Computer Security: Principles And Practice

2y ago
93 Views
8 Downloads
274.01 KB
51 Pages
Last View : Today
Last Download : 2m ago
Upload by : Baylee Stein
Transcription

Computer Security: Principles andPracticeChapter 23 – Linux SecurityEECS 710Professor: Dr. Hossein SaiedianPresented by Ankit Agarwal1

Outline IntroductionLinux Security ModelLinux File-System SecurityLinux VulnerabilitiesLinux System HardeningApplication SecurityMandatory Access Controls2

Introduction Linux – Unix like computer OS that uses Linux kernelcreated by Linus Torvalds in 1991evolved into a popular alternative to Win and MAC OShas many features and applications––– desktop and server OS, embedded systemshence wide variety of attacks possiblevarious security tools availableit uses Discretionary Access Control ModelMandatory Access Controls implemented––to make up for DAC shortcomingsSELinux and Novell AppArmor3

Outline IntroductionLinux Security ModelLinux File-System SecurityLinux VulnerabilitiesLinux System HardeningApplication SecurityMandatory Access Controls4

Linux Security Model Traditional security model––people or processes with “root” privileges can do anythingother accounts can do much less Goal of hackers – to gain root privilege Linux can be run robust and secure–– many system admins. fail to use the security featuresadd-on tools like sudo and Tripwire availableCrux of the problem – Discretionary Access Control5

Linux Security Transactions6

Outline IntroductionLinux Security ModelLinux File-System SecurityLinux VulnerabilitiesLinux System HardeningApplication SecurityMandatory Access Controls7

Linux File System In Linux everything is a file I/O to devices is via a “special” file– have other special files like named pipes– e.g. /dev/cdrom points to /dev/hdb which is a special filea conduit between processes / programssince almost everything a file – security very important8

Users and Groups Users and Groups are not filesusers––– someone or something capable of using filescan be human or processe.g. lpd (Linux Printer Daemon) runs as user lpgroups––––list of user accountsuser’s main group membership specified in /etc/passwduser can be added to additional group by editing /etc/groupcommand line - useradd, usermod, and userdel9

Understanding /etc/passwdandy:x:1021:1020:EECS stud:/home/andy:/bin/bash1 21.2.3.4.5.6.7.34567username: Used when user logs in. It should be between 1 and 32 characters inlength.password: An x character indicates that encrypted password is stored in/etc/shadow file.user ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reservedfor root and UIDs 1-99 are reserved for other predefined accounts. UID 100-999are reserved by system for administrative and system accounts/groups.group ID (GID): The primary group ID (stored in /etc/group file)user ID Info: The comment field. Allows you to add extra information about theusers such as user's full name, phone # etc. This field used by finger command.home directory: The absolute path to the directory the user will be in when theylog in. If this directory does not exists then users directory becomes /command/shell: The absolute path of a command or shell (/bin/bash). Typically,this is a shell. Please note that it does not have to be a shell.10

Snapshot of /etc/groupEECS710:x:1020:andy,wozniak11.2.3.4.2 34group name: Name of grouppassword: Generally password not used, hence it isempty/blank. It can store encrypted password. Usefulto implement privileged groupsgroup ID (GID): Group ID must be assigned to everyusergroup List: List of user names of users who aremembers of the group. The user names must beseparated by commas11

File Permissionsevery file or folder in Linux has three types of accesspermissions –permission defined by three types of users – read (r), write (w), execute (x) accessowner of file, group that owner belongs to, others-rw-rw-r-- 1 maestro user 35414 Mar 2501:38 baton.txt(Example from text)command line - chmod12

Directory Permissions permissions on folders work slightly differently chmod g rx extreme casseroles ls -l extreme casserolesdrwxr-x--- 8 biff drummers 288 Mar 2501:38 extreme casseroles(Example from text)13

Difference between File and DirectoryPermissionsAccess TypeFileDirectoryReadIf the file contents can bereadWriteIf user or process can write If user or process can changeto the file (change itsdirectory contents somehow:contents)create new or delete existingfiles in the directory or renamefiles.ExecuteIf the file can be executed14If the directory listing can beobtainedIf user or process can access thedirectory, that is, go to it(make it to be the currentworking directory)

