Datasäkerhet/Data security EDA625 Lect5
|
|
- Milton Wilkerson
- 5 years ago
- Views:
Transcription
1 Ch. 6 Unix security Datasäkerhet/Data security EDA625 Lect5 Understand the security features of a typical operating system Users/passwords login procedure user superuser (root) access control (chmod) devices, mounting filesystems searchpath wrappers, installation, and configuration 2016 B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA625 2 OS should provide a coherent set of security controls identification, authentication access control auditing, controlled invocation configuration, management... General organization User accounts User privileges (stored in the account) Identification and authentication to verify a users id Permissions to objects (set by system/owner) Audit and management (upgrade) Hence: Discretionary access control 2016 B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA625 4
2 Login and user accounts User names/passwords Passwords enciphered with crypt(3), stored in /etc/passwd user name: encrypted password: used ID: group ID: ID string: home dir: login shell no password/user disabled (*) change user command: su(1) Users/Superuser Superuser UID 0 (root) The superuser can do almost anything Major weakness - an attacker achieving superuser status takes over the system Precautions: /etc/passwd write protected, using /bin/su, record su attempt, separation of duties (use special users for special purposes) 2016 B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA625 6 Groups Every user belong to a primary group. Can only be in one group at a time Change group (newgrp) Passwords etc. Controlled invokation Users need superuser privilege to execute certain OS functions (but should not receive superuser status) Set UserID program (SUID) SetGroupID program (SGID) Such programs run with effective user ID of their owner B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA625 8
3 Important SUID programs /bin/passwd change password /bin/login login program /bin/at batch job submission /bin/su change UID program Attacks An attacker who may change the behavior of a SUID program may get superuser status 2016 B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA Access control Discretionary access control: owner, group, world No distinction between files and devices File info for access control: file permissions, link counter, owner and group SUID = s Order of Checking owner group world Consequence!: if owner = r and world=rw then you cannot write if you are the owner! 2016 B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA625 12
4 Mounting file systems Different physical devices put under a single root / The mounted file system may contain unwelcome programs UIDs and GIDs are local identifiers that need not be interpreted the same on different Unix systems!!! see to it that you use global unique identifiers 2016 B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA Searchpath be carefull PATH PATH=. : $HOME/bin: /usr/ucb: Threat: Trojan horse is placed in directory in PATH that is searched earlier than the original/correct directory. Do not put your current directory in the search path (especially not for programs executed by root) Call program by fullname 2016 B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA Audit logs and Intrusion detection Auditing Intrusion detection Intrusion Detection System (IDS) Example: Snort: Tripwire Automatic retaliation Installation & Configuration Unix hardening. Securing a UNIX machine Close unnessary ports and stop services not needed Tools for checking security COPS SATAN Intrusion Detection Systems (IDS) Useful basic document on Unix security B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA625 16
5 Ch. 7 Windows 2000 Security How an OS can support the implementation of a security policy Basics concepts of Windows 2000 security. Introduction Security architecture Access Control Registry Identification and Authentication 2016 B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA Security Architecture Security Architecture (cont d) User mode - kernel mode separation User programs make API calls to invoke OS services Locking no other user can gain access to the object Data stored in proprietary formats Comment: this gives no real security! Object-oriented design access control may vary between different objects 2016 B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA625 20
