Secure Operating Systems Lesson C: Linux Security Features.

Slides:

Advertisements

Similar presentations

©2006 Microsoft Corporation. All rights reserved. Windows Vista Security Tidbits Steve Riley Senior Security Strategist Microsoft Corporation

Advertisements

Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.

Secure Operating Systems Lesson 10: SCOMP. Where are we?  Multics is busy being explored, which is kind of cool…  But Multics wasn’t the end of custom.

Chapter One The Essence of UNIX.

15.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.

Linux’ Security Haifa Linux Club Orr Dunkelman.

CS 153 Design of Operating Systems Spring 2015 Lecture 19: Page Replacement and Memory War.

Chapter 2 Accessing Your System and the Common Desktop Environment.

Guide To UNIX Using Linux Third Edition

TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.

 Contents 1.Introduction about operating system. 2. What is 32 bit and 64 bit operating system. 3. File systems. 4. Minimum requirement for Windows 7.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

Remote Assistance  Using this program you can allow someone to work on your computer, chat with you and view your screen with your permission  The other.

A crash course in njit’s Afs

Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Eucalyptus Virtual Machines Running Maven, Tomcat, and Mysql.

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

MARC 10.5 Update John Harvey. MARC 10.5 Changes  Backup Scripts restructured  Added a script to generate scripts outside of MARC  Generate Scripts.

Setting Up a Local WordPress Development Environment By Gregory Young Alternative Hosting

Introduction to Unix/Linux Chapter One The Essence of UNIX.

Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.

Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.

OS Hardening Justin Whitehead Francisco Robles. ECE Internetwork Security OS Hardening Installing kernel/software patches and configuring a system.

FTP Server and FTP Commands By Nanda Ganesan, Ph.D. © Nanda Ganesan, All Rights Reserved.

Cisco Routers Objectives –How to log into a Cisco router and determine basic settings. Contents –Differences in available methods of access. –Different.

4P13 Week 1 Talking Points. Kernel Organization Basic kernel facilities: timer and system-clock handling, descriptor management, and process Management.

Linux Services Muhammad Amer. 2 xinetd Programs  In computer networking, xinetd, the eXtended InterNET Daemon, is an open-source super-server daemon.

Chapter 3.2: Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as.

Intrusion Detection (ID) Intrusion detection is the ART of detecting inappropriate, incorrect, or anomalous activity There are two methods of doing ID.

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Linux Security. Authors:- Advanced Linux Programming by Mark Mitchell, Jeffrey Oldham, and Alex Samuel, of CodeSourcery LLC published by New Riders Publishing.

CIS 193A – Lesson4 Bastille Hardening a System. CIS 193A – Lesson4 Focus Question What Linux utilities, commands, and files are used by Bastille to harden.

1 Linux Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise.

Permissions Lesson 13. Skills Matrix Security Modes Maintaining data integrity involves creating users, controlling their access and limiting their ability.

Fall 2011 Nassau Community College ITE153 – Operating Systems Session 21 Administering User Accounts and Groups 1.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Logging into the linux machines This series of view charts show how to log into the linux machines from the Windows environment. Machine name IP address.

Module 3: Planning Administrative Access. Overview Determining the Appropriate Administrative Model Designing Administrative Group Strategies Planning.

Wireless and Mobile Security

Module 12: Configuring and Managing Storage Technologies

SCSC 455 Computer Security Chapter 3 User Security.

Dilip Dwarakanath.  The topic I’m about to present was taken from a paper titled “Apple iOS 4 Security Evaluation” written by Dino A Dai Zovi.  Dino.

CHAPTER 5 MANAGING USER ACCOUNTS & GROUPS. User Accounts Windows 95, 98 & Me do not need a user account like Windows XP Professional to access computer.

Michael Tinker September 16, 2004

Lesson 18: Configuring Security for Mobile Devices MOAC : Configuring Windows 8.1.

Security Attacks Tanenbaum & Bo, Modern Operating Systems:4th ed., (c) 2013 Prentice-Hall, Inc. All rights reserved.

LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►

IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.

Windows Vista Configuration MCTS : NTFS Security Features and File Sharing.

 Each interface card that was detected correctly will be listed under the Network Devices section. Ethernet devices in Linux are named eth0, eth1, eth2,

Developing a Secure Internet Service SE Linux in Production Russell Coker Linux Consultant.

Getting Connected to NGS while on the Road…

Outline What does the OS protect? Authentication for operating systems

CIT 480: Securing Computer Systems

1. Open any Office 2016 app, such as Word, and create a new document.

UNIX System Overview.

Outline What does the OS protect? Authentication for operating systems

Common Security Mistakes

PAM Pluggable Autthentication Modules

Getting Connected to NGS while on the Road…

Security and File Permission

Operating System Security

Linux Security.

Welcome to all Participants

Lecture9: Embedded Network Operating System: cisco IOS

Preventing Privilege Escalation

Lecture9: Embedded Network Operating System: cisco IOS

Presentation transcript:

Secure Operating Systems Lesson C: Linux Security Features

Where are we?  Multics is beautiful, Multics is beautiful, Multics is beautiful…  And also, we’ve looked at some of the ways operating systems get broken  Let’s look at a well known OS today: Linux

Linux: Overview  Accounts, authentication  File permissions  Secure Access  Encrypted storage  Logging  Resource usage controls…  It’s a long list. Let’s take a look.

User Accounts  The Unix model is pretty straightforward  An entity has a user account; this account can be associated with groups  Usually, there is one superuser, root – this account has complete control of the system

PAM: Authentication  User accounts don’t help if you can’t authenticate, so Linux provides PAM Pluggable Authentication Module  PAM allows us fine grained support on logins and authentication Account modules: auth is valid under current conditions (time of day, phase of moon…) Authentication modules: authenticates the user Password modules: Updating passwords, and measuring password strength Session modules: things to do at the start and end of every session

Protection: Files  Files can be protected at the user, group, world, level  Valid permissions are read, write, execute  umask provides default permissions for a user on files and directories  Setuid bit – is this a vuln or a feature? Let’s discuss…

Secure Access  None of the above matters if we can’t log in to the box securely  Linux has a few features.  Most notably, we can restrict the places root can log in from – perhaps to a local physical console  All remote connections come in through sshd – compare to telnet

Encrypted storage  First, let’s be clear… what are we protecting from?  With that said, we can create an encrypted bootload and encrypted storage in Linux  Protecting the boot sequence is pretty important – we’ll revisit that when we look at Windows 8

Logging  Or even audit…there’s syslog and auditing  In more up to date Linii, there’s auditd Very flexible auditing system, that provides very granular logging of events Configured by audit rules Tampering?  At the less granular level, there’s syslog etc.  In essence: you have the ability to see, if you choose to look

Resource control  Linux can control how much of a resource a particular user uses, too  Quota can also provide hard limits

Non-Executable Memory  Linux has supported the NX bit for almost TEN years (!!!)  You do need to check your distribution and kernel configuration though  Remind me: what does this achieve?

ASLR  Yes, Linux has address space layout randomization as a kernel option

GCC assistance  Pointer encryption  -Wformat –Wformat-security Not much use if you don’t pay attention  -D_FORTIFY_SOURCE=2 –O2 – put in runtime and compile time checks on buffers  Built in stack canaries  Position Independent Executables (PIE)  ELF hardening (mark segments r/o before execution

Things to Do  Take a look at the little Linux machine you installed earlier in the semester. What security features are available? What areas can you harden the configuration. Tell me what you did to try and harden the OS…

Questions & Comments  What do you want to know?