LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►

Slides:

Advertisements

Similar presentations

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Advertisements

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.

Access Control Chapter 3 Part 3 Pages 209 to 227.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

Chapter One The Essence of UNIX.

Active Directory: Final Solution to Enterprise System Integration

1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.

Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.

Guide To UNIX Using Linux Third Edition

G Robert Grimm New York University Protection and the Control of Information Sharing in Multics.

C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.

Linux Security.

Module 8: Implementing Administrative Templates and Audit Policy.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Chapter 4 Windows NT/2000 Overview. NT Concepts  Domains –A group of one or more NT machines that share an authentication database (SAM) –Single sign-on.

Web Servers Web server software is a product that works with the operating system The server computer can run more than one software product such as .

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Csci5233 Computer Security1 Bishop: Chapter 27 System Security.

Authenticating Users Chapter 6. Learning Objectives Understand why authentication is a critical aspect of network security Describe why firewalls authenticate.

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Designing Active Directory for Security

Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.

Module 7: Fundamentals of Administering Windows Server 2008.

1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.

SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.

Secure Operating Systems Lesson C: Linux Security Features.

Designing Authentication for a Microsoft Windows 2000 Network Designing Authentication in a Microsoft Windows 2000 Network Designing Kerberos Authentication.

1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.

Chapter Two Clients and Servers: Who’s the Boss?.

Access Control. What is Access Control? The ability to allow only authorized users, programs or processes system or resource access The ability to disallow.

Operating System What is an Operating System? A program that acts as an intermediary between a user of a computer and the computer hardware. An operating.

April 09, 2008 The Demilitarized Zone as an Information Protection Network, By Parvathy Subramanian 1 The Demilitarized Zone as an Information Protection.

Operating System Security Fundamentals Dr. Gabriel.

CE Operating Systems Lecture 21 Operating Systems Protection with examples from Linux & Windows.

Guide to MCSE , Second Edition, Enhanced1 The Windows XP Security Model User must logon with: Valid user ID Password User receives access token Access.

NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For.

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Chapter 10 Chapter 10: Managing the Distributed File System, Disk Quotas, and Software Installation.

Chapter 10: Rights, User, and Group Administration.

14.1/21 Part 5: protection and security Protection mechanisms control access to a system by limiting the types of file access permitted to users. In addition,

1 Linux Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Module 10: Implementing Administrative Templates and Audit Policy.

SCSC 455 Computer Security Chapter 3 User Security.

COSC573 Instructor: Professor Anvari Student:Shen Zhong ID#: Summer semester,1999 Washington.D.C.

Fall 2008CS 334: Computer SecuritySlide #1 Design Principles Thanks to Matt Bishop.

June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #13-1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe.

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

1 Chapter 12: Design Principles Overview –There are principles for many kinds of design Generally, a design should consider: Balance, Rhythm, Proportion,

June 1, 2004© Matt Bishop [Changed by Hamid R. Shahriari] Slide #13-1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe.

Slide #13-1 Design Principles CS461/ECE422 Computer Security I Fall 2008 Based on slides provided by Matt Bishop for use with Computer Security: Art and.

1 Design Principles CS461 / ECE422 Spring Overview Simplicity  Less to go wrong  Fewer possible inconsistencies  Easy to understand Restriction.

Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.

Course : PGClass : MCA Subject: Operating SystemSub.Code : 3CT11 Staff Name : S.SomasundaramYear & Sem : II nd & III rd.

Radius, LDAP, Radius used in Authenticating Users

IS3440 Linux Security Unit 3 User Account Management

Chapter 27: System Security

SECURITY IN THE LINUX OPERATING SYSTEM

PLANNING A SECURE BASELINE INSTALLATION

Design Principles Thanks to Matt Bishop 2006 CS 395: Computer Security.

Presentation transcript:

LINUX Presented By Parvathy Subramanian

April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ► Basic history of Linux ► Linux Authentication ► Linux authorization ► Linux security modules ► Linux Auditing ► Comparison

April 23, 2008LINUX, By Parvathy Subramanian3 Introduction ► The computer operating system represent the last line of defense in a security chain. ► Principles of security for host OS- By understanding the security controls available at the OS level and security weaknesses in the systems, its possible to understand how to better prevent attacks on these systems. ► In this chapter, the term Linux refers to Red Hat Linux ES Version 3.