6 Security subsystem Security Reference monitor (SRM) - access control (kernel mode) Local Security Authority (LSA) - login and auditing (user mode) Security Account manager (SAM) - maintains the user account database used by LSA Login Process The registry Central database for Windows configuration data Entries are called keys A registry Hive is a group of keys, subkeys, and values in the registry 2016 B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA The registry (cont d) Protecting the integrity of registry data is important Ex. The search path is set in registry, if an attacker can modify it, malicious software can be inserted/executed. Proprietary format: registry editor Identification and Authentication Kerberos based Active Directory Two passwords (LAN manager, Windows) Password filter, etc. Passwords stored in SAM database the OS calls SAM API 2016 B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA625 24
7 Login Secure attention sequence CTRL+ALT+DEL Login process pass on user/passwd to the LSA, checks against SAM, returns users security ID (SID), the groups SID, etc. LSA creates a system access token, Distinction: interactive login - network login Bypassing SAM API SAM database in proprietary format PWDump - convert to readable format Dictionary attack on SAM database possible if it is available L0phtCrack B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA Password attacks Extract hash of passwords Use rainbow tables See previous lecture Active Directory AD = Directory Service for windows domain networks organizes objects as a tree of typed objects object type specific properties; e.g. employee object: name, , room has a unique GUID (global unique identifier) AD is included in most Windows Server operating systems as a set of processes and services Kerberos is an important component in AD 2016 B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA625 28
8 NTFS file system Basic permissions: read, write, execute, delete, change access permission, take ownership NoAccess, Read, Change, Full Control, Special Access Files inherit permissions from parent directory Audit Log security relevant events Several different options to handle how to behave when the log reaches its maximal size overwrite policies (2) no overwrite: manual clearing of log: Orange Book C2 level requires shutdown when log is full. Event Viewer 2016 B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA DLLs - beware Dynamic Link Libraries (DLLs) are software modules that are linked into programs when executed DLL Spoofing: Searchpath - Trojan DLL Notification packages- DLLs that handle decrypted passwords in heterogeneous systems -SSO support Windows: Security Evaluation Windows 2000 sp3 classified at C2 (Orange Book) or EAL 4+ (Common Criteria) levels In fact, Windows even meets a few requirements of the next more secure division (Orange Book B2), such as the provision of separate roles for separate administrative functions (trusted facilities management), and the Ctrl+Alt+Delete: Secure Action Sequence (SAS) B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA B. Smeets LTH Electrical and Information Technology - Datasäkerhet EDA625 32
Operating system security
Operating system security Tuomas Aura T-110.4206 Information security technology Aalto University, autumn 2011 Outline Access control models in operating systems: 1. Unix 2. Windows Acknowledgements: This
More informationProcesses are subjects.
Identification and Authentication Access Control Other security related things: Devices, mounting filesystems Search path TCP wrappers Race conditions NOTE: filenames may differ between OS/distributions
More informationOperating System Security. 0Handouts: Quizzes ProsoftTraining All Rights Reserved. Version 3.07
0Handouts: Lesson 1 Quiz 1. What is the working definition of authentication? a. The ability for a person or system to prove identity. b. Protection of data on a system or host from unauthorized access.
More informationOutline. Security. Security Ratings. TCSEC Rating Levels. Key Requirements for C2. Met B-Level Requirements
Outline Ausgewählte Betriebssysteme Institut Betriebssysteme Fakultät Informatik Ratings System Components 2 Ratings TCSEC Rating Levels National Computer Center (NCSC) part of US Department of Defense
More informationProcesses are subjects.
Identification and Authentication Access Control Other security related things: Devices, mounting filesystems Search path Race conditions NOTE: filenames may differ between OS/distributions Principals
More informationSecurity. Outline. Security Ratings. Ausgewählte Betriebssysteme Institut Betriebssysteme Fakultät Informatik
Ausgewählte Betriebssysteme Institut Betriebssysteme Fakultät Informatik Outline Ratings System Components Logon Object (File) Access Impersonation Auditing 2 Ratings National Computer Center (NCSC) part
More informationServer. Client LSA. Winlogon LSA. Library SAM SAM. Local logon NTLM. NTLM/Kerberos. EIT060 - Computer Security 2
Local and Domain Logon User accounts and groups Access tokens Objects and security descriptors The Register Some features in Windows 7 and Windows 8 Windows XP evolved from Windows 2000 Windows 10, 8,
More informationAccess Control. CMPSC Spring 2012 Introduction Computer and Network Security Professor Jaeger.
