Alain_Kamanzi_N0730399

MSc, IT Security
Network & Cloud Security Report

June 09th, 2017

ALAIN KAMANZI

N0730399

1
Alain_Kamanzi_N0730399

Introduction
Linux can be defined as a Unix-based operating system which has been
developed by Linus Trovalds. Its development resulted from the
dissatisfaction of functionalities which were available in Unix system and
after the development of Linux, the operating system has been made free
available which made it one of the most popular operating system around
the world. The popularity of Linux resulted from its customizable
architecture due to the availability of its source code. This has made most of
the web hosting companies often use Linux on the servers because of how
the Linux-based servers might be less costly to setup and maintenance.
The cost effectiveness and efficiency of Linux operating system server
implementation caused it to be used by SME's in the business. However,
there is still a need of medium security countermeasures to implement to
protect the server which can be defined as the minimal security measures for
server protection. This paper will discuss the tools and techniques for ubuntu
server 14.04 security such as Nessus, Nmap, Snort, TCP wrapper, Tripwire,
Firewall, Uncomplicated firewall, Truecrypt, Password generator, OpenSSH,
Rootkit Hunter, Zenmap, User management and securing Filesystems. This
paper will also provide some minimal security countermeasures for SME's like
update and patches installation, the configuration of SSH Protocol, setup of
the firewall, filesystem configuration, boot load settings, fail2ban installation
and configuration, vulnerability scanning tools installation and configuration,
access control and backup scheduling. Lastly, this paper will demonstrate the
security implementation tools on the server in a virtual environment.
Tools and Techniques
Nessus
according to Toxen (2003), Nessus has been identified as one of the
strongest tools for scanning network for open ports and, most crucial the
vulnerabilities in those services. In addition, Im, et al (2016), show that
Nessus has basic functionalities for network scanning and the ability to
provide correct security countermeasures to discover and analyze the
substantive vulnerability of the network through 73555 plugins. This paper
shows that Nessus is a server-client based and it can be executed by
connecting to the server remotely. Similary, Vacca (2013), shows that Nessus
is one of the networking security tools used to scan for vulnerabilities and
even if this tool is free but it does not provide its source code. The
vulnerabilities scan is performed by looking at some number of information
about the hosts on the network like a version of the operating system, and
other applications which provide services on the network.

2
Alain_Kamanzi_N0730399

Nmap
Toxen (2003), shows that Nmap is a network mapper tool used to scan the
network, finding which IP addresses have nodes and the services associated
with which ports on those nodes. Apart from running on the internal network,
it might be running on the unrelated network to find how good is the firewall
performing, it might also be used to identify the node, its operating system,
and version of the operating system in on every node. This can be done by
sending many unusual IP packets and noting the responses. In addition,
Hoque, et al (2014), show that Nmap eases the network exploration and
security auditing purposes. In addition to security and auditing, Hoque et al,
discussed that Nmap can be used by network administrators on their daily
tasks like network- inventory maintenance, managing service upgrade
periods, and monitoring of hosts-Similarly, Vacca (2013), shows that Nmap
might be used to identify nodes on the network and the services running on
the nodes. As it can be seen, Nmap tool can also be used by the intruders to
scan the system for finding out if there might be some vulnerabilities that
would be taken into the advantage to attack the system.

Snort
Toxen (2003), shows that snort attack detector was developed to sniff the
network finding for patterns of known attacks and alerts the administrator.
These are recorded in a database of more than 500 attack signatures and
this database is always up-to-date, which helps in detecting the problems but
not in solving them because the snort detector acts as an intrusion
detection. In addition, Rosch (1999) defines snort as a libpcap-based packet
sniffer and logger which can be used as a less effect network intrusion
detection system. It acts in detecting a mixture of attacks and problems like
buffer overflows, SMB problems, stealth of port scans and much more. This
helps in real-time informing capability where alerts get sent to the Syslog,
server message block or different alert file. The snort detection system was
build using a simple language- that defines on each packet tests and actions
and its user-friendliness- facilitates and accelerates the building of new
exploitation detection rules. As it can be seen, although the database will be
always updated there might be a chance of a new attack to happen and if
there will be no record of such attack in the database to compare with, there
is a chance for the attack to be successful and at the present there are
different type of attacks targeting the database where the attacker can
modify it or even corrupt it and in such condition the snort attack detector
will not be able to perform the intended operations.

