SECURITY IN THE LINUX OPERATING SYSTEM

Slides:

Advertisements

Similar presentations

Access Control Chapter 3 Part 3 Pages 209 to 227.

Advertisements

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

Access Control Methodologies

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

SSH: An Internet Protocol By Anja Kastl IS World Wide Web Standards.

CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

Operating System Security Chapter 9. Operating System Security Terms and Concepts An operating system manages and controls access to hardware components.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Linux Security.

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Computation for Physics 計算物理概論 Introduction to Linux.

Systems Security & Audit Operating Systems security.

Csci5233 Computer Security1 Bishop: Chapter 27 System Security.

Andreas Steffen, , 11-SSH.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen M. Liebi Institute for Internet Technologies and Applications.

Operating System Security. OS manages and controls access to hardware components Older OSs focused on ensuring data confidentiality Modern operating systems.

The protection of the DB against intentional or unintentional threats using computer-based or non- computer-based controls. Database Security – Part 2.

Breno de MedeirosFlorida State University Fall 2005 Windows servers The NT security model.

Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.

ADV. NETWORK SECURITY CODY WATSON What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protections of External Resources.

Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.

Secure Shell (SSH) Presented By Scott Duckworth April 19, 2007.

Chapter 3 & 6 Root Status and users File Ownership Every file has a owner and group –These give read,write, and execute priv’s to the owner, group, and.

1 Linux Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise.

1 Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise your system.

Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.

Database Security David Nguyen. Dangers of Internet  Web based applications open up new threats to a corporation security  Protection of information.

Wireless and Mobile Security

Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.

Trusted Operating Systems

SCSC 455 Computer Security Chapter 3 User Security.

By Chris Zachor CS 650.  Introduction  SSH Overview  Scenarios  How To:  Results  Conclusion.

LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►

Security-Enhanced Linux Stephanie Stelling Center for Information Security Department of Computer Science University of Tulsa, Tulsa, OK

PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.

Access control Presented by: Pius T. S. : Christian C. : Gabes K. : Ismael I. H. : Paulus N.

Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.

Secure Communications ● Cleartext vs. encryption and encapsulation ● Protocols not to use ● SSH – scp/ftp – SSH tunnelling ● VPN.

TCSEC: The Orange Book.

Access Control Model SAM-5.

Access Control CSE 465 – Information Assurance Fall 2017 Adam Doupé

Operating System Security

Secure Software Confidentiality Integrity Data Security Authentication

Module 4 Remote Login.

Chapter 2: System Structures

Radius, LDAP, Radius used in Authenticating Users

CompTIA Security+ Study Guide (SY0-401)

IS3440 Linux Security Unit 6 Using Layered Security for Access Control

– Chapter 3 – Device Security (B)

Chapter 27: System Security

Operating Systems 15 - security

Chapter 2: System Structures

Computer Security Distributed System Security

– Chapter 3 – Device Security (B)

Keeping Member Data Safe

Florida State University

Operating System Security

Linux Security.

SSH – the practical solution

Introduction to Network Security

Designing IIS Security (IIS – Internet Information Service)

Convergence IT Services Pvt. Ltd

Preventing Privilege Escalation

Access Control Dr. X Parenthesis: before we dive deeper into crypto, we will explore and old but still valid security principle, access controls.

Protection Mechanisms in Security Management

Access Control and Audit

Presentation transcript:

SECURITY IN THE LINUX OPERATING SYSTEM Andy Saxena Somudra Chakraborty CSE 258, Fall 1999

Introduction Linux is a multi-user operating system. Security mechanisms must allow users to service their legitimate needs without compromising the server system security. Private data must still remain private, Resource and file management must maintain integrity; User privileges must still be granted. Overall system stability and correctness cannot suffer.

External Security User login Uses passwords for authentication Passwords encrypted using DES “Shadow Technique” to hide encrypted password - /etc/shadow

External Security Password Shadowing /etc/passwd : user:passwd:UID:GID:full_name:home_directory:shell /etc/shadow user:x:UID:GID:full_name:home_directory:shell Shadowing does not change the structure of /etc/passwd It simply moves the passwords.

External Security Password Attacks Brute Force Cycle through all 256 possible keys until one works July 17,1998, Deep Crack cracked the 56-bit key 56 hours. Dictionary Attack Search key space that comprises weak passwords Crack-www.users.dircon.co.uk/~crypto/index.html

External Security Remote Access Precautions Secure Shell - http://www.ssh.org Replaces telnet, rlogin, ftp Provides secure means of data transmission Insecure networks are no loner a problem

External Security SSH - 3 major components Transport Layer [SSH-TRANS] - provide server authentication, confidentiality, and integrity User authentication protocol [SSH-USERAUTH] - runs over the transport layer protocol, authenticates the client- side user to the server Connection protocol [SSH-CONN] - runs over the user authentication protocol, multiplexes the encrypted tunnel into several logical channels

External Security Administering Trusted Users and Hosts The .rhosts file exists in a user's home directory Specifies trusted hosts based on the user’s choice More headaches for administrator - loss of control Solution - disable or monitor contents. Limiting User Access to System Resources In /etc/pam.d/limits.conf Limit processes per user. Limit memory usage.

Internal Security 5 functional mechanisms implemented audit trail mechanisms, discretionary access control, information labels, mandatory access control and privilege.

Internal Security Audit Trail Functionality System generated records - Include system and kernel messages syslogd & klogd ---> /var/log/messages syslogd -> program name, facility type, priority, etc. klogd -> intercepts and logs kernel messages Application generated records - Store in user-managed space. Limit User Access to System Resources In /etc/pam.d/limits.conf Limit processes per user. Limit memory usage.

Internal Security Discretionary Access Control (DAC) Limit a user’s access to a file. Let owner determine file access permissions. Information Labels Contain file information about origin of file, a release marking, DAC advisories, project related information, etc. Purpose - tracking

Internal Security Privilege (Dynamic implementation) Elevating subject permissions temporarily. Let’s subject override access access control information for an object. Set SUID bit Mandatory Access Control Protection decisions must not be decided by the object owner. The system must enforce the protection decisions.

Internal Security File Access Permission Bit Mechanism (Part of DAC) is implemented. Read, write, execute permissions for owner, group and other. 10 bits used. ACL object. Groups Grant privileges to a group of users. Information stored in the groups vector in the task_struct(defined in sched.h).

Internal Security Memory Access Each process has its own page table. All memory access via page table. Easy for OS to terminate process which references an invalid memory address. Access control information for page held in the page table entry (PTE). Prevents executable code from being overwritten Separates kernel code and user code.

Internal Security Memory Access KRE Code running in kernel mode can read this page URE Code running in user mode can read this page KWE Code running in kernel mode can write to this page UWE Code running in user mode can write to this page

Internal Security Process Execution Control Kernel generates signals to executing processes. Processes may choose to ignore most signals. Cannot ignore SIGSTOP and SIGKILL SIGSTOP - Halt execution. SIGKILL - Terminate process. This is a mandatory access control implementation.

Conclusion Linux is a versatile OS. Security implementation in the OS is spread throughout the system - memory management, file management, process management, etc. Therefore every aspect of security needs to be configured from scratch since default is not maximum security.