Presentation is loading. Please wait.

Presentation is loading. Please wait.

LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►

Published byMervyn Chapman Modified over 8 years ago

Similar presentations

Presentation on theme: "LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►"— Presentation transcript:

1 LINUX Presented By Parvathy Subramanian

2 April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ► Basic history of Linux ► Linux Authentication ► Linux authorization ► Linux security modules ► Linux Auditing ► Comparison

3 April 23, 2008LINUX, By Parvathy Subramanian3 Introduction ► The computer operating system represent the last line of defense in a security chain. ► Principles of security for host OS- By understanding the security controls available at the OS level and security weaknesses in the systems, its possible to understand how to better prevent attacks on these systems. ► In this chapter, the term Linux refers to Red Hat Linux ES Version 3.

4 April 23, 2008LINUX, By Parvathy Subramanian4 Standard Design for Security systems ► To evaluate OS security, some standards are needed: ► OS security is discussed using a specific set of protective security features:  Authentication: is a process of determining which security principal made a request.  Authorizing access is the process of determining who is trusted to perform specific operations on an OS object.  Auditing is the process of tracking system activity to determine which specific events occurred on the system and when they occurred.

5 April 23, 2008LINUX, By Parvathy Subramanian5 PrincipleDescription least privilege A user's security permissions should only be adequate for the task being performed. economy of mechanism The system must be sufficiently small and simple to allow verification and implementation. complete mediation Access to each object in the system must be checked by the operating system. open design The design of the system must be open to scrutiny by the community. separation of privilege A process that requires multiple security conditions to be satisfied is more reliable than a process that only requires one condition to be satisfied. least common mechanism The amount of security mechanism in use by more than one task should be minimized. psychological acceptability The human interface should be designed for ease-of-use so that excessive complexity does not hinder user acceptance of the security mechanism. fail-safe defaults System defaults should be restrictive such that the default is lack of access.

6 April 23, 2008LINUX, By Parvathy Subramanian6 Basic history of Linux ► UNIX was developed at Bell labs in NJ in 1971 for academic and research work. ► Linux was developed 20 years later. Its not a product owned by a single company. ► Its design is sparse and modular. ► Core OS component is Linux kernel. ► This kernel is packaged with numerous open source OS utilities and programs. ► Linux administrators will commonly piece together a solution by installing separate programs (Example: Installing kerberos, a lightweight directory access protocol LDAP server and the MySQL server for a network authentication solution.

7 April 23, 2008LINUX, By Parvathy Subramanian7 Linux Authentication ► Linux basic authentication is performed using a login process. ► This authenticates the user and provides a “shell” for the user to work on. ► The user can login as root, to login into specific terminals or locations. ► The plain-text password entered by the user and the salt value (a random 12 bit number) retrieved from the password file are added. ► The result is encrypted with DES or MD5 encryption. This value is compared with the password file that stores the encrypted password. ► Linux provides a utility named “su” that allows a user in one session to authenticate as a new user. ► All user other than the root user has to enter the password for the new user.

8 April 23, 2008LINUX, By Parvathy Subramanian8 PAM (Pluggable Authentication Module) ► Current installation of Linux uses PAM. It’s a product of former open software foundation, now known as Open Group. ► Linux uses an abstraction layer to communicate an authentication request with the PAM subsystems. ► The PAM subsystem then chooses one or more modules to perform the authentication. ► A PAM module can perform both login process and encrypt and store passwords. ► A kerberos is used with Linux to provide network domain authentication.

9 April 23, 2008LINUX, By Parvathy Subramanian9 Linux Authorization ► Authorization privileges can be read, write and execute. ► Objects under the control of OS are files and directories. ► When a program attempts to access an object in Linux, a request is made to the kernel to return a reference to the object. ► The kernel first checks whether the user have permission to access the object. If yes, the privilege type on the object is checked to see if it is suitable for the operation being requested. If yes, the reference is returned. ► Else, if no user permission is found, a group permissions are checked. If group id matches the file the next step is followed. ► Else, the program is not permitted to use the object.

10 April 23, 2008LINUX, By Parvathy Subramanian10 Linux Auditing ► Logging is provided for various programs running on the system. ► Failed login attempts and other pertinent security events are logged. ► Disadvantages:  The administration and configuration part of logging these events are not centralized.  Its dependent on the program being used.

11 April 23, 2008LINUX, By Parvathy Subramanian11 Comparison LINUXWindows PAMPGINA No such feature provided by Linux Provides a trusted path to authentication Linux uses password salt-value (a random 12-bit number) No such salt value Hard to crack the password Easy to crack windows password LINUXWindows Security auth facilities not very robust Security auth facilities more robust and finely grained Groups of userids cannot be added to the ACL Allows ACLs to be established based on user a/c and groups Root account Admin account Mediation is through and complete LINUXWindows Logging is not very user friendly Logging is very user- friendly Authentication Authorization Auditing

12 April 23, 2008LINUX, By Parvathy Subramanian12 Conclusion ► Both windows and Linux have advantage and disadvantage in relation to their authentication, authorization and auditing capabilities. ► Must be a constant balance between the development and improvement of security features

13 April 23, 2008LINUX, By Parvathy Subramanian13 Reference ► [1] Enterprise information systems assurance and system security Managerial and Technical issues, Merrill Warkentin and Rayford B. Vaughn.

Download ppt "LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►"

Similar presentations

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #12-1 Chapter 12: Design Principles Overview Principles –Least Privilege –Fail-Safe.
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Chapter One The Essence of UNIX.

Chapter One The Essence of UNIX.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.

1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.
Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.

Design Principles Overview Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
(Remote Access Security) AAA. 2 Authentication User named flannery dials into an access server that is configured with CHAP. The access server will.

(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.
Guide To UNIX Using Linux Third Edition

Guide To UNIX Using Linux Third Edition
G22.3250-001 Robert Grimm New York University Protection and the Control of Information Sharing in Multics.

G Robert Grimm New York University Protection and the Control of Information Sharing in Multics.
C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.

C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.
Linux Security.

Linux Security.
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.

Similar presentations

Ads by Google