ) at :51 KST All 1680 scanned ports on XX are filtered MAC Address: 00:0C:29:9B:6E:76 (VMware) Nmap finished: 1 IP address (1 host up) scanned in seconds real user sys 1m2.865s 0m0.182s 0m3.634s
14 [EX3] telnet 서비스제어 ( XX) Firewall Server (linux2xx) l telnet 서비스를 open 하기위한설정을한다. l tenlet 서비스용서버용포트는 23 번를사용하고있다. vi /root/bin/iptables.sh!/bin/ksh iptables -F (1) Local ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT (2) Policy iptables -A INPUT -m state --state NEW -m tcp -p tcp -s X -d XX --dport 23 -j ACCEPT (3) All DROP iptables -P INPUT DROP
15 /root/bin/iptables.sh service iptables status Table: filter Chain INPUT (policy DROP) num 1 ACCEPT all / /0 2 ACCEPT all / /0 state RELATED,ESTABLISHED 3 ACCEPT tcp X XX state NEW tcp dpt:23 num num ( X) Client (linux5x) telnet XX Trying XX... Connected to XX ( XX). Escape character is '^]'. linux2xx (Linux release el5 1 SMP Wed Mar 17 11:37:14 EDT 2010) (3) login: root Password: (root 사용자의암호입력 ) Last login: Tue Mar 30 03:30:11 from X You have new mail. exit nmap -st XX Starting Nmap 4.11 ( ) at :12 KST Interesting ports on XX: Not shown: 1679 filtered ports PORT STATE SERVICE 23/tcp open telnet MAC Address: 00:0C:29:9B:6E:76 (VMware) Nmap finished: 1 IP address (1 host up) scanned in seconds => 다른호스트쪽에서 telnet 서비스를 XX 서버쪽으로테스트해본다.
16 [EX4] SSH 서비스제어 l /16 네트워크에서 ssh 명령어접속을할수있도록설정한다. l ssh 서비스는데이터를전송할때암호화하므로서버와같은네트워크를사용하고있는경우모두에게서비스가가능하도록설정한다. ( XX) Firewall Server (linux2xx) vi /root/bin/iptables.sh!/bin/ksh iptables -F (1) Local ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT (2) Policy iptables -A INPUT -m state --state NEW -m tcp -p tcp -s X -d XX --dport 23 -j ACCEPT iptables -A INPUT -m state --state NEW -m tcp -p tcp -s /16 -d XX --dport 22 -j ACCEPT (3) All DROP iptables -P INPUT DROP
17 /root/bin/iptables.sh service iptables status Table: filter Chain INPUT (policy DROP) num 1 ACCEPT all / /0 2 ACCEPT all / /0 state RELATED,ESTABLISHED 3 ACCEPT tcp X XX state NEW tcp dpt:23 4 ACCEPT tcp / XX state NEW tcp dpt:22 num num ( X) Client (linux5x) ssh XX root@ xx's password: Last login: Tue Mar 30 04:11: from X exit nmap -st XX Starting Nmap 4.11 ( ) at :32 KST Interesting ports on XX: Not shown: 1678 filtered ports PORT STATE SERVICE 22/tcp open ssh 23/tcp open telnet MAC Address: 00:0C:29:9B:6E:76 (VMware) Nmap finished: 1 IP address (1 host up) scanned in seconds => 다른호스트에서 ssh 서비스에대해서테스트해본다.
18 [EX5] ICMP 서비스허용 / 차단 ( XX) Firewall Server (linux2xx) vi /root/bin/iptables.sh!/bin/ksh iptables -F (1) Local ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT (2) Policy iptables -A INPUT -m state --state NEW -m tcp -p tcp -s X -d XX --dport 23 -j ACCEPT iptables -A INPUT -m state --state NEW -m tcp -p tcp -s /16 -d XX --dport 22 -j ACCEPT iptables -A INPUT -p icmp --icmp-type echo-request -s XX -d 0/0 -j ACCEPT iptables -A INPUT -p icmp --icmp-type echo-reply -s 0/0 -d XX -j ACCEPT (3) All DROP iptables -P INPUT DROP
19 /root/bin/iptables.sh service iptables status Table: filter Chain INPUT (policy DROP) num 1 ACCEPT all / /0 2 ACCEPT all / /0 state RELATED,ESTABLISHED 3 ACCEPT tcp X XX state NEW tcp dpt:23 4 ACCEPT tcp / XX state NEW tcp dpt:22 5 ACCEPT icmp XX /0 icmp type 8 6 ACCEPT icmp / XX icmp type 0 num num ICMP type Number echo-reply (ping) 0 destination-unreachable 3 network-unreachable host-unreachable protocol-unreachable port-unreachable fragmentation-needed network-unknown host-unknown network-prohibited source-quench 4 redirect 5 echo-request (ping) 8 time-exceeded (ttl-exceeded) 10 parameter-problem 11 ping -c X PING X ( X) 56(84) bytes of data. 64 bytes from X: icmp_seq=1 ttl=64 time=1.12 ms 64 bytes from X: icmp_seq=2 ttl=64 time=1.03 ms X ping statistics packets transmitted, 2 received, 0% packet loss, time 1523ms rtt min/avg/max/mdev = 1.030/1.077/1.125/0.057 ms ( X) Client (linux5x) ping -c XX PING XX ( XX) 56(84) bytes of data XX ping statistics packets transmitted, 0 received, 100% packet loss, time 0ms
20 [EX6] WEB 서비스허용 ( XX) Firewall Server (linux2xx) vi /root/bin/iptables.sh... ( 중략 )... (2) Policy iptables -A INPUT -m state --state NEW -m tcp -p tcp -s X -d XX --dport 23 -j ACCEPT iptables -A INPUT -m state --state NEW -m tcp -p tcp -s /16 -d XX --dport 22 -j ACCEPT iptables -A INPUT -p icmp --icmp-type echo-request -s XX -d 0/0 -j ACCEPT iptables -A INPUT -p icmp --icmp-type echo-reply -s 0/0 -d XX -j ACCEPT iptables -A INPUT -m state --state NEW -m tcp -p tcp -s 0/0 -d XX --dport 80 -j ACCEPT... ( 중략 )... /root/bin/iptables.sh service iptables status Table: filter Chain INPUT (policy DROP) num 1 ACCEPT all / /0 2 ACCEPT all / /0 state RELATED,ESTABLISHED 3 ACCEPT tcp X XX state NEW tcp dpt:23 4 ACCEPT tcp / XX state NEW tcp dpt:22 5 ACCEPT icmp XX /0 icmp type 8 6 ACCEPT icmp / XX icmp type 0 7 ACCEPT tcp / XX state NEW tcp dpt:80 num num
21 vi /etc/httpd/conf/httpd.conf... ( 중략 )... NameVirtualHost XX:80 <VirtualHost XX:80> ServerAdmin root@example.com DocumentRoot /www1 ServerName <Directory /www1> Options indexes includes AllowOverride Authconfig </Directory> </VirtualHost> cd /www1 vi index.html <H1><CENTER> Kickstart </CENTER></H1> service httpd restart Stopping httpd: [ OK ] Starting httpd: [ OK ] ( X) Client (linux5x) lynx --> iptables -A INPUT -m state --state NEW -m tcp -p tcp -s 0/0 -d XX --dport 53 -j ACCEPT nmap -st XX => 모든클라이언트에서점검한다. index.html 파일이보여야정상이다.
