Presentation is loading. Please wait.

Presentation is loading. Please wait.

Host Security CSCI N321 – System and Network Administration Copyright © 2000, 2011 by Scott Orr and the Trustees of Indiana University.

Published byBeatrix Maxwell Modified over 9 years ago

Similar presentations

Presentation on theme: "Host Security CSCI N321 – System and Network Administration Copyright © 2000, 2011 by Scott Orr and the Trustees of Indiana University."— Presentation transcript:

1 Host Security CSCI N321 – System and Network Administration Copyright © 2000, 2011 by Scott Orr and the Trustees of Indiana University

2 Section Overview Why Security? System Security Issues Network Security Issues Physical and Session Security Issues Security Implementation

3 References CQU 85321 System Administration Course Chapter 17

4 Why Worry about Security? Y2K Bug – 1/1/2000 DDoS Attack of Yahoo, CNN – 2/2000 Microsoft break-in – 10/2000 SPAM and Phishing Viruses and Worms Internet Worm – 11/1988 Melissa/ILoveYou Viruses – 1999 - 2000 CodeRed/Nimda/Slammer/Sobig – 2001-2003 MyDoom,Netsky/Bagel – 2004 Stuxnet - 2010 SPAM/Virus Writer Connection Terrorist Attacks/Katrina Numerous Web Defacements Mobile Computing?

5 Reported Incidents Source: CERT

6 Reported Vulnerabilities Source: CERT CERT

7 Threat Pyramid ScriptKids Moderate Aggressive Governments 1M’s 10K’s 1K’s 100’s Source: Tom Perrine, SDSC Security as Infrastructure

8 Source: CERT (Phishing Exposed) Treat Evolution

9 How much security? Security Ease of Use Beware of Security through Obscurity!!!

10 Password Security Issues Low-tech password grabbing Social Engineering Dumpster Diving Shoulder Surfing Password Cracking Encrypted passwords accessible Brute force & dictionary attacks  Alec Muffett’s Crack  John the Ripper  Cain and Able  Rainbow Cracking

11 Password Risk Minimization User Education!!! Password Accessibility ( /etc/shadow ) Allow for longer passwords One-Time Passwords – OPIE/SecureID Password aging Forces periodic changing of password Accounts locked if password expires Centralized Authentication Kerberos Active Directory Services (ADS)

12 /etc/shadow Fields Username Encrypted password Day last changed Minimum # days between changes Maximum # days between changes Notify # days before account expires Account Inactivation Expire # days after max change (Linux) Expire after # days of inactivity (Solaris) Expiration day Flags (unused) Example: sorr:lYi8.KpsFAb9M:11262::90:7:12784:

13 Account Management Principle of least privilege Restrictive default umask Disable/remove inactive accounts No shared group accounts Careful placement of ‘.’ in PATH Same username/UID assignment on all systems on a local network

14 Root Account Management Restrict root logins to console Used only when needed su – sudo Avoid multiple root accounts (UID: 0) Avoid ‘.’ in PATH Be Careful!!!

15 System Configuration Keep all software up to date Updates Patches Remove unneeded software Minimize SUID/SGID programs Kernel options System-wide defaults System Hardening SELinux CIS Benchmark Tools Microsoft: Baseline Security Analyzer

16 Pluggable Auth. Modules System-wide authentication defaults Authentication management Account management Session management Password management

17 Filesystem Protection Check for… World-writable files/directories World-readable files/directories  System configuration files  Log files Ownerless files/directories SUID/SGID programs Filesystem access restrictions Trojan horses & root-kits Modified system files/programs Integrity Checkers: Tripwire, AIDE, Osiris Filesystem Encryption (CFS, EFS)

18 Network Service Security Remove unneeded services RC Scripts inetd/xinetd Upgrade/Patch active services Port Scanners – nmap, Saint, Nessus Service Attack Detection/Protection Intrusion Detection Systems (Snort) TCP Wrappers Firewalls Network Address Translation (NAT)

19 Network Traffic Issues Packet Sniffing See all traffic (passwords, email, etc.) Tools: Tcpdump, Wireshark Spoofing and Session Hijacking Network Session Encryption Telnet, ftp, X11: Secure Shell (ssh) Email, Web: Secure Socket Layer (SSL) Virtual Private Networks (IPSec/SSL)

20 Physical Security Environmental Concerns Facility Security Hardware cables Locks (Key, Code, Biometrics) Alarms (Theft, Movement, etc.) Removable media System BIOS Passwords Boot device order Boot Loader Passwords

21 Session Security X-Windows Remote Applications Remote viewing of your windows xhost/xauth access control Console locking GUI Screensavers Text console(s) – vlock Shell inactivity timeout

22 Implementing Security Risk Assessment Policy Development Implementation Testing Monitoring/Responding to Incidents

23 Risks and Policies Risk Assessment Identifying assets, vulnerabilities, threats Prevention Cost <> Lost/Recovery Cost Policy Development “That which is not permitted is prohibited” Grant authority to enforce policy Periodic reviews Be positive

24 System Testing Password Checkers Vulnerability Checkers System: COPS, Titan, Tiger Network: Saint (SARA), Nessus, nmap Bug Exploits Script Kiddie sites (i.e. www.rootshell.com) Full Disclosure Email Lists (i.e. BugTraq) Security Advisories (i.e. CERT)

25 Log Monitoring Baseline Anomalies Weird su/root login entries Unscheduled Reboots/Service restarts Inconsistent login times/locations Logfile Anomalies Strange timestamps Incorrect ownership or permissions Short, incomplete, or missing logs Centralized logging

26 Incident Response Isolate the system Understand what happened - Forensics Active system analysis Filesystem analysis (make read-only first) Recover Close holes Restore files from clean backup Report incident Don’t Panic!!!

Download ppt "Host Security CSCI N321 – System and Network Administration Copyright © 2000, 2011 by Scott Orr and the Trustees of Indiana University."

Similar presentations

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.

1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.
Host Hardening (March 21, 2011) © Abdou Illia – Spring 2011.

Host Hardening (March 21, 2011) © Abdou Illia – Spring 2011.
Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN 0-07-212773-2.

Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN
Web Server Administration TEC 236 Securing the Web Environment.

Web Server Administration TEC 236 Securing the Web Environment.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.

Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
Voyager Server Security and Monitoring Best practices and tools.

Voyager Server Security and Monitoring Best practices and tools.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
Course ILT Security Unit objectives Configure operating system and file system security Install a fingerprint scanner and card reader Manage the human.

Course ILT Security Unit objectives Configure operating system and file system security Install a fingerprint scanner and card reader Manage the human.

Similar presentations

Ads by Google