Download presentation
Presentation is loading. Please wait.
Published byAngelina Willis Modified over 8 years ago
1
UNIX SYSTEM SECURITY Tanusree Sen 005484258
2
Agenda Introduction Three Different Levels of Security Security Policies Security Technologies Future of UNIX System security Conclusion References
3
Three Different Levels of security Application Level Operating System Level Network Level Security
4
DEFENDING AGAINST THE APPLICATION, OPERATING SYSTEM AND NETWORK LEVEL ATTACKS No.Application LevelOperating System Level Network Level 1 Keep the browser, servers, databases, programming languages and operating systems patched regularly Check system binaries and make sure that the intruders do not alter it Avoid using hubs and try to stick to switches only and buy interface card that do not support Promiscuous mode 2 Utilize the up-to date Antivirus tools Search the setuid and setgid files everywhere on the system because often the intruders leave setuid copies of /bin/sh or /bin/time around to allow them to have the root access at a later time in the future. Disable inbound Telnet, FTP, rlogin, rsh/rcp/exec, finger etc and instead encourage SSH. 3 Make use of good Firewalls and Intrusion Detection mechanisms Regularly check the /etc/passwd file on the system and see if any modifications to that file is done or not Encrypt everything and make use of secure protocols like HTTPS, SSH, PGB, IPSec etc 4 Make sure that the application uses strong session tracking information so that it cannot be easily grabbed by the attacker Make sure to check that the victim’s systems does not allow unauthorized use of a network monitoring tool like packet sniffer because often the intruders use this tool to capture user credentials. Deploy up-to date anti spoof filters and patch the TCP stacks regualrly
5
Security Policies Device Security - Only Authorized person can perform - Volume manager should be disabled to prevent media device from automatically mounting - Check the origin of the software and check the checksum signature before installing - Data backup incase of disaster recovery File systems Security - Minimum permission on files - Put a sticky bit on the important files and those have write permission - Regularly look for core files and delete them. Remote Services Restriction - Services like telnet, rlogin, ftp should be kept disabled - All the services are controlled in inetd.conf. To disable these service comment the corresponding line in the inetd.conf file. - Restart the inetd.conf service either by rebooting or by giving kill -HUP command
6
Security Policies(contd..) Password policy - Should not be written on a piece of paper rather keep them in mind - Mixture of alphabets, numbers and non-alphabetic characters - Regular changing of passwords
7
Security Technologies SSH Kerberos Identity Management
8
What is the future of UNIX System Security? Everyday new features are implemented Vendors are investing a huge amount of money Research is going on more on virtualization and many big companies have their own operating systems virtualization technology
9
conclusion It is a very good practice to find out and identify that site specific security concern and define some preventive policies. It is also encouraged to look for third party security software, if it is appropriate to implement. But above all, users are the one who is going to follow these policies and for that he/she should understand the importance of it which only can be done by educating the employees and administrators.
10
References Sko udis, E, & Liston, T (2006). Counter Hack Reloaded A Step-By-Step Guide To Computer Attacks And Effective Defenses.New Jearsy: Pearson Education, Inc. Dunn, R (n.d.) Introduction to Application-level Security. Retrieved October 24, 2007, from Enforcing Application-level Security in Modern Operating Systems Web site: http://www.cs.washington.edu/homes/rdunn/papers/rjd-generals.pdf http://www.cs.washington.edu/homes/rdunn/papers/rjd-generals.pdf Wood, P, & Kochan, S (1985). UNIX System security. New Jersy/ Berkeley, California: Hayden Book Company Farrow, R (1991). UNIX System Security How to protect Your Data and prevent Intruders. Addison- Wesley Publishing Company, Inc. OS security tools. (n.d.). Retrieved November 16, 2007, from Operating System Security Web site: http://pages.cs.wisc.edu/~cao/cs537/lecture30.txthttp://pages.cs.wisc.edu/~cao/cs537/lecture30.txt
11
Thank You Any Question?
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.