22 [EX8] NFS 서비스허용 ( XX) Firewall Server (linux2xx) vi /root/bin/iptables.sh... ( 중략 )... (2) Policy iptables -A INPUT -m state --state NEW -m tcp -p tcp -s X -d XX --dport 23 -j ACCEPT iptables -A INPUT -m state --state NEW -m tcp -p tcp -s /16 -d XX --dport 22 -j ACCEPT iptables -A INPUT -p icmp --icmp-type echo-request -s XX -d 0/0 -j ACCEPT iptables -A INPUT -p icmp --icmp-type echo-reply -s 0/0 -d XX -j ACCEPT iptables -A INPUT -m state --state NEW -m tcp -p tcp -s 0/0 -d XX --dport 80 -j ACCEPT iptables -A INPUT -m state --state NEW -m tcp -p tcp -s X -d XX --dport j ACCEPT iptables -A INPUT -m state --state NEW -m tcp -p tcp -s X -d XX --dport 111 -j ACCEPT iptables -A INPUT -m state --state NEW -m udp -p udp -s X -d XX --dport 111 -j ACCEPT... ( 중략 )... /root/bin/iptables.sh service iptables status Table: filter Chain INPUT (policy DROP) num 1 ACCEPT all / /0 2 ACCEPT all / /0 state RELATED,ESTABLISHED 3 ACCEPT tcp X XX state NEW tcp dpt:23 4 ACCEPT tcp / XX state NEW tcp dpt:22 5 ACCEPT icmp XX /0 icmp type 8 6 ACCEPT icmp / XX icmp type 0
23 7 ACCEPT tcp / XX state NEW tcp dpt:80 8 ACCEPT tcp X XX state NEW tcp dpt: ACCEPT tcp X XX state NEW tcp dpt: ACCEPT udp X XX state NEW udp dpt:111 num num vi /etc/exports... ( 중략 )... /export/centos *(ro,no_root_squash) service nfs restart Shutting down NFS mountd: [ OK ] Shutting down NFS daemon: [ OK ] Shutting down NFS quotas: [ OK ] Shutting down NFS services: [ OK ] Starting NFS services: [ OK ] Starting NFS quotas: [ OK ] Starting NFS daemon: [ OK ] Starting NFS mountd: [ OK ] exportfs -v /export/centos <world>(ro,wdelay,no_root_squash,no_subtree_check,anonuid=65534,anongid=65534) ( X) Client (linux5x) nmap -st XX nmap -su XX -> 포트번호를검색한다. (NFS 참고 ) NFSv4 (MAIL/POP3/IMAP4) iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT (DNS) iptables -A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT (FTP) iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
24 [ 참고 ] system-config-securitylevel 툴을통해설정한내용 ( 선택할수있는모든서비스허용 ) Chain INPUT (policy ACCEPT) RH-Firewall-1-INPUT all -- anywhere anywhere RH-Firewall-1-INPUT all -- anywhere anywhere Chain RH-Firewall-1-INPUT (2 references) ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere udp dpt:mdns ACCEPT udp -- anywhere anywhere udp dpt:ipp ACCEPT tcp -- anywhere anywhere tcp dpt:ipp ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nfs ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-ns ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-dgm ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ssn ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:microsoft-ds ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:telnet ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain REJECT all -- anywhere anywhere reject-with icmp-host-prohibited [ 참고 ] iptables-save > telnet.txt iptables-restore < telnet.txt
본문서는 초급자들을 대상으로 최대한 쉽게 작성하였습니다. 본문서에서는 설치방법만 기술했으며 자세한 설정방법은 검색을 통하시기 바랍니다. 1. 설치개요 워드프레스는 블로그 형태의 홈페이지를 빠르게 만들수 있게 해 주는 프로그램입니다. 다양한 기능을 하는 플러그인과 디자인
스마일서브 CLOUD_Virtual 워드프레스 설치 (WORDPRESS INSTALL) 스마일서브 가상화사업본부 Update. 2012. 09. 04. 본문서는 초급자들을 대상으로 최대한 쉽게 작성하였습니다. 본문서에서는 설치방법만 기술했으며 자세한 설정방법은 검색을 통하시기 바랍니다. 1. 설치개요 워드프레스는 블로그 형태의 홈페이지를 빠르게 만들수 있게
More information방화벽 설정 - iptables
2018/01/20 14:27 1/13 방화벽 - iptables 방화벽 - iptables 서버구축을할때 iptables 를꺼놓고하는경우가있다. 딱보면방화벽규칙을작성하는게만만치않이기도하고홈서버의경우대부분공유기를사용하고있으니공유기가방화벽역할을어느정도라고믿기때문이다. iptables 란넷필터프로젝트에서개발했으며광범위한프로토콜상태추적, 패킷애플리케이션계속도제한,
More informationUDP Flooding Attack 공격과 방어
황 교 국 (fullc0de@gmail.com) SK Infosec Co., Inc MSS Biz. Security Center Table of Contents 1. 소개...3 2. 공격 관련 Protocols Overview...3 2.1. UDP Protocol...3 2.2. ICMP Protocol...4 3. UDP Flood Test Environment...5
More informationNetwork seminar.key
Intro to Network .. 2 4 ( ) ( ). ?!? ~! This is ~ ( ) /,,,???? TCP/IP Application Layer Transfer Layer Internet Layer Data Link Layer Physical Layer OSI 7 TCP/IP Application Layer Transfer Layer 3 4 Network
More informationSMB_ICMP_UDP(huichang).PDF
SMB(Server Message Block) UDP(User Datagram Protocol) ICMP(Internet Control Message Protocol) SMB (Server Message Block) SMB? : Microsoft IBM, Intel,. Unix NFS. SMB client/server. Client server request
More informationPowerPoint 프레젠테이션
