Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 10: Security in the OSs

Published by항나 변 Modified over 6 years ago

Similar presentations

Presentation on theme: "Lecture 10: Security in the OSs"— Presentation transcript:

1 Lecture 10: Security in the OSs
NET 536 Network Security Networks and Communication Department Lecture 10: Security in the OSs

2 lecture contents: Security feature in Linux
Security feature in Windows 18-Apr-19 Networks and Communication Department

3 Linux’s Security Model
The Linux traditional security model can be summed up quite succinctly: people or processes with “root” privileges can do anything; other accounts can do much less. Thus, the attackers are always looking to gain root privilege and when they do, they can erase or edit logs; hide their processes, files, and directories. Linux’s security model relies on Discretionary Access Control (DAC). In the Linux DAC system, there are: subject (users + processes) who performs actions (read, write, execute/use) on the objects that (file, directory, or special file). The actions are managed by the Kernel that rely on the permission that the subject has. 18-Apr-19 Networks and Communication Department

4 Linux Security Transactions
18-Apr-19 Networks and Communication Department

5 The Linux DAC in Depth: File-System Security
Linux treat everything as file  it is file-system which considered a big deal in security. Documents, pictures, and even executable program are very easy to conceptualize as files on the hard disk However, the directories will be a file containing a list of other files. Pipes are files act as input/output (I/O) “conduits” The two things that are not represented by files: User account: someone capable of using files Group account: a list of user account. Permissions are classified into two types: file and directory permission 18-Apr-19 Networks and Communication Department

6 The Linux DAC in Depth: File-System Security
The file permissions There are three permissions: ‘read’, ‘write’, and ‘execute’ The “execute” is denoted by ‘x’ which used for define a scrip. The script will be executed by entering the name of the script at the chom command line. 18-Apr-19 Networks and Communication Department

7 The Linux DAC in Depth: File-System Security
The directory permissions There are three permissions: ‘read’, ‘write’, and ‘execute’ “read” : ‘list the directory contents’, “write”: ’ create or delete files within the directory’ “execute”: ‘ use anything within or change working directory to this directory’ – less intuitive. 18-Apr-19 Networks and Communication Department

8 Two dangerous permissions
There are two most dangerous permissions: Setuid: if sets on an executable binary file, it causes that program to “runs as” its owner, no matter who executes it. Setgid: when sets on an executable file, it causes that program to “run as a” member of the group that owns it. Hint "run as" means "to run with the same privileges as." Setuid has no effect on directories Setgid does and causes any file created in a directory to inherit the directory's group. 18-Apr-19 Networks and Communication Department

9 Two dangerous permissions
When it becomes dangerous? if set on any file owned by root or any other privileged account or group. When it become useful? if users belong to other groups and routinely create files to be shared with other members of those group instead of manually changing its group. 18-Apr-19 Networks and Communication Department

10 Numeric File Permissions
Internally, Linux uses numbers to represent permissions; only user programs display permissions as letters. The chmod command recognizes both mnemonic permission-modifiers ("u+rwx,go-w") and numeric modes. A numeric mode consists of four digits (as you read left-to-right) used to represents: special-permissions user-permissions group-permissions other-permissions. ( other users not covered by user permission or group permission) For example, 0700 translates to "no special permissions set, all user-permissions set, no group permissions set, no other-permissions set." Each permission has a numeric value, and the permissions in each digit-place are additive: the digit represents the sum of all permission-bits you wish to set. The basic numeric values are: 4 for read, 2 for write 1 for execute. Why no "3” ? Because : (a) these values represent bits in a binary stream and are therefore all powers of 2 (b) this way, no two combination of permissions have the same sum. If, for example, user-permissions are set to "7", this represents 4 (the value for "read") plus 2 (the value for "write") plus 1 (the value for "execute").

11 Numeric File Permissions
Each permission has a numeric value, and the permissions in each digit-place are additive: the digit represents the sum of all permission-bits you wish to set. The basic numeric values are: 4 for read, 2 for write 1 for execute. Why no "3” ? Because : (a) these values represent bits in a binary stream and are therefore all powers of 2 (b) this way, no two combination of permissions have the same sum. If, for example, user-permissions are set to "7", this represents 4 (the value for "read") plus 2 (the value for "write") plus 1 (the value for "execute").

