system.The emulator will then allow the Windows application to run directly from inside Linux. ■ Use remote desktop administration software. Simply install a server that allows you to directly access the desktop through a Web browser or specialized application. We’ll now discuss each option. Compatibility Layer Software In many ways, the software discussed here is not emulation software. In the strictest sense, emulator software recreates the software application programming interfaces (APIs), and the actual functions of the CPU (for example, a Pentium chip). Wine, CrossOver Office, and Win 4 Lin Workstation do not recreate the architecture of the CPU.Therefore, they are technically not emulators. Nevertheless, it is still common practice to lump this software into the emulator category, because using applications such as Wine, you can make your Linux system behave as if it were a Windows system. In fact, if you properly configure these appli- cations, certain native Windows applications will run, thinking that they are in a Windows environment.These applications use sets of APIs to help convince native Windows applications that they are, in fact, running on Windows. So, to avoid controversy, we will not call these applications “emulators,” even though that’s basically what they are.Taking the lead of the developers of Wine, we are calling these applications “compatibility layer software,” because they all create a layer between the Linux operating system and the Windows application. The benefit of this type of emulator, well, software, is that you can use native Windows applications directly from your Linux desktop.You do not have to rely on a network connection to another system. However, emulators can be somewhat tricky to configure, and the slightest change in the application’s configuration can “break” your configuration and force a time-consuming and possibly costly service call. As you prepare to use an emulator, ask the following questions: ■ What version of the Windows operating system does the application require? ■ Do you require access to raw data from inside Linux? ■ How many people need to access these applications, and the resulting data from them, at one time? In short, what is the expected load on this system? www.syngress.com Microsoft Alternatives: Inside the Linux Desktop • Chapter 12 215 413_Sec101_12.qxd 10/9/06 4:41 PM Page 215 These questions will help you determine the correct hardware size, and the appropriate software. Now, let’s look at some of the common emulators available. Wine Wine is an acronym for “Wine is not an emulator.” Wine is meant to provide a replacement for Windows; it does not require Windows to run.Therefore, you do not need a Windows license to run a Windows application.You will, however, need a license to run the application. Suppose, for example, that you managed to run Microsoft Word on Wine.You would not need a license for the Microsoft Windows operating system. However, you would need to license Microsoft Word. It is important to understand that Wine has enjoyed a “work in progress” standing for many years. Many Windows applications do run in Wine. A list of Windows applications verified to run in Wine is available at www.winehq.org/site/ supported_applications. A Web site called “Frank’s Corner” (http://frankscorner.org) provides tips to help get various applications going. Applications that Frank has worked with include: ■ Microsoft Office 2000 ■ Macromedia Flash MX ■ PhotoShop 7.0 People have had significant success with Wine. However, Wine is not yet a “pro- duction quality“ tool; it is more of an extended “hack in motion.”The fact that your needed application runs today on the latest and greatest version of Wine is no guar- antee that it will run properly when you upgrade to the next version. However, there is a much more reliable application: Code Weavers’ CrossOver Office. Code Weavers’ CrossOver Office CrossOver Office is essentially a perfected commercial version of