Install the PDI on CentOS 2013.04 G L O B E P O I N T 1 Ⅰ linux 구성 II Pentaho Install 2013, Globepoint Inc. All Rights Reserved. 2 I. Linux 구성 2013, Globepoint Inc. All Rights Reserved. 3 IP 설정 1. 설정파일
More informationPowerPoint 프레젠테이션
(Host) set up : Linux Backend RS-232, Ethernet, parallel(jtag) Host terminal Target terminal : monitor (Minicom) JTAG Cross compiler Boot loader Pentium Redhat 9.0 Serial port Serial cross cable Ethernet
More information<C0CCBCBCBFB52DC1A4B4EBBFF82DBCAEBBE7B3EDB9AE2D313939392D382E687770>
i ii iii iv v vi 1 2 3 4 가상대학 시스템의 국내외 현황 조사 가상대학 플랫폼 개발 이상적인 가상대학시스템의 미래상 제안 5 웹-기반 가상대학 시스템 전통적인 교수 방법 시간/공간 제약을 극복한 학습동기 부여 교수의 일방적인 내용전달 교수와 학생간의 상호작용 동료 학생들 간의 상호작용 가상대학 운영 공지사항,강의록 자료실, 메모 질의응답,
More informationUSB USB DV25 DV25 REC SRN-475S REC SRN-475S LAN POWER LAN POWER Quick Network Setup Guide xdsl/cable Modem PC DVR 1~3 1.. DVR DVR IP xdsl Cable xdsl C
USB USB DV25 DV25 REC SRN-475S REC SRN-475S LAN POWER LAN POWER Quick Network Setup Guide xdsl/cable Modem PC DVR 1~3 1.. DVR DVR IP xdsl Cable xdsl Cable PC PC Step 1~5. Step, PC, DVR Step 1. Cable Step
More informationLXR 설치 및 사용법.doc
Installation of LXR (Linux Cross-Reference) for Source Code Reference Code Reference LXR : 2002512( ), : 1/1 1 3 2 LXR 3 21 LXR 3 22 LXR 221 LXR 3 222 LXR 3 3 23 LXR lxrconf 4 24 241 httpdconf 6 242 htaccess
More informationRemote UI Guide
Remote UI KOR Remote UI Remote UI PDF Adobe Reader/Adobe Acrobat Reader. Adobe Reader/Adobe Acrobat Reader Adobe Systems Incorporated.. Canon. Remote UI GIF Adobe Systems Incorporated Photoshop. ..........................................................
More informationPWR PWR HDD HDD USB USB Quick Network Setup Guide xdsl/cable Modem PC DVR 1~3 1.. DVR DVR IP xdsl Cable xdsl Cable PC PC DDNS (
PWR PWR HDD HDD USB USB Quick Network Setup Guide xdsl/cable Modem PC DVR 1~3 1.. DVR DVR IP xdsl Cable xdsl Cable PC PC DDNS (http://ddns.hanwha-security.com) Step 1~5. Step, PC, DVR Step 1. Cable Step
More informationbn2019_2
arp -a Packet Logging/Editing Decode Buffer Capture Driver Logging: permanent storage of packets for offline analysis Decode: packets must be decoded to human readable form. Buffer: packets must temporarily
More informationMicrosoft PowerPoint - L4-7Switch기본교육자료.ppt
L4-7 Switch 기본교육자료 Pumpkin Networks. Inc. http://www.pumpkinnet.co.kr (Tel) 02-3280-9380 (Fax) 02-3280-9382 info@pumpkinnet.co.kr 기본개념 L4/L7 Switch 란? -2- 기본개념 - Switching & Routing Switching & Routing
More informationTCP.IP.ppt
TCP/IP TCP/IP TCP/IP TCP/IP TCP/IP Internet Protocol _ IP Address Internet Protocol _ Subnet Mask Internet Protocol _ ARP(Address Resolution Protocol) Internet Protocol _ RARP(Reverse Address Resolution
More information1217 WebTrafMon II
(1/28) (2/28) (10 Mbps ) Video, Audio. (3/28) 10 ~ 15 ( : telnet, ftp ),, (4/28) UDP/TCP (5/28) centralized environment packet header information analysis network traffic data, capture presentation network
More information본교재는수업용으로제작된게시물입니다. 영리목적으로사용할경우저작권법제 30 조항에의거법적처벌을받을수있습니다. [ 실습 ] 스위치장비초기화 1. NVRAM 에저장되어있는 'startup-config' 파일이있다면, 삭제를실시한다. SWx>enable SWx#erase sta
[ 실습 ] 스위치장비초기화 1. NVRAM 에저장되어있는 'startup-config' 파일이있다면, 삭제를실시한다. SWx>enable SWx#erase startup-config Erasing the nvram filesystem will remove all configuration files Continue? [confirm] ( 엔터 ) [OK] Erase
More informationORANGE FOR ORACLE V4.0 INSTALLATION GUIDE (Online Upgrade) ORANGE CONFIGURATION ADMIN O
Orange for ORACLE V4.0 Installation Guide ORANGE FOR ORACLE V4.0 INSTALLATION GUIDE...1 1....2 1.1...2 1.2...2 1.2.1...2 1.2.2 (Online Upgrade)...11 1.3 ORANGE CONFIGURATION ADMIN...12 1.3.1 Orange Configuration
More informationTTA Verified : HomeGateway :, : (NEtwork Testing Team)
TTA Verified : HomeGateway :, : (NEtwork Testing Team) : TTA-V-N-05-006-CC11 TTA Verified :2006 6 27 : 01 : 2005 7 18 : 2/15 00 01 2005 7 18 2006 6 27 6 7 9 Ethernet (VLAN, QoS, FTP ) (, ) : TTA-V-N-05-006-CC11
More informationchapter4
Basic Netw rk 1. ก ก ก 2. 3. ก ก 4. ก 2 1. 2. 3. 4. ก 5. ก 6. ก ก 7. ก 3 ก ก ก ก (Mainframe) ก ก ก ก (Terminal) ก ก ก ก ก ก ก ก 4 ก (Dumb Terminal) ก ก ก ก Mainframe ก CPU ก ก ก ก 5 ก ก ก ก ก ก ก ก ก ก
More information제20회_해킹방지워크샵_(이재석)
IoT DDoS DNS (jaeseog@sherpain.net) (www.sherpain.net) DDoS DNS DDoS / DDoS(Distributed DoS)? B Asia Broadband B Bots connect to a C&C to create an overlay network (botnet) C&C Provider JP Corp. Bye Bye!
