Linux Systems Security. Security Design NETS Fall 2016
|
|
- Marilynn French
- 5 years ago
- Views:
Transcription
1 Linux Systems Security Security Design NETS Fall 2016
2 Designing a Security Approach Physical access Boot control Service availability and control User access Change control Data protection and backup Management support
3 Physical Access Risks Simple DOS (denial of service) through damage, disconnnection, powerdown Filesystem corruption can result A server taken offline this way can cause ripple corruption around the network, particularly if the clients are using state-dependent file access mechanisms Ripple DOS can be serious if the downed machine is an authentication server or proxy server Substituting or modifying devices such as disks CTRL-ALT-DEL risks with PC hardware, see serverguide/console-security.html for how Ubuntu can be configured for this Even when physical damage or substitution is not deemed an issue, there are other physical access concerns related to atypical boot scenarios
4 Physical Access Risks Attached device compromise via I/O ports or removable media Devices may invoke untested drivers Drivers can supply code to the system at high privilege levels Removable media can be used to supply code, false data, and privilege elevation tools Alternate boot scenarios using removable media are a concern if physical access is permitted Designing around this means a physically secure location and physical access controls, and securing boot control
5 Boot Control BIOS should not iterate through multiple boot devices, and BIOS should be password protected Grub and LILO boot loaders offer user intervention at boot Both have configuration files which must be protected, should be readable only by root, and have any available password options enabled, locations and file names can vary by distro
6 Boot Control Both common boot loaders support implementing passwords to perform non-default boot if needed, depending on which distro you are running chap5sec48.html Remove old boot options after kernel updates if your OS doesn t do it automatically, also remove old kernel files if update was done for security concerns
7 Service Availability Distro selection and installation is a big factor, it will determine how much work you have to do after the installation completes, distrowatch.com can help The GUI is a luxury, not a necessity, don t install it unless your server's purpose cannot be achieved without it Non-essential software offers opportunities to attackers, even if that software does not run automatically Remove innocuous but unnecessary services to reduce logfile clutter
8 Service Availability Remove or don t install whatever you don t need, it can be added later if requirements change Software packaging tools don t let you blindly remove software you don t use but which is needed by other software you do use Once your service availability is appropriately trimmed, consider how those services are controlled
9 Service Control Multiple mechanisms can start services, which ones are even available is distro-specific init and rc scripts are still common, upstart and systemd are becoming more widely implemented Different distros may not start the same services the same way, even if they have the same mechanisms available
10 Service Control Services may or may not log startup/shutdown and activities Services may have per-service logfiles or just lump their messages in with other services (often distrospecific) Default configurations often start many more services than is actually required
11 Service Control Resource and capacity limits are often non-existent or inappropriate; reviewing service configurations for these limits is a way to improve service stability and reduce potential impacts of service exploits Users who shouldn t be able to affect running services often can, by exploiting them or simply using them in non-standard ways, or by interfering with resources those services expect to have available, confused deputy problem applies
12 User Access System users are the most dangerous, consider where and how they can login, and what they can do once logged in Services commonly provide configuration parameters to control what their users can do Web servers, servers, database servers, etc. usually are capable of managing private user lists and controls but the per-service lists are often not used in favour of simpler unix account reuse
13 User Access User data must be considered Where is it stored and how, can they impact the filesystem for other users How is access to it shared or controlled, what privileges do users have the ability to give away (DAC vs. MAC vs. RBAC) Removable media, network copying, sharing tools, backup tools are all potential data exposure avenues Data labelling may be relevant
14 User Access Passwords, remote access and social engineering are rocket fuel for attackers Audits, monitoring, and logging only help identify what happened, they do not prevent it Differentiating between expected system behaviour changes and unexpected changes can be enhanced with intentional change control
