Presentation is loading. Please wait.

Presentation is loading. Please wait.

Host Security CSCI N321 – System and Network Administration

Published byDaniella Boone Modified over 6 years ago

Similar presentations

Presentation on theme: "Host Security CSCI N321 – System and Network Administration"— Presentation transcript:

1 Host Security CSCI N321 – System and Network Administration
Copyright © 2000, 2011 by Scott Orr and the Trustees of Indiana University

2 Section Overview Why Security? System Security Issues
Network Security Issues Physical and Session Security Issues Security Implementation

3 References CQU System Administration Course Chapter 17

4 Why Worry about Security?
Y2K Bug – 1/1/2000 DDoS Attack of Yahoo, CNN – 2/2000 Microsoft break-in – 10/2000 SPAM and Phishing Viruses and Worms Internet Worm – 11/1988 Melissa/ILoveYou Viruses – CodeRed/Nimda/Slammer/Sobig – MyDoom,Netsky/Bagel – 2004 Stuxnet SPAM/Virus Writer Connection Terrorist Attacks/Katrina Numerous Web Defacements Mobile Computing?

5 Reported Incidents Source: CERT

6 Reported Vulnerabilities
Source: CERT

7 Threat Pyramid Governments 100’s Aggressive 1K’s Moderate 10K’s Script
Kids 1M’s Source: Tom Perrine, SDSC Security as Infrastructure

8 Treat Evolution Source: CERT (Phishing Exposed)

9 How much security? Beware of Security through Obscurity!!! Security
Ease of Use Beware of Security through Obscurity!!!

10 Password Security Issues
Low-tech password grabbing Social Engineering Dumpster Diving Shoulder Surfing Password Cracking Encrypted passwords accessible Brute force & dictionary attacks Alec Muffett’s Crack John the Ripper Cain and Able Rainbow Cracking

11 Password Risk Minimization
User Education!!! Password Accessibility (/etc/shadow) Allow for longer passwords One-Time Passwords – OPIE/SecureID Password aging Forces periodic changing of password Accounts locked if password expires Centralized Authentication Kerberos Active Directory Services (ADS)

12 /etc/shadow Fields Username Encrypted password Day last changed
Minimum # days between changes Maximum # days between changes Notify # days before account expires Account Inactivation Expire # days after max change (Linux) Expire after # days of inactivity (Solaris) Expiration day Flags (unused) Example: sorr:lYi8.KpsFAb9M:11262::90:7:12784:

13 Account Management Principle of least privilege
Restrictive default umask Disable/remove inactive accounts No shared group accounts Careful placement of ‘.’ in PATH Same username/UID assignment on all systems on a local network

14 Root Account Management
Restrict root logins to console Used only when needed su – sudo Avoid multiple root accounts (UID: 0) Avoid ‘.’ in PATH Be Careful!!!

15 System Configuration Keep all software up to date
Updates Patches Remove unneeded software Minimize SUID/SGID programs Kernel options System-wide defaults System Hardening SELinux CIS Benchmark Tools Microsoft: Baseline Security Analyzer

16 Pluggable Auth. Modules
System-wide authentication defaults Authentication management Account management Session management Password management

17 Filesystem Protection
Check for… World-writable files/directories World-readable files/directories System configuration files Log files Ownerless files/directories SUID/SGID programs Filesystem access restrictions Trojan horses & root-kits Modified system files/programs Integrity Checkers: Tripwire, AIDE, Osiris Filesystem Encryption (CFS, EFS)

18 Network Service Security
Remove unneeded services RC Scripts inetd/xinetd Upgrade/Patch active services Port Scanners – nmap, Saint, Nessus Service Attack Detection/Protection Intrusion Detection Systems (Snort) TCP Wrappers Firewalls Network Address Translation (NAT)

19 Network Traffic Issues
Packet Sniffing See all traffic (passwords, , etc.) Tools: Tcpdump, Wireshark Spoofing and Session Hijacking Network Session Encryption Telnet, ftp, X11: Secure Shell (ssh) , Web: Secure Socket Layer (SSL) Virtual Private Networks (IPSec/SSL)

20 Physical Security Environmental Concerns Facility Security
Hardware cables Locks (Key, Code, Biometrics) Alarms (Theft, Movement, etc.) Removable media System BIOS Passwords Boot device order Boot Loader Passwords

21 Session Security X-Windows Console locking Shell inactivity timeout
Remote Applications Remote viewing of your windows xhost/xauth access control Console locking GUI Screensavers Text console(s) – vlock Shell inactivity timeout

22 Implementing Security
Risk Assessment Policy Development Implementation Testing Monitoring/Responding to Incidents

23 Risks and Policies Risk Assessment Policy Development
Identifying assets, vulnerabilities, threats Prevention Cost <> Lost/Recovery Cost Policy Development “That which is not permitted is prohibited” Grant authority to enforce policy Periodic reviews Be positive

24 System Testing Password Checkers Vulnerability Checkers Bug Exploits
System: COPS, Titan, Tiger Network: Saint (SARA), Nessus, nmap Bug Exploits Script Kiddie sites (i.e. Full Disclosure Lists (i.e. BugTraq) Security Advisories (i.e. CERT)

25 Log Monitoring Baseline Anomalies Logfile Anomalies
Weird su/root login entries Unscheduled Reboots/Service restarts Inconsistent login times/locations Logfile Anomalies Strange timestamps Incorrect ownership or permissions Short, incomplete, or missing logs Centralized logging

26 Incident Response Don’t Panic!!! Isolate the system
Understand what happened - Forensics Active system analysis Filesystem analysis (make read-only first) Recover Close holes Restore files from clean backup Report incident Don’t Panic!!!

Download ppt "Host Security CSCI N321 – System and Network Administration"

Similar presentations

Computer Security set of slides 10 Dr Alexei Vernitski.

Computer Security set of slides 10 Dr Alexei Vernitski.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.

1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.
Host Hardening (March 21, 2011) © Abdou Illia – Spring 2011.

Host Hardening (March 21, 2011) © Abdou Illia – Spring 2011.
Web Server Administration TEC 236 Securing the Web Environment.

Web Server Administration TEC 236 Securing the Web Environment.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.

Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
Voyager Server Security and Monitoring Best practices and tools.

Voyager Server Security and Monitoring Best practices and tools.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Course ILT Security Unit objectives Configure operating system and file system security Install a fingerprint scanner and card reader Manage the human.

Course ILT Security Unit objectives Configure operating system and file system security Install a fingerprint scanner and card reader Manage the human.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Va-scanCopyright 2002, Marchany Securing Solaris Servers Randy Marchany.

Va-scanCopyright 2002, Marchany Securing Solaris Servers Randy Marchany.
Securing Information Systems

Securing Information Systems

Similar presentations

Ads by Google