Introduction to Systems Security

Transcription

1 Introduction to Systems Security CIM3571 Dr. S.F. Wu R323, x706) Continuous Assessment 50% Examination 50%

2 Security and Threat There are three aspects of computer security: Confidentiality Confidentiality is the concealment of information or resources. Integrity Integrity refers to the trustworthiness of data or resources. Availability Availability refers to the ability to use the information or resource desired. A threat is a potential violation of security. Threats can be divided into four categories: 1. Disclosure unauthorized access to information. 2. Deception acceptance of false data. 3. Disruption interruption or prevention of normal operations. 4. Usurpation unauthorized control of part of a system. Some typical threats: Snooping Masquerading Denial of Service Can you identify which category they belong? Introduction to Systems Security Slide 1

3 Policy and Mechanism Security Policy A security policy is a statement of what is, and what is not, allowed. For example, it may be determined that no access to Internet is allowed within a company, except for some particular staff members. Security Mechanism A security mechanism is a method, tool, or procedure for enforcing a security policy. For example, a firewall may be set up so that only some staff members can access the Internet. The mechanisms should provide three levels of service: 1. Prevention 2. Detection 3. Recovery How do we know that a security policy is adequate for an organization? If the security policy is too tight, it will translate to additional cost. If the security policy is too loose, there may not be enough protection. In a cost-benefit analysis, the benefits of computer security is weighted against their cost. Introduction to Systems Security Slide 2

4 Risk Management Risk the probability that a certain threat can happen. Risk management is the process that allows IT managers to balance the operational and economic costs of protective measures and achieve gains in mission capability by protecting the IT systems and data that support their organizations missions. Risk management encompasses three processes: Risk assessment identification and evaluation of risk impacts, and recommendation of riskreducing measures. Risk mitigation prioritizing, implementing, and maintaining the appropriate risk-reducing measures recommended from the risk assessment process. Evaluation and assessment determine whether the remaining risk is at an acceptable level. Introduction to Systems Security Slide 3

5 Integrating Risk Assessment in SDLC Effective risk management must be totally integrated into SDLC. An IT system s SDLC have phases: initiation, development or acquisition, implementation, operation/maintenance, and disposal. SDLC Phases Phase Characteristics Risk Management Activities Phase 1 Initiation The need for an IT system is expressed and the purpose and scope of the IT system is documented Phase 2 Development or acquisition Phase 3 Implementation The IT system is designed, purchased, programmed, developed, or otherwise constructed The system security features should be configured, enabled, tested, and verified Identified risks are used to support the development of the system requirements, including security requirements, and a security concept of operations (strategy) The risks identified during this phase can be used to support the security analyses of the IT system that may lead to architecture and design tradeoffs during system development The risk management process supports the assessment of the system implementation against its requirements and within its modeled operational environment. Decisions Introduction to Systems Security Slide 4

6 Phase 4 Operation/Maintenance Phase 5 - Disposal The system performs its functions. Typically the system is being modified on an ongoing basis through the addition of hardware and software and by changes to organizational processes, policies, and procedures This phase may involve the disposition of information, hardware, and software. Activities may include moving, archiving, discarding, or destroying information and sanitizing the hardware and software regarding risks identified must be made prior to system operation Risk management activities are performed for periodic system reauthorization (or reaccreditation) or whenever major changes are made to an IT system in its operational, production environment (e.g., new system interfaces) Risk management activities are performed for system components that will be disposed of or replaced to ensure that the hardware and software are properly disposed of, that residual data is appropriately handled, and that system migration is conducted in a secure and systematic manner Introduction to Systems Security Slide 5

7 Risk Assessment Methodology Introduction to Systems Security Slide 6

8 Risk Mitigation Risk mitigation is a systematic methodology used by senior management to reduce mission risk. Risk mitigation can be achieved through any of the following risk mitigation options: Risk Assumption. To accept the potential risk and continue operating the IT system or to implement controls to lower the risk to an acceptable level Risk Avoidance. To avoid the risk by eliminating the risk cause and/or consequence(e.g., forgo certain functions of the system or shut down the system when risks are identified) Risk Limitation. To limit the risk by implementing controls that minimize the adverse impact of a threat s exercising a vulnerability (e.g., use of supporting, preventive, detective controls) Risk Planning. To manage risk by developing a risk mitigation plan that prioritizes, implements, and maintains controls Research and Acknowledgment. To lower the risk of loss by acknowledging the vulnerability or flaw and researching controls to correct the vulnerability Risk Transference. To transfer the risk by using other options to compensate for the loss, such as purchasing insurance. Introduction to Systems Security Slide 7