3
Alain_Kamanzi_N0730399

TCP wrapper
Welsh, et al (2002) show that TCP wrapper might be an effective tool which
wraps the existing service like the mail server, scanning the network
connections that are made to it and blocking connections from unauthorized
websites where the TCP Wrapper may act as a guard. This is done by
checking the source of the network connection using hostname or address
and examine the allowed access list. Once the source matches the entry list,
the wrapper allows the network connection access to the services. For
management of the services they can be done by using inetd depends on the
Linux distribution and configuration and TCP wrapper can be implemented
using a special daemon named tcpd. In addition, Fenzi (2004), shows that
before connecting any Linux system on the network, the important point to
consider would be the type of- services the system will offer and deactivate
the ones which are not going to be used. One of the ways to do this is to
browse into /etc/inetd.conf file and check the services offered by the inetd
and deactivate the ones which are not needed by commenting them out and
then send the inetd process a SIGHUP.

Tripwire
According to Fenzi (2004), one of the best ways to detect attacks on the
network systems might be running an integrity checker such as TripWire. This
integrity checker runs a sequence of checksum on all the crucial binaries and
config files and then compares them versus a database former, acts as a
reference. As result, any tamper in the files might be highlighted. Similarly,
Frisch (2002), shows that this tool is one of the best non-commercial
packages existed. Tripwire matches the present condition of the important
files and the repositories with their stored correct characteristics following
the criteria are chosen by the administrator and it can compare also all the
crucial file properties, and includes the capability to calculate file signature in
more distinct -methods. One of the methods is comparing file checksums
calculated using two distinct algorithms and this makes hard for a file to be
modified without any detection. As it can be seen, this tool can be very

4
Alain_Kamanzi_N0730399

useful to administrators and might help them in their daily basis tasks to
identify any change that would have been made into the system.

Firewall
According to Toxen (2003), firewalls provide another degree of security to
administer the connections made to services. This is done by using IP
filtering technique which involves having the kernel observing every network
packet that -is sent or received and deciding whether to accept it to pass or
deny it, or change it in some way before accepting it through. This technique
helps in protecting the system against some network-based attacks like
Denial of Service attacks, IP spoofing, and access control to which restrict
unauthorized users from gaining access to the system. Different generations
of IP filtering were presented according to Toxen, where Netfilter/iptables was
introduced as the latest generation. This was implemented in Linux kernels
2.4.0 and upwards with the tool of iptables which is included in all current
Linux versions. This tool allows configuration of a broader and complex range
of firewall commands and allows to make some changes to the netfilter
chains and rulesets where it offers the possibility of creating new chains,
erasing chains, listing the rules in the chain, flush chains and setting the
default action for the chain. In addition, Vugt (2008), shows that the crucial
part of each rule is the matching part. This can be done by using some
elements such as -o option to refer to an output interface and -i for input to
specify the network interface network to which the rule acts, -s or -d can be
used to refer to source or destination IP address, -p TCP used to refer to all
packets in which the transfer control protocol is used, --sport and –dport
would be used to refer to source port and destination port and these ones
are based on TCP or UDP ports.

Uncomplicated firewall (ufw)

Vugt (2008), shows that configuring the firewall with iptables may seem well
but complicated. This issue can be solved by using the uncomplicated
firewall for easy firewall management to avoid some errors which may result
in big problems like no incoming packet through. This effect does not mean
that uncomplicated firewall should replace the iptables and it is not intended
to provide a full firewall solution also, rather, to be used to easily to add and
removing rules to the firewall configuration. Similarly, Ubuntu (2016),
discussed that the uncomplicated firewall is the primary firewall tool for
Ubuntu, with the purpose of simplifying iptables configuration, and presently
used for host-based firewalls.

