Linux Security Presenter: Dolev Farhi (@0x6466) | dolev@dc416.com.

Slides:



Advertisements
Similar presentations
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Advertisements

Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.
Managing User Settings with Group Policy
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Copyright 2010 Justin C. Klein Keane Using Kojoney Open Source Low Interaction Honeypot to Develop Defensive Strategies and Fingerprint Post-Compromise.
Lesson 19: Configuring Windows Firewall
Department Of Computer Engineering
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
Module 16: Software Maintenance Using Windows Server Update Services.
Microsoft ® Official Course Module 9 Configuring Applications.
GROUP POLICY An overview of Microsoft Windows Group Policy.
Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Linux Operations and Administration
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
© 2005,2006 NeoAccel Inc. Partners Presentation SSL VPN-Plus 2.0 Quick Start Guide.
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam Microsoft® Windows® 2000 Directory Services Infrastructure Goals 
Instant Messaging for the Workplace A pure collaborative communication tool that does not distract users from their normal activities.
Instant Messaging for the Workplace A pure collaborative communication tool that does not distract users from their normal activities.
OS Hardening Justin Whitehead Francisco Robles. ECE Internetwork Security OS Hardening Installing kernel/software patches and configuring a system.
Module 14: Configuring Server Security Compliance
Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.
Module 7: Fundamentals of Administering Windows Server 2008.
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
Managing User Desktops with Group Policy
Linux Security LINUX SECURITY. Firewall Linux Security Internet Database Application Web Server Firewall.
 Chapter 14 – Security Engineering 1 Chapter 12 Dependability and Security Specification 1.
AppSec USA 2014 Denver, Colorado CMS Hacking 101 Hacking and Securing Popular Open Source Content Management Systems.
1 Quick Overview Overview Network –IPTables –Snort Intrusion Detection –Tripwire –AIDE –Samhain Monitoring & Configuration –Beltaine –Lemon –Prelude Conclusions.
Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.
NT4 SP4 Security Jack Schmidt - Fermilab
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.
Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.
Microsoft Management Seminar Series SMS 2003 Change Management.
Module 8 : Configuration II Jong S. Bok
Fall 2011 Nassau Community College ITE153 – Operating Systems Session 21 Administering User Accounts and Groups 1.
Security fundamentals Topic 2 Establishing and maintaining baseline security.
Retina Network Security Scanner
Module 7: Implementing Security Using Group Policy.
SPI NIGHTLIES Alex Hodgkins. SPI nightlies  Build and test various software projects each night  Provide a nightlies summary page that displays all.
Web Server Security: Protecting Your Pages NOAA OAR WebShop 2001 August 2 nd, 2001 Jeremy Warren.
Security-Enhanced Linux Stephanie Stelling Center for Information Security Department of Computer Science University of Tulsa, Tulsa, OK
What’s New in Fireware v WatchGuard Training.
Aaron Corso COSC Spring What is LAMP?  A ‘solution stack’, or package of an OS and software consisting of:  Linux  Apache  MySQL  PHP.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
NETWORK SECURITY LAB 1170 REHAB ALFALLAJ CT1406. Introduction There are a number of technologies that exist for the sole purpose of ensuring that the.
Linux Kernel Security (SELinux vs AppArmor vs Grsecurity)
HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,
Managing User Desktops with Group Policy
VMware ESX and ESXi Module 3.
FIREWALL configuration in linux
Chapter 6 Application Hardening
COP 4343 Unix System Administration
Shared Services with Spotfire
Configuring Windows Firewall with Advanced Security
CompTIA Server+ Certification (Exam SK0-004)
Securing the Network Perimeter with ISA 2004
Introduction to System Administration
Introduction to System Administration
Vulnerability Scanning With 'lynis'
IS3440 Linux Security Unit 6 Using Layered Security for Access Control
– Chapter 3 – Device Security (B)
Securing Windows 7 Lesson 10.
Module 3 Using Linux.
Designing IIS Security (IIS – Internet Information Service)
Convergence IT Services Pvt. Ltd
Features Overview.
6. Application Software Security
Presentation transcript:

Linux Security Presenter: Dolev Farhi (@0x6466) | dolev@dc416.com

Acknowledgements

? You need to deploy a public facing web server… - what security countermeasures do you apply?

Common hardening techniques Limiting the attack surface by removing unnecessary packages Local Firewall rules (iptables, Firewalld) Disabling root and using a sudo account(s) Keeping the system up to update (rpm, dpkg) User account management / enforcing password complexity and passwords Locking down certain services

but they won’t prevent the following scenario…

SELinux & AppArmor SELinux: Context based, installed by default (CentOS/Red Hat) - Well defnied policy interfaces - Flexible policies - CLI/GUI apps exist to administer an enabled SELinux system. - auditing features - Permissive & Enforcing modes AppArmor: Profile-based, controls the directories/files the app is using. - Easy deployment - Console app for administration - Reports scheduling and auditing - Complain & Enforce modes Both mechanisms provide another layer of security, but security often comes with usability difficulties/issues.

More on SELinux …but other than that. * Medium-High Linux skill set is required to administer SELinux * Systems that are already deployed with apps will have to be modified to work with SELinux, it is not a pleasant sight… …many vendors don’t support SELinux enabled. Estimated performance hit of ~7%

? root user is compromised, is it game over?

The power of SELinux

root challenge http://goo.gl/ENFMOu

Automating auditing processes with Lynis Lynis is security auditing tool, for Unix, Linux and Mac OS systems. It is used by system administrators, auditors and security professionals, all over the world. Some of the features are: Open source Shell script No dependencies Easy to understand Report on screen and details in report file Reporting of warnings and suggestions Detailed logging Hardening index Dynamic OS detection 300+ built-in tests Support for custom tests Plugin support Compliance checks Extensive software support Reporting

Behavioral analysis with using honeypots Kippo is a medium interaction open source SSH honeypot designed to log brute force attacks and the entire shell interaction Github project: https://github.com/desaster/kippo Features: Fake filesystem (and real), session logging, tricks user in different ways. Pros: easy to deploy, provides a relatively easy to way to create your own custom honeypot. Cons: - Easy to fingerprint - A real experienced Linux user would be able to understand he’s in a honeypot pretty quickly with out of the box configuration.

Behavioral analysis with Kippo honeypot Some of Kippo’s features: Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included Possibility of adding fake file contents Kippo saves files downloaded files (wget) for later inspection

~1 month old honeypot statistics Attacks statistics: Total unique IP Addresses: 115 Overall attempts: Over 9000 Top 10 targeted accounts: 3349 - root 1074 - admin 100 - support 83 - ubnt 74 - oracle 62 - user 59 - git 45 - test 36 - pi 34 - minecraft Top 10 targeted passwords: 782 - 123456 520 - !@ 216 - 111111 199 - admin 186 - root 143 - 138 - support 110 - 1234567890 107 - password 87 - changeme

Honeypot trolling mechanism

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.