15 Change Control System updates, upgrades, or configuration changes can introduce new exposures or break existing protections Changes should be planned, tested, logged, and verified, software installation and update tools do not normally record what they do, they just do it Virtual machines can be used to test changes to a duplicated server without risk to a production system Change logs should be independent of the system so that a system compromise does not endanger the change logs
16 Change Control Automated updates are generally discouraged for servers, security updates can be the exception unless you are staging all updates Many software package tools check, or can check, signatures for download validation Software package tools do check dependencies Even with services, users, and change covered, data can still be at risk
17 Data Protection Storage of data is your primary protection opportunity Container access controls such as file permissions and ACLs, or storage control mechanisms such as database permissions are the basic tools Encrypting data in storage can be useful, but can also be a substantial overhead for the system Encrypted root filesystems is possible, but kernel maintenance becomes more difficult, better to cleanly separate root filesystem from any sensitive data storage
18 Data Protection Encrypting data in transit is a consideration, connection establishment is the primary attack vector, ssl/ssh is the primary widespread defense along with vpns Version control systems require extra attention Data replicates and backups must also be considered
19 Backup Backup of systems and data are separate topics Backup physical storage is a consideration Restoration should include tamper detection Backups can be encrypted, not just compressed Backup access and aging can complicate things Backups, like other aspects of security, have costs so management support becomes very important
20 Management Support Security requires tools, hardware, and personnel Those normally require funding and allocation of resources The security role may not be making the business decisions, but may instead be lobbying for them Security should be part of the business strategy and plan Ask the folks at the NSA, Ashley Madison, or in a presidential campaign if it is important to allocate sufficient resources and focus to security
Computer Security. 04r. Pre-exam 1 Concept Review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 04r. Pre-exam 1 Concept Review Paul Krzyzanowski Rutgers University Spring 2018 February 15, 2018 CS 419 2018 Paul Krzyzanowski 1 Key ideas from the past four lectures February 15, 2018
More informationCS 356 Operating System Security. Fall 2013
CS 356 Operating System Security Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5 Database
More informationCIT 480: Securing Computer Systems
CIT 480: Securing Computer Systems Operating System Security CIT 480: Securing Computer Systems Slide #1 Topics 1. OS Security Features 2. Bypassing OS Security 1. Boot time security 2. BIOS security 3.
More informationSE Linux Implementation LINUX20
SE Linux Implementation LINUX20 Russell Coker IBM eserver pseries, Linux, Grid Computing and Storage Technical University 7/7/2004 Licensed under the GPL Topic Objectives In this topic students will learn
More informationSTING: Finding Name Resolution Vulnerabilities in Programs
STING: Finding Name Resolution ulnerabilities in Programs Hayawardh ijayakumar, Joshua Schiffman, Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department
More informationComputers: Tools for an Information Age. System Software
Computers: Tools for an Information Age System Software Objectives System Software Operating system (OS) Popular Operating Systems System Utilities 2 System Software 3 System Software System software includes
More informationCUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE
Instructor: Prof Aftab Ahmad Office: NB 612 Telephone No. (212)393-6314 Email Address: aahmad@jjay.cuny.edu Office Hours: By appointment TEXT & REFERENCE MATERIAL Text Notes from instructor posted on Blackboard
More informationExam LFCS/Course 55187B Linux System Administration
Exam LFCS/Course 55187B Linux System Administration About this course This four-day instructor-led course is designed to provide students with the necessary skills and abilities to work as a professional
More informationCourse 55187B Linux System Administration
Course Outline Module 1: System Startup and Shutdown This module explains how to manage startup and shutdown processes in Linux. Understanding the Boot Sequence The Grand Unified Boot Loader GRUB Configuration
More informationOperating system hardening
Operating system Comp Sci 3600 Security Outline 1 2 3 4 5 6 What is OS? Hardening process that includes planning, ation, uration, update, and maintenance of the operating system and the key applications
More informationOS Security III: Sandbox and SFI
1 OS Security III: Sandbox and SFI Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab2 VMs on lab machine Extension? 3 Users and processes FACT: although ACLs use users as subject, the OS
More informationLinux Systems Security. Backup and Change Management NETS Fall 2016
