Introduction to UNIX/LINUX Security. Hu Weiwei

Similar documents
FreeBSD Security Advisories

Information System Audit Engr. Abdul-Rahman Mahmood MS, PMP, MCP, QMR(ISO9001:2000)

LINUX ADMINISTRATION TYBSC-IT SEM V

Unix / Linux Overview

Securing CS-MARS C H A P T E R

Operating system hardening

Snort Rules Classification and Interpretation

Network Device Forensics. Digital Forensics NETS1032 Winter 2018

RFC RFC. Configuring FTP Server. FTP Clients

Securing Linux Systems Before Deployment

Linux Security & Firewall

Network Working Group. Category: Informational July 1997

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

How to Restrict a Login Shell Using Linux Namespaces

Protection and Security

CHAPTER 7 ADVANCED ADMINISTRATION PC

TELE 301 Lecture 8: Post

Outline. Operating System Security CS 239 Computer Security February 23, Introduction. Server Machines Vs. General Purpose Machines

Basic UNIX system administration

FreeBSD Security Advisories

Information System Audit Engr. Abdul-Rahman Mahmood MS, PMP, MCP, QMR(ISO9001:2000)

Basic Linux Security. Roman Bohuk University of Virginia

Q) Q) What is Linux and why is it so popular? Answer - Linux is an operating system that uses UNIX like Operating system...

Outline. UNIX security ideas Users and groups File protection Setting temporary privileges. Examples. Permission bits Program language components

Russian Cyber Attack Warning and Impact on AccessEnforcer UTM Firewall

Users and Groups. his chapter is devoted to the Users and Groups module, which allows you to create and manage UNIX user accounts and UNIX groups.

Sair 3X Linux Security, Privacy and Ethics (Level 1)

Ftp Command Line Manual Windows Username Password Linux

Ftp Command Line Commands Linux Example Windows Put

UNIX/Linux Auditing. Baccam Consulting, LLC Training Events

Security. Advanced Operating Systems and Virtualization Alessandro Pellegrini A.Y. 2017/2018

Linux Network Administration

10 Defense Mechanisms

INSE 6130 Operating System Security

Contents. Is Rumpus Secure? 2. Use Care When Creating User Accounts 2. Managing Passwords 3. Watch Out For Symbolic Links 4. Deploy A Firewall 5

Basic Security for HP-UX System Administrators

Strategic Infrastructure Security

Services, logging, accounting Todd Kelley CST8177 Todd Kelley 1

Storage and File System

TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the local terminal appears to be the

CyberP3i Course Module Series

Configuring LDAP. Finding Feature Information

Firewall Identification: Banner Grabbing

Last time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control

Configuring TACACS+ Finding Feature Information. Prerequisites for TACACS+

Network Infrastructure Security

[This link is no longer available because the program has changed.] II. Security Overview

CoreMax Consulting s Cyber Security Roadmap

Engineering Robust Server Software

Admin Guide ( Unix System Administration )

Ftp Command Line Manual Windows Example Port 22

COS 318: Operating Systems. File Systems. Topics. Evolved Data Center Storage Hierarchy. Traditional Data Center Storage Hierarchy

10 FOCUS AREAS FOR BREACH PREVENTION

Net LineDancer v13. Install Guide for Linux. Revision History

LevelOne Broadband Routers

LevelOne. User's Guide. Broadband Router FBR-1402TX FBR-1403TX

Applying Covering the Tracks from SANS Course SEC 504, Hacker Techniques, Exploits, and Incident Handling, to Mac OS X.

Linux Local Security about Passwords and Data NZPAPER.BLOGSPOT.COM. Nz Paper Linux and Web Application Security. Zeeshan Khan 4/15/2013

Linux Systems Administration Getting Started with Linux

Inexpensive Firewalls

CIT 480: Securing Computer Systems

10 Active Directory Misconfigurations That Lead to Total Compromise Austin, TX 201 W 5th St.

This material is based on work supported by the National Science Foundation under Grant No

LevelOne FBR User s Manual. 1W, 4L 10/100 Mbps ADSL Router. Ver

IoT Vulnerabilities. By Troy Mattessich, Raymond Fradella, and Arsh Tavi. Contribution Distribution

CSE 565 Computer Security Fall 2018

Tcpdump. For this exercise you must again be root. Login and obtain root privileges: Note that we use three computers for this exercise.

Downloaded from manuals search engine

Linux Security Primer

Exim Practical. Patrick Okui. (based on materials from Brian Candler)

Multi-Function Wireless A/P Router User s Guide

Security principles Host security

Appliance/Product Firmware Type Version Filename Cyclades ACS (all models) Opcode V_3.2.0 Fl bin

Cyclades ACS 5000 Advanced Console Server Appliances Release Notes Version September 24 th 2010

HANDS UP IF YOU DON T HAVE A VM OR IF YOU DON T REMEMBER YOUR PASSWORDS. Or something broke

Exam Questions SY0-401

Objectives. Classes of threats to networks. Network Security. Common types of network attack. Mitigation techniques to protect against threats

Course Wiki. Today s Topics. Web Resources. Amazon EC2. Linux. Apache PHP. Workflow and Tools. Extensible Networking Platform 1

IP806GA/GB Wireless ADSL Router

Configuring Switch-Based Authentication

Configuring Switch Security

SECURITY+ LAB SERIES. Lab 3: Protocols and Default Network Ports Connecting to a Remote System