Wine. CrossOver Office allows any Windows application to run smoothly (or, as smoothly as any application can run using compatibility software). As with Wine, if you use CrossOver Office you do not need to purchase a Windows license.You will find that with CrossOver Office, upgrades will not cause existing configurations to fail. In addition, CrossOver Office makes it possible to run all of the Visual Basic macros on which many Microsoft Office users rely. CrossOver Office makes it relatively easy to install and run Windows applica- tions in Linux. Still, there are drawbacks to this solution. First, CrossOver Office requires significant amounts of memory. In addition, not all of the features of your www.syngress.com 216 Chapter 12 • Microsoft Alternatives: Inside the Linux Desktop 413_Sec101_12.qxd 10/9/06 4:41 PM Page 216 Windows applications will be available.Therefore, although you may be able to run a copy of Macromedia Flash MX, you may still find some features missing. In spite of these drawbacks, you will likely find that between the alternative pro- grams discussed previously and applications such as CrossOver Office, you will be able to migrate any user to Linux.To learn more about CrossOver Office, go to www.codeweavers.com/site/products. www.syngress.com Microsoft Alternatives: Inside the Linux Desktop • Chapter 12 217 413_Sec101_12.qxd 10/9/06 4:41 PM Page 217 Summary Choosing the appropriate desktop environment requires several skills. First, you need to know about the options. Second, you need to identify what you want and need. You then need to know how to match current technologies to your needs. In this chapter, you learned about available technologies and how to weigh them against your needs. From common desktops such as Gnome and KDE to e-mail and Web applica- tions, you learned how to choose solutions that can save you time and money.You also learned how to migrate settings and how to install native applications on Linux that cannot, for some reason, be replaced by their Linux counterparts. This chapter helped you identify problems, possibilities, and solutions. Now that you are more familiar with Linux desktop solutions, continue your learning process by installing some of the software profiled in this chapter.The only way you can take the next step in your knowledge and ability to solve problems is to go through the process of installing the software. Additional Resources The following links provide more information related to alternatives to Microsoft products: ■ Eastham, Chuck, and Bryan Hoff. Moving from Windows to Linux, Second Edition. Boston: Charles River Media, 2006 (www.charlesriver.com/books/BookDetail.aspx?productID=122989). ■ Fedora Core Linux (http://fedora.redhat.com/). ■ Firefox Web Browser (www.mozilla.com/firefox/). ■ Star Office Productivity Suite (www.sun.com/software/star/staroffice/index.jsp). www.syngress.com 218 Chapter 12 • Microsoft Alternatives: Inside the Linux Desktop 413_Sec101_12.qxd 10/9/06 4:41 PM Page 218 Part IV: Security Resources 219 413_Sec101_AA.qxd 10/9/06 5:34 PM Page 219 413_Sec101_AA.qxd 10/9/06 5:34 PM Page 220 Essential Network Communications Topics in this appendix: ■ Computer Protocols ■ Communication Ports ■ Understanding IP Addresses and DNS ■ Managing IP Addresses ■ TCP and UDP Protocols ■ Firewalls Appendix A 221 413_Sec101_AA.qxd 10/9/06 5:34 PM Page 221 Introduction In order to better secure your home computer or home network, it helps if you have some basic knowledge of how it all works so that you can understand what exactly you are securing and why.This appendix will help provide an overview of the terms and technology used and some of the tips, tricks, tools, and techniques you can use to make sure your computer is secure. This appendix will provide an understanding of what these terms are so that when you read about the latest malicious code spreading through the Internet and how it gets into and infects your computer, you will be able to decipher the