12 Numeric File Permissions

13 Kernel space Vs User space
refers to memory used by the Linux kernel and its loadable modules (e.g., device drivers) User space refers to memory used by all other processes since kernel enforces Linux DAC and security critical to isolate kernel from user so kernel space never swapped to disk only root may load and unload kernel modules 18-Apr-19 Networks and Communication Department

14 Linux Vulnerabilities
The term vulnerability means that a specific weakness or security related bug in an application or operating system. Most of common and far-reaching vulnerabilities in defult Linux instalations (unpatched and unsecured) have been: Buffer overflow Race conditions Abuse of programs run “setuid root” Denial of Services (DoS) Web application vulnerabilities Rootkit attack 18-Apr-19 Networks and Communication Department

15 setuid root Vulnerabilities
a setuid root program runs as root no matter who executes it used to provide unprivileged users with access to privileged resources must be very carefully programmed if can be exploited due to a software bug may allow otherwise-unprivileged users to use it to wield unauthorized root privileges

16 Web application vulnerabilities
a very broad category of vulnerabilities because of ubiquity of world wide web have big and visible attack surfaces when written in scripting languages not as prone to classic buffer overflows can suffer from poor input-handling 18-Apr-19 Networks and Communication Department

17 Rootkit Attacks allow attacker to cover their tracks
if successfully installed before detection, all is very nearly lost. originally collections of hacked commands hiding attacker’s files, directories, processes 18-Apr-19 Networks and Communication Department

18 Linux System Hardening
consider how to mitigate Linux security risks at system and application levels first look at OS-level security tools and techniques that protect the entire system

19 OS installation: Software Selection and Intitial Setup
security begins with O/S installation especially what software is run since unused applications liable to be left in default, un-hardened and un-patched state generally should not run: X Window system, RPC services, R-services, inetd, SMTP daemons, telnet etc also have some initial system s/w configuration: setting root password creating a non-root user account setting an overall system security level enabling a simple host-based firewall policy enabling SELinux 18-Apr-19 Networks and Communication Department

20 Patch Management installed server applications must be:
configured securely kept up to date with security patches patching can never win “patch rat-race” have tools to automatically download and install security updates e.g. up2date, YaST, apt-get note should not run automatic updates on change- controlled systems without testing 18-Apr-19 Networks and Communication Department

21 Network –Level Access Control
One of the most important attack-vectors in Linux threats is the network. Network-level access controls, that restrict access to local resources based on the IP addresses of the systems attempting access, are therefore an important tool in Linux security. there are two network access control mechanisms: Libwrappers and TCP Wrappers iptables for “Local Firewall” Rules 18-Apr-19 Networks and Communication Department

22 Network –Level Access Control
Libwrappers and TCP Wrappers: TCP wrappers a key tool to check access before allowing connection to service checks if requesting host explicitly in hosts.allow is ok if requesting host explicitly in hosts.deny is blocked if not in either is ok checks on service, source IP, username 18-Apr-19 Networks and Communication Department

23 Network –Level Access Control
iptables for “Local Firewall” Rules: While TCP Wrappers ubiquitous and easy-to-use, more powerful is the Linux kernel’s native firewall mechanism, netfilter (and its user-space front end iptables). iptables is useful both on multi-interface firewall systems and on ordinary servers and desktop systems typically for “personnal” firewall use will: allow incoming requests to specified services block all other inbound service requests allow all outbound (locally-originating) requests if need greater security, manually config. 18-Apr-19 Networks and Communication Department

24 SELinux SELinux is the NSA's powerful implementation of mandatory access controls for Linux. The Linux DACs still apply under SELinux: if the ordinary Linux permissions on a given file block a particular action, that action will still be blocked, and SELinux won't evaluate that action. But if the ordinary Linux permissions allow the action, SELinux will evaluate the action against its own security policies before allowing it to occur. More specifically SELinux evaluates actions attempted by subjects against objects. 18-Apr-19 Networks and Communication Department

25 SELinux In SELinux: "subjects" are always processes, since these execute user’s commands. “actions” are called "permissions," just as in the Linux DAC. “objects” include not only files and directories but also other processes, and various system resources in both kernel space and userland. The SELunix is similar to the DAC but there is more things that added: Decision making Role-based access control Multi-level security 18-Apr-19 Networks and Communication Department

26 Windows Security 18-Apr-19 Networks and Communication Department

27 Windows Security There are many important components in Windows that make up the fundamental security infrastructure which are: Security Reference Monitor (SRM): is responsible for checking the permissions Local Security Authority (LSA): is responsible for enforcing local security policy in Windows Security Account Manager (SAM): is a database that stores user accounts and relevant security information about local users and local groups Active Directory (AD): which used for authenticate domain users logon. Authentication Packages WinLogon and NetLogon. 18-Apr-19 Networks and Communication Department

28 Windows Security There are different types of privileges that used in Windows some of them is very dangerous. Examples of such privileges include: act as part of operating system privilege which is referred to as the Trusted Computing Base (TCB) it allows code (including security code) to be run by any account; and this is the most dangerous one. Debug programs privilege which allows an account to debug any process running in Windows. Backup files and directories privilege which is able any process that run this privilege to pass all access control list (ACL) checks. 18-Apr-19 Networks and Communication Department