Access Control CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Access Control Describe the permissions available to computing processes
More informationOperating system security models
Operating system security models Unix security model Windows security model MEELIS ROOS 1 General Unix model Everything is a file under a virtual root diretory Files Directories Sockets Devices... Objects
More informationData Security and Privacy. Unix Discretionary Access Control
Data Security and Privacy Unix Discretionary Access Control 1 Readings for This Lecture Wikipedia Filesystem Permissions Other readings UNIX File and Directory Permissions and Modes http://www.hccfl.edu/pollock/aunix1/filepermissions.htm
More informationIS 2150 / TEL 2810 Information Security and Privacy
IS 2150 / TEL 2810 Information Security and Privacy James Joshi Professor, SIS Access Control OS Security Overview Lecture 2, Sept 6, 2016 1 Objectives Understand the basics of access control model Access
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 13: Operating System Security Department of Computer Science and Engineering University at Buffalo 1 Review Previous topics access control authentication session
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationOperating systems and security - Overview
Operating systems and security - Overview Protection in Operating systems Protected objects Protecting memory, files User authentication, especially passwords Trusted operating systems, security kernels,
More informationPre-Assessment Answers-1
Pre-Assessment Answers-1 0Pre-Assessment Answers Lesson 1 Pre-Assessment Questions 1. What is the name of a statistically unique number assigned to all users on a Windows 2000 system? a. A User Access
More informationUnix, History
Operating systems Examples from Unix, VMS, Windows NT on user authentication, memory protection and file and object protection. Trusted Operating Systems, example from PitBull Unix, History Unix, History
More informationO/S & Access Control. Aggelos Kiayias - Justin Neumann
O/S & Access Control Aggelos Kiayias - Justin Neumann One system Many users Objects that require protection memory I/O devices (disks, printers) programs and processes networks stored data in general Separation
More informationIntroduction to Security
IS 2150 / TEL 2810 Introduction to Security James Joshi Associate Professor, SIS Secure Design Principles OS Security Overview Lecture 2 September 4, 2012 1 Objectives Understand the basic principles of
More informationIntroduction to Security
IS 2150 / TEL 2810 Introduction to Security James Joshi Assistant Professor, SIS Secure Design Principles OS Security Overview Lecture 1 September 2, 2008 1 Objectives Understand the basic principles of
More informationProtecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 10 - Identity Management and Access Control MIS5206 Week 10 Identity Management and Access Control Presentation Schedule Test Taking Tip Quiz Identity Management and
More informationWe ve seen: Protection: ACLs, Capabilities, and More. Access control. Principle of Least Privilege. ? Resource. What makes it hard?
We ve seen: Protection: ACLs, Capabilities, and More Some cryptographic techniques Encryption, hashing, types of keys,... Some kinds of attacks Viruses, worms, DoS,... And a distributed authorization and
More informationOutline. UNIX security ideas Users and groups File protection Setting temporary privileges. Examples. Permission bits Program language components
UNIX security Ulf Larson (modified by Erland Jonsson/Magnus Almgren) Computer security group Dept. of Computer Science and Engineering Chalmers University of Technology, Sweden Outline UNIX security ideas
More informationIntroduction to Computer Security
Introduction to Computer Security UNIX Security Pavel Laskov Wilhelm Schickard Institute for Computer Science Genesis: UNIX vs. MULTICS MULTICS (Multiplexed Information and Computing Service) a high-availability,
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 3.2: OS Security Access Control Endadul Hoque Slide Acknowledgment Contents are based on slides from Ninghui Li (Purdue), John Mitchell (Stanford), Bogdan Carbunar (FIU)
More informationCS 290 Host-based Security and Malware. Christopher Kruegel
CS 290 Host-based Security and Malware Christopher Kruegel chris@cs.ucsb.edu Windows Windows > 90 % of all computers run Windows when dealing with security issues, it is important to have (some) knowledge
More informationIT Service Delivery And Support Week Four - OS. IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao
IT Service Delivery And Support Week Four - OS IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao 1 What is an Operating System (OS)? OS is a software that designed to run on specific hardware
More informationIntroduction to Computer Security
Introduction to Computer Security UNIX and Windows Security Pavel Laskov Wilhelm Schickard Institute for Computer Science Genesis: UNIX vs. MULTICS MULTICS (Multiplexed Information and Computing Service)
More informationWhy secure the OS? Operating System Security. Privilege levels in 80X86 processors. The basis of protection: Seperation. Privilege levels - A problem