Truecrypt
Quan-xing (2010), shows that TrueCrypt is a system tool for creating and
maintaining an on-the-fly-encrypted disk. The on-fly-encrypted is the

5
Alain_Kamanzi_N0730399

automatic encryption and decryption of data on the disk before their loading
or saving without user participation. this results in restricting the decryption
of any data stored on the encrypted disk from being red without using the
correct password or keyfile or correct encryption keys. In addition, Roy (n.d),
shows that Truecrypt may encrypt and decrypts files as they might be
accessed within the available encryption space by using correct key or
password. These actions can be performed in different types of encryption
where three- types have been identified and each has its own pros and cos.
The first one is a virtual encrypted disk (VED) which has been considered as
the quickest and easiest encryption type to configure. This is done by
creating a file of a determined size just like as creating a hard drive but with
a disadvantage that it can get easily deleted and with another disadvantage
that the size of the virtual encryption disk is determined at in creation, this
may result in difficulties if we need to change the size. Secondly, it is a
partition and this type covers the encryption of the whole drive which makes
it complicated compared to virtual encrypted disk. This makes it harder to
delete the important files and there will be no worries about the size of the
disk as the whole disk would be encrypted and this can be considered as the
advantages of the drive encryption. However, the drive encryption- some
disadvantages of drive encryption is that it time-consuming to setup, it is not
possible to use it without a key due to the encryption of the drive, and if the
password is lost, it will not be possible to use the drive without losing the
data. The third type is the system encryption and this is only supported on
Windows operating systems. As it can be seen, the TrueCrypt tool might be
good security tool but it must be taken with care to avoid any loss of data
which might happen and it will be a good idea to always have a backup of
the drive in-case of deletion.

Password generator
according to Noite (n.d), the password generator (pwgen) tool might be the
easiest tool used for generating a password for users or administrator by
using the pwgen command. This command is used to generate a strong
password in the system by using the following syntax: pwgen [options]
[pw_length] [num_pw]. These options can be:
-c – for using capital letters.
-A – for not using capital letters.
- n – for using at least one digit number.
-0 – for not using numbers.
-y – for using special characters.
-s – for generating a special character.
-B – for non-identical characters in the password.
-c – for displaying passwords in columns.
-1 – for not displaying passwords in columns.
-v – for not using any vowel when generating passwords.
6
Alain_Kamanzi_N0730399

OpenSSH
according to Ubuntu (2016), OpenSSH might be considered as a powerful
combination tool for the remote control of, and data transferred between
connected computers. This is done by providing a server daemon and client
tools to help protect, encrypted remote control and file transfer operations.
Among these tools, the OpenSSH server component, sshd, listens repeatedly
-the client connections from any of the client tools and when a connection
request appears, sshd sets up the right connection according to the type of
the client tool. The OpenSSH when configured, it provides the SSH keys
which would be private/public key for allowing authentication among the
hosts without a need of a password. These keys must be created on the
server and client side, then copying the key of the client to the server. The
keys might be generated by using different syntax like ssh-keygen tool.
Some of the security techniques might be used in Linux to confuse a port
scanner. According to Binnie (2016), the kernel-based firewall Netfilter might
be the best tool to use in confusing some sophisticated port scanning tools.
This can be done on TCP packets by modifying how you respond to port
exploit by using Iptables in generating a REJECT request and for some other
protocols, it can simply be done by applying a DROP the packets. This may
result in closed and not filtered as the response to Nmap- when scanning the
ports which can be considered as the best response because the system is
not accepting that any port has been blocked by a firewall or just open
because a daemon might be running behind it. This technique helps in
assuring that- the necessary information is not being given away by using -j
REJECT—reject-with TCP-reset.