More informationSena Device Server Serial/IP TM Version
Sena Device Server Serial/IP TM Version 1.0.0 2005. 3. 7. Release Note Revision Date Name Description V1.0.0 2005-03-7 HJ Jeon Serial/IP 4.3.2 ( ) 210 137-130, : (02) 573-5422 : (02) 573-7710 email: support@sena.com
More informationhd1300_k_v1r2_Final_.PDF
Starter's Kit for HelloDevice 1300 Version 11 1 2 1 2 3 31 32 33 34 35 36 4 41 42 43 5 51 52 6 61 62 Appendix A (cross-over) IP 3 Starter's Kit for HelloDevice 1300 1 HelloDevice 1300 Starter's Kit HelloDevice
More informationARMBOOT 1
100% 2003222 : : : () PGPnet 1 (Sniffer) 1, 2,,, (Sniffer), (Sniffer),, (Expert) 3, (Dashboard), (Host Table), (Matrix), (ART, Application Response Time), (History), (Protocol Distribution), 1 (Select
More informationSolaris Express Developer Edition
Solaris Express Developer Edition : 2008 1 Solaris TM Express Developer Edition Solaris OS. Sun / Solaris, Java, Web 2.0,,. Developer Solaris Express Developer Edition System Requirements. 768MB. SPARC
More informationo o o 8.2.1. Host Error 8.2.2. Message Error 8.2.3. Recipient Error 8.2.4. Error 8.2.5. Host 8.5.1. Rule 8.5.2. Error 8.5.3. Retry Rule 8.11.1. Intermittently
More informationMicrosoft PowerPoint - ch13.ppt
chapter 13. 네트워크보안과 ACL 한빛미디어 -1- 학습목표 계층별네트워크보안이슈 시스코라우터의 ACL 시스코라우터의 ACL 설정 한빛미디어 -2- 계층별네트워크보안이슈 데이터링크계층보안 ARP 스푸핑 MAC 플러딩 한빛미디어 -3- 계층별네트워크보안이슈 방화벽 [ 그림 ] 방화벽구조 한빛미디어 -4- 계층별네트워크보안이슈 침입탐지시스템 (IDS)
More informationAssign an IP Address and Access the Video Stream - Installation Guide
설치 안내서 IP 주소 할당 및 비디오 스트림에 액세스 책임 본 문서는 최대한 주의를 기울여 작성되었습니다. 잘못되거나 누락된 정보가 있는 경우 엑시스 지사로 알려 주시기 바랍니다. Axis Communications AB는 기술적 또는 인쇄상의 오류에 대해 책 임을 지지 않으며 사전 통지 없이 제품 및 설명서를 변경할 수 있습니다. Axis Communications
More information소개 TeraStation 을 구입해 주셔서 감사합니다! 이 사용 설명서는 TeraStation 구성 정보를 제공합니다. 제품은 계속 업데이트되므로, 이 설명서의 이미지 및 텍스트는 사용자가 보유 중인 TeraStation 에 표시 된 이미지 및 텍스트와 약간 다를 수
사용 설명서 TeraStation Pro II TS-HTGL/R5 패키지 내용물: 본체 (TeraStation) 이더넷 케이블 전원 케이블 TeraNavigator 설치 CD 사용 설명서 (이 설명서) 제품 보증서 www.buffalotech.com 소개 TeraStation 을 구입해 주셔서 감사합니다! 이 사용 설명서는 TeraStation 구성 정보를
More informationMicrosoft Word doc
TCP/IP 구조 1. I.P 구조설명 2. ARP 구조설명 3. TCP 구조설명 4. UDT 구조설명 5. RIP 구조설명 6. BOOTP 구조설명 7. TFTP 구조설명 destination addr source addr type data CRC 6 6 2 46-1500 4 type 0X0800 IP datagram 2 46-1500 type 0X0806
More informationuntitled
CAN BUS RS232 Line Ethernet CAN H/W FIFO RS232 FIFO IP ARP CAN S/W FIFO TERMINAL Emulator COMMAND Interpreter ICMP TCP UDP PROTOCOL Converter TELNET DHCP C2E SW1 CAN RS232 RJ45 Power
More informationMySQL-Ch10
10 Chapter.,,.,, MySQL. MySQL mysqld MySQL.,. MySQL. MySQL....,.,..,,.,. UNIX, MySQL. mysqladm mysqlgrp. MySQL 608 MySQL(2/e) Chapter 10 MySQL. 10.1 (,, ). UNIX MySQL, /usr/local/mysql/var, /usr/local/mysql/data,
More informationK7VT2_QIG_v3
1......... 2 3..\ 4 5 [R] : Enter Raid setup utility 6 Press[A]keytocreateRAID RAID Type: JBOD RAID 0 RAID 1: 2 7 " RAID 0 Auto Create Manual Create: 2 RAID 0 Block Size: 16K 32K
More information운영체제실습_명령어
운영체제실습 리눅스네트워크기본개념및설정 서 기옥 Contents 네트워크용어정의 IP 주소 네트워크기본명령어 네트워크관리명령어 네트워크설정파일 telnet 서버설정 네트워크용어정의 네트워크 (Network) : 전자적으로데이터를주고받기위한목적으로연결된 2 개이상의컴퓨터시스템 IP 주소와 Ethernet 주소 IP 주소 : 네트워크에연결된시스템을구분하는소프트웨어적인주소
More informationTTA Journal No.157_서체변경.indd
표준 시험인증 기술 동향 FIDO(Fast IDentity Online) 생체 인증 기술 표준화 동향 이동기 TTA 모바일응용서비스 프로젝트그룹(PG910) 의장 SK텔레콤 NIC 담당 매니저 76 l 2015 01/02 PASSWORDLESS EXPERIENCE (UAF standards) ONLINE AUTH REQUEST LOCAL DEVICE AUTH
More information6강.hwp
----------------6강 정보통신과 인터넷(1)------------- **주요 키워드 ** (1) 인터넷 서비스 (2) 도메인네임, IP 주소 (3) 인터넷 익스플로러 (4) 정보검색 (5) 인터넷 용어 (1) 인터넷 서비스******************************* [08/4][08/2] 1. 다음 중 인터넷 서비스에 대한 설명으로
More informationSubnet Address Internet Network G Network Network class B networ
Structure of TCP/IP Internet Internet gateway (router) Internet Address Class A Class B Class C 0 8 31 0 netid hostid 0 16 31 1 0 netid hostid 0 24 31 1 1 0 netid hostid Network Address : (A) 1 ~ 127,
More information슬라이드 제목 없음
2006-09-27 경북대학교컴퓨터공학과 1 제 5 장서브넷팅과슈퍼넷팅 서브넷팅 (subnetting) 슈퍼넷팅 (Supernetting) 2006-09-27 경북대학교컴퓨터공학과 2 서브넷팅과슈퍼넷팅 서브넷팅 (subnetting) 하나의네트워크를여러개의서브넷 (subnet) 으로분할 슈퍼넷팅 (supernetting) 여러개의서브넷주소를결합 The idea
