IS3440 Linux Security Unit 4 Securing the Linux Filesystem

Slides:



Advertisements
Similar presentations
1 Dynamic DNS. 2 Module - Dynamic DNS ♦ Overview The domain names and IP addresses of hosts and the devices may change for many reasons. This module focuses.
Advertisements

1 Chapter 11: File-System Interface  File Concept  Access Methods  Directory Structure  File System Mounting  File Sharing  Protection  Chapter.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Linux+ Guide to Linux Certification, Second Edition Chapter 3 Linux Installation and Usage.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
Guide To UNIX Using Linux Third Edition
Lesson 4: Configuring File and Share Access
5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
File System and Directory Structure in Linux. What is File System In a computer, a file system is the way in which files are named and where they are.
Configuring Disk Quotas Linux System Administration To implement disk quotas, use the following steps: Enable quotas per file system by modifying /etc/fstab.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.
SUSE Linux Enterprise Desktop Administration Chapter 1 Install SUSE Linux Enterprise Desktop 10.
Guide To UNIX Using Linux Fourth Edition
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.
The University of Akron Summit College Business Technology Dept.
Guide to Linux Installation and Administration, 2e1 Chapter 3 Installing Linux.
1 Network File Sharing. 2 Module - Network File Sharing ♦ Overview This module focuses on configuring Network File System (NFS) for servers and clients.
Gorman, Stubbs, & CEP Inc. 1 Introduction to Operating Systems Lesson 12 Windows 2000 Server.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 5: Managing File Access.
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.
11 MANAGING AND DISTRIBUTING SOFTWARE BY USING GROUP POLICY Chapter 5.
Linux+ Guide to Linux Certification, Second Edition
SUSE Linux Enterprise Desktop Administration Chapter 14 Customize the Graphical Interface on SUSE Linux Enterprise Desktop 10.
Chapter Two Exploring the UNIX File System and File Security.
10.1 Silberschatz, Galvin and Gagne ©2005 Operating System Principles 10.4 File System Mounting A file system must be mounted before it can be accessed.
Introduction to AFS IMSA Intersession 2003 AFS Servers and Clients Brian Sebby, IMSA ‘96 Copyright 2003 by Brian Sebby, Copies of these.
Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.
Chapter Two Exploring the UNIX File System and File Security.
Chapter 10: Rights, User, and Group Administration.
1 Linux Networking and Security Chapter 5. 2 Configuring File Sharing Services Configure an FTP server for anonymous or regular users Set up NFS file.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 11: Managing Access to File System Resources.
Creating and Managing File Systems. Module 5 – Creating and Managing File Systems ♦ Overview This module deals with the structure of the file system,
Host Security Overview Onion concept of security Defense in depth How secure do you need to be? You can only reduce risk Tradeoffs - more security means:
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 6 Implementing Infrastructure Controls.
Chapter 9: Networking with Unix and Linux. Objectives: Describe the origins and history of the UNIX operating system Identify similarities and differences.
Linux Operations and Administration
CSC414 “Introduction to UNIX/ Linux” Lecture 6. Schedule 1. Introduction to Unix/ Linux 2. Kernel Structure and Device Drivers. 3. System and Storage.
CEG 2400 FALL 2012 Linux/UNIX Network Operating Systems.
ORAFACT The Linux File System. ORAFACT Filesystem Support Support for dozens of filesystem types including: Minix, ext2, MS-DOS, UMSDOS, VFAT, NTFS, NFS,
Windows Vista Configuration MCTS : NTFS Security Features and File Sharing.
11 SUPPORTING WINDOWS XP FILE AND FOLDER ACCESS Chapter 5.
Linux Filesystem Administration
Hands-On Microsoft Windows Server 2008 Chapter 5 Configuring, Managing, and Troubleshooting Resource Access.
Linux Filesystem Management
Guide to Linux Installation and Administration, 2e
Lesson 4: Configuring File and Share Access
Welcome to Linux Chap#1 Hanin Abdulrahman.
Chapter 5 : Designing Windows Server-Level Security Processes
Introduction to Operating Systems
IS3440 Linux Security Unit 6 Using Layered Security for Access Control
Exploring the UNIX File System and File Security
IS3440 Linux Security Unit 9 Linux System Logging and Monitoring
IS3440 Linux Security Unit 2 Securing a Linux Platform―Core Components
IS3440 Linux Security Unit 7 Securing the Linux Kernel
IS3440 Linux Security Unit 8 Software Management
Web Servers / Deployment
SUSE Linux Enterprise Desktop Administration
Created By : Asst. Prof. Ashish Shah, J. M
Chapter 9: Managing Groups, Folders, Files, and Object Security
Welcome to Linux Chap#1 Hanin Abdulrahman.
Welcome to Linux Chap#1.
Creating and Managing Folders
Configuring Disk Quotas
Presentation transcript:

IS3440 Linux Security Unit 4 Securing the Linux Filesystem

Class Agenda 4/6/16 Covers Chapter 5 Learning Objectives Discussion on Lab Activities. Lab will be perform in class. Break Times as per School Regulations.

Learning Objective Examine the flexibility of various options with file permissions and filesystem settings and how granular control isolates data access.

Key Concepts Linux filesystem hierarchy standard (FHS) Filesystem mounting options Remote filesystems Filesystem encryption Filesystem quotas

File System Management Know how volumes are organized, How they’re mounted, How they’re formatted.