Linux Systems Security Backup and Change Management NETS1028 - Fall 2016 Backup Security breaches can cast doubt on entire installations or render them corrupt Files or entire systems may have to be recovered
More informationRHCE BOOT CAMP. The Boot Process. Wednesday, November 28, 12
RHCE BOOT CAMP The Boot Process OVERVIEW The boot process gets a machine from the useless off state to the feature rich operating system we all know and love Requires cooperation between hardware and software
More informationAccess Control. Steven M. Bellovin September 13,
Access Control Steven M. Bellovin September 13, 2016 1 Security Begins on the Host Even without a network, hosts must enforce the CIA trilogy Something on the host the operating system aided by the hardware
More informationAt course completion. Overview. Audience profile. Course Outline. : 55187B: Linux System Administration. Course Outline :: 55187B::
Module Title Duration : 55187B: Linux System Administration : 4 days Overview This four-day instructor-led course is designed to provide students with the necessary skills and abilities to work as a professional
More information1- Which of the following tasks is the operating system NOT responsible for? d) Coordinates communication between software applications and the CPU
1- Which of the following tasks is the operating system NOT responsible for? a) Management, scheduling, and coordination of tasks b) File compression c) Manages the computer's hardware d) Coordinates communication
More informationBasic Linux Security. Roman Bohuk University of Virginia
Basic Linux Security Roman Bohuk University of Virginia What is Linux? An open source operating system Project started by Linus Torvalds kernel Kernel: core program that controls everything else (controls
More informationDesigning a System. We have lots of tools Tools are rarely interesting by themselves Let s design a system... Steven M. Bellovin April 10,
Designing a System We have lots of tools Tools are rarely interesting by themselves Let s design a system... Steven M. Bellovin April 10, 2007 1 Some of Our Tools Encryption Authentication mechanisms Access
More informationNexpose. Hardening Guide. Product version: 6.0
Nexpose Hardening Guide Product version: 6.0 Table of contents Table of contents 2 Revision history 3 File System 4 Installation 5 Configuration 6 Users 6 Services 6 Kernel Settings 6 CIS Benchmarks 8
More informationTechnology in Action. Chapter 5 System Software: The Operating System, Utility Programs, and File Management
Technology in Action Chapter 5 System Software: The Operating System, Utility Programs, and File Management Chapter Topics Operating System Fundamentals What the Operating System Does The Boot Process:
More informationSoftware Vulnerability Assessment & Secure Storage
Software Vulnerability Assessment & Secure Storage 1 Software Vulnerability Assessment Vulnerability assessment is the process of identifying flaws that reside in an OS, application software or devices
More informationInstalling and Upgrading Cisco Network Registrar Virtual Appliance
CHAPTER 3 Installing and Upgrading Cisco Network Registrar Virtual Appliance The Cisco Network Registrar virtual appliance includes all the functionality available in a version of Cisco Network Registrar
More information"Charting the Course... MOC B: Linux System Administration. Course Summary
Description Course Summary This four-day instructor-led course is designed to provide students with the necessary skills and abilities to work as a professional Linux system administrator. The course covers
More informationUsing TU Eindhoven s VPN with Ubuntu
Using TU Eindhoven's VPN with Ubuntu 14.04 or 16.04 TU Eindhoven s Virtual Private Networking (VPN) service can be used on Linux computers. This document describes how to do it using Ubuntu 14.04 or 16.04
More informationAre You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus
Are You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus 1 60 Second AWS Security Review 2 AWS Terminology Identity and Access Management (IAM) - AWS Security Service to manage
More informationAn Analysis of Local Security Authority Subsystem
An Analysis of Local Security Authority Subsystem Shailendra Nigam Computer Science & Engineering Department DIET, Kharar Mohali(Punjab) India. Sandeep Kaur Computer Science & Engineering Department BBSBEC,
More informationWeb Servers and Security
Web Servers and Security The Web is the most visible part of the net Two web servers Apache (open source) and Microsoft s IIS dominate the market Apache has 49%; IIS has 36% (source: http://news.netcraft.com/archives/2008/09/30/
More informationSoftware Security and Exploitation
COMS E6998-9: 9: Software Security and Exploitation Lecture 8: Fail Secure; DoS Prevention; Evaluating Components for Security Hugh Thompson, Ph.D. hthompson@cs.columbia.edu Failing Securely and Denial
More information10 Defense Mechanisms
SE 4C03 Winter 2006 10 Defense Mechanisms Instructor: W. M. Farmer Revised: 23 March 2006 1 Defensive Services Authentication (subject, source) Access control (network, host, file) Data protection (privacy
More informationWhy Operating Systems? Topic 3. Operating Systems. Why Operating Systems? Why Operating Systems?