More informationKISA-GD
KISA-GD-2011-0002 2011.9 1) RD(Recursive Desired) 플래그 : 리커시브네임서버로하여금재귀적 (recursive) 질의 ( 항목 1.3. 참고 ) 요청을표시함. RD 플레그값이 0 이면반복적 (iterative) 질의를요청 2) AA 플래그 : Authoritative Answer 의약자로써, 네임서버가해당응답데이터를자신이보유하고있는지유무를표시
More informationMicrosoft PowerPoint - 06-IPAddress [호환 모드]
Chapter 06 IP Address IP Address Internet address IP 계층에서사용되는식별자 32 bit 2 진주소 The address space of IPv4 is 2 32 or 4,294,967,296 netid 와 hostid 로구분 인터넷에서호스트와라우터를유일하게구분 IP Address Structure 2-Layer Hierarchical
More information휠세미나3 ver0.4
andromeda@sparcs:/$ ls -al dev/sda* brw-rw---- 1 root disk 8, 0 2014-06-09 18:43 dev/sda brw-rw---- 1 root disk 8, 1 2014-06-09 18:43 dev/sda1 brw-rw---- 1 root disk 8, 2 2014-06-09 18:43 dev/sda2 andromeda@sparcs:/$
More informationOrcad Capture 9.x
OrCAD Capture Workbook (Ver 10.xx) 0 Capture 1 2 3 Capture for window 4.opj ( OrCAD Project file) Design file Programe link file..dsn (OrCAD Design file) Design file..olb (OrCAD Library file) file..upd
More information1. efolder 시스템구성 A. DB B. apache - mod-perl - PHP C. SphinxSearch ( 검색서비스 ) D. File Storage 2. efolder 설치순서 A. DB (MySQL) B. efolder Service - efolder
Embian efolder 설치가이드 efolder 시스템구성 efolder 설치순서 Installation commands 1. efolder 시스템구성 A. DB B. apache - mod-perl - PHP C. SphinxSearch ( 검색서비스 ) D. File Storage 2. efolder 설치순서 A. DB (MySQL) B. efolder
More informationNetwork Security - Wired Sniffing 실습 ICNS Lab. Kyung Hee University
Network Security - Wired Sniffing 실습 ICNS Lab. Kyung Hee University Outline Network Network 구조 Source-to-Destination 간 packet 전달과정 Packet Capturing Packet Capture 의원리 Data Link Layer 의동작 Wired LAN Environment
More informationLinux Server - IPtables Good Internet 소 속 IDC실 이 름 정명구매니저
Linux Server - IPtables- Copyright @ 2012 Good Internet 소 속 IDC실 이 름 정명구매니저 E-mail tech@tongkni.co.kr - 1 - INDEX 1. 개요... 3 2. iptables 설치하기.... 4 3. iptables 설정하기.... 5 ( 참고 ) iptables 옵션참고사이트.... 7
More informationApache install guide
APACHE INSTALL GUIDE 2.X.X VERSION INAMES CO. LTD. 목차 1. 사전준비 mod_ssl OpenSSL 인증서파일 4. 확인및테스트 서비스구동확인 네트워크상태확인 방화벽확인 실제브라우저테스트 2. 주의사항 신규및갱신구분 CSR 직접생성여부 5. 이슈 *:80 443 포트 VirtualHost 대상 Error_log 3. 인증서설치
More information4. 스위치재부팅을실시한다. ( 만약, Save 질문이나오면 'no' 를실시한다.) SWx#reload System configuration has been modified. Save? [yes/no]: no Proceed with reload? [confirm] (
[ 실습 ] 스위치장비초기화 1. NVRAM 에저장되어있는 'startup-config' 파일이있다면, 삭제를실시한다. SWx>enable SWx#erase startup-config Erasing the nvram filesystem will remove all configuration files Continue? [confirm] ( 엔터 ) [OK] Erase
More information10X56_NWG_KOR.indd
디지털 프로젝터 X56 네트워크 가이드 이 제품을 구입해 주셔서 감사합니다. 본 설명서는 네트워크 기능 만을 설명하기 위한 것입니다. 본 제품을 올바르게 사 용하려면 이 취급절명저와 본 제품의 다른 취급절명저를 참조하시기 바랍니다. 중요한 주의사항 이 제품을 사용하기 전에 먼저 이 제품에 대한 모든 설명서를 잘 읽어 보십시오. 읽은 뒤에는 나중에 필요할 때
More information슬라이드 1
DHCP (Dynamic Host Configuration Protocol) Oct 2006 Technical Support Div. Tel : 031-739-6800 Mail : support@corecess.com DHCP Motivations Automatic network configuration for clients No administrator intervention
More informationMango220 Android How to compile and Transfer image to Target
Mango220 Android How to compile and Transfer image to Target http://www.mangoboard.com/ http://cafe.naver.com/embeddedcrazyboys Crazy Embedded Laboratory www.mangoboard.com cafe.naver.com/embeddedcrazyboys
More information1) 인증서만들기 ssl]# cat >www.ucert.co.kr.pem // 설명 : 발급받은인증서 / 개인키파일을한파일로저장합니다. ( 저장방법 : cat [ 개인키
Lighttpd ( 멀티도메인 ) SSL 인증서신규설치가이드. [ 고객센터 ] 한국기업보안. 유서트기술팀 1) 인증서만들기 [root@localhost ssl]# cat www.ucert.co.kr.key www.ucert.co.kr.crt >www.ucert.co.kr.pem // 설명 : 발급받은인증서 / 개인키파일을한파일로저장합니다. ( 저장방법 : cat
More informationPowerPoint 프레젠테이션
임베디드리눅스개발환경구축 Jo, Heeseung 개발환경 HBE-SM5-S4210 개발환경 타겟보드와리눅스가설치된호스트컴퓨터가필요 임베디드리눅스개발환경 - 호스트컴퓨터환경설치 - 호스트와타겟연결 - 디버그환경 호스트컴퓨터는임베디드시스템의동작을모니터링하는디버깅환경으로서의역할도수행 임베디드시스템을위한소프트웨어를개발하기위해서호스트시스템에구축하는개발환경 교차개발환경
More informationCopyright 2004 Sun Microsystems, Inc Network Circle, Santa Clara, CA U.S.A..,,. Sun. Sun. Berkeley BSD. UNIX X/Open Company, Ltd.. Sun, Su
Java Desktop System 2 Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 U.S.A. : 817 7757 10 2004 9 Copyright 2004 Sun Microsystems, Inc. 4150 Network Circle, Santa Clara, CA 95054 U.S.A..,,.