29 Windows Vulnerabilities
As many Operating Systems, Windows has vulnerabilities that an attacker can exploit them. In 2002, Microsoft decided to change its software development process to better accommodate secure design, coding, testing and maintenance requirements. This process improvement is called Security Development Lifecycle (SDL). Windows Vista is the first version of Windows to have undergone SDL from start to finish. 18-Apr-19 Networks and Communication Department

30 Windows Security Defenses
There are four main defends that Windows Security faced: Account Defenses Windows server 2003 and Windows XP have a new feature called “Secondary Logon” which able the user run an application with another account. Network Defenses Windows offers many network defenses most notably native IPSec and IPv6 support, and a bi-directional firewall Buffer overrun Defenses there are many mechanisms have been added to detect the attacker who exploits the buffer overflow such as: Head-Based Buffer overrun Detection, Heap Randomization, Image Randomization, and Service Restart Policy. 18-Apr-19 Networks and Communication Department

31 Windows Security Defenses
Browser Defenses: Active X opt-in which essentially unload Active X( binary object that can potentially be invoked by the web browser and it is possible for Active X control to be malicius ) controls by default. Cryptographic Services: Windows includes a complete set of cryptographic functionality such as: a. Encrypting File System (EFS) which is simple, a user or administrator marks a directory to use EFS, then, the file created in that directory is encrypted. b. Data Protection API allows users to encrypt and decrypt data transparently. c. BitLocker which is added in Window Vista and it encrypts the entire volume with using AES, and the encryption key is stored either on a USB or within a Trusted Platform Module (TPM) chip on the computer motherboard. 18-Apr-19 Networks and Communication Department

32 Why is Linux is more secure than Windows?
1. Privileges In Windows: users are generally given administrator access by default, which means they pretty much have access to everything on the system, even its most crucial parts. So, then, do viruses. It's like giving terrorists high-level government positions. In Linux: users do not usually have such "root" privileges; rather, they're typically given lower-level accounts. It means even if a Linux system is compromised, the virus won't have the root access it would need to do damage systemwide; more likely, just the user's local files and programs would be affected. That can make the difference between a minor annoyance and a major catastrophe in any business setting. 18-Apr-19 Networks and Communication Department

33 Why is Linux is more secure than Windows?
2. Social Engineering Viruses and Worms are often spread by convincing computer users to do something they shouldn't, like open attachments that carry viruses and worms. This is known as social engineering. In Windows: Spreading the worms and viruses is so easy on Windows systems. Just send out an with a malicious attachment and an interesting subject. The result? An open door for the attached malware, with potentially disastrous consequences organization wide. In Linux: Before any real damage could occur, a Linux user would have to read the , save the attachment, give it executable permissions and then run the executable. Not very likely, in other words. 18-Apr-19 Networks and Communication Department

34 Why is Linux is more secure than Windows?
3. Audience Size Since Millions of people all using the same software(Windows), it become an attractive target for malicious attacker. As a result, the majority of viruses target Windows. 4. How Many Eyeballs In Linux: the creator of Linux--holds that, "given enough eyeballs, all bugs are shallow." What that means is that the larger the group of developers and testers working on a set of code, the more likely any flaws will be caught and fixed quickly. In Windows: it's a limited set of paid developers who are trying to find problems in the code. They adhere to their own set timetables, and they don't generally tell anyone about the problems until they've already created a solution, leaving the door open to exploits until that happens. 18-Apr-19 Networks and Communication Department

Download ppt "Lecture 10: Security in the OSs"

Similar presentations

Operating System Structures

Operating System Structures
Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?

Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:

CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
1 Security and Software Engineering Steven M. Bellovin AT&T Labs – Research

1 Security and Software Engineering Steven M. Bellovin AT&T Labs – Research
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Microsoft ® Official Course Module 9 Configuring Applications.

Microsoft ® Official Course Module 9 Configuring Applications.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Week #7 Objectives: Secure Windows 7 Desktop

Week #7 Objectives: Secure Windows 7 Desktop
3-Protecting Systems Dr. John P. Abraham Professor UTPA.

3-Protecting Systems Dr. John P. Abraham Professor UTPA.
Windows 7 Firewall.

Windows 7 Firewall.
CE01000-3 Operating Systems Lecture 3 Overview of OS functions and structure.

CE Operating Systems Lecture 3 Overview of OS functions and structure.
CIS 450 – Network Security Chapter 14 – Specific Exploits for UNIX.

CIS 450 – Network Security Chapter 14 – Specific Exploits for UNIX.

Similar presentations

Ads by Google