9 Risk Mitigation Methodology Introduction to Systems Security Slide 8

10 Technical Security Control Introduction to Systems Security Slide 9

11 Cost-Benefit Analysis A cost-benefit analysis for proposed new controls or enhanced controls encompasses the following: Determining the impact of implementing the new or enhanced controls Determining the impact of not implementing the new or enhanced controls Estimating the costs of the implementation. These may include, but are not limited to, the following: Hardware and software purchases Reduced operational effectiveness if system performance or functionality is reduced for increased security Cost of implementing additional policies and procedures Cost of hiring additional personnel to implement proposed policies, procedures, or services Training costs Maintenance costs Assessing the implementation costs and benefits against system and data criticality to determine the importance to the organization of implementing the new controls, given their costs and relative impact. Introduction to Systems Security Slide 10

12 What is Linux? Linux is a new operating system developed by a Norwegian programmer named Linus Torvald. Linux is free and the source code is all 'open'. That is, any one can work on the Linux operating system and then post new code to improve it. This concept is known as 'Open Source'. IBM has adopted Linux as a standard. IBM s support for Linux is evident in the following web site: Linux can be used as a desktop environment. Most of the common office applications can be found Linux, such as word processing, accounting and database. A good list of Linux applications can be found at More often, Linux is used as an Intranet/Internet server. Linux supports a wide variety of Internet protocols including FTP, HTTP, POP, SMTP, TCP/IP, NNTP. Linux is also a good development because it supports many programming languages and is as stable as rock. Introduction to Systems Security Slide 11

13 Linux Security Linux security has six components: User Account All administrative power in Linux is contained in a single account called root. As the root account, you control other user accounts, files and directories, and network resources. Discretionary Access Control (DAC) DAC refers to the control of what each user can access files and directories. You enforce such limitation through groups. Users in a group has the same access right. Network Access Control Linux provides the ability to selectively allow users and hosts to connect to each other. For example, you may allow connection to Internet for a particular user. Encryption Linux supports various encryption standards including SSL and IPsec. Logging Linux has very extensive logging capability. Logging is an important tool for checking and understanding hacker activity. Linux can provide logging for the following activities: System and kernel messages, network connection, remote request, command issued by a user. Intrusion Detection A wide selection of toolkits are available for intrusion detection and deception. Introduction to Systems Security Slide 12

14 Account Structure An account consists of the following: A valid username and password A home directory Shell access The file /etc/passwd consists of user account entries: root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt Each line stores on account record and each record consists of seven fields. username Encrypted User ID Group ID Real name User home User shell password (UID) (GID) root x 0 0 root /root /bin/bash Older Linux stores an encrypted password in /etc/passwd while newer ones use password shadowing to hide the password information. Introduction to Systems Security Slide 13

15 Password Shadowing Password shadowing is a technique in which /etc/passwd remains readable but no longer contains passwords. Instead, user password are stored in /etc/shadow. root:$1$dn4lnepw$.np4lxlg5pxpzxdvnpdbc0:12675:0:99999:7::: bin:*:12675:0:99999:7::: The file /etc/shadow is similar to /etc/passwd that each line corresponds to one account. It is safer to put the encrypted passward in /etc/shadow because it can only be read by the root. -rw-r--r-- 1 root root 2401 Sep 16 10:06 passwd -r root root 1506 Sep 16 10:06 shadow The passwords in /etc/shadow is encrypted using MD5 by default. Password security in /etc/shadow is further enhanced by including password aging. Password aging is a practice which forces the user to change the password on regular basis. Shadowed password is relatively safe and hackers usually exploits bugs in various tools or applications to gain access to /etc/shadow. Introduction to Systems Security Slide 14

16 Create Account Graphical tools are available to manage the user account. Most of them time, you should not use the root account for daily operation. You should create at least one for yourself to do less critical job. Introduction to Systems Security Slide 15

17 Account Properties Introduction to Systems Security Slide 16

18 Access Control In Linux, you limit user access to files and directories by establishing permissions. Three basic permission types exist: Read (r) allows users to read the specified file. Write (w) allows users to alter the specified file. Execute (x) allows users to execute the file. The permission of a file is shown in the file listing: drwxr-xr-x 3 root root 4096 Sep 14 11:40.mozilla -rw root root 38 Sep 20 10:05.mysql_history drwxr-xr-x 3 root root 4096 Sep 14 11:27.nautilus drwx root root 4096 Sep 21 14:22.opera -rw-rw-rw- 1 root root Sep 21 06:04 opera The first character is the file type: - represents a file d represents a directory l represents a symbolic link The remaining sets of three characters describes the permission for the owner, group and world respectively. Introduction to Systems Security Slide 17

19 Changing File Permission The permission of file can be changed in the Permissions tab under file Properties. However, most of the time, it is more convenient to use the command chmod to change the permission. Typically, chmod is used as: chmod 755 myfile The owner of a file can be changed by using the chown command: chown wu myfile Programs with either SGID or SUID permissions are special because their owner s permission is enforced even when other users execute them. Therefore SGID and SUID are often a security threat. Introduction to Systems Security Slide 18