RootKit Hunter
A rootkit hunter tool is used as one of the techniques used to detect some
local exploits. Binnie (2016), show that rootkit hunter can be a good tool for
Linux applications used for scanning backdoors, rootkits and local exploit on
the local system including the hidden files, wrong permissions that might be
set to binaries and some suspicious strings in the kernel and this can be
performed on a regular period depends on the settings. This action might
help in generating the status report of the system and it can be received in a
real-time by sending it to the email. This can be done by configuring the
email address inside the config file by uncommenting the following lines and
adjusting them depending on the needs of the administrator.
#MAIL-ON-WARNING=me@mydomain root@mydomain
#MAIL_CMD=mail -s "[rkhunter] Warnings found for ${HOST_NAME}
These line by uncommenting them, the first one specifies the destination of
the reports and multiple might be separated by a space, and the last line

7
Alain_Kamanzi_N0730399

plays with the mail command and the subject for the email report sent the
destination addresses.

Zenmap
Some network scanning tools offer the user graphical interface also in Linux
to be used. Binnie (2016), shows that Zenmap tool is a graphical user
interface for Nmap and suitable for all types level of users because of its
integrated command creator in assisting for making up some complicated
commands with the capability of performing historical searching in the
database. This tool provides also a feature of in which you can run a diff and
then compare two different scan results as the effect of finding out what
happened between and now. As it can be seen, this can be a good tool for
administrators for security purposes due to how it offers a functionality of
comparing different report scans that might be performed and easy to use
because of its user graphical interface.

User management
User management is one of the security techniques used in Linux systems.
Vugt (2008), shows that configuration of users and groups might be a crucial
part of securing a server as most of the security is bound to them. This can
be done by creating users using useradd command or by using another
approach of adding users manually into relevant configuration files in editing
them, but this second option is not recommended as it might restrict users
log into the server if any mistake is made. The useradd command is used
with -m option for creating the directory of the specified user for ease-
storage of user's files, -c comment for adding any comment, -e date to set
the user's automatic expiration time, -G groups for making the user a
member of a group, and -g gid for setting the primary group of the user.
Similarly, Christopher (2015), shows that appropriate user account
management might increase the security of the system where- only one user
should have one account, setting the expired date for temporary users, and
removing inactive accounts.

Limiting Root user account

Root user account should be limited from avoiding repudiation situation.
Christopher (2015), shows that it might be a good technique in giving root
access on the per-command basis with the sudo syntax to allow tracking of
root account usage by users. This helps in every sudo use being recorded
in /var/log/secure and all unsuccessful sudo access trials are logged, the file
should be sent to a remote log server to avoid any user with administrative
privileges from changing it and any misuse of root authorization would be
bound to a given user in which it might not be possible to cover the tracks.
As it can be seen, it is a good idea to restrict access to root user account

8
Alain_Kamanzi_N0730399

from other users as this grant the full system privileges, to avoid any
misbehavior in the system and keep tracking users actions in the system, it
is better to restrict it. It is also useful for not using a root user account on
everyday tasks because it might be easy if any mistake is committed to
result in dangers.

Securing the filesystems using access control list

According to Christopher (2015), shows that another part of securing a Linux
system is setting up an appropriate file system security. With the access
control list, the user may grant other users read, write, execute files and
directories without letting those filesystem elements fully open or asking for
the root user to modify the user or group attached to them. The access
control list on any directory or file must be set by real owner attached to it.
As it can be seen, the access control list can be one of the useful security
techniques as in organization there might be a need for resource sharing in
the organization. However, there might be a mistake assigning a permission
to a wrong user and this may breach the confidentiality or integrity of the
organization's information.

Server Security Recommendations

Updates and patches installation

CIS (2015), suggests that on a routine basis, patches are released for the
installed system due to some security bugs or additional functions and latest
patches might contain improvements which might not be available in the
currently installed system. As a solution, it is recommended that the new
patches should be used as they might provide additional functionalities but it
is the organization's responsibility to determine whether a given update
meets their requirements and check the compatibility and supportability of
any added application versus the update version that is chosen. Some
commands might be used to check if there is any available update by using
# apt-get update and # apt-get --just-print upgrade and for installation of
the packages, commands like # apt-get upgrade might be used. As it can be
seen, it is not a good practice to set automatic updates and upgrades as this
may result in some problems if -the installed updates are incompatible or not
meeting the organization requirements and the infrastructure.

