Operating system hardening

Transcription

1 Operating system Comp Sci 3600 Security

2 Outline

3 What is OS? Hardening process that includes planning, ation, uration, update, and maintenance of the operating system and the key applications in use Today, we will provide a general overview, and next week, we will go over the process, from start to finish, of ing and a personal computing setup, along with software choices for secure data storage and transmission.

4 OS architecture User s and Utilities Operating Kernel Physical Hardware BIOS / SMM Figure 12.1 Operating Security Layers Each of these layers of code needs appropriate measures in place to provide appropriate services. And each layer is vulnerable to attack from below, should the lower layers not also be secured appropriately.

5 Outline

6 Things to consider during enterprise The purpose of the system, the type of information stored, the applications and services provided, and their requirements. The categories of users of the system, the privileges they have, and the types of information they can access. How the users are authenticated. How access to the information stored on the system is managed. What access the system has to information stored on other hosts, such as file or database servers, and how this is managed. Who will administer the system, and how they will manage the system (via local or remote access). Any additional measures required on the system, including the use of host firewalls, anti-virus or other malware protection mechanisms, and logging.

7 Outline

8 Operating system Install and patch the operating system. Harden and ure the operating system to adequately address the identified needs of the system by: Removing unnecessary services, applications, and protocols. Configuring users, groups, and permissions. Configuring resource. Install and ure additional, such as host-based firewalls or intrusion detection systems (IDS), if needed. Test the of the basic operating system to ensure that the steps taken adequately address its needs.

9 Outline

10 Secure ation procedures begins with the ation of the operating system. Check hash of media to insure validity Encrypt full hard disk during ation Install only the minimum needed software Install in an isolated environment (OS is vulnerable until patched) Setup BIOS boot and uration password Avoid ing non-open binary drivers, especially with kernel access Patch operating system to most current, and enable updates

11 Outline

12 Minimizing attack surface Ideally, only the minimum ed software needed However, if a standard is required, then remove extras Further, disable any unneeded protocols and services

13 Outline

14 Users, groups, authentication Determine the needed permissions for each user of the system Map user permissions to groups of users Minimize the time that administrators will work under the state of elevated privilege Remove any default or guest accounts, change any default passwords

15 Outline

16 Configure resource Once the users and their associated groups are defined, appropriate permissions can be set on data and resources to match the specified policy. Some users access limited software Some users access limited directories or files

17 Outline

18 Install or ure extra -related software Host based firewall (e.g., iptables/netfilter) White-list applications, allowing only a specific list

19 Test you Check assumptions about system behavior Test non-whitelisted applications nmap and wireshark to probe network behavior, etc.

20 Outline

21 Once the base operating system is ed and appropriately secured, the required services and applications must next be ed and ured.

22 Outline

23 Which software to? may be from additional packages provided with the operating system distribution, or from a separate third-party package. As with the base operating system, utilizing an isolated, secure build network is preferred. OS repositories employ secure signature and hashing on files to insure integrity; use it For third party applications, always check signature reported by developer Do not un-trusted applications, with the minimum requirement excluding anything closed source or for which you do not have access to the source code, and the ideal being highly scrutinized open projects

24 Outline

25 Configure applications Check default urations For example permissions granted to the web serving software on your server may allow the software merely serving a static site to write files

26 Outline

27 level encryption In addition to the whole disk, you can encrypt particular folders, or an entire home directory. Setup key exchange and signing, for example for your website s certificate, by getting a CA to sign your keys Setup and choose secure options for your SSH uration, create and exchange keys with clients

28 Outline

29 Security maintenance Monitoring and analyzing logging information Performing regular s Recovering from compromises Regularly testing system Using appropriate software maintenance processes to patch and update all critical software, and to monitor and revise uration as needed

30 Logging Logging is a reactive control that can only inform you about bad things that have already happened. But effective logging helps ensure that in the event of a system breach or failure, system administrators can more quickly and accurately identify what happened and thus most effectively focus their remediation and recovery efforts.