The File system Hierarchy Standard 11/22/2018 The File system Hierarchy Standard What is it? What is the purpose? What is it? A filesystem standard designed to be used by various distributions such as Fedora, Ubuntu, and Debian. It is also used by distributions that package software for installing to UNIX-like systems, such as Apache. What is the purpose? To have a uniform standard for all users. If each distribution followed a different standard then it would be difficult to work efficiently across various Linux distributions and to locate files that are necessary to run an application. (c) ITT Educational Services, Inc.

File system Hierarchy Standard The FHS is the way files and directories are organized on a Linux system

The Filesystem Hierarchy Standard Filesystem Hierarchy Standard (FHS): Standard set of directories for Linux and UNIX systems File and subdirectory contents Gives Linux software developers ability to locate files on any Linux system Create non-distribution–specific software Linux+ Guide to Linux Certification, 2e

The Linux Directory Structure (continued) Figure 4-1: The Windows filesystem structure Figure 4-2: The Linux filesystem structure Linux+ Guide to Linux Certification, 2e

The Filesystem Hierarchy Standard (continued) Table 5-1: Linux directories defined by FHS Linux+ Guide to Linux Certification, 2e

The Filesystem Hierarchy Standard (continued) Table 5-1 (continued): Linux directories defined by FHS Linux+ Guide to Linux Certification, 2e

Linux FHS It helps users to locate data and files. Fedora, Ubuntu, and other Linux distributions abide by the FHS. It would be difficult to work efficiently across various Linux distributions if each distribution followed a completely different standard. It helps administrators to systematically create and mount various partitions with desired options.

Managing Files and Directories (continued) Table 5-2: Common Linux file management commands Linux+ Guide to Linux Certification, 2e

Managing File and Directory Permissions Mode: Inode Section that stores permissions Three sections, based on the user(s) that receive the permission: User permissions: Owner Group permissions: Group owner Other permissions: Everyone on system Three regular permissions may be assigned to each user: Read Write Execute Linux+ Guide to Linux Certification, 2e

Interpreting the Mode Figure 5-3: The structure of a mode Linux+ Guide to Linux Certification, 2e

Filesystem Encryption 11/22/2018 Filesystem Encryption Encryption adds another layer of security for data that is considered confidential. Documents such as customer personal information, social security numbers, credit card information, and business plans can be encrypted. There are many regulations and laws for protecting consumer's personal data. (c) ITT Educational Services, Inc.

GNU Privacy Guard (GPG Most common standard for file encryption on Linux is GNU Privacy Guard (GPG) GNU Privacy Guard (GPG) command, gpg,

Other Encryption Algorithms

Filesystem Encryption Techniques Kernel Space Disk encryption subsystem (dm_Crypt) Linux unified key setup (LUKS) Loop-Advanced Encryption Standard (AES) TrueCrypt Enterprise cryptographic filesystem (eCryptfs)

Filesystem Encryption Techniques (Continued) User Space LUKS Encrypted File System (EncFS)

Pros and Cons of Filesystem Encryption Simple to implement Transparent to the user Difficult to hack

Pros and Cons of Filesystem Encryption (Continued) Entire data in a filesystem is encrypted, including the data that does not need to be encrypted. Resizing the filesystem later is difficult.

Securing a Filesystem Using FHS 11/22/2018 Securing a Filesystem Using FHS Format with an appropriate filesystem type. Confine to read-only if there is no need for users to write or edit data. Restrict executing files in the /tmp/ directory. Encrypt directories that contain sensitive data. Consider using quotas. (c) ITT Educational Services, Inc.

Configuring Remote Mounting Data server with an Network File System (NFS) share /etc/exports file on data.is418.local /share *.is418.local.(ro,all_squash) data.is418.local Entry on each client server's /etc/fstab file data.is418.local:/share /data nfs defaults 0 0 Web servers mount the share at boot

NFS Use the root_squash option to ensure requests to filesystem are not given root privileges. Use the all_squash option for read-only shares. Use the showmount command to verify that the correct shares are exported or not exported to various clients.

Setting Quotas Once a directory or a partition becomes 100% full due to downloads, installs, archived data, and even personal music and movies, many processes stop working and can cause an operating system to be unavailable. Enabling quotas for each user or group, or singling out a single user can prevent many problems.

Enabling Quotas Step 4 Turn quotas on using the command: quotaon /home Initialize the quota database using the command : quotacheck –cm /home Step 2 Remount the home filesystem using the command : mount -o remount /home Step 1 Configure filesystem to allow quotas in /etc/fstab using the command : /home ext4 defaults,usrquota 1 2

Securing the Linux Filesystem Linux system administrator should: Use binaries placed in /sbin/ directory. Group files or create separate partitions for directories such as /var/, /home/, and /tmp/. Isolate root account home directory from other users that are typically located in /home/<suser>.

Samba Is very flexible with its security settings Can restrict access based on network or host address Can restrict access and permissions to share for a particular group or list of users Can be used for workstation and mixed environments with Windows operating system

Summary In this presentation, the following concepts were covered: Importance of FHS Advantages and disadvantages of filesystem encryption Process to use for securing a filesystem, configuring remote mounting, and enabling quotas Use of NFS and Samba in Linux