Setting the security of SSH protocol

Cabak, Gazivoda, and Krstajic (2016), shows that the easiest way to raise the
level of securing a server might be to protect the SSH protocol. This can be
done by disabling the root user account in parallel with changing the
standard port. Changing the port number can be done by editing the SSH
.cfg file on the site: #nano /etc/ssh/ssh_dconfig, port <port number should
9
Alain_Kamanzi_N0730399

be less than 1024> and after editing the following command should be
executed # /etc/init.d/ssh restart. The issue of changing port number should
not be ignored as this may result in exposing the server to the attackers
because the standard port is already known, it is important to change it for
the sake of minimizing the risk.

Firewall setup
Cabak, Gazivoda, and Krstajic (2016), shows that the basic steps in securing
a server are by activating the firewall and configuration on the server. The
Ubuntu firewall uses iptable rules which might seem to be complicated but
by using the uncomplicated firewall could ease the procedures of creating
firewall rules on the Linux server. Some of the following commands might be
used for enabling and configuring the uncomplicated firewall:
# ufwenable: for activating the uncomplicated firewall
# ufw allow 80/tcp: for opening port 80 on the webserver,
# ufw allow proto tcp to any port 33400:33444: used to specify the range
ports that will needed to be accessible when using the internet.
# ufw allow from [ip address] any port 5666 proto tcp: this rule can be used
in case there is a known client and receiver port to access the server. As it
can be seen, it is important to implement the firewall as this may help in
securing the server by managing the incoming and outgoing connections on
the server.

Filesystem configuration
Cis (2015), suggests that the directories in which are often used could be
protected by putting them on separate partitions. This may protect resources
from draining and allows the use of mounting functions which are applied to
the directory’s intended use. These directories may not contain any software
for system operation rather, being used by users. Creating directives can be
done during the installation or post installation. As it can be seen, it might be
a task that needs attention due to the consequence which may- result in the
post installation like losing data, it is advised to perform a backup before
creating partitions.

Securing boot settings

Cis (2015), suggests that securing boot should be done by setting users,
rights on the boot loader, setting password to the boot loader, and request
authentication for single-user mode. Setting the owner and groups to root
may restrict non-root users from modifying the file, granting rights to read
and write for root users may restrict non-root users from viewing the boot
settings or modifying them because non-root users who view the boot
settings might be able to locate security vulnerabilities upon the boot and
even take advantage of them for exploitation. Setting password of the boot
loader may restrict unauthorized users from putting boot parameters or
10
Alain_Kamanzi_N0730399

modifying the boot partition. This results in restricting users from decreasing
security such as deactivating SELinux at booting time. Requesting
authentication in single user mode restricts non-root users from restarting
the application into single user to get root rights without privileges. It is
important to secure the boot loader as this may result in unavailability of the
service if any user might be able to reboot the system.

Installing and configuring Fail2ban tools

Cabak, Gazivoda, and Krstajic (2016), shows that even if the server might be
protected by rules determined in the firewall, there might still be a chance to
get attacked by the attackers using some open ports used by the ports. This
issue can be solved by installing a Fail2ban tool on the server for preventing
some attacks such as brute force attack where incase this attack occurs, the
Fail2ban tool will block the intruder's IP address by changing the firewall
rules automatically. As it can be seen, the only way of staying fully protected
is staying off the internet and this is the reason why some additional tools
like Fail2ban might be useful to assist the firewall.

Vulnerability scanning tools

It is important to install some vulnerability scanning tools such as Nessus or
Nmap and schedule regular scanning. This might help in identifying some
weakness that might be residing in the system such as open ports which
might not even be used and it is advised to close all the unused ports as they
can be used by the attackers to attack the server.