31 Backup and archive Are s on-site or off? Are s encrypted? Does the procedure transfer data across the network, how?

32 Outline

33 Most servers will be Extensive documentation base for

34 Outline

35 updates Modern Unix and Linux distributions typically include tools for automatically downloading and ing software updates, including updates, which can minimize the time a system is vulnerable to known vulnerabilities for which patches exist. Packages are cryptographically signed by packager and signatures are checked before ation Red Hat / Fedora uses dnf, Open SuSE uses yast, debian uses apt-get, etc

36 Outline

37 and service uration of applications and services on Unix and Linux systems is most commonly implemented using separate text files for each application and service. -wide uration details are generally located either in the /etc directory or in the ation tree for a specific application. Where appropriate, individual user urations that can override the system defaults are located in hidden dot files in each user s home directory. The name, format, and usage of these files are very much dependent on the particular system version and applications in use.

38 Outline

39 Set permissions on Unix and Linux systems implement discretionary access control to all file system resources. These include not only files and directories but devices, processes, memory, and indeed most system resources, like devices, etc use chmod, chown, getfacl, setfacl, and other user and group management commands to ure permissions and access Information on user accounts and group membership are traditionally stored in the /etc/passwd and /etc/group files Remove default or guest users, change default passwords, if any Minimize the number of programs that need to run as root

40 Outline

41 Setup remote access Minimize the ability to access your system remotely, if at all Close unnecessary incoming ports Use iptables/netfilter for Linux, or pf for BSD-based systems

42 Outline

43 jail Restricts a running process to a subset of the file system by mapping the processes view of root to a sub-directory of the real root Not all processes tolerate this well, and it can require including more directories into the jail If a process can run as root, it is possible to break out of the jail

44 Outline

45 Software simulates hardware, so that an operating system can run inside of software Full virtualization almost complete simulation of the actual hardware to allow software, which typically consists of a guest operating system, to run unmodified. Paravirtualization a hardware environment is not simulated; however, the guest programs are executed in their own isolated domains, as if they are running on a separate system. Guest programs need to be specifically modified to run in this environment.

46 Hypervisors A hypervisor or virtual machine monitor (VMM) is computer software, firmware or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is called a host machine, and each virtual machine is called a guest machine.

47 Outline

48 Hypervisor types

49 Hypervisor types Type-1, native or bare-metal hypervisors: These hypervisors run directly on the host s hardware to control the hardware and to manage guest operating systems. For this reason, they are sometimes called bare metal hypervisors. Xen for example. These are more secure than type 2 Type-2 or hosted hypervisors: These hypervisors run on a conventional operating system (OS) just as other computer programs do. A guest operating system runs as a process on the host. Type-2 hypervisors abstract guest operating systems from the host operating system. VirtualBox for example

50 Type 1: bare metal / native hypervisor User Apps Guest O/S 1 Kernel User Apps Guest O/S 2 Kernel... Hypervisor/ VMM Physical Hardware User Apps Guest O/S n Kernel BIOS / SMM Figure 12.2 Native Security Layers

51 Type 2: hosted hypervisor Other User Apps User Apps Guest O/S 1 Kernel Host Operating Kernel Physical Hardware User Apps Guest O/S n Kernel BIOS / SMM Figure 12.3 Hosted Security Layers... Hypervisor/ VMM

52 Virtualbox: Type 2

53 Third type: Containers (OS-level virtualization) Kernel allows the existence of multiple isolated user-space instances. Such instances, called containers, partitions, virtualization engines (VEs) or jails (FreeBSD jail or jail), may look like real computers from the point of view of programs running in them. Typical program can see all resources (connected devices, files and folders, network shares, CPU power, quantifiable hardware capabilities) of that computer, but programs running inside a container can only see the container s contents and devices assigned to the container. Can be seen as an advanced implementation of the standard mechanism, which changes the apparent root folder for the current running process and its children. Kernel provides resource-management features to limit the impact of one container s activities on other containers.

54 Example container: Docker

55 Container options

56 SubGraph OS: docker containers for isolation

57 Qubes OS: bare metal with full VM for isolation

58 Qubes OS: detailed

59 Outline

60 Security and virtualization Guest OS isolation, ensuring that programs executing within a guest OS may only access and use the resources allocated to it, and not covertly interact with programs or data either in other guest OSs or in the hypervisor. Guest OS monitoring by the hypervisor, which has privileged access to the programs and data in each guest OS, and must be trusted as secure from subversion and compromised use of this access. Virtualized environment, particularly image and snapshot manage- ment, which attackers may attempt to view or modify. Minimize access to the hypervisor