Host Security CSCI N321 – System and Network Administration

Slides:



Advertisements
Similar presentations
Computer Security set of slides 10 Dr Alexei Vernitski.
Advertisements

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.
Host Hardening (March 21, 2011) © Abdou Illia – Spring 2011.
Web Server Administration TEC 236 Securing the Web Environment.
Security+ Guide to Network Security Fundamentals
System and Network Security Practices COEN 351 E-Commerce Security.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
COEN 252: Computer Forensics Router Investigation.
Voyager Server Security and Monitoring Best practices and tools.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Course ILT Security Unit objectives Configure operating system and file system security Install a fingerprint scanner and card reader Manage the human.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Va-scanCopyright 2002, Marchany Securing Solaris Servers Randy Marchany.
Securing Information Systems
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Host Security CSCI N321 – System and Network Administration Copyright © 2000, 2011 by Scott Orr and the Trustees of Indiana University.
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
CERN’s Computer Security Challenge
Module 14: Configuring Server Security Compliance
Network Security Techniques by Bruce Roy Millard Division of Computing Studies Arizona State University
Network Security Technologies CS490 - Security in Computing Copyright © 2005 by Scott Orr and the Trustees of Indiana University.
Operating System Security Fundamentals Dr. Gabriel.
Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
1 Linux Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise.
1 Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise your system.
Security fundamentals Topic 2 Establishing and maintaining baseline security.
Computer Security Status Update FOCUS Meeting, 28 March 2002 Denise Heagerty, CERN Computer Security Officer.
Securing the Linux Operating System Erik P. Friebolin.
Introduction to Security CS432 – Security in Computing Copyright © 2005, 2009 by Scott Orr and the Trustees of Indiana University.
SCSC 455 Computer Security Chapter 3 User Security.
Mark Shtern.  Our life depends on computer systems  Traffic control  Banking  Medical equipment  Internet  Social networks  Growing number of.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Computer Security Sample security policy Dr Alexei Vernitski.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
Chapter 12 Operating System Security. Possible for a system to be compromised during the installation process before it can install the latest patches.
Security Operations Chapter 11 Part 3 Pages 1279 to 1309.
Definition s a set of actions taken to prevent or minimize adverse consequences to assets an entity of importance a weakness in the security system to.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
Securing Network Servers
Working at a Small-to-Medium Business or ISP – Chapter 8
Configuring Windows Firewall with Advanced Security
Secure Software Confidentiality Integrity Data Security Authentication
Security in Networking
IS3440 Linux Security Unit 3 User Account Management
IS3440 Linux Security Unit 6 Using Layered Security for Access Control
IS3440 Linux Security Unit 9 Linux System Logging and Monitoring
Chapter 27: System Security
LINUX SECURITY Dongmei Wu ID: /25/00.
Operating System Security
Linux Security.
Networking for Home and Small Businesses – Chapter 8
Network hardening Chapter 14.
Welcome to all Participants
PLANNING A SECURE BASELINE INSTALLATION
Networking for Home and Small Businesses – Chapter 8
Networking for Home and Small Businesses – Chapter 8
Designing IIS Security (IIS – Internet Information Service)
Test 3 review FTP & Cybersecurity
Presentation transcript:

Host Security CSCI N321 – System and Network Administration Copyright © 2000, 2011 by Scott Orr and the Trustees of Indiana University

Section Overview Why Security? System Security Issues Network Security Issues Physical and Session Security Issues Security Implementation

References CQU 85321 System Administration Course Chapter 17

Why Worry about Security? Y2K Bug – 1/1/2000 DDoS Attack of Yahoo, CNN – 2/2000 Microsoft break-in – 10/2000 SPAM and Phishing Viruses and Worms Internet Worm – 11/1988 Melissa/ILoveYou Viruses – 1999 - 2000 CodeRed/Nimda/Slammer/Sobig – 2001-2003 MyDoom,Netsky/Bagel – 2004 Stuxnet - 2010 SPAM/Virus Writer Connection Terrorist Attacks/Katrina Numerous Web Defacements Mobile Computing?