Topic 3 Why Operating Systems? Operating Systems Abstracting away from the Nuts and Bolts Early computers had no operating system. Programmers were responsible for: telling the computer when to load and
More informationLecture 15 Designing Trusted Operating Systems
Lecture 15 Designing Trusted Operating Systems Thierry Sans 15-349: Introduction to Computer and Network Security Anatomy of an operating system Concept of Kernel Definition Component that provides an
More informationQuick Start Guide to Compute Canada Cloud Service
Quick Start Guide to Compute Canada Cloud Service Launching your first instance (VM) Login to the East or West cloud Dashboard SSH key pair Importing an existing key pair Creating a new key pair Launching
More information2. INTRUDER DETECTION SYSTEMS
1. INTRODUCTION It is apparent that information technology is the backbone of many organizations, small or big. Since they depend on information technology to drive their business forward, issues regarding
More informationCompTIA SY CompTIA Security+
CompTIA SY0-501 CompTIA Security+ https://killexams.com/pass4sure/exam-detail/sy0-501 QUESTION: 338 The help desk is receiving numerous password change alerts from users in the accounting department. These
More informationWeb Servers and Security
Web Servers and Security The Web is the most visible part of the net Two web servers Apache (open source) and Microsoft s IIS dominate the market (Apache has 70%; IIS has 20%) Both major servers have lots
More informationArchitecture. Steven M. Bellovin October 31,
Architecture Steven M. Bellovin October 31, 2016 1 Web Servers and Security The Web is the most visible part of the net Two web servers Apache (open source) and Microsoft s IIS dominate the market Apache
More informationArchitecture. Steven M. Bellovin October 27,
Architecture Steven M. Bellovin October 27, 2015 1 Web Servers and Security The Web is the most visible part of the net Two web servers Apache (open source) and Microsoft s IIS dominate the market Apache
More informationFirmware Updates for Internet of Things Devices
Firmware Updates for Internet of Things Devices Brendan Moran, Milosch Meriac, Hannes Tschofenig Drafts: draft-moran-suit-architecture draft-moran-suit-manifest 1 WHY DO WE CARE? 2 IoT needs a firmware
More informationInstructions 1 Elevation of Privilege Instructions
Instructions 1 Elevation of Privilege Instructions Draw a diagram of the system you want to threat model before you deal the cards. Deal the deck to 3-6 players. Play starts with the 3 of Tampering. Play
More informationStorage and File System
COS 318: Operating Systems Storage and File System Andy Bavier Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall10/cos318/ Topics Storage hierarchy File
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 13: Operating System Security Department of Computer Science and Engineering University at Buffalo 1 Review Previous topics access control authentication session
More informationDesigning and Operating a Secure Active Directory.
Designing and Operating a Secure Active Directory Introduction Gil Kirkpatrick, CTO, NetPro Architect of NetPro Active Directory products Author of Active Directory Programming from SAMS Founder of the
More informationOracle Database Security - Top Things You Could & Should Be Doing Differently
Oracle Database Security - Top Things You Could & Should Be Doing Differently Simon Pane Pythian Keywords: oracle database security Introduction When reviewing existing database security configurations
More informationPersistent key, value storage
Persistent key, value storage In programs, often use hash tables - E.g., Buckets are an array of pointers, collision chaining For persistant data, minimize # disk accesses - Traversing linked lists is
More informationKeys and Passwords. Steven M. Bellovin October 17,
Keys and Passwords Steven M. Bellovin October 17, 2010 1 Handling Long-Term Keys Where do cryptographic keys come from? How should they be handled? What are the risks? As always, there are tradeoffs Steven
More informationCompTIA A+ Certification ( ) Study Guide Table of Contents
CompTIA A+ Certification (220-902) Study Guide Table of Contents Course Introduction About This Course About CompTIA Certifications Module 1 / Supporting Windows 1 Module 1 / Unit 1 Windows Operating System
More informationSecurity Philosophy. Humans have difficulty understanding risk
Android Security Security Philosophy Humans have difficulty understanding risk Safer to assume that Most developers do not understand security Most users do not understand security Security philosophy
More informationIntroduction to Security and User Authentication
Introduction to Security and User Authentication Brad Karp UCL Computer Science CS GZ03 / M030 14 th November 2016 Topics We ll Cover User login authentication (local and remote) Cryptographic primitives,
More informationPL-I Assignment Broup B-Ass 5 BIOS & UEFI