Why secure the OS? Operating System Security Works directly on the hardware but can be adapted during runtime Data and process are directly visible Application security can be circumvented from lower layers
More informationCS 392/681 - Computer Security. Module 5 Access Control: Concepts and Mechanisms
CS 392/681 - Computer Security Module 5 Access Control: Concepts and Mechanisms Course Policies and Logistics Midterm next Thursday!!! Read Chapter 2 and 15 of text 10/15/2002 Module 5 - Access Control
More informationPrivileges: who can control what
Privileges: who can control what Introduction to Unix May 24, 2008, Morocco Hervey Allen Goal Understand the following: The Unix security model How a program is allowed to run Where user and group information
More informationUNIX/Linux Auditing. Baccam Consulting, LLC Training Events
UNIX/Linux Auditing Baccam Consulting, LLC tanya@securityaudits.org Training Events www.securityaudits.org/events.html ***CISSP Course being offered April 25-April 29, 2016 Copyright 2005-2016, Baccam
More informationIdentity, Authentication, and Access Control
Identity, Authentication, and Access Control License This work by Z. Cliffe Schreuders at Leeds Metropolitan University is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
More informationRoadmap for This Lecture
Windows Security 2 Roadmap for This Lecture Windows Security Features Components of the Security System Protecting Objects Security Descriptors and Access Control Lists Auditing and Impersonation Privileges
More informationUnit OS7: Security The Security Problem. Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze
Unit OS7: Security 7.1. The Security Problem Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze 2 Copyright Notice 2000-2005 David A. Solomon and Mark Russinovich
More informationInformation Security CS 526
Information Security CS 526 s Security Basics & Unix Access Control 1 Readings for This Lecture Wikipedia CPU modes System call Filesystem Permissions Other readings UNIX File and Directory Permissions
More informationCS 356 Lecture 7 Access Control. Spring 2013
CS 356 Lecture 7 Access Control Spring 2013 Review Chapter 1: Basic Concepts and Terminology Integrity, Confidentiality, Availability, Authentication, and Accountability Types of threats: active vs. passive,
More informationHardware. Ahmet Burak Can Hacettepe University. Operating system. Applications programs. Users
Operating System Security Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr Computer System Components Hardware Provides basic computing resources (CPU, memory, I/O devices). Operating system Controls
More information5/8/2012. Encryption-based Protection. Protection based on Access Permission (Contd) File Security, Setting and Using Permissions Chapter 9
File Security, Setting and Using Permissions Chapter 9 To show the three protection and security mechanisms that UNIX provides To describe the types of users of a UNIX file To discuss the basic operations
More informationStrategic Infrastructure Security
Strategic Infrastructure Security Course Number: SCPSIS Length: Certification Exam There are no exams currently associated with this course. Course Overview This course picks up right where Tactical Perimeter
More informationOperating System Security
Operating System Security Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr 1 Computer System Components Hardware Provides basic computing resources (CPU, memory, I/O devices). Operating system
More informationCS 392/681 - Computer Security. Module 6 Access Control: Concepts and Mechanisms
CS 392/681 - Computer Security Module 6 Access Control: Concepts and Mechanisms Course Policies and Logistics Midterm grades Thursday. Read Chapter 2 and 15 th of text Lab 4 postponed - due next week.
More informationTEL2821/IS2150: INTRODUCTION TO SECURITY Lab: Operating Systems and Access Control
TEL2821/IS2150: INTRODUCTION TO SECURITY Lab: Operating Systems and Access Control Version 1.0, Last Edited 09/20/2005 Name of Students: Date of Experiment: Part I: Objective The objective of the exercises
More informationWhat is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.
P1L4 Authentication What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource. Authentication: Who are you? Prove it.
More informationCPS221 Lecture: Operating System Protection
Objectives CPS221 Lecture: Operating System Protection last revised 9/5/12 1. To explain the use of two CPU modes as the basis for protecting privileged instructions and memory 2. To introduce basic protection
More informationLogin und Authentifizierung
Login und Authentifizierung security aspects Confidentiality: data should not be read by unauthorized parties. Integrity: data should not be changed by unauthorized parties. Availability: data should be
More informationSecurity System and COntrol 1
Security System and COntrol 1 Security Management By: Joseph Ronald Canedo It is a Risky World Vulnerabilities Security objectives: Prevent attacks Detect attacks Recover from attacks Attacks: against
More informationOS security mechanisms:
OS security mechanisms: Memory Protection: One of the important aspects of Operating system security is Memory Protection. Memory provides powerful indirect way for an attacker to circumvent security mechanism,
More information19.1. Security must consider external environment of the system, and protect it from:
