Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Risk Assessment Determine how important your computer is to your group ● Mission critical? ● Sensitive information? ● Expensive hardware? ● Service.

Published byBeatrix Watkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Risk Assessment Determine how important your computer is to your group ● Mission critical? ● Sensitive information? ● Expensive hardware? ● Service."— Presentation transcript:

1 Security Risk Assessment Determine how important your computer is to your group ● Mission critical? ● Sensitive information? ● Expensive hardware? ● Service easily replaced in 24 hours? ● How many users depend on it?

2 Security Physical Security

3 Security Physical Security Should it be locked down? Does it need to be in a protected room? Should the case be locked? Are there any removeable devices? Do you leave your office door open?

4 Security Physical Security Story: Christmas Holiday in Britain

5 Security BIOS Your BIOS determines from which device your computer boots The order of which device from which to boot can be set in most BIOSes

6 Security BIOS Reformatting your drive is only a CD or floppy away Most CD drives are bootable and several distributions can now exist on a CD So, what is stopping someone from inserting a disk in your computer, booting from it, and starting an attack? BIOS PASSWORD

7 Security Booting Now you've blocked access to the devices and the BIOS. So you are safe... WRONG! Anyone can still access your system – as ROOT! How do they do this?!?!?

8 Security Booting Simple: When grub starts, just edit the configuration file and add the word “single” at the end of the kernel line and boot The system will boot into single user mode and now your are root!

9 Security Booting Exercise: Single User Mode At GRUB screen, select kernel Type “e” to edit Select line with word “kernel” in it Type “e” to edit Add the word “single” at the end Press ENTER At GRUB screen type “b”

10 Security Booting How can I prevent this?!?!?! Add a boot password to the grub config file: (1) Create the encrypted password: /sbin/grub-md5-crypt This will return an password encrypted in an MD5 hash

11 Security Booting (2) Edit the grub config file /boot/grub/grub.conf and add the password directive and the password: password --md5 Where is the encrypted password you were given from grub-md5-crypt. The next time you boot, you must use the p command and enter a password in order to access the grub environment

12 Security Booting Exercise # /sbin/grub-md5-crypt # nano /boot/grub/grub.conf Add password --md5 to the top of the file Reboot and try to edit the grub config file Remember to use “p” to get Grub to prompt you for the password

13 Security Passwords The next layer of security is good passwords. Simple passwords are easy to crack with packages such as crack and John the Ripper Exercise: John the Ripper # cd /opt/exercises/Security # john-1.6/run/john /etc/passwd # john-1.6/run/john /etc/shadow

14 Security Passwords These programs need access to the actual passwords This is a good reason for using shadow passwords – only root has access

15 Security Passwords Never use a word found in a dictionary as a password. Cracking programs are even smart enough to try changed character classes that still spell words Never use your account name as your password.

16 Security Passwords Good passwords should have mixed cases and mixed character sets. Pick a phrase that is easy to remember and use the first letter of each word: Iowa State Rules But U of I Sucks ISR3UoIS or better yet, with mixed character sets I$R3UoI$

17 Security Root Access Who “needs” to be root? As few people as possible How should root access the computer? The most secure ways possible with the least chance of intercepting the password How do we accomplish this? /etc/securetty su sudo

18 Security Root Access /etc/securetty root should NEVER login remotely Force root users to access the system via secure terminals: ● Console ● virtual terminals ● serial terminals Which terminals are allowed is specified in the file /etc/securetty

19 Security Root Access /etc/securetty console- actual display vc/1- virtual consoles vc/2... tty1- connected terminals tty2... (now mostly associated with virtual consoles) ttyS0- serial console ttyS1...