PL-I Assignment Broup B-Ass 5 BIOS & UEFI Vocabulary BIOS = Basic Input Output System UEFI = Unified Extensible Firmware Interface POST= Power On Self Test BR = Boot Record (aka MBR) BC =Boot Code (aka
More informationDeploy and Configure Microsoft LAPS. Step by step guide and useful tips
Deploy and Configure Microsoft LAPS Step by step guide and useful tips 2 Table of Contents Challenges today... 3 What is LAPS... 4 Emphasis and Tips... 5 How LAPS Work... 6 Components... 6 Prepare, Deploy
More informationUNIT 9 Introduction to Linux and Ubuntu
AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT 9 Introduction to Linux and Ubuntu Learning Objectives Participants will understand the basics of Linux, including the nature,
More informationCertification. System Initialization and Services
Certification System Initialization and Services UNIT 3 System Initialization and Services UNIT 3: Objectives Upon completion of this unit the student should be able to: Describe BIOS functions with respect
More informationLast time. User Authentication. Security Policies and Models. Beyond passwords Biometrics
Last time User Authentication Beyond passwords Biometrics Security Policies and Models Trusted Operating Systems and Software Military and Commercial Security Policies 9-1 This time Security Policies and
More informationCS 326: Operating Systems. Process Execution. Lecture 5
CS 326: Operating Systems Process Execution Lecture 5 Today s Schedule Process Creation Threads Limited Direct Execution Basic Scheduling 2/5/18 CS 326: Operating Systems 2 Today s Schedule Process Creation
More informationUbuntu Unleashed 2015 Updates, Installing, and Upgrading to Ubuntu 15.04
SUPPLEMENTAL BONUS TO Ubuntu Unleashed 2015 Updates, Installing, and Upgrading to Ubuntu 15.04 IN THIS SUPPLEMENT What s New in 15.04 Before You Begin the Installation Step-by-Step Installation What s
More informationCOS 318: Operating Systems. File Systems. Topics. Evolved Data Center Storage Hierarchy. Traditional Data Center Storage Hierarchy
Topics COS 318: Operating Systems File Systems hierarchy File system abstraction File system operations File system protection 2 Traditional Data Center Hierarchy Evolved Data Center Hierarchy Clients
More informationSystem Structure. Steven M. Bellovin December 14,
System Structure Steven M. Bellovin December 14, 2015 1 Designing a System We have lots of tools Tools are rarely interesting by themselves Let s design a system... Steven M. Bellovin December 14, 2015
More informationCSCI 420: Mobile Application Security. Lecture 7. Prof. Adwait Nadkarni. Derived from slides by William Enck, Patrick McDaniel and Trent Jaeger
CSCI 420: Mobile Application Security Lecture 7 Prof. Adwait Nadkarni Derived from slides by William Enck, Patrick McDaniel and Trent Jaeger 1 cryptography < security Cryptography isn't the solution to
More informationObjectives. Classes of threats to networks. Network Security. Common types of network attack. Mitigation techniques to protect against threats
ITE I Chapter 6 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Enterprise Network Security Describe the general methods used to mitigate security threats to Enterprise networks
More informationECE 550D Fundamentals of Computer Systems and Engineering. Fall 2017
ECE 550D Fundamentals of Computer Systems and Engineering Fall 2017 The Operating System (OS) Prof. John Board Duke University Slides are derived from work by Profs. Tyler Bletsch and Andrew Hilton (Duke)
More informationVirtual Data Center (vdc) Manual
Virtual Data Center (vdc) Manual English Version 1.0 Page 1 of 43 Content 1 HOW TO USE CLOUD PORTAL (VMWARE VIRTUAL DATA CENTER)... 3 2 VMWARE SYSTEM DETAILS... 5 3 HOW TO MANAGE VIRTUAL MACHINE... 6 Edit
More informationAdvanced Systems Security: Ordinary Operating Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationThe Linux IPL Procedure
The Linux IPL Procedure SHARE - Tampa February 13, 2007 Session 9274 Edmund MacKenty Rocket Software, Inc. Purpose De-mystify the Linux boot sequence Explain what happens each step of the way Describe
More informationComputer Software. Lect 4: System Software
Computer Software Lect 4: System Software 1 What You Will Learn List the two major components of system software. Explain why a computer needs an operating system. List the five basic functions of an operating
More informationThousands of Linux Installations (and only one administrator)
Thousands of Linux Installations (and only one administrator) A Linux cluster client for the University of Manchester A V Le Blanc I T Services University of Manchester LeBlanc@man.ac.uk Overview Environment
More informationIT ESSENTIALS V. 4.1 Module 5 Fundamental Operating Systems
IT ESSENTIALS V. 4.1 Module 5 Fundamental Operating Systems 5.0 Introduction 1. What controls almost all functions on a computer? The operating system 5.1 Explain the purpose of an operating system 2.
