October 15, 2002Serguei A. Mokhov, 1 UNIX Security 2: A Quick Recap SOEN321 - Information Systems Security Revision 1.3 Date: September.

Slides:



Advertisements
Similar presentations
Applications of Feather-Weight Virtual Machines (FVMs) Hadi Salimi Distributed Systems Lab, School of Computer Engineering, Iran University of Science.
Advertisements

Dr. Kalpakis CMSC 421, Operating Systems. Fall 2008 URL: Security.
C risis And A ftermath Eugene H. Spafford 발표자 : 손유민.
Communications of the ACM (CACM), Vol. 32, No. 6, June 1989
Operating-System Structures
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Silberschatz, Galvin and Gagne  Operating System Concepts The Security Problem A system is secure iff its resources are used and accessed as.
1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
Security: Attacks. 2 Trojan Horse Malicious program disguised as an innocent one –Could modify/delete user’s file, send important info to cracker, etc.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
Introducing the Command Line CMSC 121 Introduction to UNIX Much of the material in these slides was taken from Dan Hood’s CMSC 121 Lecture Notes.
1 Protection and Security Protection = mechanisms used to control access to valued resources: e.g., programs & data stored on computer system. Usually.
Linux+ Guide to Linux Certification, Second Edition
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Operating Systems CMPSCI 377 Lecture.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
CSE331: Introduction to Networks and Security Lecture 33 Fall 2002.
Maintaining Host Security Logs.  Security logs are invaluable for verifying whether the host's defenses are operating properly.  Another reason to maintain.
7/17/2009 rwjBROOKDALE COMMUNITY COLLEGE1 Unix Comp-145 C HAPTER 2.
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Operating Systems Protection & Security.
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Operating Systems CMPSCI 377 Lecture.
Malicious Code Brian E. Brzezicki. Malicious Code (from Chapter 13 and 11)
UNIX command line. In this module you will learn: What is the computer shell What is the command line interface (or Terminal) What is the filesystem tree.
Unix Command Project Justin Rogers for LS 560 Spring 2015.
Silberschatz and Galvin  Operating System Concepts Module 20: Security The Security Problem Authentication Program Threats System Threats Threat.
14.1 Silberschatz, Galvin and Gagne ©2009 Operating System Concepts with Java – 8 th Edition Chapter 14: Protection.
8 Shell Programming Mauro Jaskelioff. Introduction Environment variables –How to use and assign them –Your PATH variable Introduction to shell programming.
CMSC 414 Computer (and Network) Security Lecture 14 Jonathan Katz.
March 1, 2002Serguei A. Mokhov, 1 Brief Introduction to System Calls and Process Management COMP229 - System Software Edition 1.1,
More Network Security Threats Worm = a stand-alone program that can replicate itself and spread Worms can also contain manipulation routines to perform.
Chapter 2: Operating-System Structures. 2.2 Silberschatz, Galvin and Gagne ©2005 Operating System Concepts Chapter 2: Operating-System Structures Operating.
Operating Systems 1 K. Salah Module 6.0: Security and Protection  Types of misuse: –1. Accidental –2. Intentional –Protection is to prevent either accidental.
Virus Detection Mechanisms Final Year Project by Chaitanya kumar CH K.S. Karthik.
UNIX and Shell Programming (06CS36) Unit 1 Continued… Shrinivas R. Mangalwede Department of Computer Science and Engineering K.L.S. Gogte Institute of.
Protection and Security Questions answered in this lecture: How can a system authenticate a user? How are access rights specified? What are common security.
September 16, 2002Serguei A. Mokhov, 1 Setting Up Environment for Your UNIX Account in TAV COMP Operating Systems Tutorial.
CS 390 Unix Programming Summer Unix Programming - CS 3902 Course Details Online Information Please check.
Shell Programming Any command or a sequence of UNIX commands stored in a text file is called a shell program. It is common to call this file a command.
UNIX Commands. Why UNIX Commands Are Noninteractive Command may take input from the output of another command (filters). May be scheduled to run at specific.
30.1 Lecture 30 Security II Based on Silberschatz & Galvin’s slides And Stallings’ slides.
Security CS Introduction to Operating Systems.
User Environments Objectives –to provide appropriate environments for different types of users Contents –different login programs –user profiles –restricted.
Crisis And Aftermath Eugene H. Spafford 이희범.  Introduction  How the worm operated  Aftermath Contents.
Λειτουργικά Συστήματα - Lab1 Γιάννης Πετράκης. The Operating System  Unix is a layered operating system  The innermost layer is the hardware that provides.
4061 Session 26 (4/19). Today Network security Sockets: building a server.
Viruses a piece of self-replicating code attached to some other code – cf biological virus both propagates itself & carries a payload – carries code to.
CPS120: Introduction to Computer Science Compiling a C++ Program From The Command Line.
CS 245 – Part 1 Using Operating Systems and Networks for Programmers Jiang Guo Dept. of Computer Science California State University Los Angeles.
The Internet Worm Incident Eugene H. Spafford  Attack Format –Worm vs. Virus  Attack Specifications –Worm operation –Infection and propagaion  Topics.
Lecture9 Page 1 CS 236 Online Operating System Security, Con’t CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
UNIX U.Y: 1435/1436 H Operating System Concept. What is an Operating System?  The operating system (OS) is the program which starts up when you turn.
Security on the Internet Norman White ©2001. Security What is it? Confidentiality – Can my information be stolen? Integrity – Can it be changed? Availability.
CS1010: Intro Workshop.
Andy Wang Object Oriented Programming in C++ COP 3330
Linux/Unix - Download Ubuntu Linux :
Chapter 2: System Structures
Md. Istiaque Shahriar COMP346 Lab1 - How to start? Md. Istiaque Shahriar
12: Security The Security Problem Authentication Program Threats
Introduction Paul Flynn
Andy Wang Object Oriented Programming in C++ COP 3330
Operating System Security
Security.
Operating System Concepts
Operating System Concepts
Crisis and Aftermath Morris worm.
Chapter 14: Protection.
Presentation transcript:

October 15, 2002Serguei A. Mokhov, 1 UNIX Security 2: A Quick Recap SOEN321 - Information Systems Security Revision 1.3 Date: September 30, 2003

October 15, 2002Serguei A. Mokhov, 2 Trojan Horse In UNIX, as in many other OS, there are ways to allow users execution of programs written by other users. By having those programs executed in such a way that it provides the access rights of the executing user, the other users may misuse these rights.

October 15, 2002Serguei A. Mokhov, 3 Trojan Horse (2) Examples: –A text editor searching for keywords in the open file; upon successful match, copies the document elsewhere. The code that missuses its runtime environment, is called a Trojan Horse. –UNIX path search. We’ll explore this one in greater detail. –A program emulating login.

October 15, 2002Serguei A. Mokhov, 4 UNIX path Long search paths, which are very common in UNIX, make Trojan Horse matters worse. Recall COMP346, Operating Systems... –PA1... “... to set proper Java version change your path to....” The users can configure their environment variables in their.cshrc,.tcshrc,.bashrc, whatever, including the path variable. set path=( /usr/ucb /pkg/java-1.2.1/bin /site/bin /usr/bin /usr/sbin \ /bin /usr/hosts /usr/X11R6/bin /sbin /usr/lib \ ~ ~/bin ~/bin/dev )

October 15, 2002Serguei A. Mokhov, 5 UNIX path (2) The search path lists the set of the directories to search when an ambiguous command name given (i.e. not not absolute, which comprises 99% of the commands). When user types a command in the shell’s prompt, the shell starts looking at every item in the path list, to look up the actual command. The first command found is executed...

October 15, 2002Serguei A. Mokhov, 6 UNIX path (3) Obviously (to whom? :-)), all the directories the path list must be secure; otherwise, a Trojan Horse replacement of a common command can be executed accidentally if it happened to sneak into one of those directories in the path. A bad habit is to have “.” in your path list.

October 15, 2002Serguei A. Mokhov, 7 UNIX path (4) “.” means current directory, so if you type a command, say ls, and a corresponding fake ls happened to be in your current directory, you can get in trouble. Example: a “friend” shares with you a directory; by being in it and executing a command, you can actually execute the one in your “friend”’s directory which will run as you (with your effective UID) with all your privileges, thereby an ability to copy, delete, modify your files. The bottom line: never trust your current directory, remove “.” from your path :-)

October 15, 2002Serguei A. Mokhov, 8 Login Emulation or Why Windows’ Login is More Secure A Trojan Horse variation is a fake login, i.e. a program emulating login prompt left by an advisory. An unsuspecting user attempts to login and finds that it failed. Re-attempt - and success... What had happened?

October 15, 2002Serguei A. Mokhov, 9 Login Emulation or Why Windows’ Login is More Secure (2) First time around the login emulator –simply saved the credentials somewhere, –faked incorrect login message, and –exited leaving normal login in place. To defeat such an attack an OS can print an usage message at the end of interactive session or use some nontrappable key sequence, such as Ctrl+Alt+Del as in Windows NT/2000/XP

October 15, 2002Serguei A. Mokhov, 10 System Threats: Morris Worm A worm is a program on its own, a process of which spawning things all over the place causing performance degradation. Famous The Morris Internet Worm hit UNIX systems (SunOS and VAX) in 1988…

October 15, 2002Serguei A. Mokhov, 11 Morris Worm Consisted of two programs – bootstrap and and the main parts. Bootstrap was uses a grappling hook – a tiny C program compiled and run on every machine it accessed, and used to bring the main one in onto the hooked system. The main was searching for new ways to propagate from the newly infested system. The main also used to systematically crack user passwords on the host machine (lame cases, 432-word dictionary, UNIX on-line dictionary)

October 15, 2002Serguei A. Mokhov, 12 Morris Worm The worm used the holes in rsh, finger, and sendmail programs (recall the lecture transcript 4) rsh, an utility for remote command execution didn’t require to use passwords if you had special files with host-login pairs finger had a typical buffer overflow problem. sendmail was used to transport the grappling hook thing when sendmail was run in the (default!) debug mode.

October 15, 2002Serguei A. Mokhov, 13 Morris Worm

October 15, 2002Serguei A. Mokhov, 14 The Morris Worm Same tools that contributed to worm’s success, helped to defeat it. Patched binaries were copied over the infected systems. Presence of the source code also greatly helped.

October 15, 2002Serguei A. Mokhov, 15 Viruses Viruses, unlike worms, are not standalone programs, but embed themselves into already pre-existing program. Not going to talk about them here, just worth mentioning that there not as many for UNIX as for Windows. The reason being is UNIX security model, with all those permissions, ACL, etc, if the infected program were to run, not much it can do WRT to the virus prorogation, because it’s capabilities usually limited and there are no write permissions set. Hint: use crypto as a virus detection mechanism

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.