Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security

Copyright © 2002 ProsoftTraining. All rights reserved. Lesson 1: Security Principles

Objectives Explain the need for security in Linux and Windows 2000 environments Describe industry evaluation criteria used for security Identify the guidelines for determining the three general security levels Discuss the security mechanisms used to implement security systems

Objectives (cont’d) Identify the different areas of security management Describe Windows 2000 and Linux “out-of-the- box” security measures Implement tools to evaluate key security parameters in Windows 2000 and Linux Describe security components in the Windows 2000 security architecture

Security Services Authentication Access control Data confidentiality Data integrity Nonrepudiation

Evaluation Criteria European Information Technology Security Evaluation Criteria document BS 7799 Trusted Computer Systems Evaluation Criteria Common Criteria

Security Levels Low Medium High

Security Mechanisms Specific –Encipherment –Digital signature –Access control –Data integrity –Authentication –Traffic padding Wide –Trusted functionality –Security labels –Audit trails –Security recovery

Windows 2000 Security Exploits Windows 2000 registry

Windows 2000 Security Architecture Windows 2000 security components –C2 certification Windows 2000 objects Security components –SIDs –Access tokens –Security descriptors –Access control lists and entities Security subsystem

Linux Security Configuration problems –Misconfigured authentication settings –Unnecessary services –Default account policies –Non-root user access to sensitive commands

Pluggable Authentication Modules Editing PAM files PAM directories PAM entry format Telnet access and the root account

Summary Explain the need for security in Linux and Windows 2000 environments Describe industry evaluation criteria used for security Identify the guidelines for determining the three general security levels Discuss the security mechanisms used to implement security systems

Summary (cont’d) Identify the different areas of security management Describe Windows 2000 and Linux “out-of-the- box” security measures Implement tools to evaluate key security parameters in Windows 2000 and Linux Describe security components in the Windows 2000 security architecture

Copyright © 2002 ProsoftTraining. All rights reserved. Lesson 2: Account Security

Objectives Describe the relationship between account security and passwords Explain techniques for securing accounts in Windows 2000 and Linux Prune users, detect account changes, rename default accounts, and implement password policies in Windows 2000 and Linux

Objectives (cont’d) Identify Linux commands for password aging and explain how to log unsuccessful logon attempts Explain Linux security threats, restrict account access, and monitor accounts

Passwords Windows 2000 and strong passwords –Enforcing strong passwords –Dictionary attacks Linux and strong passwords –Shadow passwords –The root account

Verifying System State Cross-referencing information on non-domain controllers Built-in and external tools Renaming default accounts Windows 2000 account policies Password lockout

Password Aging in Linux Linux command options Timing out users Monitoring accounts System-wide event logging facility

Summary Describe the relationship between account security and passwords Explain techniques for securing accounts in Windows 2000 and Linux Prune users, detect account changes, rename default accounts, and implement password policies in Windows 2000 and Linux

Summary (cont’d) Identify Linux commands for password aging and explain how to log unsuccessful logon attempts Explain Linux security threats, restrict account access, and monitor accounts

Copyright © 2002 ProsoftTraining. All rights reserved. Lesson 3: File System Security

Objectives Identify the Windows 2000 file-level permissions Assign NTFS permissions Explain the importance of drive partitioning and how it relates to security Describe how copying and moving a file affect file security Identify remote file access control permissions

Objectives (cont’d) Describe Linux file system security concepts Explain the function of the umask command Discuss the purpose of setuid, setgid, and sticky bits

Windows 2000 File System Security File-level permissions Standard 2000 permissions Drive partitioning Copying and moving files

Remote File Access Control Remote access permissions –Full Control –Modify –Read & Execute –No Access Share permissions

Linux File System Security Files File information Permissions The umask command The chmod command UIDs and GIDs The set bits: setuid, setgid and sticky bits

Summary Identify the Windows 2000 file-level permissions Assign NTFS permissions Explain the importance of drive partitioning and how it relates to security Describe how copying and moving a file affect file security Identify remote file access control permissions

Summary (cont’d) Describe Linux file system security concepts Explain the function of the umask command Discuss the purpose of setuid, setgid, and sticky bits

Copyright © 2002 ProsoftTraining. All rights reserved. Lesson 4: Assessing Risk

Objectives Identify general and specific operating system attacks Describe a keylogger program’s function Change Windows 2000 system defaults Scan a system to determine security risks Explain Linux security concerns

Security Threats Accidental threats Intentional threats –Passive threats –Active threats

Types of Attacks Spoofing/masquerade Replay Denial of service Insider Trapdoor Trojan horses

Windows 2000 Security Risks Default directories Default accounts Default shares and services

General UNIX Security Vulnerabilities Viruses Buffer overflows

Keyloggers Invisible KeyLogger Stealth and Windows 2000 Keylogging and securing the Linux search path Protecting yourself against keyloggers

System Port Scanning Advanced security scanners –WebTrends Security Analyzer

UNIX Security Risks The rlogin command –Interactive sessions: Telnet vs. rlogin Network Information System (NIS) Network File System (NFS)

NIS Security Concerns NIS security problems –No authentication requirements –Contacting server by broadcast –Plain-text distribution –Encryption and authentication –Portmapper processes and TCPWrappers –The securenets file NIS+

NFS Security Concerns Users, groups and NFS Secure RPC NFS security summary

Summary Identify general and specific operating system attacks Describe a keylogger program’s function Change Windows 2000 system defaults Scan a system to determine security risks Explain Linux security concerns

Copyright © 2002 ProsoftTraining. All rights reserved. Lesson 5: Reducing Risk

Objectives Explain the purpose and importance of system patches and fixes, and apply system patches Modify the Windows 2000 Registry for security Lock down and remove services for effective security in Windows 2000 and Linux

Patches and Fixes Microsoft service packs Red Hat Linux errata

Windows 2000 Registry Security Registry structure –Subtrees and their uses Auditing the registry Setting registry permissions

Disabling and Removing Services in Windows 2000 Securing network connectivity Server Message Block Miscellaneous configuration changes

Disabling and Removing Services in UNIX Bastille –The tarball format –Downloading and installing Bastille –Running Bastille in text mode

Summary Explain the purpose and importance of system patches and fixes, and apply system patches Modify the Windows 2000 Registry for security Lock down and remove services for effective security in Windows 2000 and Linux

Operating System Security Security Principles Account Security File System Security Assessing Risk Reducing Risk