More informationZen Internet. Online Data Backup. Zen Vault Express for Mac. Issue:
Zen Internet Online Data Backup Zen Vault Express for Mac Issue: 2.0.08 Tel: 01706 90200 Fax: 01706 902005 E-mail: info@zen.co.uk Web: www.zen.co.uk Zen Internet 2015 Contents 1 Introduction... 3 1.1 System
More information18-642: Security Mitigation & Validation
18-642: Security Mitigation & Validation 11/27/2017 Security Migitation & Validation Anti-Patterns for security mitigation & validation Poorly considered password policy Poorly considered privilege management
More informationThe kernel is not to be confused with the Basic Input/Output System (BIOS).
Linux Kernel The kernel is the essential center of a computer operating system, the core that provides basic services for all other parts of the operating system. A kernel can be contrasted with a shell,
More informationAgent vs Agentless Log Collection
Agent vs Agentless Log Collection Intersect Alliance International Pty Ltd. All rights reserved worldwide. Intersect Alliance Pty Ltd shall not be liable for errors contained herein or for direct, or indirect
More informationAdvanced Security Measures for Clients and Servers
Advanced Security Measures for Clients and Servers Wayne Harris MCSE Senior Consultant Certified Security Solutions Importance of Active Directory Security Active Directory creates a more secure network
More informationSecurity Architecture
Security Architecture We ve been looking at how particular applications are secured We need to secure not just a few particular applications, but many applications, running on separate machines We need
More informationAccess Control. Steven M. Bellovin September 2,
Access Control Steven M. Bellovin September 2, 2014 1 Security Begins on the Host Even without a network, hosts must enforce the CIA trilogy Something on the host the operating system aided by the hardware
More informationSDR Guide to Complete the SDR
I. General Information You must list the Yale Servers & if Virtual their host Business Associate Agreement (BAA ) in place. Required for the new HIPAA rules Contract questions are critical if using 3 Lock
More informationPrerequisites: Students must be proficient in general computing skills but not necessarily experienced with Linux or Unix. Supported Distributions:
This GL124 course is designed to follow an identical set of topics as the Red Hat RH124 course with the added benefit of very comprehensive lab exercises and detailed lecture material. The Red Hat Enterprise
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST IT Certification Guaranteed, The Easy Way! \ http://www.pass4test.com We offer free update service for one year Exam : 156-210 Title : Check Point CCSA NG Vendors : CheckPoint Version : DEMO
More information90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government
More informationLast time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control
Last time Security Policies and Models Bell La-Padula and Biba Security Models Information Flow Control Trusted Operating System Design Design Elements Security Features 10-1 This time Trusted Operating
More informationWhy secure the OS? Operating System Security. Privilege levels in 80X86 processors. The basis of protection: Seperation. Privilege levels - A problem
Why secure the OS? Operating System Security Works directly on the hardware but can be adapted during runtime Data and process are directly visible Application security can be circumvented from lower layers
More information- Table of Contents -
- Table of Contents - 1 INTRODUCTION... 1 1.1 OBJECTIVES OF THIS GUIDE... 1 1.2 ORGANIZATION OF THIS GUIDE... 2 1.3 COMMON CRITERIA STANDARDS DOCUMENTS... 3 1.4 TERMS AND DEFINITIONS... 5 2 BASIC KNOWLEDGE
More informationLinux Essentials. Smith, Roderick W. Table of Contents ISBN-13: Introduction xvii. Chapter 1 Selecting an Operating System 1
Linux Essentials Smith, Roderick W. ISBN-13: 9781118106792 Table of Contents Introduction xvii Chapter 1 Selecting an Operating System 1 What Is an OS? 1 What Is a Kernel? 1 What Else Identifies an OS?