techie terms and determine if this affects you or your computer and what steps you can or should take to prevent it. The information in this appendix is a little more technical than the rest of the book, and is included for those who want to learn a little more and gain a deeper understanding of how computer networking works and the technologies that make it work. Computer Protocols In the Merriam-Webster Dictionary, protocol is defined in listing 3b as, “A set of con- ventions governing the treatment and especially the formatting of data in an elec- tronic communications system.” I’m not sure that makes things much clearer to a layperson. Put simply, if you called an orange an apple and I called it a plum we would never be able to communicate. At some point we would have to come to some agreement as to what to call it. For computers and the Internet there were many organizations coming up with their own proprietary way of formatting and trans- mitting data.To ensure that all computers would be able to talk to each other and not just to their “own kind,” protocols were created and agreed to. TCP/IP, which stands for Transmission Control Protocol/Internet Protocol, is not a single protocol. It is a set of communication standards.TCP and IP are the two main protocols of the bunch.TCP/IP has been accepted as the standard for Internet communications and comes packaged by default with all major operating systems. To communicate using TCP/IP, each host must have a unique IP address. As we discussed earlier, your IP address is similar to your street address. It identifies your host on the Internet so that communications intended for you reach their destination. www.syngress.com 222 Appendix A • Essential Network Communications 413_Sec101_AA.qxd 10/9/06 5:34 PM Page 222 Communication Ports When you sit down to watch TV, you have to tune your TV to a specific frequency in order to view the Weather Channel. If you want the Disney Channel, you need to change to a different frequency.To view CNN, you need to set your TV to yet another frequency. Similarly, when you are surfing the Internet, there is a certain port that is used when your computer wants to receive HTTP (Hypertext Transfer Protocol, used for viewing HTML or Web pages) traffic.To download files you might use FTP (File Transfer Protocol), which would be received on a different port. SMTP (Simple Mail Transfer Protocol, used for transmitting e-mail messages) communications would be received on a different port. There are 65,536 ports available for use in TCP or UDP.They are divided into three ranges.The Internet Assigned Numbers Authority (IANA) manages the first 1,024 ports (0–1,023).This range is known as the well-known port numbers and includes standard default ports such as HTTP (port 80), FTP (port 21), and SMTP (port 25).These port numbers are reserved and should not be used arbitrarily. The second range is the registered port numbers, which contains ports 1024 through 49151.The Registered Port Numbers can be used by ordinary programs and user processes that are executed by the user.The use of specific port numbers is not carved in stone.These ports are generally used transiently when needed. The third range is the dynamic or private port numbers, which range from 49152 through 65535.These can be used by applications and processes initiated by the user, but it is uncommon.There are known Trojan horse and backdoor programs that use this extreme upper range so some security administrators are leery of traffic in this range. TCP and UDP Protocols One of the protocols that use this block of ports is TCP.TCP enables two hosts on the Internet to establish a connection with each other. One host will initiate the connection by sending a request to the other.That host will respond, agreeing to establish the connection. Finally, the originating host will respond once more to acknowledge receipt of the acceptance and the connection is established. When data is fed to TCP,TCP breaks it