Access Control
Granting the users, the least access to the resources. All the users must have
the appropriate privileges needed to perform their routine tasks not giving
them more than the rights they need, as this may result in user’s
misbehaving and tamper some file systems.

Backup Scheduling
It is a good advice to perform a backup on a regular basis to prevent the loss
of data in case of any disaster and in the case of any miscellaneous action
that could happen to the server. The best advice is to schedule an automatic
backup and store it on a remote drive.

Demonstration of Server security tools

11
Alain_Kamanzi_N0730399

Figure 1. IP change
The figure 1 shows the changes of the IP address from 10.0.2.25 to
10.0.10.100

Figure 1.0 Scanning

The figure above shows the vulnerability scanning results from Nmap where
most of the ports are open and this may expose the server to the attackers.

12
Alain_Kamanzi_N0730399

Figure 1.1 Scanning

The figure above shows the results of scan by using ClamAv tool and the
some known viruses were detect.

Figure 1.2. iptables.

The above picture shows that there is no rule which has been defined on the
server, and this makes it more vulnerable.

13
Alain_Kamanzi_N0730399

Figure 1.3 Enabling firewall

The figure above shows the activation of a uncomplicated firewall for
monitoring to be able to add rules.

Fig.1.5 Running updates

The above screen shot shows the installation update as this is one of the
basic security measures because most of the updates are for security.

14
Alain_Kamanzi_N0730399

Fig 1.6 Installing SSH

The figure above shows the installation of of SSH for protecting the remote
connection to the server.

Fig 1.7 changing port 22 to 902 for security purposes

The above picture shows the changes of standard port used by ssh which is
port 22 to 902 so that it won’t be used by the attackers.

15
Alain_Kamanzi_N0730399

Fig 1.8 specifying hosts which will be accessing the server

The above picture shows the how to specify the hosts IP address that will be
accessing the server.

Fig 1.9 Private/Public key generation

16
Alain_Kamanzi_N0730399

Fig 2. Disabling the Ctrl+Al+Del by commenting the exec line.

This will protect the server from being rebooted by the user as it may result
in unavailability of service offered by the server.

Fig 2.0 Blocking ports 22, 993, 143, 139/tcp

This figure shows the rules added to disable some tcp ports.

17
Alain_Kamanzi_N0730399

Fig 2.1 Port status changed to drop

Conclusion
To summarize, this paper has discussed about tools and techniques security
used in Ubuntu 14.04. most of these tools are free available in ubuntu
operating system and ease to use which might be effective to SME’s
business companies. This paper has also suggested some solution to raise
the level of security of ubuntu server which some of them might require
some technical skills but enhance the organization’s protection. Lastly, this
paper has demonstrated the tools that were used to secure the server and
perform the test.

18
Alain_Kamanzi_N0730399

References

Binnie, C., 2016. Linux Server Security Hack and Defend. Indianapolis, IN
46256. John Wiley & Sons, Inc. Available at: http://educacion-
holistica.org/notepad/documentos/Informatica/Software/Linux/Linux
%20Server%20Security%20-%20Hack%20and%20Defend.pdf [Accessed 20
May 2017].

Cabak, M., et al., 2016. Security Recommendation for an Ubuntu Server-

based System. Available at:
https://services.geant.net/sites/cbp/Knowledge_Base/Security/Documents/cb
p-38_security_recommendation_for_ubuntu_server_based_systems.pdf
[Accessed 20 May 2017].

Cis. 2015. Ubuntu 14.04 LTS Server Benchmark [online]. Available at:
https://benchmarks.cisecurity.org/tools2/linux/CIS_Ubuntu_14.04_LTS_Server_
Benchmark_v1.0.0.pdf [Accessed 20 May 2017].

Davies, A., 2014. A Security Analysis of TrueCrypt: Detecting hidden

volumes and operating systems [online]. MSc, Thesis. Royal Holloway,
University of London. Available at:
https://www.ma.rhul.ac.uk/static/techrep/2014/RHUL-MA-2014-10.pdf
[Accessed 20 May 2017].