More informationCS197U: A Hands on Introduction to Unix
CS197U: A Hands on Introduction to Unix Lecture 4: My First Linux System Tian Guo University of Massachusetts Amherst CICS 1 Reminders Assignment 2 was due before class Assignment 3 will be posted soon
More informationNetwork Device Forensics. Digital Forensics NETS1032 Winter 2018
Network Device Forensics Digital Forensics NETS1032 Winter 2018 Risks Most data created, stored, and used by users is kept in files on computers running end user oriented operating systems like Windows,
More informationThe LILO Configuration Handbook. Virgil J. Nisly
The LILO Configuration Handbook Virgil J. Nisly 2 Contents 1 LILO Configuration 4 2 General Options 4 3 Operating Systems 5 4 Expert 6 3 Abstract LILO Configuration is an application specificly designed
More informationSystem Administration for Beginners
System Administration for Beginners Week 5 Notes March 16, 2009 1 Introduction In the previous weeks, we have covered much of the basic groundwork needed in a UNIX environment. In the upcoming weeks, we
More informationCERT Secure Coding Initiative. Define security requirements. Model Threats 11/30/2010
Secure Coding Practices COMP620 CERT Secure Coding Initiative Works with software developers and software development organizations to reduce vulnerabilities resulting from coding errors Many of the slides
More informationCase Studies in Access Control
Joint software development Mail 1 / 38 Situations Roles Permissions Why Enforce Access Controls? Unix Setup Windows ACL Setup Reviewer/Tester Access Medium-Size Group Basic Structure Version Control Systems
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 20: Intrusion Prevention Department of Computer Science and Engineering University at Buffalo 1 Lecture Overview Firewalls purpose types locations Network perimeter
More informationChapter 13: Protection. Operating System Concepts Essentials 8 th Edition
Chapter 13: Protection Operating System Concepts Essentials 8 th Edition Silberschatz, Galvin and Gagne 2011 Chapter 13: Protection Goals of Protection Principles of Protection Domain of Protection Access
More informationPerforming Administrative Tasks
This chapter describes how to perform administrative tasks using Cisco CMX. Users who are assigned administration privileges can perform administrative tasks. Cisco CMX User Accounts, page 1 Backing Up
More informationChapter 1: Windows Platform and Architecture. You will learn:
Chapter 1: Windows Platform and Architecture Windows 2000 product family. New features/facilities of. Windows architecture. Changes to the kernel and kernel architecture. New features/facilities. Kernel
More informationSandboxing Untrusted Code: Software-Based Fault Isolation (SFI)
Sandboxing Untrusted Code: Software-Based Fault Isolation (SFI) Brad Karp UCL Computer Science CS GZ03 / M030 9 th December 2011 Motivation: Vulnerabilities in C Seen dangers of vulnerabilities: injection
More informationPrivilege Escalation
Privilege Coleman Kane Coleman.Kane@ge.com February 9, 2015 Security Vulnerability Assessment Privilege 1 / 14 root, or Privilege or Elevation is the act of gaining access to resources which were intended
More informationSE420 Software Quality Assurance
SE420 Software Quality Assurance Encryption Backgrounder September 5, 2014 Sam Siewert Encryption - Substitution Re-map Alphabet, 1-to-1 and On-to (function) A B C D E F G H I J K L M N O P Q R S T U V
More informationAdvanced Systems Security: Ordinary Operating Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More information1 LINUX KERNEL & DEVICES
GL-250: Red Hat Linux Systems Administration Course Length: 5 days Course Description: The GL250 is an in-depth course that explores installation, configuration and maintenance of Linux systems. The course
More informationCS 200. User IDs, Passwords, Permissions & Groups. User IDs, Passwords, Permissions & Groups. CS 200 Spring 2017
CS 200 User IDs, Passwords, Permissions & Groups 1 Needed to control access to sharepoints and their contents Because Macs & PCs now support multiple accounts, user IDs and passwords are also needed on
More informationHacking Demonstration. Dr John McCarthy Ph.D. BSc (Hons) MBCS
Hacking Demonstration Dr John McCarthy Ph.D. BSc (Hons) MBCS Demonstration Deploying effective cyber security is one of the 21 st century s greatest challenges for business. The threats facing businesses
More informationKillTest 䊾 䞣 催 ࢭ ད ᅌ㖦䊛 ᅌ㖦䊛 NZZV ]]] QORRZKYZ TKZ ϔᑈܡ䊏 ᮄ ࢭ
KillTest Exam : 117-202 Title : LPI Level 2 Exam 202 Version : DEMO 1 / 6 1.Given this excerpt from an Apache configuration file, which of the numbered lines has INCORRECT syntax? 1:
More information16 Sharing Main Memory Segmentation and Paging
Operating Systems 64 16 Sharing Main Memory Segmentation and Paging Readings for this topic: Anderson/Dahlin Chapter 8 9; Siberschatz/Galvin Chapter 8 9 Simple uniprogramming with a single segment per
More information