More informationMicrosoft PowerPoint - 4. 스캐닝-2.ppt [호환 모드]
정보보호 Scanning 목차 Ⅳ. 스캐닝 (Scanning) 1. 활성화된호스트식별 ping 침투테스트범위에있는 IP주소만목록화 현재동작중인시스템확인 ping Echo request 메시지를강제종료전까지계속전송 Echo request 메시지를 4 개전송후, 자동으로종료 Ping - ICMP(Internet Control messaging Protocol)
More information슬라이드 1
TCPdump 사용법 Neworks, Inc. (Tel) 070-7101-9382 (Fax) 02-2109-6675 ech@pumpkinne.com hp://www.pumpkinne.co.kr TCPDUMP Tcpdump 옵션 ARP 정보 ICMP 정보 ARP + ICMP 정보 IP 대역별정보 Source 및 Desinaion 대역별정보 Syn 과 syn-ack
More information망고100 보드로 놀아보자-4
망고 100 보드로놀아보자 -4 Minicom,tftp,nfs 설정,vnc 설정 minicom 설정 Minicom 설정 >#yum install minicom >#ls /dev/ttyusb* ># minicom s Minicom 설정 Serial Device :/dev/ttyusb0 Baudrate:115200 Hardware Flow control: NO
More informationuntitled
Push... 2 Push... 4 Push... 5 Push... 13 Push... 15 1 FORCS Co., LTD A Leader of Enterprise e-business Solution Push (Daemon ), Push Push Observer. Push., Observer. Session. Thread Thread. Observer ID.
More informationMAX+plus II Getting Started - 무작정따라하기
무작정 따라하기 2001 10 4 / Version 20-2 0 MAX+plus II Digital, Schematic Capture MAX+plus II, IC, CPLD FPGA (Logic) ALTERA PLD FLEX10K Series EPF10K10QC208-4 MAX+plus II Project, Schematic, Design Compilation,
More informationPRO1_04E [읽기 전용]
Siemens AG 1999 All rights reserved File: PRO1_04E1 Information and S7-300 2 S7-400 3 EPROM / 4 5 6 HW Config 7 8 9 CPU 10 CPU : 11 CPU : 12 CPU : 13 CPU : / 14 CPU : 15 CPU : / 16 HW 17 HW PG 18 SIMATIC
More informationMicrosoft PowerPoint - 2.Catalyst Switch Intrastructure Protection_이충용_V1 0.ppt [호환 모드]
Catalyst Switch Infrastructure Protection Cisco Systems Korea SE 이충용 (choolee@cisco.com) Overview DoS (Denial of Service) 공격대상 - Server Resource - Network Resource - Network devices (Routers, Firewalls
More information1) 인증서만들기 ssl]# cat >www.ucert.co.kr.pem // 설명 : 발급받은인증서 / 개인키파일을한파일로저장합니다. ( 저장방법 : cat [ 개인키
Lighttpd ( 단일도메인 ) SSL 인증서신규설치가이드. [ 고객센터 ] 한국기업보안. 유서트기술팀 1) 인증서만들기 [root@localhost ssl]# cat www.ucert.co.kr.key www.ucert.co.kr.crt >www.ucert.co.kr.pem // 설명 : 발급받은인증서 / 개인키파일을한파일로저장합니다. ( 저장방법 : cat
More informationSRC PLUS 제어기 MANUAL
,,,, DE FIN E I N T R E A L L O C E N D SU B E N D S U B M O TIO
More information# Old State Mew State Trigger Actions 1 - TCP/IP NOT CONNECTED Initialization 2 TCP/IP NOT HSMS NOT TCP/IP Connect Succeeds: CONNECTED SELECTED 1. TCP/IP "accecpt" succeeds. Start T7 timeout 1. Cancel
More informationstep 1-1
Written by Dr. In Ku Kim-Marshall STEP BY STEP Korean 1 through 15 Action Verbs Table of Contents Unit 1 The Korean Alphabet, hangeul Unit 2 Korean Sentences with 15 Action Verbs Introduction Review Exercises
More information시스코 무선랜 설치운영 매뉴얼(AP1200s_v1.1)
[ Version 1.3 ] Access Point,. Access Point IP 10.0.0.1, Subnet Mask 255.255.255.224, DHCP Client. DHCP Server IP IP,, IP 10.0.0.X. (Tip: Auto Sensing Straight, Cross-over.) step 1]. step 2] LAN. step
More informationMicrosoft Word - access-list.doc
8. Access List Access List 란단어그자체에서의미하듯이라우터를경유하는트래픽에대한제어를할수있는것으로어떤트래픽을어떻게제어할것인지정의한다. 이 Access List 는일반적으로 Interface 에적용되거나 Routing Protocol 에적용되는데이때 Interface 에적용된것을 Access Group 이라고하고, Routing Protocol
More information- 목차 - 1. 서버에서실행되는서비스확인 2. 원격접속 (SSH) 보안설정 3. /tmp 디렉터리보안설정 4. iptable 설정 / hosts.allow & hosts.deny 설정 5. 시스템파일변조체크 문서작성간에테스트된환경 - CentOS bit -
[ Linux Server 보안설정 5 가지팁 ] 코리아서버호스팅 서비스운영팀 - 목차 - 1. 서버에서실행되는서비스확인 2. 원격접속 (SSH) 보안설정 3. /tmp 디렉터리보안설정 4. iptable 설정 / hosts.allow & hosts.deny 설정 5. 시스템파일변조체크 문서작성간에테스트된환경 - CentOS 5.6 32bit - Openssh-4.3p2
More information목차 BUG offline replicator 에서유효하지않은로그를읽을경우비정상종료할수있다... 3 BUG 각 partition 이서로다른 tablespace 를가지고, column type 이 CLOB 이며, 해당 table 을 truncate
ALTIBASE HDB 6.1.1.5.6 Patch Notes 목차 BUG-39240 offline replicator 에서유효하지않은로그를읽을경우비정상종료할수있다... 3 BUG-41443 각 partition 이서로다른 tablespace 를가지고, column type 이 CLOB 이며, 해당 table 을 truncate 한뒤, hash partition
More information01Àå
CHAPTER 01 1 Fedora Fedora Linux Toolbox 2003 Fedora Core( ) http://fedoraproject.org www.redhat.com 2 CHAPTER Fedora RHEL GNU public license www.centos.org www.yellowdoglinux.com www. lineox.net www.
