NET 311 Information Security Networks and Communication Department Lecture 9 : Security in Operating Systems( Linux and Windows )
lecture contents: Security feature in Linux. Security feature in Windows 20-Sep-18 Networks and Communication Department
LINUX Linux systems are commonly used as multi- user systems. Linux systems are commonly used as servers. Web, email, data base servers How to ensure that authorized users can only access designated resources on a LINUX system. 20-Sep-18 Networks and Communication Department
BASIC ELEMENTS OF ACCESS CONTROL Subject: Entity capable of access resources Often subject is a software process Classes of subjects e.g Owner, Group, World Object: Resources to which access is controlled e.g Files, Directories, programs, communication ports Access Rights: Describes the ways in which subject may access objects e.g read, write, execute, delete, create search 20-Sep-18 Networks and Communication Department
CATEGORIES FOR THE SUBJECTS/USERS Owner-u Each file and directory (a special type of file) has an "owner." This is the user account that has primary power over the file, allowing it to do things like change the file's permissions. (User that owns the file) Group-g In addition to the owner, each file has a group account associated with it. This group, like the user account that is the file's owner, has its own set of access permissions to the file. (User in the files group) Others/World-o The last permissions category covers "everyone else" — any accounts that are not the owner or a member of the account group that is the file's group owner. (Other users) 20-Sep-18 Networks and Communication Department
DAC DAC-Discretionary Access Control Discretionary access control, or DAC, is the type of access control where access is determined by the owner of an object. 20-Sep-18 Networks and Communication Department
EXAMPLE OF DAC ACCESS MATRIX Specifies the access rights of the subjects over objects. 20-Sep-18 Networks and Communication Department
LINUX SECURITY MODEL The Linux traditional security model can be summed up quite succinctly: people or processes with “root” privileges can do anything; other accounts can do much less. root is the user name or account that by default has access to all commands and files on a Linux or other Unix-like operating system. It is also referred to as the root account, root user and the super user. Thus, the attackers are always looking to gain root privilege and when they do, they can erase or edit logs; hide their processes, files, and directories. Linux’s security model relies on Discretionary Access Control (DAC). 20-Sep-18 Networks and Communication Department
LINUX SECURITY MODEL In the Linux DAC system, there are: subject (users + processes) who performs actions (read, write, execute/use) on the objects that (file, directory, or special file). The actions are managed by the Kernel that rely on the permission that the subject has. 20-Sep-18 Networks and Communication Department
LINUX SECURITY TRANSACTIONS 20-Sep-18 Networks and Communication Department
LINUX DAC IN DEPTH Linux treat everything as file--It is file-system which considered a big deal in security. Documents, pictures, and even executable program are very easy to conceptualize as files on the hard disk The directories are a file containing a list of other files. The two things that are not represented by files: User account: someone capable of using files Group account: a list of user account. 20-Sep-18 Networks and Communication Department
INODES inode is a data structure that stores important information about a file or a directory. At the time a new file is created, it gets a free inode. Files and directories are administered by the operating system using inodes. Operating system keeps a list of the inodes in an inode table inode contains the information such as Mode Owner Size Time stamps etc 20-Sep-18 Networks and Communication Department
inode Mode is 16 bits Owner id 16 bits Group id 16 bits 12 protection bits: permissions 4 bit file type: regular, file directory etc Owner id 16 bits Group id 16 bits Size of the file….. 20-Sep-18 Networks and Communication Department
PERMISSIONS Permissions are classified into two types File Permissions Directory permissions read the file write to the file execute the file Directory Permissions read: List the contents of the directory write: create and delete the files execute: Access files in the directory 20-Sep-18 Networks and Communication Department
PROTECTION BITS IN INODE 12 bits in an inode Mode are for protection First 9 bits indicate read, write execute permissions for user, group and others Last three bits indicate special permissions 20-Sep-18 Networks and Communication Department
NUMERIC FILE PERMISSIONS Internally, Linux uses numbers to represent permissions; only user programs display permissions as letters. The chmod command recognizes both mnemonic permission-modifiers ("u+rwx,go-w") and numeric modes. Each permission has a numeric value, and the permissions in each digit-place are additive: the digit represents the sum of all permission-bits you wish to set. The basic numeric values are: 4 for read, 2 for write 1 for execute. Why no "3” ? Because : (a) these values represent bits in a binary stream and are therefore all powers of 2 (b) this way, no two combination of permissions have the same sum 20-Sep-18 Networks and Communication Department
NUMERIC FILE PERMISSIONS A numeric mode consists of four digits (as you read left-to-right) used to represents: special-permissions user-permissions group-permissions other-permissions. ( other users not covered by user permission or group permission) 20-Sep-18 Networks and Communication Department
NUMERIC FILE PERMISSIONS Example: If, for example, user-permissions are set to "7", this represents 4 (the value for "read") plus 2 (the value for "write") plus 1 (the value for "execute"). For example, 0700 translates to "no special permissions set, all user-permissions set, no group permissions set, no other-permissions set." 20-Sep-18 Networks and Communication Department
SPECIAL PERMISSIONS There are two most dangerous permissions: Setuid: if sets on an executable binary file, it causes that program to “run as” its owner, no matter who executes it. Setuid has no effect on directories Setgid: when sets on an executable file, it causes that program to “run as a” member of the group that owns it. Setgid does and causes any file created in a directory to inherit the directory's group. •Hint "run as" means "to run with the same privileges as." 20-Sep-18 Networks and Communication Department
