Linux Security.

Slides:

Advertisements

Similar presentations

Encrypting Wireless Data with VPN Techniques

Advertisements

1 Chapter 13 Securing an Access Application. 13 Chapter Objectives Learn about the elements of security Explore application-level security Use user-level.

Password Cracking Lesson 10. Why crack passwords?

Access Control Chapter 3 Part 3 Pages 209 to 227.

Chapter 15 Security and Protection Copyright © 2008.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

Access Control Methodologies

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Chapter 9 Building a Secure Operating System for Linux.

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.

1 Security and Protection Chapter 9. 2 The Security Environment Threats Security goals and threats.

Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.

SUSE Linux Enterprise Server Administration (Course 3037) Chapter 2 Manage User Access and Security.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.

Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode.

Security-Enhanced Linux & Linux Security Module The George Washington University CS297 Programming Language & Security YU-HAO HU.

Windows Security Mechanisms Al Bento - University of Baltimore.

Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.

Secure Operating Systems

Microsoft ® Official Course Module 8 Securing Windows 8 Desktops.

Guide to Operating System Security Chapter 4 Account-based Security.

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Week #7 Objectives: Secure Windows 7 Desktop

Operating Systems 1 K. Salah Module 6.0: Security and Protection  Types of misuse: –1. Accidental –2. Intentional –Protection is to prevent either accidental.

4P13 Week 1 Talking Points. Kernel Organization Basic kernel facilities: timer and system-clock handling, descriptor management, and process Management.

Module 4 - File Security. Security Overview File Ownership Access to Files and Dircetories Changing File and Directory Ownership Changing File and Directory.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.

UNIX System Protection. Unix History Developed by Dennis Ritchie and Ken Thompson at AT&T Bell Labs Adapted some ideas from the Multics project in 1969.

Windows 2000 Security Yingzi Jin. Introduction n Active Directory n Group Policy n Encrypting File System.

Wireless and Mobile Security

IAD 2263: System Analysis and Design Chapter 7: Designing System Databases, Interfaces and Security.

© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements.

COEN 350: Network Security Authorization. Fundamental Mechanisms: Access Matrix Subjects Objects (Subjects can be objects, too.) Access Rights Example:

1 Linux Security Module: General Security Support for the Linux Kernel Presented by Chao-Sheng Lin 2005/11/1.

Trusted Operating Systems

SCSC 455 Computer Security Chapter 3 User Security.

Privilege Management Chapter 22.

Security-Enhanced Linux Eric Harney CPSC 481. What is SELinux? ● Developed by NSA – Released in 2000 ● Adds additional security capabilities to Linux.

Understanding Security

TCS Internal Security. 2 TCS Internal Objective Objective :  Android Platform Security Architecture.

4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.

CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.

4P13 Week 5 Talking Points 1. Security Provided by BSD a self-protecting Trusted Computing Base (TCB) spanning kernel and userspace; kernel isolation.

LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►

Security-Enhanced Linux Stephanie Stelling Center for Information Security Department of Computer Science University of Tulsa, Tulsa, OK

CIS 450 – Network Security Chapter 10 – UNIX Password Crackers.

File System Security in Unix Annie Calpe. Overview Unix Basics File System Security: - Account Security: Passwords - File Permissions - Access Control.

Overview of NSA Security Enhanced Linux Russell Coker.

SELinux Overview Dan Walsh SELinux for Dummies Dan Walsh

SE Linux Implementation Russell Coker. What is SE Linux? A system for Mandatory Access Control (MAC) based on the Linux Security Modules (LSM) framework.

Security Risk Assessment Determine how important your computer is to your group ● Mission critical? ● Sensitive information? ● Expensive hardware? ● Service.

Protection and Security

Chapter One: Mastering the Basics of Security

Secure Operating System Example: SELinux

Chapter 5 : Designing Windows Server-Level Security Processes

Chapter 11: Managing Users

Password Cracking Lesson 10.

SE Linux Implementation

CompTIA Security+ Study Guide (SY0-401)

IS3440 Linux Security Unit 3 User Account Management

Mumtaz Ali Rajput +92 – INFORMATION SECURITY – WEEK 5 Mumtaz Ali Rajput +92 – 301-

IS3440 Linux Security Unit 2 Securing a Linux Platform―Core Components

SECURITY IN THE LINUX OPERATING SYSTEM

PLANNING A SECURE BASELINE INSTALLATION

NSA Security-Enhanced Linux (SELinux)

Operating System Concepts

Presentation transcript:

Linux Security

Linux Security Security features Kernel provides a minimal set of security features Discretionary access control Authentication is performed outside the kernel by user-level applications such as login. Allows system administrators to redefine access control policies customize the way Linux authenticates users specify encryption algorithms that protect system resources

Authentication Default authentication User enters username and password via login Passwords are hashed (using MD5 or DES) Encryption cannot be reversed Stored in /etc/passwd or /etc/shadow Pluggable authentication modules (PAMs) Can reconfigure the system at run time to include enhanced authentication techniques For example: Disallow terms found in a dictionary and require users to choose new passwords regularly Supports smart cards, Kerberos and voice authentication

Access Control Methods Access control attributes Specify file permissions and file attributes File permissions Combination of read, write and/or execute permissions specified for three categories: user, group and other File attributes Additional security mechanism supported by some file systems Allow users to specify constraints on file access beyond read, write and execute Examples: append-only, immutable

Access Control Methods Linux security modules (LSM) framework Allows a system administrator to customize the access control policy Uses loadable kernel modules Kernel uses hooks inside the access control verification code to allow an LSM to enforce its access control policy Example: SELinux Developed by NSA Replaces Linux’s default discretionary access control policy with a mandatory access control (MAC) policy

Access Control Methods Privilege inheritance Normally a process executes with same privileges as the user who launched it Some applications require process to execute with other user privileges Example: passwd setuid and setgid allow process to run with the privileges of the file owner Improper use of setuid and setgid can lead to security breaches LSM Capabilities allow administrator to assign privileges to applications as opposed to users to prevent this

Cryptography Cryptographic API Enables users to access several forms of encryption to protect their data Uses powerful algorithms such as DES, AES and MD5 Kernel uses Cryptographic API to implement IPSec Enables users to create secure (encrypted) file systems Loopback device Layer between the virtual file system and the existing file system Can be used to encrypt and decrypt data transferred between processes and the underlying file system

Cryptography Loopback device providing an encrypted file system using the Cryptographic API.