CIT 480: Securing Computer Systems

Slides:



Advertisements
Similar presentations
Linux Boot Loaders. ♦ Overview A boot loader is a small program that exists in the system and loads the operating system into the system’s memory at system.
Advertisements

Booting and Shuting Down WeeSan Lee. Roadmap Bootstrapping Boot Loaders Startup/Init Scripts Reboot & Shutdown Q&A.
Genesis: from raw hardware to processes System booting sequence: how does a machine come into life.
Chapter 9: Understanding System Initialization The Complete Guide To Linux System Administration.
Booting and Shutting Down the UNIX Operating System Arcadio A. Sincero Jr. 6/6/2001 CMSC 691X, Section 6080.
Linux+ Guide to Linux Certification Chapter Nine System Initialization.
Linux Booting Procedure
Linux can be generally divided into four major components: 1. KERNEL – OS, ultimate boss The kernel is the core program that runs programs and manages.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
CSUF Chapter CSUF Operating Systems Security 2.
Section 3.2: Operating Systems Security
Linux Boot Up Process Bootstrapping –Bootstrapping is the standard term for “ starting up a computer”. During bootstrapping, the kernel is loaded into.
Unix kernel Kernel refers to the core part of an operating system Historically, UNIX kernels are monolithic Newer versions of UNIX allow part of the kernel.
Syslogd Tracking system events. Log servers Applications are constantly encountering events which should be recorded –users attempt to login with bad.
CIT 470: Advanced Network and System AdministrationSlide #1 CIT 470: Advanced Network and System Administration Logging.
®® Microsoft Windows 7 for Power Users Tutorial 8 Troubleshooting Windows 7.
Linux Booting Procedure
© 2015 by McGraw-Hill Education. This proprietary material solely for authorized instructor use. Not authorized for sale or distribution in any manner.
CIS 450 – Network Security Chapter 16 – Covering the Tracks.
TELE 301 Lecture 10: Scheduled … 1 Overview Last Lecture –Post installation This Lecture –Scheduled tasks and log management Next Lecture –DNS –Readings:
Secure Operating Systems Lesson C: Linux Security Features.
Chapter 3.2: Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as.
System Startup & Shutdown
Module 15 Managing Windows Server® 2008 Backup and Restore.
UNIX (Linux) Introduction Module-1. OS Kernel In computing, the kernel is the central component of OS. It is a bridge between applications and the actual.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
11 INSTALLING AND MANAGING HARDWARE Chapter 6. Chapter 6: Installing and Managing Hardware2 INSTALLING AND MANAGING HARDWARE  Install hardware in a Microsoft.
Trusted Computing and the Trusted Platform Module Bruce Maggs (with some slides from Bryan Parno)
Operating Systems Security
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
System initialization Unit objectives A.Outline steps necessary to boot a Linux system, configure LILO and GRUB boot loaders, and dual boot Linux with.
Windows Vista Configuration MCTS : NTFS Security Features and File Sharing.
Overview A) Power on or reset B) 1st stage boot loader C) 2nd stage boot loader D) Operate system.
System Administration Startup Process. Why Care? ● Every process on your system comes about by following a specific chain of events from the machine startup.
IT Chapter 2 Part A How Computers Work Input, process, output, and storage The operating system helps the computer perform four basic operations,
Introduction to Operating Systems Concepts
Trusted Computing and the Trusted Platform Module
Chapter Objectives In this chapter, you will learn:
Credits: 3 CIE: 50 Marks SEE:100 Marks Lab: Embedded and IOT Lab
Router Startup and Setup
Trusted Computing and the Trusted Platform Module
Chapter 2: System Structures
TOPIC 6: SYSTEM START-UP AND CONFIGURATION
Chapter 5: Switch Configuration
Introduction to Operating System (OS)
CIT 480: Securing Computer Systems
Files Used in the Boot Process
Computer System Structures
What is an Operating System?
Operating Systems Concepts
CIT 480: Securing Computer Systems
CONFIGURING HARDWARE DEVICE & START UP PROCESS
Chapter 5: Switch Configuration
Mumtaz Ali Rajput +92 – INFORMATION SECURITY – WEEK 5 Mumtaz Ali Rajput +92 – 301-
Starting the computer. Every day we are using an operating system and most specifically a Windows operating system but most of us are not aware of the.
Chapter 2: System Structures
OPS235: Week 1 Installing Linux (Lab1: Investigations 4 - )
SUSE Linux Enterprise Desktop Administration
Chapter 2: Operating-System Structures
CIT 485: Advanced Cybersecurity
Bethesda Cybersecurity Club
Outline Chapter 2 (cont) OS Design OS structure
Modern PC operating systems
CIT 470: Advanced Network and System Administration
Router Startup and Setup
Boot Process Mark Stanovich COP 5641 / CIS 4930.
Introduction to Computing
System calls….. C-program->POSIX call
Chapter 2: Operating-System Structures
Presentation transcript:

CIT 480: Securing Computer Systems Operating System Security CIT 480: Securing Computer Systems

CIT 480: Securing Computer Systems Topics OS Security Features Bypassing OS Security Boot time security BIOS security System Logs CIT 480: Securing Computer Systems

CIT 480: Securing Computer Systems OS Security Features Authentication Access Control Auditing (Logging) Encryption (Filesystems) Isolation (VM) Patching (Updates) CIT 480: Securing Computer Systems

The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or bootstrapping. When a computer is turned on, it first executes code stored in a firmware component known as the BIOS (basic input/output system). On modern systems, the BIOS loads into memory the second-stage boot loader, which handles loading the rest of the operating system into memory and then passes control of execution to the operating system.