Module 19: Security The Security Problem Authentication Program Threats System Threats Securing Systems Intrusion Detection Encryption Windows NT 19.1 The Security Problem Security must consider external
More informationDiscretionary Access Control (DAC)
CS 5323 Discretionary Access Control (DAC) Prof. Ravi Sandhu Executive Director and Endowed Chair Lecture 2 ravi.utsa@gmail.com www.profsandhu.com Ravi Sandhu 1 Authentication Ravi Sandhu 2 Authentication,
More informationComputer Security Operating System Security & Access Control. Dr Chris Willcocks
Computer Security Operating System Security & Access Control Dr Chris Willcocks Lecture Content Access Control ACMs ACLs Introduction to *NIX security - we ll cover this more due to server popularity -
More informationAn Analysis of Local Security Authority Subsystem
An Analysis of Local Security Authority Subsystem Shailendra Nigam Computer Science & Engineering Department DIET, Kharar Mohali(Punjab) India. Sandeep Kaur Computer Science & Engineering Department BBSBEC,
More informationOS Security III: Sandbox and SFI
1 OS Security III: Sandbox and SFI Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab2 VMs on lab machine Extension? 3 Users and processes FACT: although ACLs use users as subject, the OS
More informationCSE 127: Computer Security. Security Concepts. Kirill Levchenko
CSE 127: Computer Security Security Concepts Kirill Levchenko October 3, 2014 Computer Security Protection of systems against an adversary Secrecy: Can t view protected information Integrity: Can t modify
More informationHackveda Training - Ethical Hacking, Networking & Security
Hackveda Training - Ethical Hacking, Networking & Security Day1: Hacking windows 7 / 8 system and security Part1 a.) Windows Login Password Bypass manually without CD / DVD b.) Windows Login Password Bypass
More informationUnix Basics. UNIX Introduction. Lecture 14
Unix Basics Lecture 14 UNIX Introduction The UNIX operating system is made up of three parts; the kernel, the shell and the programs. The kernel of UNIX is the hub of the operating system: it allocates
More informationMultifactor authentication:
Multifactor authentication: Authenticating people can be based on 2 factors: Something the user KNOWS : e.g. a password or PIN Something the user HAS: e.g. An ATM card, smartcard or hardware token, or
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 7 Access Control Fundamentals
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 7 Access Control Fundamentals Objectives Define access control and list the four access control models Describe logical access control
More informationSecure Architecture Principles
Computer Security Course. Secure Architecture Principles Slides credit: Dan Boneh What Happens if you can t drop privilege? In what example scenarios does this happen? A service loop E.g., ssh Solution?
More informationCIT 480: Securing Computer Systems. Authentication
CIT 480: Securing Computer Systems Authentication Topics 1. Digital Identity and Groups 2. Authentication 3. Formal Definition 4. Authentication Types 5. Tokens 6. Biometrics 7. UNIX Authentication Digital
More informationUser & Group Administration
User & Group Administration David Morgan Users useradd/userdel /home/ /etc/passwd is the user database /etc/shadow has passwords (relocated from passwd) /etc/group whoami su / sudo / SUID process
More informationCS370 Operating Systems
CS370 Operating Systems Colorado State University Yashwant K Malaiya Fall 2016 Lecture 5 Slides based on Text by Silberschatz, Galvin, Gagne Various sources 1 1 User Operating System Interface - CLI CLI
More informationSecure Architecture Principles
CS 155 Spring 2016 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Acknowledgments: Lecture slides are from
More informationBasic UNIX system administration
Basic UNIX system administration CS 2204 Class meeting 14 *Notes by Doug Bowman and other members of the CS faculty at Virginia Tech. Copyright 2001-2003. System administration Thus far, we ve only discussed:
More informationPrivilege Separation
What (ideas of Provos, Friedl, Honeyman) A generic approach to limit the scope of programming bugs Basic principle: reduce the amount of code that runs with special privilege without affecting or limiting
More informationLast time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control
Last time Security Policies and Models Bell La-Padula and Biba Security Models Information Flow Control Trusted Operating System Design Design Elements Security Features 10-1 This time Trusted Operating
More informationSecure Architecture Principles
CS 155 Spring 2016 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Acknowledgments: Lecture slides are from
More informationAccess Control Mechanisms
Access Control Mechanisms Week 11 P&P: Ch 4.5, 5.2, 5.3 CNT-4403: 26.March.2015 1 In this lecture Access matrix model Access control lists versus Capabilities Role Based Access Control File Protection
More informationFiles (review) and Regular Expressions. Todd Kelley CST8207 Todd Kelley 1
Files (review) and Regular Expressions Todd Kelley kelleyt@algonquincollege.com CST8207 Todd Kelley 1 midterms (Feb 11 and April 1) Files and Permissions Regular Expressions 2 Sobel, Chapter 6 160_pathnames.html