Sticky Bit used to trigger process to “stick” in memory or lock filein memory– currently used on directories to suppress deletion offile that is owned by others– usage now obsoleteother users cannot delete even if they have write permissionschmod command with t flag, e.g.chmod t extreme casseroles (Example from text) directory listing includes t or T flagdrwxrwx--T 8 biff drummers 288 Mar 25 01:38extreme casseroles(Example from text) the permissions are not inherited by child directories15

SetUID and SetGID setuid bit means file when executed runs withthe same permissions as the owner of the file setgid bit means file when executed runs as amember of the group which owns it are very dangerous if set on file owned by rootor other privileged account or group–only used on executable files, not on shell scripts16

SetGID and Directories setuid has no effect on directories setgid does and causes any file created in adirectory to inherit the directory's group useful if users belong to other groups androutinely create files to be shared with othermembers of those groups17

Numeric File Permissions read (r) 4write (w) 2execute (x) 1drwxr-x--- 8 biff drummers 288Mar 25 01:38 extreme casseroles(Example from text)18

Kernel Space and User Space Kernel space– User space– refers to memory used by the Linux kernel and itsloadable modules (e.g., device drivers)refers to memory used by all other processessince kernel enforces Linux DAC, important toisolate kernel from user––so kernel space never swapped to diskonly root may load and unload kernel modules19

Linux Vulnerabilities Default Linux installations (unpatched andunsecured) have been vulnerable to––––––buffer overflowsrace conditionsabuse of programs run “setuid root”Denial of Service (DoS)web application vulnerabilitiesrootkit attacks20

Outline IntroductionLinux Security ModelLinux File-System SecurityLinux VulnerabilitiesLinux System HardeningApplication SecurityMandatory Access Controls21

setuid root Vulnerabilities A setuid root program is a root-owned program– unprivileged users can gain access to unauthorizedprivileged resourcesmust be very carefully programmedsetuid root programs necessary– runs as root no matter who executes ite.g. to change passworddistributions now do not ship with unnecessary setuidroot programssystem attackers still scan for them22

Web Vulnerabilities a very broad category of vulnerabilities when written in scripting languages–– not as prone to classic buffer overflowscan suffer from poor input-handling, XSS, SQL code injectionetc.Linux distributions ship with few “enabled-by-default”web applications–E.g. default cgi scripts included with Apache Web server23

Rootkits if successfully installed before detection, it is verydifficult to find and removeoriginally began as collections of hacked commands– now use loadable kernel modules (LKMs)–– intercepts system calls in kernel-spacehides attacker from usereven LKMs not completely invisible– hiding attacker’s files, directories, processesmay be able to detect with chkrootkitgenerally have to wipe and rebuild system24

Outline IntroductionLinux Security ModelLinux File-System SecurityLinux VulnerabilitiesLinux System HardeningApplication SecurityMandatory Access Controls25

Linux System Hardening this is done at OS and application levelgeneralized steps to Linux System Hardening––––––––––preliminary Planningphysical System Securityoperating System Installationsecuring Local File Systemsconfiguring and Disabling Servicessecuring the root accountuser Authentication and User Account Attributessecuring Remote Authenticationsetup Ongoing System Monitoringbackups26

OS Installation security begins with O/S installationwhat software is run– generally should not run:– unused applications liable to be left in default, un-hardenedand un-patched stateSMTP relay, X Window system, RPC services, R-services, inetd,SMTP daemons, telnet etcsetting some initial system s/w configuration:–––––setting root passwordcreating a non-root user accountsetting an overall system security levelenabling a simple host-based firewall policyenabling SELinux27

Patch Management installed server applications must be:–– configured securelykept up to date with security patchespatching can never win “patch rat-race”have tools to automatically download andinstall security updates––e.g. up2date, YaST, apt-getshould not run automatic updates on changecontrolled systems without testing28

Network Access Controls network a key attack vector to secureLibwrappers & TCP wrappers a key tool tocheck access–tcpd before allowing connection to service, checks controls defined in /etc/hosts.allowcontrols defined in /etc/hosts.denyusing iptables for “Local Firewall” Rules Use strong net filter commonly referred to as iptablesInbuilt functionality in Linux29