into smaller, more manageable pieces called packets. A header is written for each packet, which specifies the originating IP address, the destination IP address, the sequence number, and some other key identi- fying information. www.syngress.com Essential Network Communications • Appendix A 223 413_Sec101_AA.qxd 10/9/06 5:34 PM Page 223 When the packets leave to traverse the Internet and get to their destination, they may not take the same path.There are thousands of routers, and complex algorithms help to decide from nanosecond to nanosecond which path is going to be the best path for the next packet.This means that the packets may not arrive at their destina- tion in the same order they were sent out. It is the responsibility of the TCP pro- tocol on the receiving end to look at the sequence number in the packet headers and put the packets back in order. If there are missing packets, error messages are sent back to let the sending com- puter know to resend the data.TCP also does flow control by sending messages between the two hosts letting them know to speed up or slow down the rate of sending packets depending on network congestion and how fast the receiving com- puter can handle processing the incoming packets. UDP is another protocol that works with IP networks. Unlike TCP, UDP does not establish a connection. UDP does not provide any sort of error protection or flow control. It is primarily used for broadcasting messages.The sending host gets no acknowledgement that the message was successfully received. Because UDP does not take the time to set up a connection between the two hosts, perform flow control to monitor network congestion, or do the sort of error- checking and receipt acknowledgement that TCP does, it has much less overhead in terms of time and resources. Some services that benefit from this are DNS, SNMP, and streaming multimedia (for example, watching a video clip over the Internet). Understanding IP Addresses and DNS The term “host” can be confusing because it has multiple meanings in the computer world. It is used to describe a computer or server that provides Web pages. In this context, it is said that the computer is “hosting” the Web site. Host is also used to describe the companies that allow people to share their server hardware and Internet connection as a service rather than every company or individual having to buy all their own equipment. A “host” in the context of computers on the Internet is defined as any computer that has a live connection with the Internet. All computers on the Internet are peers to one another.They can all act as servers or as clients.You can run a Web site on your computer just as easily as you can use your computer to view Web sites from other computers.The Internet is nothing more than a global network of hosts com- municating back and forth. Looked at in this way, all computers, or hosts, on the Internet are equal. Each host has a unique address similar to the way street addressing works. It would not work to simply address a letter to Joe Smith.You have to also provide the 224 Appendix A • Essential Network Communications www.syngress.com 413_Sec101_AA.qxd 10/9/06 5:34 PM Page 224 [...]... Associated with Popular Services 20 21 22 23 43 FTP data FTP SSH SMTP whois 53 DNS 68 DHCP 79 Finger 80 http 110 POP3 115 SFTP 1 19 NNTP 123 137 138 1 39 143 NTP NetBIOS NetBIOS NetBIOS IMAP 161 194 220 3 89 443 SNMP IRC IMAP3 LDAP SSL 445 SMB 99 3 SIMAP 99 5 SPOD 1433 MS SQL Svr 20 49 NFS 5010 Yahoo! Messenger 5 190 AOL Messenger Closing all ports on a system makes the system useless on a network Anytime... 0 0 tcp 0 120 tcp 6.7.8 .9. 60072 221.132.43.1 79. 113 SYN_SENT 6.7.8 .9. 25 221.132.43.1 79. 48301 ESTABLISHED 6.7.8 .9. 22 24.7.34.163.1811 ESTABLISHED 67.46.65.70.113 FIN_WAIT_2 0 0 6.7.8 .9. 60124 tcp 0 ESTABLISHED 0 127.0.0.1.4000 127.0.0.1.6 097 7 tcp 0 ESTABLISHED 0 127.0.0.1.6 097 7 127.0.0.1.4000 www.syngress.com 413_Sec101_AppB.qxd 10 /9/ 06 5:50 PM Page 233 Case Study: SOHO (Five Computers, Printer, Servers,... Appendix B tcp 0 0 *.4000 tcp 0 0 6.7.8 .9. 