April 23, 2008LINUX, By Parvathy Subramanian4 Standard Design for Security systems ► To evaluate OS security, some standards are needed: ► OS security is discussed using a specific set of protective security features:  Authentication: is a process of determining which security principal made a request.  Authorizing access is the process of determining who is trusted to perform specific operations on an OS object.  Auditing is the process of tracking system activity to determine which specific events occurred on the system and when they occurred.

April 23, 2008LINUX, By Parvathy Subramanian5 PrincipleDescription least privilege A user's security permissions should only be adequate for the task being performed. economy of mechanism The system must be sufficiently small and simple to allow verification and implementation. complete mediation Access to each object in the system must be checked by the operating system. open design The design of the system must be open to scrutiny by the community. separation of privilege A process that requires multiple security conditions to be satisfied is more reliable than a process that only requires one condition to be satisfied. least common mechanism The amount of security mechanism in use by more than one task should be minimized. psychological acceptability The human interface should be designed for ease-of-use so that excessive complexity does not hinder user acceptance of the security mechanism. fail-safe defaults System defaults should be restrictive such that the default is lack of access.

April 23, 2008LINUX, By Parvathy Subramanian6 Basic history of Linux ► UNIX was developed at Bell labs in NJ in 1971 for academic and research work. ► Linux was developed 20 years later. Its not a product owned by a single company. ► Its design is sparse and modular. ► Core OS component is Linux kernel. ► This kernel is packaged with numerous open source OS utilities and programs. ► Linux administrators will commonly piece together a solution by installing separate programs (Example: Installing kerberos, a lightweight directory access protocol LDAP server and the MySQL server for a network authentication solution.

April 23, 2008LINUX, By Parvathy Subramanian7 Linux Authentication ► Linux basic authentication is performed using a login process. ► This authenticates the user and provides a “shell” for the user to work on. ► The user can login as root, to login into specific terminals or locations. ► The plain-text password entered by the user and the salt value (a random 12 bit number) retrieved from the password file are added. ► The result is encrypted with DES or MD5 encryption. This value is compared with the password file that stores the encrypted password. ► Linux provides a utility named “su” that allows a user in one session to authenticate as a new user. ► All user other than the root user has to enter the password for the new user.

April 23, 2008LINUX, By Parvathy Subramanian8 PAM (Pluggable Authentication Module) ► Current installation of Linux uses PAM. It’s a product of former open software foundation, now known as Open Group. ► Linux uses an abstraction layer to communicate an authentication request with the PAM subsystems. ► The PAM subsystem then chooses one or more modules to perform the authentication. ► A PAM module can perform both login process and encrypt and store passwords. ► A kerberos is used with Linux to provide network domain authentication.

April 23, 2008LINUX, By Parvathy Subramanian9 Linux Authorization ► Authorization privileges can be read, write and execute. ► Objects under the control of OS are files and directories. ► When a program attempts to access an object in Linux, a request is made to the kernel to return a reference to the object. ► The kernel first checks whether the user have permission to access the object. If yes, the privilege type on the object is checked to see if it is suitable for the operation being requested. If yes, the reference is returned. ► Else, if no user permission is found, a group permissions are checked. If group id matches the file the next step is followed. ► Else, the program is not permitted to use the object.

April 23, 2008LINUX, By Parvathy Subramanian10 Linux Auditing ► Logging is provided for various programs running on the system. ► Failed login attempts and other pertinent security events are logged. ► Disadvantages:  The administration and configuration part of logging these events are not centralized.  Its dependent on the program being used.

April 23, 2008LINUX, By Parvathy Subramanian11 Comparison LINUXWindows PAMPGINA No such feature provided by Linux Provides a trusted path to authentication Linux uses password salt-value (a random 12-bit number) No such salt value Hard to crack the password Easy to crack windows password LINUXWindows Security auth facilities not very robust Security auth facilities more robust and finely grained Groups of userids cannot be added to the ACL Allows ACLs to be established based on user a/c and groups Root account Admin account Mediation is through and complete LINUXWindows Logging is not very user friendly Logging is very user- friendly Authentication Authorization Auditing

April 23, 2008LINUX, By Parvathy Subramanian12 Conclusion ► Both windows and Linux have advantage and disadvantage in relation to their authentication, authorization and auditing capabilities. ► Must be a constant balance between the development and improvement of security features

April 23, 2008LINUX, By Parvathy Subramanian13 Reference ► [1] Enterprise information systems assurance and system security Managerial and Technical issues, Merrill Warkentin and Rayford B. Vaughn.