Antivirus Software historically Linux not as vulnerable to viruseswindows targeted more due to popularityprompt patching of security holes more effectivefor wormsviruses abuse users privilegesnon-privileged user account– less scope of being exploitedgrowing Linux popularity means growing exploitshence antivirus software will be more important–various commercial and free Linux A/V30

User Management guiding principles in user-account security:––– be careful setting file / directory permissionsuse groups to differentiate between rolesuse extreme care in granting / using root privilegespassword aging–––maximum and minimum lifetime for user passwordsglobally changed in /etc/login.defsto change password settings for existing users command line - change31

Root Delegation “su” command allows users to run as root––– use su with –c flag to allow you to run a command instead of anentire shell as rootmust supply root passworddrawback: many people will know root passwordSELinux RBAC can limit root authority but it’s complex“sudo” allows users to run as root–––but only need users password, not root passwordsudoers defined in /etc/sudoers fileopen and configure the sudoers file using ‘visudo’32

Logging Linux logs using syslogd or Syslog-NG– Syslog-NG preferable because it has:––– writes log messages to local/remote log filesvariety of log-data sources / destinationsmuch more flexible “rules engine” to configurecan log via TCP which can be encryptedchange default logging settings on bothlog files careful management––balance number and size of log filesrotate log files and delete old copies - logrotate33

Outline IntroductionLinux Security ModelLinux File-System SecurityLinux VulnerabilitiesLinux System HardeningApplication SecurityMandatory Access Controls34

Application Security a large topicmany security features are implemented insimilar ways across different applicationssub-topics covered–––––running as unprivileged user/grouprunning in chroot jailmodularityencryptionlogging35

Running As Unprivileged User/Group every process “runs as” some userextremely important user is not root– may need root privileges, e.g. bind port–– since any bug can compromise entire systemhave root parent perform privileged functionbut main service from unprivileged childuser/group used should be dedicated–easier to identify source of log messages36

Running in chroot Jail chroot confines a process to a subset of /––maps a virtual “/” to some other directorydirectories outside the chroot jail aren’t visible orreachable at all contains effects of compromised daemon complex to configure and troubleshoot37

Modularity applications running as a single, large,multipurpose process can be:––– hence modularity a highly prized feature– more difficult to run as an unprivileged userharder to locate / fix security bugs in sourceharder to disable unnecessary functionalityproviding a much smaller attack surfacecf. postfix vs sendmail, Apache modules38

Encryption sending logins & passwords or application dataover networks in clear text exposes them tovarious network eavesdropping attackshence many network applications now supportencryption to protect such data– SSL and TLS protocols in OpenSSL library usedmay need own X.509 certificates to use––can generate/sign using openssl commandmay use commercial/own/free CA39

Logging applications can usually be configured to log toany level of detail (debug to none) centralized logging using (e.g. syslog) can beused for consistency must ensure there is some form of loggingmanagement as discussed before like rotating40

Mandatory Access Controls Linux uses a DAC security modelMandatory Access Controls (MAC) imposes a globalsecurity policy on all users––– users may not set controls weaker than policynormal admin done with accounts without authority to changethe global security policybut MAC systems have been hard to manageNovell’s SuSE Linux has AppArmorRedHat Enterprise Linux has SELinux“pure” SELinux for high-sensitivity, high-security41

Outline IntroductionLinux Security ModelLinux File-System SecurityLinux VulnerabilitiesLinux System HardeningApplication SecurityMandatory Access Controls42

SELinux is NSA's powerful implementation of MAC for Linux– Complicated – can be time-consuming to configure,troubleshootLinux DACs still applies, but if it allows the actionSELinux then evaluates it against its own securitypolicies"subjects" are always processes (run user cmds)actions are called "permissions”objects not just files & directories include processesand other system resourcesSELinux manages complicacy by doing the following:––"that which is not expressly permitted, is denied”by grouping subjects, permissions, and objects43

Security Contexts each individual subject & object in SELinux is governedby a security context being a:–user - individual user (human or daemon) –role - like a group, assumed by users – SELinux maintains its own list of usersuser labels on subjects specify account's privilegesuser labels on objects specify its ownera user may only assume one role at a time,may only switch roles if and when authorized to do sodomain (type) - a sandbox being a combination of subjects andobjects that may interact with each otherthis model is called Type Enforcement (TE)44