SPECIAL PERMISSIONS When do these special permissions becomes dangerous? If set on any file owned by root or any other privileged account or group. When they become useful? if users belong to other groups and routinely create files to be shared with other members of those group instead of manually changing its group. 20-Sep-18 Networks and Communication Department
KERNEL SPACE VS USER SPACE Refers to memory used by the Linux kernel and its loadable modules (e.g., device drivers) User space Refers to memory used by all other processes Since kernel enforces Linux DAC and security critical to isolate kernel from user so kernel space never swapped to disk only root may load and unload kernel modules 20-Sep-18 Networks and Communication Department
2- Windows Operating System Windows Security Security Defenses Windows VS Linux 20-Sep-18 Networks and Communication Department
Windows Security There are different types of privileges that used in Windows some of them is very dangerous. Examples of such privileges include: act as part of operating system privilege which is referred to as the Trusted Computing Base (TCB) it allows code (including security code) to be run by any account; and this is the most dangerous one. Debug programs privilege which allows an account to debug any process running in Windows. Backup files and directories privilege which is able any process that run this privilege to pass all access control list (ACL) checks. 20-Sep-18 Networks and Communication Department
Windows Security Defenses There are four main defends that Windows Security faced: Account Defenses “Secondary Logon” which able the user run an application with another account. Network Defenses: IPSec and IPv6 support, and a bi-directional firewall Buffer overrun Defenses : mechanisms to detect the attacker who exploits the buffer overflow Browser Defenses 20-Sep-18 Networks and Communication Department
Windows Security Defenses Cryptographic Services: Windows includes a complete set of cryptographic functionality such as: a. Encrypting File System (EFS) which is simple, a user or administrator marks a directory to use EFS, then, the file created in that directory is encrypted. b. Data Protection allows users to encrypt and decrypt data transparently. c. BitLocker which is added in Window Vista and it encrypts the entire volume with using AES, and the encryption key is stored either on a USB or within a Trusted Platform Module (TPM) chip on the computer motherboard. 20-Sep-18 Networks and Communication Department
Why is Linux is more secure than Windows? 1. Privileges In Windows: users are generally given administrator access by default, which means they pretty much have access to everything on the system, even its most crucial parts. So, then, do viruses. It's like giving terrorists high-level government positions. In Linux: users do not usually have such "root" privileges; rather, they're typically given lower-level accounts. It means even if a Linux system is compromised, the virus won't have the root access it would need to do damage system , more likely, just the user's local files and programs would be affected. That can make the difference between a minor annoyance and a major catastrophe in any business setting. 20-Sep-18 Networks and Communication Department
Why is Linux is more secure than Windows? 2. Social Engineering Viruses and Worms are often spread by convincing computer users to do something they shouldn't, like open attachments that carry viruses and worms. This is known as social engineering. In Windows: Spreading the worms and viruses is so easy on Windows systems. Just send out an e-mail with a malicious attachment and an interesting subject. The result? An open door for the attached malware, with potentially disastrous consequences organization wide. In Linux: Before any real damage could occur, a Linux user would have to read the e-mail, save the attachment, give it executable permissions and then run the executable. Not very likely, in other words. 20-Sep-18 Networks and Communication Department
Why is Linux is more secure than Windows? 3. Audience Size Since Millions of people all using the same software(Windows), it become an attractive target for malicious attacker. As a result, the majority of viruses target Windows. 4. How Many Eyeballs In Linux: the creator of Linux--holds that, "given enough eyeballs, all bugs are shallow." What that means is that the larger the group of developers and testers working on a set of code, the more likely any flaws will be caught and fixed quickly. In Windows: it's a limited set of paid developers who are trying to find problems in the code. They adhere to their own set timetables, and they don't generally tell anyone about the problems until they've already created a solution, leaving the door open to exploits until that happens. 20-Sep-18 Networks and Communication Department
Windows Advantages Disadvantages User friendly Enhancements can help millions of users Defects found quickly because of widespread use Disadvantages Security defects can leave millions vulnerable Non-technical user-base Industry dominance leaves MS handcuffed - any move to expand capabilities seen as anticompetitive
Linux Advantages Disadvantages Stability Free Software Runs on old hardware Security Disadvantages Learning curve Equivalent programs More technical ability needed Not all hardware compatible Advantages: The majority of Linux variants are available for free or at a much lower price than Microsoft Windows. Linux is and has always been a very secure Operating System. Although it still can be attacked when compared to Windows, it much more secure. The majority of Linux variants and versions are notoriously reliable and can often run for months and years without needing to be rebooted Disadvantages: Although the majority Linux variants have improved dramatically in ease of use, Windows is still much easier to use for new computer users Linux has a large variety of available software programs, utilities, and games. However, Windows has a much larger selection of available software. Required someone who knows Linux really well. Alternately, you could hire someone who has experience with Linux. A good Linux administrator needs to be on hand as you start to migrate your systems over. This is a disadvantage financially, at least in the beginning. Some of the latest and greatest hardware that is being produced is not compatible with Linux. One thing you can do is before your purchase, ask if the hardware vendor has support for Linux. Some manufacturers do write their own Linux drivers and distribute them with your purchase, making it very easy to integrate with your existing system.
References Windows vs. Linux Security, Professor: Hossein Saiedian 20-Sep-18 Networks and Communication Department