CIT 480: Securing Computer Systems Boot Process Detail CIT 480: Securing Computer Systems

CIT 480: Securing Computer Systems BIOS CIT 480: Securing Computer Systems

Reconfiguring Boot Media Attacker boots with their OS that ignores your ACLs CIT 480: Securing Computer Systems

CIT 480: Securing Computer Systems BIOS Passwords CIT 480: Securing Computer Systems

Removing the BIOS Password http://www.darklab.rutgers.edu/MERCURY/t15/pe2850dell.html CIT 480: Securing Computer Systems

Protecting the BIOS Password CIT 480: Securing Computer Systems

CIT 480: Securing Computer Systems Bootloader CIT 480: Securing Computer Systems

Reconfiguring the Bootloader CIT 480: Securing Computer Systems

CIT 480: Securing Computer Systems Single User Mode CIT 480: Securing Computer Systems

Single User Mode Password http://www.nextstep4it.com/categories/how-to/single-user-mode/ CIT 480: Securing Computer Systems

CIT 480: Securing Computer Systems Changing init CIT 480: Securing Computer Systems

CIT 480: Securing Computer Systems GRUB Password CIT 480: Securing Computer Systems

Hibernation Modern machines have the ability to go into a powered-off state known as hibernation. While going into hibernation, the OS stores the contents of machine’s memory into a hibernation file (such as hiberfil.sys) on disk so the computer can be quickly restored later. 1. User closes a laptop computer, putting it into hibernation. 2. Attacker copies the hiberfil.sys file to discover any unencrypted passwords that were stored in memory when the computer was put into hibernation.

CIT 480: Securing Computer Systems Cold Memory Attack http://citpsite.s3-website-us-east-1.amazonaws.com/oldsite-htdocs/memory-content/memory_3.jpg CIT 480: Securing Computer Systems

Startup Processes: Windows CIT 480: Securing Computer Systems

Startup Services: Linux CIT 480: Securing Computer Systems

CIT 480: Securing Computer Systems System Logs Logs record status and error conditions. Where do log messages come from? Kernel Accounting system System services Logging methods: Service records own logs (apache, cron). Service uses system service to manage logs. CIT 480: Securing Computer Systems

CIT 480: Securing Computer Systems Windows Event Log https://en.wikipedia.org/wiki/File:Windows_XP_Event_Viewer.png CIT 480: Securing Computer Systems

CIT 480: Securing Computer Systems Finding UNIX Logs Most logs are stored under /var/log /var/adm Check syslog's configuration /etc/syslog.conf To find other logs, read startup scripts /etc/init.d/* and manuals for services started by scripts. CIT 480: Securing Computer Systems

CIT 480: Securing Computer Systems Finding Logs Log file Program Contents messages syslog Various program/kernel logs. auth.log su, ssh, login Authorization fail/success. lastlog login, xdm Logins, commands. wtmp login Login accounting data. acct/pacct kernel UNIX process accounting. Xorg.log X-Windows X-Windows failures/info. CIT 480: Securing Computer Systems

Example Syslog Messages Feb 11 10:17:01 localhost /USR/SBIN/CRON[1971]: (root) CMD ( run-parts --report /etc/cron.hourly) Feb 11 10:37:22 localhost -- MARK -- Feb 11 10:51:11 localhost dhclient: DHCPREQUEST on eth1 to 192.168.1.1 port 67 Feb 11 10:51:11 localhost dhclient: DHCPACK from 10.42.1.1 Feb 11 10:51:11 localhost dhclient: bound to 10.42.1.55 -- renewal in 35330 seconds. Feb 11 14:37:22 localhost -- MARK -- Feb 11 14:44:21 localhost mysqld[7340]: 060211 14:44:21 /usr/sbin/mysqld: Normal shutdown Feb 12 04:46:42 localhost sshd[29093]: Address 218.38.30.101 maps to ns.thundernet.co.kr, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT! Feb 12 04:46:44 localhost sshd[29097]: Invalid user matt from ::ffff:218.38.30.101 CIT 480: Securing Computer Systems

CIT 480: Securing Computer Systems References Anderson, Security Engineering 2nd Edition, Wiley, 2008. Goodrich and Tammasia, Introduction to Computer Security, Pearson, 2011. CIT 480: Securing Computer Systems

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.