Fenzi, K., 2004. Linux security HowTo. Available at:

http://www.tldp.org/HOWTO/pdf/Security-HOWTO.pdf [Accessed 20 May
2017].

Frisch, A., 2002. Essential System Administration: Tools and Techniques for
Linux and Unix Administration. 3rd ed. USA. O’ Reilly Media, Inc. Available
at: https://books.google.co.uk/books?
hl=en&lr=&id=uRW8V9QOL7YC&oi=fnd&pg=PT7&dq=linux+secu
rity+tools&ots=TDhsH0gAld&sig=3-
2ldMgzUHZCsVRMsi4IARubgiw#v=onepage&q=linux%20security
%20tools&f=false [Accessed 20 May 2017].

Hagen, W.V., 2007. Linux Bible. United States of America: Wiley Publishing,
Inc.

Hoque, N., 2013. Network attacks: Taxonomy, tools and systems. Journal of
Network and Computer Applications [online], 40 (2014), 307-324. Available
at: IEEXplore.

19
Alain_Kamanzi_N0730399

Im, S.Y., et al., 2016. Performance Evaluation of Network Scanning Tools with
Operation of Firewall. In: Eighth International Conference on Ubiquitous and
Future Networks (ICUFN). Pp, 876 - 881, DOI: 10.1109/ICUFN.2016.7537162.
Negus, C. 2015. Linux bible. 9th ed. Indianapolis, Indiana. John Wiley & Sons,
Inc. Available at: http://ebookcentral.proquest.com/lib/ntuuk/reader.action?
docID=1895205 [Accessed 20 May 2017].

Noite. N.d. Linux intermediate advanced password change and management.

Available at: https://books.google.co.uk/books?
id=HUe1CwAAQBAJ&pg=PP6&dq=pwgen+linux&hl=en&sa=X&ved=0ahUKE
wjkur7ft6bUAhWSfFAKHXhtCkcQ6AEILTAB#v=onepage&q=pwgen
%20linux&f=false [Accessed 20 May 2017].

Quan-xing, M., 2010. Research and analysis on encryption principle of

Truecrypt software system. In: The 2nd International Conference on
Information Science and Engineering. Pp,
1409 - 1412, DOI: 10.1109/ICISE.2010.5691392.

Roesch, M., 1999. Snort light weight intrusion detection for networks. In: 13th
Systems Administration Conference, Seattle, Washington, USA, November 7–12,
1999. Pp, 229-238.

Roy, L., n.d. Secure Your Files with TrueCrypt [online]. Available at:
http://iphone.vvara.org/computer/pdf/computer_how_to_guides/MakeUseOf.c
om_-_Lockdown_Encryption_TrueCrypt.pdf [Accessed 20 May 2017].

Toxen, B., 2001. Linux security intrusion prevention, detection, and recovery.
New Jersey: Prentice HallPTR, Prentice-Hall Inc.

Ubuntu. 2016. Ubuntu server guide. Available at:

https://help.ubuntu.com/lts/serverguide/serverguide.pdf [Accessed 20 May
2017].

Vacca., J.R., 2013. Computer and information security cookbook. 2nd edition.
USA. Steve Elliot. Available at: https://books.google.co.uk/books?
hl=en&lr=&id=zb916YOr16wC&oi=fnd&pg=PP1&dq=linux+security+tools&
ots=PRiIgLtW2A&sig=LbDlI-ehPriJClB611EV_MhTXYU#v=onepage&q=linux
%20security%20tools&f=false [Accessed 20 May 2017].

Vugt, S.V., 2008. Beginning Ubuntu LTS Server Administration. [online]. 2nd
ed. United States of America. Available at: http://index-of.es/OS/Beginning
%20Ubuntu%20LTS%20Administration.From%20Novice%20to
%20Professional.2%20ed.Apress%5BENG,2008%5D.pdf [Accessed 20 May
2017].
20
Alain_Kamanzi_N0730399

Welsh, M., et al., 2003. Running Linux. 4th ed. United States of America:
O’Reilly Media, Inc.

21