22 24.7.34.163.50206 *.* ESTABLISHED LISTEN tcp 0 0 6.7.8 .9. 62220 216.120.255.44.22 ESTABLISHED tcp 0 0 6.7.8 .9. 22 24.7.34.163.65408 ESTABLISHED tcp 0 0 6.7.8 .9. 22 67.131.247. 194 .4026 ESTABLISHED tcp 0 0 6.7.8 .9. 64015 217.206.161.163.22 ESTABLISHED tcp 0 0 6.7.8 .9. 22 82.36.206.162.48247 ESTABLISHED tcp 0 0 *.80 *.* LISTEN tcp 0 0 * .99 3 *.* LISTEN tcp 0 0 *.25 *.* LISTEN... ESTABLISHED tcp 0 0 6.7.8 .9. 60124 67.46.65.70.113 FIN_WAIT_2 tcp 0 0 127.0.0.1.4000 127.0.0.1.6 097 7 ESTABLISHED tcp 0 0 127.0.0.1.6 097 7 127.0.0.1.4000 ESTABLISHED tcp 0 0 *.4000 tcp 0 0 6.7.8 .9. 22 24.7.34.163.50206 ESTABLISHED tcp 0 0 6.7.8 .9. 62220 216.120.255.44.22 ESTABLISHED tcp 0 0 6.7.8 .9. 22 24.7.34.163.65408 ESTABLISHED tcp 0 0 6.7.8 .9. 22 67.131.247. 194 .4026 ESTABLISHED tcp 0 0 6.7.8 .9. 64015 217.206.161.163.22... slick: {40} lsof -n -i TCP:4000 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME telnet 16 192 paul 3u IPv4 0xc2065b44 >127.0.0.1:4000 (ESTABLISHED) 0t0 TCP 127.0.0.1:6 097 7- razors IPv4 0xc1ff2ca8 0t0 TCP *:4000 (LISTEN) razors 2 299 7 paul 16u IPv4 0xc206516c >127.0.0.1:6 097 7 (ESTABLISHED) 0t0 TCP 127.0.0.1:4000- 2 299 7 paul 4u Using netstat –an, create a list of listening ports With lsof, check each of... 413_Sec101_AppB.qxd 10 /9/ 06 5:50 PM Page 231 Case Study: SOHO (Five Computers, Printer, Servers, etc.) • Appendix B Sample netstat—Output on a UNIX Server Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 6.7.8 .9. 60072 221.132.43.1 79. 113 SYN_SENT tcp 0 0 6.7.8 .9. 25 221.132.43.1 79. 48301 ESTABLISHED tcp 0 120 6.7.8 .9. 22 24.7.34.163.1811 ESTABLISHED... 217.206.161.163.22 ESTABLISHED tcp 0 0 6.7.8 .9. 22 82.36.206.162.48247 ESTABLISHED tcp 0 0 *.80 *.* LISTEN tcp 0 0 * .99 3 *.* LISTEN tcp 0 0 *.25 *.* LISTEN tcp 0 0 *.22 *.* LISTEN tcp 0 0 *.21 *.* LISTEN tcp 0 0 127.0.0.1.53 tcp 0 0 6.7.8 .9. 53 udp 0 0 127.0.0.1.123 udp 0 0 6.7.8 .9. 123 udp 0 0 *.123 *.* udp 0 0 *.65510 *.* udp 0 0 127.0.0.1.53 udp 0 0 6.7.8 .9. 53 *.* LISTEN *.* *.* LISTEN LISTEN *.* *.*... 0 0 c2129e40 stream 0 0 0 c20db500 0 0 c20db500 stream 0 0 0 c2129e40 0 0 c204cb40 stream 0 0 0 c20fdb00 0 0 c20fdb00 stream 0 0 0 c204cb40 0 0 c20fdc00 stream 0 0 0 c21 298 00 0 0 c21 298 00 stream 0 0 0 c20fdc00 0 0 c2026540 dgram /var/run/lo 0 0 0 c1fd80c0 0 c1f9c740 -> 0 0 0 c1fd80c0 0 c1fd80c0 dgram /var/run/log 0 0 cc32615c 0 c204c440 0 c1fd8300 dgram /var/chroot/na 0 0 cc3260b4 0 0 g g c1f9c740 dgram... of that range of addresses; then it can be filtered down to the specific address it’s intended for I might name my computer “My Computer, ” but there is no way for me to know how many other people named their computer “My Computer, ” so it would not work to try to send communications to “My Computer any more than addressing a letter simply to “Joe Smith” would get delivered properly With millions of hosts... “AUDiT” your systems by following these basic security steps to better ensure the company’s security: www.syngress.com 237 413_Sec101_AppB.qxd 238 10 /9/ 06 5:50 PM Page 238 Appendix B • Case Study: SOHO (Five Computers, Printer, Servers, etc.) Apply the latest patches to any systems This could be as simple as turning on Windows Auto Updater, or downloading the latest security patches for your favorite Linux . Desktop 413_Sec101_12.qxd 10 /9/ 06 4:41 PM Page 218 Part IV: Security Resources 2 19 413_Sec101_AA.qxd 10 /9/ 06 5:34 PM Page 2 19 413_Sec101_AA.qxd 10 /9/ 06 5:34 PM Page 220 Essential Network Communications Topics. State tcp 0 0 6.7.8 .9. 60072 221.132.43.1 79. 113 SYN_SENT tcp 0 0 6.7.8 .9. 25 221.132.43.1 79. 48301 ESTABLISHED tcp 0 120 6.7.8 .9. 22 24.7.34.163.1811 ESTABLISHED tcp 0 0 6.7.8 .9. 60124 67.46.65.70.113. Server tcp 0 0 6.7.8 .9. 60072 221.132.43.1 79. 113 SYN_SENT tcp 0 0 6.7.8 .9. 25 221.132.43.1 79. 48301 ESTABLISHED tcp 0 120 6.7.8 .9. 22 24.7.34.163.1811 ESTABLISHED tcp 0 0 6.7.8 .9. 60124 67.46.65.70.113