More informationWindows 8에서 BioStar 1 설치하기
/ 콘텐츠 테이블... PC에 BioStar 1 설치 방법... Microsoft SQL Server 2012 Express 설치하기... Running SQL 2012 Express Studio... DBSetup.exe 설정하기... BioStar 서버와 클라이언트 시작하기... 1 1 2 2 6 7 1/11 BioStar 1, Windows 8 BioStar
More informationMicrosoft PowerPoint - 4.스캐닝-1(11.08) [호환 모드]
정보보호 Scanning (1) 목차 Ⅳ. 스캐닝 (Scanning) 1. 활성화된호스트식별 ping 침투테스트범위에있는 IP 주소만목록화 현재동작중인시스템확인 Ping - ICMP(Internet Control messaging Protocol) 패킷을사용 - echo request, echo reply 패킷 - target 시스템이 off상태이거나, ICMP패킷을차단하는경우
More informationÀÎÅÍ³Ý ÁøÈï¿ø 5¿ù
21 5 Korea Internet & Security Agency CONTENTS 2 3 3 3 4 4 5 6 6 7 7 8 11 12 14 14 15 15 16 18 2 22 23 24 24 32 35 36 2 215 Bot 1,7511,315 33.2% 1,621,468 27.7% 285 431 33.9% 295 12 6.9% 44 396 2.% 132
More information°í¼®ÁÖ Ãâ·Â
Performance Optimization of SCTP in Wireless Internet Environments The existing works on Stream Control Transmission Protocol (SCTP) was focused on the fixed network environment. However, the number of
More informationPowerPoint 프레젠테이션
임베디드리눅스개발환경구축 Jo, Heeseung 개발환경 HBE-SM5-S4210 개발환경 타겟보드와리눅스가설치된호스트컴퓨터가필요 임베디드리눅스개발환경 - 호스트컴퓨터환경설치 - 호스트와타겟연결 - 디버그환경 호스트컴퓨터는임베디드시스템의동작을모니터링하는디버깅환경으로서의역할도수행 임베디드시스템을위한소프트웨어를개발하기위해서호스트시스템에구축하는개발환경 교차개발환경
More informationMicrosoft PowerPoint - 10Àå.ppt
10 장. DB 서버구축및운영 DBMS 의개념과용어를익힌다. 간단한 SQL 문법을학습한다. MySQL 서버를설치 / 운영한다. 관련용어 데이터 : 자료 테이블 : 데이터를표형식으로표현 레코드 : 테이블의행 필드또는컬럼 : 테이블의열 필드명 : 각필드의이름 데이터타입 : 각필드에입력할값의형식 학번이름주소연락처 관련용어 DB : 테이블의집합 DBMS : DB 들을관리하는소프트웨어
More information슬라이드 1
1 Chapter 9 ICMPv4 Objectives ICMP 의필요성 ICMP 메시지종류 오류보고메시지의목적과형식 질의메시지의목적과형식 ICMP 에서의검사합계산 ICMP 를사용하는디버깅도구들 ICMP 패키지의구성요소및모듈 2 목차 개요 메시지 디버깅 ICMP 패키지 3 9.1 개요 IP 프로토콜의문제점 신뢰성이없고비연결형데이터그램전달제공 최선의노력전달서비스
More informationPowerChute Personal Edition v3.1.0 에이전트 사용 설명서
PowerChute Personal Edition v3.1.0 990-3772D-019 4/2019 Schneider Electric IT Corporation Schneider Electric IT Corporation.. Schneider Electric IT Corporation,,,.,. Schneider Electric IT Corporation..
More information歯규격(안).PDF
ETRI ETRI ETRI ETRI WTLS PKI Client, WIM IS-95B VMS VLR HLR/AC WPKI Cyber society BTS BSC MSC IWF TCP/IP Email Server Weather Internet WAP Gateway WTLS PKI Client, WIM BSC VMS VLR HLR/AC Wireless Network
More information2 CentOS 6 Minimal 설치 1.2 설치 DVD 로부팅 DVD 를드라이브에넣고 BIOS 설정을 DVD 에서부트하도록설정시작합니다. 그러면다음과같은시작옵션이있습 니다. 여기에서 Install or upgrade an exissting system 을선택합니다.
1. CentOS 6 Minimal 설치 1.1 CentOS 6 Minimal 설치준비 ㅇㅇ아아앙 1.1.1 What is CentOS? CentOS is an Enterprise Linux distribution based on the freely available sources from Red Hat Enterprise Li nux. Each CentOS
More information[ tcpdump 패킷캡처프로그램 ] tcpdump란? tcpdump 버전확인 tcpdump 플래그 (flags) tcpdump 사용법 tcpdump의사용예제 telnet을활용해 root와 passwd 암호알아내기 [01] tcpdump란? tcpdump는 Lawren
[ tcpdump 패킷캡처프로그램 ] tcpdump란? tcpdump 버전확인 tcpdump 플래그 (flags) tcpdump 사용법 tcpdump의사용예제 telnet을활용해 root와 passwd 암호알아내기 [01] tcpdump란? tcpdump는 Lawrence Berkley Nation Lab의 Network Rearch Gruop에서만든것으로네트워크의패킷을출력해주는프로그램이다.
More informationAPOGEE Insight_KR_Base_3P11
Technical Specification Sheet Document No. 149-332P25 September, 2010 Insight 3.11 Base Workstation 그림 1. Insight Base 메인메뉴 Insight Base Insight Insight Base, Insight Base Insight Base Insight Windows
More informationPage 2 of 6 Here are the rules for conjugating Whether (or not) and If when using a Descriptive Verb. The only difference here from Action Verbs is wh
Page 1 of 6 Learn Korean Ep. 13: Whether (or not) and If Let s go over how to say Whether and If. An example in English would be I don t know whether he ll be there, or I don t know if he ll be there.