More informationFreeBSD Advanced Security Features
FreeBSD Advanced Security Features Robert N. M. Watson Security Research Computer Laboratory University of Cambridge 19 May, 2007 Introduction Welcome! Introduction to some of the advanced security features
More information? Resource. Outline. Lecture 9: Access Control and Operating System Security. Access control. Access control matrix. Two implementation concepts
Outline Lecture 9: Access Control and Operating System Security ECE1776 David Lie Access Control Matrix, ACL, Capabilities Multilevel security (MLS) OS Mechanisms Multics Ring structure Unix File system,
More informationExtending Security Functions for Windows NT/2000/XP
Abstract Extending Security Functions for Windows NT/2000/XP Ing. Martin Kákona martin.kakona@i.cz S.ICZ a. s., J. Š. Baara 40, České Budějovice, Czech Republic The paper describes the possibilities of
More informationExercises with solutions, Set 2
Exercises with solutions, Set 2 EITF55 Security, 2019 Dept. of Electrical and Information Technology, Lund University, Sweden Instructions These exercises are for self-assessment so you can check your
More informationPROCESS CONTROL BLOCK TWO-STATE MODEL (CONT D)
MANAGEMENT OF APPLICATION EXECUTION PROCESS CONTROL BLOCK Resources (processor, I/O devices, etc.) are made available to multiple applications The processor in particular is switched among multiple applications
More informationNational Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report
National Information Assurance Partnership TM Common Criteria Evaluation and Validation Scheme Validation Report Microsoft Corporation Windows 2000 Report Number: CCEVS-VR-02-0025 Dated: 25 October 2002
More informationExercise 4: Access Control and Filesystem Security
Exercise 4: Access Control and Filesystem Security Introduction Duration: 90 min Maximum Points: 30 Note: The solutions of theorethical assignments should be handed out before the practical part in the
More informationCSC 405 Introduction to Computer Security
CSC 405 Introduction to Computer Security Topic 4. Security in Conventional Operating Systems -- Part II 1 Basic Concepts of UNIX Access Control: Users, Groups, Files, Processes Each user has a unique
More informationITCertMaster. Safe, simple and fast. 100% Pass guarantee! IT Certification Guaranteed, The Easy Way!
ITCertMaster Safe, simple and fast. 100% Pass guarantee! http://www.itcertmaster.com Exam : C_AUDSEC_731 Title : SAP Certified Technology Associate - SAP Authorization and Auditing for SAP NetWeaver 7.31
More informationKeys and Passwords. Steven M. Bellovin October 17,
Keys and Passwords Steven M. Bellovin October 17, 2010 1 Handling Long-Term Keys Where do cryptographic keys come from? How should they be handled? What are the risks? As always, there are tradeoffs Steven
More informationCOPYRIGHTED MATERIAL. Contents. Part I: The Basics in Depth 1. Chapter 1: Windows Attacks 3. Chapter 2: Conventional and Unconventional Defenses 51
Acknowledgments Introduction Part I: The Basics in Depth 1 Chapter 1: Windows Attacks 3 Attack Classes 3 Automated versus Dedicated Attacker 4 Remote versus Local 7 Types of Attacks 8 Dedicated Manual
More informationPassword policy settings control the complexity and lifetime for passwords. This section discusses each specific password policy setting
Windows Security Reference This document is a checklist of the security options with reference material (provided by Microsoft) for a Windows server implementation. The options are based on Windows 2003
More information? Resource. Announcements. Access control. Access control in operating systems. References. u Homework Due today. Next assignment out next week
Announcements Access control John Mitchell u Homework Due today. Next assignment out next week u Graders If interested in working as grader, send email to Anupam u Projects Combine some of the project
More informationInternet Security General Unix Security
Internet Security General Unix Security Adrian Dabrowski Markus Kammerstetter Georg Merzdoznik Stefan Riegler Internet Security 2 1 Overview OS layers / ring separation system calls vulnerabilities Unix
More informationProtection and Security
Protection and Security CS 502 Spring 99 WPI MetroWest/Southboro Campus Three Circles of Computer Security Inner Circle Memory, CPU, and File protection. Middle Circle Security Perimeter. Authentication
More informationOS Security. Authentication. Radboud University Nijmegen, The Netherlands. Winter 2014/2015
OS Security Authentication Radboud University Nijmegen, The Netherlands Winter 2014/2015 What does an OS do? Definition An operating system (OS) is a computer program that manages access of processes (programs)
More informationChapter 2: Operating-System Structures. Operating System Concepts 9 th Edit9on
Chapter 2: Operating-System Structures Operating System Concepts 9 th Edit9on Silberschatz, Galvin and Gagne 2013 Objectives To describe the services an operating system provides to users, processes, and
More informationPost-Class Quiz: Access Control Domain
1. In order to perform data classification process, what must be present? A. A data classification policy. B. A data classification standard. C. A data classification procedure. D. All of the above. 2.
