Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Issues in Unix OS Saubhagya Joshi Suroop Mohan Chandran.

Published byWilfrid Haynes Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Issues in Unix OS Saubhagya Joshi Suroop Mohan Chandran."— Presentation transcript:

1 Security Issues in Unix OS Saubhagya Joshi Suroop Mohan Chandran

2 Security Management2 Contents  Current scenario –Major players –General threats –Top ten Unix threats  Taxonomy of threats  Examples  Security Management

3 Security Management3 Major Players  NIST, CERT, SANS Institute, CERIAS, Mitre Inc.  Database + Tools  CVE (121 vulnerabilities out of 3052 unique entries, CVE Version Number: 20040901)  ICAT (213 out of 7493 vulnerabilities)  Cassandra

4 Security Management4 General threats  People (malicious, ignorance)  Physical  Communications  Operations  OS flaws –Denial of Service (DoS) –Spoofing –Privilege Elevation –Repudiation –Replay Attacks –Viruses/Trojans/Worms –Disclosure of Information –Sabotage/Tampering AttacksAttacks

5 Security Management5 Top Ten Vulnerabilities (SANS Institute + FBI)  BIND Domain Name System  Web Server (CGI scripts)  Authentication (weak, default or no password)  Version Control Systems (buffer overflow on CVS)  Mail Transport Service (insecure SMTP & MTA)  Simple Network Management Protocol (SNMP) –Remotely manage systems, printers, routers  Open Secure Sockets Layer (SSL) –Mainly buffer overflow (POP3, IMAP, LDAP, SMTP)  Misconfiguration of Enterprise Services NIS/NFS  Databases (MySQL, POSTgreSQL, Oracle)  Kernel

6 Security Management6 Taxonomy codingoperationalenvironment Incorrect permission configuration condition validation Race condition Improper/inadequate Failure to handle exception synchronization Incorrect setup parameters Utility in wrong place Input validation Boundary condition Origin validation Field value correlation Access right validation Type and number of input Missing input Extraneous input syntax Source: Taimur Aslam, Taxonomy of Security Faults in Unix OS, Purdue University, 1995

7 Security Management7 Operational Examples codingoperationalenvironment Incorrect permission configuration condition validation Race condition Improper/inadequate Failure to handle exception synchronization Incorrect setup parameters Utility in wrong place Input validation Boundary condition Origin validation Field value correlation Access right validation Type and number of input Missing input Extraneous input syntax tftp (trivial file transfer protocol) disclosure of information  sendmail wizard mode  WIZ command  default password = “wizzywoz”

8 Security Management8 Synchronization Examples codingoperationalenvironment Incorrect permission configuration condition validation Race condition Improper/inadequate Failure to handle exception synchronization Incorrect setup parameters Utility in wrong place Input validation Boundary condition Origin validation Field value correlation Access right validation Type and number of input Missing input Extraneous input syntax “xterm” (window interface in X windows) mknod foo p xterm –lf foo mv foo junk ln –s /etc/passwd foo cat junk if run as root, existing files may be replaced

9 Security Management9 Condition Validation Example codingoperationalenvironment Incorrect permission configuration condition validation Race condition Improper/inadequate Failure to handle exception synchronization Incorrect setup parameters Utility in wrong place Input validation Boundary condition Origin validation Field value correlation Access right validation Type and number of input Missing input Extraneous input syntax /etc/exports (SunOS4.1) rcp (remote copy) Redirect characters from other user’s terminal uux rem_machine ! rmail anything & command fsck repairs file consistency -- If fsck fails during bootup, privileged shell starts as root

10 Security Management10 Environment Examples codingoperationalenvironment Incorrect permission configuration condition validation Race condition Improper/inadequate Failure to handle exception synchronization Incorrect setup parameters Utility in wrong place Input validation Boundary condition Origin validation Field value correlation Access right validation Type and number of input Missing input Extraneous input syntax “exec” system call executes some executable object file or data file conaining commands SunOS version 3.2 and early link with name = “-i” exec –i (becomes interactive mode

11 Security Management11 Security Management in UNIX  US/CERT, AUSCERT - UNIX Security Checklist (2001)  US/CERT, AUSCERT – Steps to Recover from a UNIX or NT System compromise (2000)

12 Security Management12 UNIX Security Checklist v2.0  The First Step  Basic Operating System  Major Services  Specific Operating Systems

13 Security Management13 The First Step  Update software and security Patches of the OS.  Make sure that all security mechanisms like Digital signatures and hashing schemes are up to date.  Keep track of all updates to the OS and the services.

14 Security Management14 Basic Operating System  Network Services  Network Administration  File System Security  Account Security  System Monitoring

15 Security Management15 Major Services  Name Service  Electronic Mail  Web Security  FTP – ftp and anonymous ftp  File Services  X-Windows System

16 Security Management16 Specific Operating Systems  BSD-Derived Operating Systems  Linux Distributions  Solaris  IRIX  HP-UX  Digital/Compaq Tru64 UNIX  AIX

17 Security Management17 Steps to Recover from a Compromise  Before you get Started  Regain Control  Analyze the Intrusion  Contact relevant CSIRT and other sites involved  Recover from the intrusion  Improve the security of the system and network  Reconnect to the Internet  Update your Security Policy

Download ppt "Security Issues in Unix OS Saubhagya Joshi Suroop Mohan Chandran."

Similar presentations

Application Security Best Practices At Microsoft Ensuring the lowest possible exposure and vulnerability to attacks Published: January 2003.

Application Security Best Practices At Microsoft Ensuring the lowest possible exposure and vulnerability to attacks Published: January 2003.
Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.

Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.
Chapter One The Essence of UNIX.

Chapter One The Essence of UNIX.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.

Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.
Exchange server 2003. Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.

Exchange server Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.
Guide To UNIX Using Linux Third Edition

Guide To UNIX Using Linux Third Edition
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.
Operating System Security Chapter 9. Operating System Security Terms and Concepts An operating system manages and controls access to hardware components.

Operating System Security Chapter 9. Operating System Security Terms and Concepts An operating system manages and controls access to hardware components.
TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.

TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.
Application Layer. This graphic is taken from The Abdus Salam International Centre for Theoretical Physics.

Application Layer. This graphic is taken from The Abdus Salam International Centre for Theoretical Physics.
Hacking Unix/Linux.

Hacking Unix/Linux.
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Similar presentations

Ads by Google