Securing the Linux Operating System Erik P. Friebolin.

Slides:

Advertisements

Similar presentations

Chapter 9: Understanding System Initialization The Complete Guide To Linux System Administration.

Advertisements

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Server Administration TEC 236 Securing the Web Environment.

5-9/12/2005 CPE How to format your computer and re-install Windows XP.

System and Network Security Practices COEN 351 E-Commerce Security.

Chapter 7 HARDENING SERVERS.

Linux+ Guide to Linux Certification, Second Edition Chapter 3 Linux Installation and Usage.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Web Server Administration Chapter 3 Installing the Server.

Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.

Exchange server Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.

Lesson 4-Installing Network Operating Systems. Overview Installing and configuring Novell NetWare 6.0. Installing and configuring Windows 2000 Server.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.

5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.

Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.

eScan Total Security Suite with Cloud Security

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Introduction to Linux Installing Linux User accounts and management Linux’s file system.

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

1 Guide to Novell NetWare 6.0 Network Administration Chapter 13.

Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.

Home Media Network Hard Drive Training for Update to 2.0 By Erik Collett Revised for Firmware Update.

CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.

CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Setting Up & Using a Site Security Policy Instructor:

IT2204: Systems Administration I 1 6b). Introduction to Linux.

© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

Linux Administration. Pre-Install Different distributions –Redhat, Caldera, mandrake, SuSE, FreeBSD Redhat Server Install –Check HCL –Significant issues.

Linux Networking and Security

TRC Mini-Grant 2002 Dell PowerEdge 2500 Server. Project Goals Provide CS students with exposure to Linux (Unix) computing environment in CS courses Provide.

CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.

Lecture 5: User Accounts & Directory Service Instructor: Dr. Najla Al-Nabhan

G CITRIXHACKIN. Citrix Presentation Server 4.5 New version is called XenApp/Server Common Deployments Nfuse classic CSG – Citrix Secure Gateway Citrix.

Chapter 3 & 6 Root Status and users File Ownership Every file has a owner and group –These give read,write, and execute priv’s to the owner, group, and.

CHAPTER 2. Overview 1. Pre-Installation Tasks 2. Installing and Configuring Linux 3. X Server 4. Post Installation Configuration and Tasks.

Topics Network topology Virtual LAN Port scanners and utilities Packet sniffers Weak protocols Practical exercise.

OV Copyright © 2005 Element K Content LLC. All rights reserved. Hardening Internetwork Devices and Services  Harden Internetwork Connection Devices.

1 Linux Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise.

Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.

1 LINUX SECURITY. 2 Outline Introduction Introduction - UNIX file permission - UNIX file permission - SUID / SGID - SUID / SGID - File attributes - File.

IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.

SCSC 455 Computer Security Chapter 3 User Security.

Computer Security By Duncan Hall.

Mark Shtern.  Our life depends on computer systems  Traffic control  Banking  Medical equipment  Internet  Social networks  Growing number of.

Computer Security Sample security policy Dr Alexei Vernitski.

Aaron Corso COSC Spring What is LAMP?  A ‘solution stack’, or package of an OS and software consisting of:  Linux  Apache  MySQL  PHP.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

NETWORK SECURITY LAB 1170 REHAB ALFALLAJ CT1406. Introduction There are a number of technologies that exist for the sole purpose of ensuring that the.

Windows Vista Configuration MCTS : NTFS Security Features and File Sharing.

Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.

Chap- 2 BOOTING & SHUTDOWN LINUX SYSTEM Created by: Asst. Prof. Ashish Shah, J.M.PATEL COLLEGE, GOREGOAN W 1.

Security Risk Assessment Determine how important your computer is to your group ● Mission critical? ● Sensitive information? ● Expensive hardware? ● Service.

Securing Network Servers

Working at a Small-to-Medium Business or ISP – Chapter 8

Secure Software Confidentiality Integrity Data Security Authentication

HARDENING CLIENT COMPUTERS

Chapter 27: System Security

LINUX SECURITY Dongmei Wu ID: /25/00.

Lesson 16-Windows NT Security Issues

Configuring Internet-related services

Linux Security.

Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein

Designing IIS Security (IIS – Internet Information Service)

Convergence IT Services Pvt. Ltd

6. Application Software Security

Presentation transcript:

Securing the Linux Operating System Erik P. Friebolin

Introduction Security is not something that is achieved as a final end goal; it is not a finished state. Rather, it’s a way of setting up, maintaining, and running an operating system, network, or environment. It’s a state of mind and a way of life. It depends on the day to day actions of the users and system administrators. It also depends on the security not being so intrusive that it encourages users and administrators to “work around it”.

Security Breaches  Exposure –A form of possible loss or harm in a computing system.  Vulnerability –Weakness that might be exploited to cause loss or harm.  Threats –Circumstances that have the potential to cause loss or harm.

Security Goals  Confidentiality –The assets of a computing system are accessible only by authorized parties.  Integrity –Assets can be modified only by authorized parties or only in authorized ways.  Availability –Assets are accessible to authorized parties.

Steps to Security  To decide how to secure your systems, you need to decide how you intend to use them.  Decide what services a system is intended to use.  Decide what services a system is intended to provide locally.  Decide what services a system is intended to provide globally  Develop a security policy based on the needs of the system which are to be secured.

Physical Security –Rebooting the system from other media such as floppy disk, CD-ROM, external SCSI drives and so on –Removing the case, and removing the BIOS battery to get around any BIOS restrictions –Using a default BIOS password to gain access to the BIOS –Rebooting the system and passing boot arguments to LILO –Installing physical monitoring devices such as KeyGhost –Stealing the system’s disk(s) –Unplug the server, or turn the power bar off (a very effective DoS), if done several times this can lead to file system corruption

Console Security  LILO Security –Prevent attacker from using single user mode. boot=/dev/had map=/boot/map install=/boot/boot.b prompttimeout=50 message=/boot/message Linear default=linux password=thisisapassword restricted

Console Security (cont’) image=/boot/vmlinuz label=linux read-only root=/dev/hda1 image=/boot/vmlinuz label=linux-old read-only root=/dev/hda1  Prevent changes to lilo.conf file. –chattr +i /sbin/lilo.conf

Critical System Config Files  /etc/directory - contains the majority of the system and application configuration files and many critical startup scripts  /etc/passwd - contains the mappings of username, user ID and the primary group ID that person belongs to.  /etc/shadow/ - The shadow file holds the username and password pairs, as well as account information such as expiry date, and any other special fields.

Critical System Config Files  /etc/groups/ - The groups file contains all the group membership information, and optional items such as group password  /etc/gshadow/ - Similar to the password shadow file, this file contains the groups, password and members  /etc/shells/ - The shells file contains a list of valid shells

File System Encryption  TCFS – kernel level data encryption utility (  BestCrypt – disk encryption program available for Windows and Linux. (  PPDD - uses a partition which is encrypted and mounted using the PPDD driver (

FTP Services  If you are running anonymous FTP, watch permissions closely.  Do not permit anonymous FTP both read and write access to any files or directories.  If you are not running anonymous FTP, make sure you are not.

WEB Services  Do not install any example CGI scripts or applications you do not need.  Do not allow common users to install arbitrary CGI scripts.  Do not allow unrestricted server-side includes.  Do not permit client access forms or chat systems to insert arbitrary HTML into web pages.

Services  If you are not providing remote access to mailbox accounts, make sure that POP and IMAP are not enabled.  If you are providing POP or IMAP access to mailbox accounts, consider switching to SSL enabled versions of both clients and servers.  Limit spam abuse by limiting mail relaying.

Operating Securely  Never operate routinely as root.  Do not use root, “super”, or “sudo” in place of proper group permissions and membership.  Do not use a browser or chat program as root.  Do not allow/use easily guessable passwords  Avoid HTML enabled capable of responding to active content.

Security Tools/Enhancements  Use Secure Shell (ssh) for remote access.  Enable long passwords, MD5 hashing of passwords, and shadow password files.  Periodically run a scanning tool (Internet Scanner or Nessus).  Install an Intrusion Detection System (Abacus or tcpdump).  Enable firewall code.

Bastille Linux  Attempts to “harden” or “tighten” the Linux operating system.  Currently supports Red Hat and Mandrake systems (other versions coming soon). 

References    Optimizing-Linux-RH-Edition-v1.3/ Optimizing-Linux-RH-Edition-v1.3/   HOWTO/ HOWTO/