More informationTELE 301 Lecture 8: Post
Last Lecture System installation This Lecture Post installation Next Lecture Wireless networking Overview TELE 301 Lecture 8: Post 1 Post-configuration Create user accounts and environments Sort out the
More informationSecure Architecture Principles
CS 155 Spring 2017 Secure Architecture Principles Isolation and Least Privilege Access Control Concepts Operating Systems Browser Isolation and Least Privilege Secure Architecture Principles Isolation
More informationEI 338: Computer Systems Engineering (Operating Systems & Computer Architecture)
EI 338: Computer Systems Engineering (Operating Systems & Computer Architecture) Dept. of Computer Science & Engineering Chentao Wu wuct@cs.sjtu.edu.cn Download lectures ftp://public.sjtu.edu.cn User:
More informationWindows 7 Overview. Windows 7. Objectives. The History of Windows. CS140M Fall Lake 1
Windows 7 Overview Windows 7 Overview By Al Lake History Design Principles System Components Environmental Subsystems File system Networking Programmer Interface Lake 2 Objectives To explore the principles
More informationCyber Security. General Unix Security
Cyber Security Adrian Dabrowski Markus Kammerstetter Georg Merzdoznik Stefan Riegler General Unix Security Cyber Security FH Campus 1 Overview OS layers / ring separation system calls vulnerabilities Unix
More informatione e Prof. Lingyu Wang
INSE 6130 Operating System Security Logging/Auditing g/ g and Vulnerability/Defense e e Prof. Lingyu Wang 1 Outline Logging and Auditing Vulnerability and Defense 2 Overview Motivation Normal users - trust,
More informationHands-On Ethical Hacking and Network Defense Chapter 6 Enumeration
Hands-On Ethical Hacking and Network Defense Chapter 6 Enumeration Modified 2-22-14 Objectives Describe the enumeration step of security testing Enumerate Microsoft OS targets Enumerate NetWare OS targets
More informationSecurity Enhanced Linux
Security Enhanced Linux Bengt Nolin beno9295@student.uu.se October 13, 2004 Abstract A very brief introduction to SELinux; what it is, what is does and a little about how it does it. 1 1 Background 1.1
More informationCompTIA SY CompTIA Security+
CompTIA SY0-501 CompTIA Security+ https://killexams.com/pass4sure/exam-detail/sy0-501 QUESTION: 338 The help desk is receiving numerous password change alerts from users in the accounting department. These
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 3 User Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown User Authentication fundamental security building
More informationJérôme Kerviel. Dang Thanh Binh
Dang Thanh Binh Jérôme Kerviel Rogue trader, lost 4.9 billion Largest fraud in banking history at that time Worked in the compliance department of a French bank Defeated security at his bank by concealing
More information1Z Oracle Linux Fundamentals (Oracle Partner Network) Exam Summary Syllabus Questions
1Z0-409 Oracle Linux Fundamentals (Oracle Partner Network) Exam Summary Syllabus Questions Table of Contents Introduction to 1Z0-409 Exam on Oracle Linux Fundamentals (Oracle Partner Network)... 2 Oracle
More informationINSE 6130 Operating System Security. Overview of Design Principles
INSE 6130 Operating System Security Design Principles Prof. Lingyu Wang 1 Overview of Design Principles Design principles Time-proven guidelines For implementing security mechanisms/systems Rooted in simplicity
More informationIntroduction to Security and User Authentication
Introduction to Security and User Authentication Brad Karp UCL Computer Science CS GZ03 / M030 14 th November 2016 Topics We ll Cover User login authentication (local and remote) Cryptographic primitives,
More information