Chapter 21 (section 1-7) By Yanjun Zuo

Slides:



Advertisements
Similar presentations
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Advertisements

Unix Refresher This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.
Linux’ Security Haifa Linux Club Orr Dunkelman.
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
System and Network Security Practices COEN 351 E-Commerce Security.
Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.
(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
2000 Copyrights, Danielle S. Lahmani UNIX Tools G , Fall 2000 Danielle S. Lahmani Lecture 11.
TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.
Linux+ Guide to Linux Certification, Second Edition
C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
Va-scanCopyright 2002, Marchany Securing Solaris Servers Randy Marchany.
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
1 Network File Sharing. 2 Module - Network File Sharing ♦ Overview This module focuses on configuring Network File System (NFS) for servers and clients.
Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.
Unix System Administration Rootly Powers Chapter 3.
Linux Security Chapter 21 (section 1-7) By Yanjun Zuo.
5 Chapter Five Web Servers. 5 Chapter Objectives Learn about the Microsoft Personal Web Server Software Learn how to improve Web site performance Learn.
Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.
Adding New Users User as an entity - username(UID), GID. UID - typically a number for system to identify the user. GID – a number that recognizes a set.
IT2204: Systems Administration I 1 6b). Introduction to Linux.
Bugs SATAN scans for It is interesting to look at the bugs SATAN scans for. They are easily detected by the scanners and therefore do not pose a threat.
Hour 7 The Application Layer 1. What Is the Application Layer? The Application layer is the top layer in TCP/IP's protocol suite Some of the components.
Linux Networking Security Sunil Manhapra & Ling Wang Project Report for CS691X July 15, 1998.
Users Greg Porter V1.0, 26 Jan 09. What is a user? Users “own” files and directories Permission based on “ownership” Every user has a User ID (UID) 
CIS 450 – Network Security Chapter 14 – Specific Exploits for UNIX.
Chapter 3 & 6 Root Status and users File Ownership Every file has a owner and group –These give read,write, and execute priv’s to the owner, group, and.
Linux Security. Authors:- Advanced Linux Programming by Mark Mitchell, Jeffrey Oldham, and Alex Samuel, of CodeSourcery LLC published by New Riders Publishing.
1 Security Bo Ye, Quanhua Lu 2 Overview 4 Unix vs. Security 4 Basic Unix Security Issues 4 How to Secure Linux Box 4 Other Security Issues 4 Security.
1 Linux Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise.
1 LINUX SECURITY. 2 Outline Introduction Introduction - UNIX file permission - UNIX file permission - SUID / SGID - SUID / SGID - File attributes - File.
SECURITY - HARIPRIYA PURUSHOTHAMAN. SEVEN COMMON – SENSE RULES OF SECURITY Avoid putting files on the system that are likely to be interesting to hackers.
1 Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise your system.
Linux Services Configuration
XWN740 X-Windows Configuring and Using Remote Access (Chapter 13: Pages )‏
Daemons Ying Zhang CMSC691X, Summer02. Outline  Introduction  Init and Cron  System daemons  Print daemons and NFS daemons  Time synchronization.
SCSC 455 Computer Security Chapter 3 User Security.
CSC414 “Introduction to UNIX/ Linux” Lecture 6. Schedule 1. Introduction to Unix/ Linux 2. Kernel Structure and Device Drivers. 3. System and Storage.
LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►
Web Server Security: Protecting Your Pages NOAA OAR WebShop 2001 August 2 nd, 2001 Jeremy Warren.
Managing Users CSCI N321 – System and Network Administration Copyright © 2000, 2011 by Scott Orr and the Trustees of Indiana University.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
Developing a Secure Internet Service SE Linux in Production Russell Coker Linux Consultant.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Lab 05 Firewalls.
Chapter 11: Managing Users
Module 4 Remote Login.
Chapter 2: System Structures
Security.
XWN740 X-Windows Configuring and Using Remote Access
IS3440 Linux Security Unit 6 Using Layered Security for Access Control
Chapter 27: System Security
Haifa Linux Club Orr Dunkelman
Chapter 2: The Linux System Part 2
IS3440 Linux Security Unit 4 Securing the Linux Filesystem
Computer Security Distributed System Security
– Chapter 3 – Device Security (B)
SECURITY IN THE LINUX OPERATING SYSTEM
Operating System Security
Linux Security.
Rootly Powers Chapter 3.
Adding New Users.
Operating System Concepts
Crisis and Aftermath Morris worm.
Designing IIS Security (IIS – Internet Information Service)
Test 3 review FTP & Cybersecurity
Convergence IT Services Pvt. Ltd
Presentation transcript:

Chapter 21 (section 1-7) By Yanjun Zuo Linux Security Chapter 21 (section 1-7) By Yanjun Zuo

“Morris” worm Robert Morris, a graduate student at Connell university, released an Internet worm in 1988 This worm made use of the open nature of mail transport agents (a debug program) to spread Since then, computer security entered a new stage

Security A recent survey (by CSI/FBI in April 2001) showed 91% of organizations have reported security breaches in the past 12 months 95% of these reporting organizations used security tools such as commercial firewalls This facts at least teach us security is a complicated issue and some commercial security products are not complete solutions by themselves

Linux security Like other OS, Linux is not secure - Linux is optimized for convenience and doesn’t make security easy or nature - Linux security is effectively binary: all or nothing in term of power. Facilities such as setuid execution tend to give a way in the middle - Linux is developed by a large community of programmers and is open source

Linux security The most important security issues to consider for a Linux system - Packet filtering: there must be a packet filtering router or firewall between the Linux system and the outside world (iptables) - Unnecessary services (examine the contents of /etc/inetd.conf)

Linux security - Software patches: update software security patches regularly and as soon as possible - Backups: any other methods may fail so it is important to make backups - Passwords: it is no longer secure to send plaintext reusable passwords on line. Use SSH or other authentication systems

How security is compromised Unreliable wetware: human users and administrators may be the weakest link in the chain of security Software bugs: user programs, system, and network vulnerabilities Open doors: many software are configured as “not-so-secure” by default

/etc/passwd and /etc/shadow files These two files are the system’s first line of defense against intruders It is very important to regularly check every login has a password Pseudo-users such as “daemon” who own files but never login should have a star (*) in their encrypted password field

/etc/passwd and /etc/shadow files The command perl –F: -ane `print if not $F[1];` /etc/shadow can be used to find null passwords Use the cron program to run this command and send mail to you about any null password

/etc/passwd and /etc/shadow files /etc/shadow is read only by root /etc/passwd and /etc/group should be written only by root Passwords chosen by users should be at least 8 character long and should include numbers, punctuation, or changes in case

PAM: pluggable authentication module PAM can be used to integrate login services with different authentication technologies, such as RSA, DCE, Kerberos, S/Key, and smart card based authentication systems [1]

PAM: pluggable authentication module Applications enabled to make use of PAM can be plugged-in to new technologies without modifying the existing applications. This flexibility allows administrators to do the following: Select any authentication service on the system for an application Use multiple authentication mechanisms for a given service Add new authentication service modules without modifying existing applications Use a previously entered password for authentication with multiple modules [2]

PAM: pluggable authentication module The concept of Linux-PAM: programs that require authentication only need to know that there is a module available that will perform the authentication for them PAM is set up so that modules can be added,deleted, and reconfigured at any time- it is not necessary for modules to be linked in at the time a utility is compiled

PAM: pluggable authentication module It is the purpose of the Linux-PAM project to separate the development of privilege granting software from the development of secure and appropriate authentication schemes. This is accomplished by providing a library of functions that an application may use to request that a user be authenticated [3]

Format of PAM configuration file entries Configuration file for PAM is in the directory of /etc/pam.d - entry of the configure file has the format: module-type control-flag module-path arguments

Format of PAM configuration file entries Module-type field: auth, account, session, or password Control-flag field: required, requisite, sufficient, or optional Module-path: pathname for the dynamically loaded module object Argument: the argument for the dynamically loaded module object

An example of PAM Additions to /etc/pam.d/passwd to enable the passwd to perform strong password checking by using a PAM module derived from the crack library might look like this: password required pam-cracklib.so retry=3 password required pam_pwdb.so use_authtok

Group logins and shared logins Don’t recommend to allow users to share logins with family or friends Recommend to use sudo program to control access to rootly power

Rootly entries A common way for hackers to install a back door once they have obtained a root shell is to edit new root logins into /etc/passwd The following script can be used to find any lines in the passwd file that have null or 0 UIDs perl –F: -ane `print if not $F[2];` /etc/passwd