20 Security Root Access su and sudo If you must, login over a secure connection Use su to access root You MUST use a secure connection to avoid password sniffing A better way is to implement sudo sudo is a package which permits sets of users to execute commands as root without the root password

21 Security Root Access sudo sudo has many possible configuration options. Modify the sudo config file /etc/sudoers to control who has access and what they may access Access must be done by root with the command visudo See! you DO NEED to learn vi :+D

22 Security Root Access sudo # User privilege specification root ALL=(ALL) ALL linuxed ALL=(ALL) ALL # Uncomment to allow people in group wheel to run all commands # %wheel ALL=(ALL) ALL # Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL # Samples # %users localhost=/sbin/shutdown -h now

23 Security Root Access sudo sudo is invoked with the sudo command and the command to be run sudo The user is then prompted for THEIR password: [linuxed@counter ]$ sudo cat /etc/sudoers Password: # sudoers file. # # This file MUST be edited with the 'visudo' command as root....

Download ppt "Security Risk Assessment Determine how important your computer is to your group ● Mission critical? ● Sensitive information? ● Expensive hardware? ● Service."

Similar presentations

Linux Users and Groups Management

Linux Users and Groups Management
Linux+ Guide to Linux Certification Chapter Nine System Initialization.

Linux+ Guide to Linux Certification Chapter Nine System Initialization.
Section 3.2: Operating Systems Security

Section 3.2: Operating Systems Security
5-9/12/2005 CPE 101 1 How to format your computer and re-install Windows XP.

5-9/12/2005 CPE How to format your computer and re-install Windows XP.
Chapter 2 Accessing Your System and the Common Desktop Environment.

Chapter 2 Accessing Your System and the Common Desktop Environment.
Linux Security.

Linux Security.
Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode.

Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode.
1 Semester 2 Module 3 Configuring a Router Yuda college of business James Chen

1 Semester 2 Module 3 Configuring a Router Yuda college of business James Chen
Linux+ Guide to Linux Certification Chapter Three Linux Installation and Usage.

Linux+ Guide to Linux Certification Chapter Three Linux Installation and Usage.
Administering Windows 7 Lesson 11. Objectives Troubleshoot Windows 7 Use remote access technologies Troubleshoot installation and startup issues Understand.

Administering Windows 7 Lesson 11. Objectives Troubleshoot Windows 7 Use remote access technologies Troubleshoot installation and startup issues Understand.
Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.

Guide to Linux Installation and Administration, 2e1 Chapter 8 Basic Administration Tasks.
CIS 191 – Lesson 2 System Administration. CIS 191 – Lesson 2 System Architecture Component Architecture –The OS provides the simple components from which.

CIS 191 – Lesson 2 System Administration. CIS 191 – Lesson 2 System Architecture Component Architecture –The OS provides the simple components from which.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.

Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.
A+ Guide to Software Managing, Maintaining and Troubleshooting THIRD EDITION Chapter 8 Managing and Supporting Windows XP.

A+ Guide to Software Managing, Maintaining and Troubleshooting THIRD EDITION Chapter 8 Managing and Supporting Windows XP.
Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.

Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.
Mark Shtern. Passwords are the most common authentication method They are inherently insecure.

Mark Shtern. Passwords are the most common authentication method They are inherently insecure.
Users Greg Porter V1.0, 26 Jan 09. What is a user? Users “own” files and directories Permission based on “ownership” Every user has a User ID (UID) 

Users Greg Porter V1.0, 26 Jan 09. What is a user? Users “own” files and directories Permission based on “ownership” Every user has a User ID (UID) 
There are three types of users in linux  System users: ?  Super user: ?  Normal users: ?

There are three types of users in linux  System users: ?  Super user: ?  Normal users: ?
Managing Users  Each system has two kinds of users:  Superuser (root)  Regular user  Each user has his own username, password, and permissions that.

Managing Users  Each system has two kinds of users:  Superuser (root)  Regular user  Each user has his own username, password, and permissions that.
CIS 191 - Lesson 5 Lesson 5 New Skills Boot time GRUB edits (review) Changing BIOS boot order on a VM (review) Mounting CD ISO and floppy Image files on.

CIS Lesson 5 Lesson 5 New Skills Boot time GRUB edits (review) Changing BIOS boot order on a VM (review) Mounting CD ISO and floppy Image files on.

Similar presentations

Ads by Google