Decision Making in SELinux two types of decisions:–access decisions –when subjects do things to objects that already exist, or createnew things in expected domaintransition decisions invocation of processes in different domains than the one in whichthe subject-process is runningcreation of objects in different types (domains) than their parentdirectoriestransitions must be authorized by SELinux policy45

RBAC and MLS Controls have Role Based Access Control (RBAC)–– rules specify roles a user may assumeother rules specify circumstances when a user maytransition from one role to anotherMulti Level Security (MLS)–based on Bell-LaPadula (BLP) model –“no read up, no write down”MLS is enforced via file system labeling46

SELinux Policy Management creating and maintaining SELinux policies iscomplicated and time-consuminga single SELinux policy may consist of hundredsof lines of textRHEL has a default “targeted” policy–– defines types for selected network appsallows everything else to run with only DAC controlshave a range of SELinux commands–see references at end of chapter for details47

Novell AppArmor Novell’s MAC implementation for SuSE Linux– restricts behavior of selected applications in avery granular but targeted way––– built on top of Linux Security Moduleshence a compromised root application's access willbe containedhas no controls addressing data classificationhence only a partial MAC implementationnon-protected apps just use Linux DAC48

Summary reviewed Linux security model and DACLinux vulnerabilitiesLinux System Hardening– O/S and application hardeningMAC, SELinux and AppArmor49

Questions?50

References Stallings, W., Brown, L., Computer Security: Principlesand Practice, Upper Saddle River, NJ: Prentice Hall,2008 Unix System Hardening Checklist, Accessed Dec 8,2008, den list.htm www.LinuxSecurity.com51

Chapter 23 – Linux Security. 2 Outline Introduction Linux Security Model Linux File-System Security Linux Vulnerabilities Linux System Hardening Application Security Mandatory Access Controls. 3 Introduction Linux –Unix like computer OS that uses Linux kernel created by LinusTorvaldsin 1991 evolved into a popular alternative to Win and MAC OS has .

Related Documents:

3 CONTENTS Notation 10 Preface 12 About the Author 18 PART ONE: BACKGROUND 19 Chapter 1 Computer and Network Security Concepts 19 1.1 Computer Security Concepts 21 1.2 The OSI Security Architecture 26 1.3 Security Attacks 27 1.4 Security Services 29 1.5 Security Mechanisms 32 1.6 Fundamental Security Design Principles 34 1.7 Attack Surfaces and Attack Trees 37

Computer Science Principles v1.0 Page 9 of 64 Scalable Game Design . Scalable Game Design and Computer Science Principles . Scalable Game Design offers a strong method of teaching many of the Computer Science Principles. 1, even for teachers who may not feel ready to teach the AP Computer Science course.

AP Biology Practice Tests 2 2020 2020 Practice Tests . AP Calculus AB Practice Tests ; 2 2020 . 2020 . Practice Tests . AP Calculus BC Practice Tests 2 2020 2020 . Practice Tests . AP Chemistry Practice Tests . 2 2020 . 2020 : Practice Tests AP Computer Science 2 2019 2020 Practice Tests . AP English Language and Composition Practice Tests : 2 2020

computer security Security Management: Risks, Policies, and Ethics First principles of cyber security Introduction to cryptography Data security and privacy OS security Software security Network security Cybersecurity practice Hands-on labs OS and network hardening Cyber Defense Competition 8

International Principles on the Application of Human Rights to Communications Surveillance (The Necessary and Proportionate Principles), the Johannesburg Principles on National Security, Freedom of Expression and Access to Information, the Global Principles on National Security and the Right to Information (Tshwane Principles), the Revised .

Principles of Information Security, Fourth Edition 4. The 1970s and 80s (cont’d.) Information security began with Rand Report R-609 (paper that started the study of computer security) Scope of computer security grew from physi

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 24 – Windows and Windows Vista Security. . zv

Cambridge IGCSE ACCOUNTING 0452/22 Paper 2 May/June 2020 MARK SCHEME Maximum Mark: 120 Published Students did not sit exam papers in the June 2020 series due to the Covid-19 global pandemic. This mark scheme is published to support teachers and students and should be read together with the question paper. It shows the requirements of the exam. The answer column of the mark scheme shows the .