Booting a Galaxy Instance

FreeBSD Security Advisories (1)

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 9 Networking Practices

TCP Wrapper. Provides host-based access control to network services

INDEX. Symbols. Cisco Routers for the Desperate, 2nd Edition (C) 2009 by Michael W. Lucas

Raj Jain. Washington University in St. Louis

Secure PostgreSQL Deployment

Network Configuration Example

HP-UX Security I. Ideal candidate for this course Experienced system and network administrators responsible for securing and monitoring HP-UX systems

Host. Computer system #1. Host Hardening

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network

OPERATING SYSTEMS LINUX

Global Information Assurance Certification Paper

ITEC451 Network Design & Analysis Laboratory Guide: Appendix

Minimum Security Standards for Networked Devices

Chapter 4. Network Security. Part II

Advanced Security Measures for Clients and Servers

Securing Access to Network Devices

Transcription:

Introduction to UNIX/LINUX Security Hu Weiwei

Operation System Security The Security Problems in Operation Systems become more and more important The Security techniques improved rapidly The number of computer attaked rises every year

Why Do I Care? UNIX systems designed to be servers can do almost anything remotely Beavis and Butthead are out there loss of data use your machine to "attack" others theft/denial of service pretend they're you

Usernames and Passwords username and password required usually only password not "public" modern UNIX's hide encrypted password pick password carefully, avoid dictionary words names simple modifications of above

Good User Habits change password periodically don't let people watch login lock display when unattended log off when leaving never ever ever give out password even sys-admin should never need it

Superuser username "root" can do anything sometimes extra restrictions (remote logins) used for system maintenance normal users can't modify system files BAD idea to login as root su sudo

Accessing Remote Systems often need to provide username/password potential vulnerability depends on network path connection flows through many connections pass plain text telnet particularly bad, rlogin/ftp bad too SSH encrypts data on network slogin for logins scp for file transfer

Network Connection dial-up PPP less risky but slower DSL or Cable Modem more risky but faster always a target ISP may act as firewall simplest form stops initialization of connection flowing to your machine more complex may evaluate based on net ports, source address, etc.

Network Connection even if only one machine on DSL/Cable Modem consider "Cable Modem Router" uses NAT acts as basic firewall most allow configuring specific ports to pass through can use many Free UNIX's as routers

Daemons started at boot time, run all the time provide services SysVinit at bdflush printing mail transfer accept remote logins

Daemons usually run as root user can have bugs Update the kernel Get patch

UNIX vulnerabilities U1 Remote Procedure Calls (RPC) U2 Apache Web Server U3 Secure Shell (SSH) U4 Simple Network Management Protocol (SNMP) U5 File Transfer Protocol (FTP) U6 R-Services Trust Relationships U7 Line Printer Daemon (LPD) U8 Sendmail U9 BIND/DNS U10 General UNIX Authentication Accounts with No Passwords or Weak Passwords

UNIX System Configuration Problems Weak passwords Accounts without passwords or default passwords Reusable passwords Use of TFTP (Trivial File Transfer Protocol) to steal password files Vulnerabilities in sendmail Old versions of FTP; misconfigured anonymous FTP

UNIX System Configuration Problems Misconfiguration of uucp Old versions of system software Use of setuid shell scripts

How To Determine Whether Your System Has Been Compromised Examine log files such as your 'last' log, process accounting, syslog, and C2 security logs for logins from unusual locations or other unusual activity Look everywhere on the system for unusual or hidden files (files that start with a period and are normally not shown by ls) as these can be used to hide information such as password cracking programs and password files from other systems. Look for setuid files (especially setuid root files) everywhere on your system. Intruders often leave setuid copies of /bin/sh around to allow them root access at a later time. Check your system binaries to make sure that they haven't been changed.

How To Determine Whether Your System Has Been Compromised Examine all the files that are run by cron and at. Inspect /etc/inetd.conf for unauthorized additions or changes. Check your system and network configuration files for unauthorized entries. Examine all machines on the local network when searching for signs of intrusion. Examine the /etc/passwd file on the system and check for any additional or modified accounts.

Protecting Your System starts with installation of OS don't install stuff you don't need new RedHat release offers "firewall" protection during install (IPCHAIN) immediately create unprivileged user, use that as your normal login most likely want "Workstation" type install

Protecting Your System check things after install look at full process listing slowly learn more about system and what these processes do manual pages usually available many Free UNIX's criticized for having too much stuff running by default

Protecting Your System adjust stand-alone daemons different mechanisms on different platforms RedHat: chkconfig command FreeBSD: /etc/defaults/rc.conf sets various variables, override them in /etc/rc.conf Sys-V based systems startup scripts in /etc/rc*.d sendmail particularly bad, consider not running it or removing bd command flag

Protecting Your System inetd known as "super-daemon" starts up other daemons (e.g. telnet) on demand config file usually /etc/inetd.conf comment out lines you don't need can send running inetd process HUP signal to have it re-read /etc/inetd.conf look at tcpwrappers package for further protection

Protecting Your System IPCHAINS is Linux-ism enabled with new RedHat release blocks network ports inside kernel install screens refer to it as "firewall" if initially installed can adjust later with file /etc/sysconfig/ipchains

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback