Presentation is loading. Please wait.

Presentation is loading. Please wait.

CIT 480: Securing Computer Systems

Published byRodney Bond Modified over 6 years ago

Similar presentations

Presentation on theme: "CIT 480: Securing Computer Systems"— Presentation transcript:

1 CIT 480: Securing Computer Systems
Operating System Security CIT 480: Securing Computer Systems

2 CIT 480: Securing Computer Systems
Topics OS Security Features Bypassing OS Security Boot time security BIOS security System Logs CIT 480: Securing Computer Systems

3 CIT 480: Securing Computer Systems
OS Security Features Authentication Access Control Auditing (Logging) Encryption (Filesystems) Isolation (VM) Patching (Updates) CIT 480: Securing Computer Systems

4 The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or bootstrapping. When a computer is turned on, it first executes code stored in a firmware component known as the BIOS (basic input/output system). On modern systems, the BIOS loads into memory the second-stage boot loader, which handles loading the rest of the operating system into memory and then passes control of execution to the operating system.

5 CIT 480: Securing Computer Systems
Boot Process Detail CIT 480: Securing Computer Systems

6 CIT 480: Securing Computer Systems
BIOS CIT 480: Securing Computer Systems

7 Reconfiguring Boot Media
Attacker boots with their OS that ignores your ACLs CIT 480: Securing Computer Systems

8 CIT 480: Securing Computer Systems
BIOS Passwords CIT 480: Securing Computer Systems

9 Removing the BIOS Password
CIT 480: Securing Computer Systems

10 Protecting the BIOS Password
CIT 480: Securing Computer Systems

11 CIT 480: Securing Computer Systems
Bootloader CIT 480: Securing Computer Systems

12 Reconfiguring the Bootloader
CIT 480: Securing Computer Systems

13 CIT 480: Securing Computer Systems
Single User Mode CIT 480: Securing Computer Systems

14 Single User Mode Password
CIT 480: Securing Computer Systems

15 CIT 480: Securing Computer Systems
Changing init CIT 480: Securing Computer Systems

16 CIT 480: Securing Computer Systems
GRUB Password CIT 480: Securing Computer Systems

17 Hibernation Modern machines have the ability to go into a powered-off state known as hibernation. While going into hibernation, the OS stores the contents of machine’s memory into a hibernation file (such as hiberfil.sys) on disk so the computer can be quickly restored later. 1. User closes a laptop computer, putting it into hibernation. 2. Attacker copies the hiberfil.sys file to discover any unencrypted passwords that were stored in memory when the computer was put into hibernation.

18 CIT 480: Securing Computer Systems
Cold Memory Attack CIT 480: Securing Computer Systems

19 Startup Processes: Windows
CIT 480: Securing Computer Systems

20 Startup Services: Linux
CIT 480: Securing Computer Systems

21 CIT 480: Securing Computer Systems
System Logs Logs record status and error conditions. Where do log messages come from? Kernel Accounting system System services Logging methods: Service records own logs (apache, cron). Service uses system service to manage logs. CIT 480: Securing Computer Systems

22 CIT 480: Securing Computer Systems
Windows Event Log CIT 480: Securing Computer Systems

23 CIT 480: Securing Computer Systems
Finding UNIX Logs Most logs are stored under /var/log /var/adm Check syslog's configuration /etc/syslog.conf To find other logs, read startup scripts /etc/init.d/* and manuals for services started by scripts. CIT 480: Securing Computer Systems

24 CIT 480: Securing Computer Systems
Finding Logs Log file Program Contents messages syslog Various program/kernel logs. auth.log su, ssh, login Authorization fail/success. lastlog login, xdm Logins, commands. wtmp login Login accounting data. acct/pacct kernel UNIX process accounting. Xorg.log X-Windows X-Windows failures/info. CIT 480: Securing Computer Systems

25 Example Syslog Messages
Feb 11 10:17:01 localhost /USR/SBIN/CRON[1971]: (root) CMD ( run-parts --report /etc/cron.hourly) Feb 11 10:37:22 localhost -- MARK -- Feb 11 10:51:11 localhost dhclient: DHCPREQUEST on eth1 to port 67 Feb 11 10:51:11 localhost dhclient: DHCPACK from Feb 11 10:51:11 localhost dhclient: bound to renewal in seconds. Feb 11 14:37:22 localhost -- MARK -- Feb 11 14:44:21 localhost mysqld[7340]: :44:21 /usr/sbin/mysqld: Normal shutdown Feb 12 04:46:42 localhost sshd[29093]: Address maps to ns.thundernet.co.kr, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT! Feb 12 04:46:44 localhost sshd[29097]: Invalid user matt from ::ffff: CIT 480: Securing Computer Systems