Reported Incidents Source: CERT

Reported Vulnerabilities Source: CERT

Threat Pyramid Governments 100’s Aggressive 1K’s Moderate 10K’s Script Kids 1M’s Source: Tom Perrine, SDSC Security as Infrastructure

Treat Evolution Source: CERT (Phishing Exposed)

How much security? Beware of Security through Obscurity!!! Security Ease of Use Beware of Security through Obscurity!!!

Password Security Issues Low-tech password grabbing Social Engineering Dumpster Diving Shoulder Surfing Password Cracking Encrypted passwords accessible Brute force & dictionary attacks Alec Muffett’s Crack John the Ripper Cain and Able Rainbow Cracking

Password Risk Minimization User Education!!! Password Accessibility (/etc/shadow) Allow for longer passwords One-Time Passwords – OPIE/SecureID Password aging Forces periodic changing of password Accounts locked if password expires Centralized Authentication Kerberos Active Directory Services (ADS)

/etc/shadow Fields Username Encrypted password Day last changed Minimum # days between changes Maximum # days between changes Notify # days before account expires Account Inactivation Expire # days after max change (Linux) Expire after # days of inactivity (Solaris) Expiration day Flags (unused) Example: sorr:lYi8.KpsFAb9M:11262::90:7:12784:

Account Management Principle of least privilege Restrictive default umask Disable/remove inactive accounts No shared group accounts Careful placement of ‘.’ in PATH Same username/UID assignment on all systems on a local network

Root Account Management Restrict root logins to console Used only when needed su – sudo Avoid multiple root accounts (UID: 0) Avoid ‘.’ in PATH Be Careful!!!

System Configuration Keep all software up to date Updates Patches Remove unneeded software Minimize SUID/SGID programs Kernel options System-wide defaults System Hardening SELinux CIS Benchmark Tools Microsoft: Baseline Security Analyzer

Pluggable Auth. Modules System-wide authentication defaults Authentication management Account management Session management Password management

Filesystem Protection Check for… World-writable files/directories World-readable files/directories System configuration files Log files Ownerless files/directories SUID/SGID programs Filesystem access restrictions Trojan horses & root-kits Modified system files/programs Integrity Checkers: Tripwire, AIDE, Osiris Filesystem Encryption (CFS, EFS)

Network Service Security Remove unneeded services RC Scripts inetd/xinetd Upgrade/Patch active services Port Scanners – nmap, Saint, Nessus Service Attack Detection/Protection Intrusion Detection Systems (Snort) TCP Wrappers Firewalls Network Address Translation (NAT)

Network Traffic Issues Packet Sniffing See all traffic (passwords, email, etc.) Tools: Tcpdump, Wireshark Spoofing and Session Hijacking Network Session Encryption Telnet, ftp, X11: Secure Shell (ssh) Email, Web: Secure Socket Layer (SSL) Virtual Private Networks (IPSec/SSL)

Physical Security Environmental Concerns Facility Security Hardware cables Locks (Key, Code, Biometrics) Alarms (Theft, Movement, etc.) Removable media System BIOS Passwords Boot device order Boot Loader Passwords

Session Security X-Windows Console locking Shell inactivity timeout Remote Applications Remote viewing of your windows xhost/xauth access control Console locking GUI Screensavers Text console(s) – vlock Shell inactivity timeout

Implementing Security Risk Assessment Policy Development Implementation Testing Monitoring/Responding to Incidents

Risks and Policies Risk Assessment Policy Development Identifying assets, vulnerabilities, threats Prevention Cost <> Lost/Recovery Cost Policy Development “That which is not permitted is prohibited” Grant authority to enforce policy Periodic reviews Be positive

System Testing Password Checkers Vulnerability Checkers Bug Exploits System: COPS, Titan, Tiger Network: Saint (SARA), Nessus, nmap Bug Exploits Script Kiddie sites (i.e. www.rootshell.com) Full Disclosure Email Lists (i.e. BugTraq) Security Advisories (i.e. CERT)

Log Monitoring Baseline Anomalies Logfile Anomalies Weird su/root login entries Unscheduled Reboots/Service restarts Inconsistent login times/locations Logfile Anomalies Strange timestamps Incorrect ownership or permissions Short, incomplete, or missing logs Centralized logging

Incident Response Don’t Panic!!! Isolate the system Understand what happened - Forensics Active system analysis Filesystem analysis (make read-only first) Recover Close holes Restore files from clean backup Report incident Don’t Panic!!!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.