Setuid programs The setuid commands distributed with Linux are theoretically secure; but they have security holes Try to minimize the number of setuid programs Although a shell spawned to execute a script doesn’t necessarily read the user’s shell configuration files, it can be influenced by the user’s environment, by the contents of the current directory, or by the manner in which the script is invoked

Setuid program A setuid program can be run as a pseudo user instead of root Use a low UID for the pseudo user, put a star in the passwd field, and make the pseudo user’s home directory be /etc/null

Setuid programs Setuid and Setgid execution on individual filesystem can be disabled through use of the –o nosuid option to mount

Setuid programs It is useful to scan disks periodically to look for new setuid programs A hacker who has breached the security of your system will sometimes create a private setuid shell or utility to facility repeat virists The command can find and a list of all setuid files and mail to the “admin” user find ~user root –perm –4000 –print | mail –s “Setuid root files” admin

Important file permissions /dev/kmem should only be readable by the owner and group, never by the world since this file allows access to the kernel’s own virtual address space If your /dev/kmem file is publicly readable, a competent programmer can then look for things like unencrypted passwords in the kernel data structures and buffers. Change that not allow world readable

Important file permissions Directories that are accessible through anonymous FTP should not be publicly writable Such directories create a nest for hackers to distributed illegally copied software and other sensitive files Setting up anonymous FTP usually involves copying a skeleton password file into ~ftp/etc/passwd so that ls will work correctly

Important file permissions Having read or write permission on a disk device file is essentially the same as having read or write permission on every file in the filesystem it represents Only root should have both read and write permission The group owner is sometimes given read permission to facilitate backups, but there should be no permissions for the world

Remote event logging Forward log information to a file, a list of users, or another host on the network Set up a secure host that acts as a central logging machine and print out security violations This precaution prevents hackers from covering their tracks by rewriting or erasing log files

Secure terminals Linux can be configured to restrict root logins to specific “secure” terminals It is good idea to disable root logins on channels such as dial-up modems Network pseudo-terminals are often set to disable root logins

Secure terminals The secure channels are specified as a list of TTY devices in the configuration file /etc/securetty It is also possible to restrict nonroot logins to particular locations with entries in the file /etc/security/access.conf or to particular times with entries with entries in the file /etc/security/time.conf

/etc/hosts.equiv and ~/.rhosts These two files define hosts as being administratively “equivalent” to one another rshd and rlogind, the server processes that read .rhosts and hosts.equiv, are recommended to be disabled The functionalities of telent, rlogin, rsh, or rcp can be replaced with high-security equivalents such as SSH

rexecd and tftpd Rexecd is another remote command execution daemon, which is the server for the rexec library routine Requests send to rexecd include a plaintext password Tftpd is a server for the Trivial File Transfer Protocol It allows machines on the network to request files from your hard disks. Hence it is a potential security hole

fingerd finger is a Linux command that prints a short report about a particular user Information collected from finger is potentially useful to hackers It is recommended to disable fingerd in /etc/inetd.conf

Security and NIS NIS maintains and distributes files such as /etc/group, /etc/passwd, and /etc/hosts NIS’s very nature of “easy information access” makes it tasty hacker bait A late replacement is NIS+

Security and NFS Access to NFS volumes is granted by /etc/exports This is a weak form of security because the server trusts the clients to tell it who they are It is easy to make clients lie about their identities The TCP wrappers package can help limit the hosts that can access NFS filesystems (through /etc/hosts.deny)

Security and NFS File-level access control to NFS filesystems is managed according to UID, GID, and file permissions Once again, the NFS sever trusts the client to tell it who is accessing files It is strongly recommended to use globally unique UIDs and the root_squash option

Security and NFS It is a good idea to block access to TCP and UDP ports 2049 (used by NFS) when configuring firewalls You should also block access to the portmap daemon, which normally listens on TCP and UDP ports 111

Security and sendmail Sendmail is a massive network system and a large part of it runs as root Sendmail accepts arbitrary user-supplied input and deliver it to local users, files, or shells It has often been subject to the attacks Numerous vulnerabilities have been exposed over time

Trojan horses Programs aren’t what they seem to be It is remarkable how few Trojan hose incidents there have been

References (1)http://java.sun.com/security/jaas/doc/pam.html (2)http://publib16.boulder.ibm.com/pseries/en_US/aixbman/security/pam_overview.htm (3)http://www.tldp.org/HOWTO/User-Authentication-HOWTO/x101.html

Questions or Comments?