More informationApache( 단일도메인 ) SSL 인증서갱신설치가이드 본문서는주식회사한국기업보안에서 SSL 보안서버인증서설치를위해작성된문서로 주식회사한국기업보안의동의없이무단으로사용하실수없습니다. [ 고객센터 ] 한국기업보안. 유서트기술팀 Copyright 201
Apache( 단일도메인 ) SSL 인증서갱신설치가이드. [ 고객센터 ] 한국기업보안. 유서트기술팀 02-512-9375 1. 발급받으신인증서를해당서버폴더에업로드또는저장합니다. 설명 : [$httpd_home] = Apache 디렉토리 [root@localhost httpd]# mkdir conf.d/ssl_new [root@localhost httpd]#
More informationuntitled
PowerBuilder 連 Microsoft SQL Server database PB10.0 PB9.0 若 Microsoft SQL Server 料 database Profile MSS 料 (Microsoft SQL Server database interface) 行了 PB10.0 了 Sybase 不 Microsoft 料 了 SQL Server 料 PB10.0
More information메일서버등록제(SPF) 인증기능적용안내서 (AIX - sendmail) OS Mail Server SPF 적용모듈 (Perl 기반) 작성기준 AIX 5.3 sendmail spf-filter 년 6 월
메일서버등록제(SPF) 인증기능적용안내서 (AIX - sendmail) OS Mail Server SPF 적용모듈 (Perl 기반) 작성기준 AIX 5.3 sendmail 8.13.4 spf-filter 1.0 2016 년 6 월 목 차 I. 개요 1 1. SPF( 메일서버등록제) 란? 1 2. SPF 를이용한이메일인증절차 1 II. sendmail, SPF
More informationPCServerMgmt7
Web Windows NT/2000 Server DP&NM Lab 1 Contents 2 Windows NT Service Provider Management Application Web UI 3 . PC,, Client/Server Network 4 (1),,, PC Mainframe PC Backbone Server TCP/IP DCS PLC Network
More informationH3050(aap)
USB Windows 7/ Vista 2 Windows XP English 1 2 3 4 Installation A. Headset B. Transmitter C. USB charging cable D. 3.5mm to USB audio cable - Before using the headset needs to be fully charged. -Connect
More information0125_ 워크샵 발표자료_완성.key
WordPress is a free and open-source content management system (CMS) based on PHP and MySQL. WordPress is installed on a web server, which either is part of an Internet hosting service or is a network host
More informationCopyright 2012, Oracle and/or its affiliates. All rights reserved.,,,,,,,,,,,,,.,..., U.S. GOVERNMENT END USERS. Oracle programs, including any operat
Sun Server X3-2( Sun Fire X4170 M3) Oracle Solaris : E35482 01 2012 9 Copyright 2012, Oracle and/or its affiliates. All rights reserved.,,,,,,,,,,,,,.,..., U.S. GOVERNMENT END USERS. Oracle programs, including
More informationBEef 사용법.pages
1.... 3 2.... 3 (1)... 3 (2)... 5 3. BeEF... 7 (1) BeEF... 7 (2)... 8 (3) (Google Phishing)... 10 4. ( )... 13 (1)... 14 (2) Social Engineering... 17 (3)... 19 (4)... 21 5.... 22 (1)... 22 (2)... 27 (3)
More information8 장데이터베이스 8.1 기본개념 - 데이터베이스 : 데이터를조직적으로구조화한집합 (cf. 엑셀파일 ) - 테이블 : 데이터의기록형식 (cf. 엑셀시트의첫줄 ) - 필드 : 같은종류의데이터 (cf. 엑셀시트의각칸 ) - 레코드 : 데이터내용 (cf. 엑셀시트의한줄 )
8 장데이터베이스 8.1 기본개념 - 데이터베이스 : 데이터를조직적으로구조화한집합 (cf. 엑셀파일 ) - 테이블 : 데이터의기록형식 (cf. 엑셀시트의첫줄 ) - 필드 : 같은종류의데이터 (cf. 엑셀시트의각칸 ) - 레코드 : 데이터내용 (cf. 엑셀시트의한줄 ) - DDL(Data Definition Language) : show, create, drop
More informationETL_project_best_practice1.ppt
ETL ETL Data,., Data Warehouse DataData Warehouse ETL tool/system: ETL, ETL Process Data Warehouse Platform Database, Access Method Data Source Data Operational Data Near Real-Time Data Modeling Refresh/Replication
More information*
Korea Internet & Security Agency 29 12 CONTENTS 1 3 4 5 6 6 7 9 1 13 14 16 18 23 56 59 61 Windows XP SP1 Windows 2 SP4 1 2912 Bot 326 49 2.3 73 73 239 215 11.2% 256 199 28.6% 25 115 117.4% Bot 8,469 46
More informationvm-웨어-앞부속
VMware vsphere 4 This document was created using the official VMware icon and diagram library. Copyright 2009 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright
More information09김정식.PDF
00-09 2000. 12 ,,,,.,.,.,,,,,,.,,..... . 1 1 7 2 9 1. 9 2. 13 3. 14 3 16 1. 16 2. 21 3. 39 4 43 1. 43 2. 52 3. 56 4. 66 5. 74 5 78 1. 78 2. 80 3. 86 6 88 90 Ex e cu t iv e Su m m a r y 92 < 3-1> 22 < 3-2>
More information28 THE ASIAN JOURNAL OF TEX [2] ko.tex [5]
The Asian Journal of TEX, Volume 3, No. 1, June 2009 Article revision 2009/5/7 KTS THE KOREAN TEX SOCIETY SINCE 2007 2008 ko.tex Installing TEX Live 2008 and ko.tex under Ubuntu Linux Kihwang Lee * kihwang.lee@ktug.or.kr
More information4 CD Construct Special Model VI 2 nd Order Model VI 2 Note: Hands-on 1, 2 RC 1 RLC mass-spring-damper 2 2 ζ ω n (rad/sec) 2 ( ζ < 1), 1 (ζ = 1), ( ) 1
: LabVIEW Control Design, Simulation, & System Identification LabVIEW Control Design Toolkit, Simulation Module, System Identification Toolkit 2 (RLC Spring-Mass-Damper) Control Design toolkit LabVIEW
More information머신이미지생성및사용시 주의사항 ( 가이드라인 ) 1 / 18
머신이미지생성및사용시 주의사항 ( 가이드라인 ) 1 / 18 문서버전및이력 버전 일자 이력사항 1.1 2015.09.04 포탈콘솔개정에따른 UI 수정, 1.0 2013 최초배포 목차 1. 머신이미지 생성시주의사항...3 Linux templates...3 Windows templates...4 2. 머신이미지 사용시주의사항...4 3. VM 접속보안강화방법...5
More informationUSB 케이블만을이용한리눅스 NFS 개발환경 (VirtualBox) 최초작성 : 2010 년 10 월 21 일 작성자 : 김정현 수정내용 최초작성 by 김정현 스크립트추가, 설명보충 by 유형목 1. VritualBox
USB 케이블만을이용한리눅스 NFS 개발환경 (VirtualBox) 최초작성 : 2010 년 10 월 21 일 작성자 : 김정현 수정내용 2010. 10. 21. 최초작성 by 김정현 2010. 10. 24. 스크립트추가, 설명보충 by 유형목 1. VritualBox 설정 Windows 환경에서 VirtualBox 를설치한다음게스트 OS 로우분투리눅스를사용하는경우,
More informationSLA QoS
SLA QoS 2002. 12. 13 Email: really97@postech.ac.kr QoS QoS SLA POS-SLMS (-Service Level Monitoring System) SLA (Service Level Agreement) SLA SLA TM Forum SLA QoS QoS SLA SLA QoS QoS SLA POS-SLMS ( Service
More information