Datasäkerhet/Data security EDA625 Lect5

Transcription

1 Ch. 6 Unix security Datasäkerhet/Data security EDA625 Lect5 Understand the security features of a typical operating system Users/passwords login procedure user superuser (root) access control (chmod) devices, mounting filesystems searchpath wrappers, installation, and configuration 2016 B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA625 2 OS should provide a coherent set of security controls identification, authentication access control auditing, controlled invocation configuration, management... General organization User accounts User privileges (stored in the account) Identification and authentication to verify a users id Permissions to objects (set by system/owner) Audit and management (upgrade) Hence: Discretionary access control 2016 B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA625 4

2 Login and user accounts User names/passwords Passwords enciphered with crypt(3), stored in /etc/passwd user name: encrypted password: used ID: group ID: ID string: home dir: login shell no password/user disabled (*) change user command: su(1) Users/Superuser Superuser UID 0 (root) The superuser can do almost anything Major weakness - an attacker achieving superuser status takes over the system Precautions: /etc/passwd write protected, using /bin/su, record su attempt, separation of duties (use special users for special purposes) 2016 B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA625 6 Groups Every user belong to a primary group. Can only be in one group at a time Change group (newgrp) Passwords etc. Controlled invokation Users need superuser privilege to execute certain OS functions (but should not receive superuser status) Set UserID program (SUID) SetGroupID program (SGID) Such programs run with effective user ID of their owner B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA625 8

3 Important SUID programs /bin/passwd change password /bin/login login program /bin/at batch job submission /bin/su change UID program Attacks An attacker who may change the behavior of a SUID program may get superuser status 2016 B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA Access control Discretionary access control: owner, group, world No distinction between files and devices File info for access control: file permissions, link counter, owner and group SUID = s Order of Checking owner group world Consequence!: if owner = r and world=rw then you cannot write if you are the owner! 2016 B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA625 12

4 Mounting file systems Different physical devices put under a single root / The mounted file system may contain unwelcome programs UIDs and GIDs are local identifiers that need not be interpreted the same on different Unix systems!!! see to it that you use global unique identifiers 2016 B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA Searchpath be carefull PATH PATH=. : $HOME/bin: /usr/ucb: Threat: Trojan horse is placed in directory in PATH that is searched earlier than the original/correct directory. Do not put your current directory in the search path (especially not for programs executed by root) Call program by fullname 2016 B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA Audit logs and Intrusion detection Auditing Intrusion detection Intrusion Detection System (IDS) Example: Snort: Tripwire Automatic retaliation Installation & Configuration Unix hardening. Securing a UNIX machine Close unnessary ports and stop services not needed Tools for checking security COPS SATAN Intrusion Detection Systems (IDS) Useful basic document on Unix security B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA625 16

5 Ch. 7 Windows 2000 Security How an OS can support the implementation of a security policy Basics concepts of Windows 2000 security. Introduction Security architecture Access Control Registry Identification and Authentication 2016 B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA Security Architecture Security Architecture (cont d) User mode - kernel mode separation User programs make API calls to invoke OS services Locking no other user can gain access to the object Data stored in proprietary formats Comment: this gives no real security! Object-oriented design access control may vary between different objects 2016 B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA625 20

6 Security subsystem Security Reference monitor (SRM) - access control (kernel mode) Local Security Authority (LSA) - login and auditing (user mode) Security Account manager (SAM) - maintains the user account database used by LSA Login Process The registry Central database for Windows configuration data Entries are called keys A registry Hive is a group of keys, subkeys, and values in the registry 2016 B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA The registry (cont d) Protecting the integrity of registry data is important Ex. The search path is set in registry, if an attacker can modify it, malicious software can be inserted/executed. Proprietary format: registry editor Identification and Authentication Kerberos based Active Directory Two passwords (LAN manager, Windows) Password filter, etc. Passwords stored in SAM database the OS calls SAM API 2016 B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA625 24

7 Login Secure attention sequence CTRL+ALT+DEL Login process pass on user/passwd to the LSA, checks against SAM, returns users security ID (SID), the groups SID, etc. LSA creates a system access token, Distinction: interactive login - network login Bypassing SAM API SAM database in proprietary format PWDump - convert to readable format Dictionary attack on SAM database possible if it is available L0phtCrack B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA Password attacks Extract hash of passwords Use rainbow tables See previous lecture Active Directory AD = Directory Service for windows domain networks organizes objects as a tree of typed objects object type specific properties; e.g. employee object: name, , room has a unique GUID (global unique identifier) AD is included in most Windows Server operating systems as a set of processes and services Kerberos is an important component in AD 2016 B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA625 28

8 NTFS file system Basic permissions: read, write, execute, delete, change access permission, take ownership NoAccess, Read, Change, Full Control, Special Access Files inherit permissions from parent directory Audit Log security relevant events Several different options to handle how to behave when the log reaches its maximal size overwrite policies (2) no overwrite: manual clearing of log: Orange Book C2 level requires shutdown when log is full. Event Viewer 2016 B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA DLLs - beware Dynamic Link Libraries (DLLs) are software modules that are linked into programs when executed DLL Spoofing: Searchpath - Trojan DLL Notification packages- DLLs that handle decrypted passwords in heterogeneous systems -SSO support Windows: Security Evaluation Windows 2000 sp3 classified at C2 (Orange Book) or EAL 4+ (Common Criteria) levels In fact, Windows even meets a few requirements of the next more secure division (Orange Book B2), such as the provision of separate roles for separate administrative functions (trusted facilities management), and the Ctrl+Alt+Delete: Secure Action Sequence (SAS) B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA625 32