26 CIT 480: Securing Computer Systems
References Anderson, Security Engineering 2nd Edition, Wiley, 2008. Goodrich and Tammasia, Introduction to Computer Security, Pearson, 2011. CIT 480: Securing Computer Systems

Download ppt "CIT 480: Securing Computer Systems"

Similar presentations

Linux Boot Loaders. ♦ Overview A boot loader is a small program that exists in the system and loads the operating system into the system’s memory at system.

Linux Boot Loaders. ♦ Overview A boot loader is a small program that exists in the system and loads the operating system into the system’s memory at system.
Booting and Shuting Down WeeSan Lee. Roadmap Bootstrapping Boot Loaders Startup/Init Scripts Reboot & Shutdown Q&A.

Booting and Shuting Down WeeSan Lee. Roadmap Bootstrapping Boot Loaders Startup/Init Scripts Reboot & Shutdown Q&A.
Genesis: from raw hardware to processes System booting sequence: how does a machine come into life.

Genesis: from raw hardware to processes System booting sequence: how does a machine come into life.
Chapter 9: Understanding System Initialization The Complete Guide To Linux System Administration.

Chapter 9: Understanding System Initialization The Complete Guide To Linux System Administration.
Booting and Shutting Down the UNIX Operating System Arcadio A. Sincero Jr. 6/6/2001 CMSC 691X, Section 6080.

Booting and Shutting Down the UNIX Operating System Arcadio A. Sincero Jr. 6/6/2001 CMSC 691X, Section 6080.
Linux+ Guide to Linux Certification Chapter Nine System Initialization.

Linux+ Guide to Linux Certification Chapter Nine System Initialization.
Linux Booting Procedure

Linux Booting Procedure
Linux can be generally divided into four major components: 1. KERNEL – OS, ultimate boss The kernel is the core program that runs programs and manages.

Linux can be generally divided into four major components: 1. KERNEL – OS, ultimate boss The kernel is the core program that runs programs and manages.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.

Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.

Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
CSUF Chapter 3.2 1. CSUF Operating Systems Security 2.

CSUF Chapter CSUF Operating Systems Security 2.
Section 3.2: Operating Systems Security

Section 3.2: Operating Systems Security
Linux Boot Up Process Bootstrapping –Bootstrapping is the standard term for “ starting up a computer”. During bootstrapping, the kernel is loaded into.

Linux Boot Up Process Bootstrapping –Bootstrapping is the standard term for “ starting up a computer”. During bootstrapping, the kernel is loaded into.
Unix kernel Kernel refers to the core part of an operating system Historically, UNIX kernels are monolithic Newer versions of UNIX allow part of the kernel.

Unix kernel Kernel refers to the core part of an operating system Historically, UNIX kernels are monolithic Newer versions of UNIX allow part of the kernel.
Syslogd Tracking system events. Log servers Applications are constantly encountering events which should be recorded –users attempt to login with bad.

Syslogd Tracking system events. Log servers Applications are constantly encountering events which should be recorded –users attempt to login with bad.
CIT 470: Advanced Network and System AdministrationSlide #1 CIT 470: Advanced Network and System Administration Logging.

CIT 470: Advanced Network and System AdministrationSlide #1 CIT 470: Advanced Network and System Administration Logging.
®® Microsoft Windows 7 for Power Users Tutorial 8 Troubleshooting Windows 7.

®® Microsoft Windows 7 for Power Users Tutorial 8 Troubleshooting Windows 7.
Linux Booting Procedure

Linux Booting Procedure
© 2015 by McGraw-Hill Education. This proprietary material solely for authorized instructor use. Not authorized for sale or distribution in any manner.

© 2015 by McGraw-Hill Education. This proprietary material solely for authorized instructor use. Not authorized for sale or distribution in any manner.
CIS 450 – Network Security Chapter 16 – Covering the Tracks.

CIS 450 – Network Security Chapter 16 – Covering the Tracks.

Similar presentations

Ads by Google