Presentation is loading. Please wait.

Presentation is loading. Please wait.

CIT 470: Advanced Network and System Administration

Published byTyler Washington Modified over 8 years ago

Similar presentations

Presentation on theme: "CIT 470: Advanced Network and System Administration"— Presentation transcript:

1 CIT 470: Advanced Network and System Administration
Security CIT 470: Advanced Network and System Administration

2 CIT 470: Advanced Network and System Administration
Topics Risk Management Security Policies OS Hardening Authentication PAM Passwords Incident Response CIT 470: Advanced Network and System Administration

3 CIT 470: Advanced Network and System Administration
Risk Management Risk is the relationship between your assets, the vulnerabilities characteristic to those assets, and attackers who wish to access or modify those assets. CIT 470: Advanced Network and System Administration

4 CIT 470: Advanced Network and System Administration
Assets Login account. Network bandwidth. Disk space. Data. Reputation. CIT 470: Advanced Network and System Administration

5 CIT 470: Advanced Network and System Administration
Security Goals Data confidentiality Customer account data (credit cards, identity) Trade secrets Administrative data (passwords, configuration) Data integrity Administrative data Software downloads (patches, free tools) Web pages CIT 470: Advanced Network and System Administration

6 CIT 470: Advanced Network and System Administration
Security Goals System integrity System binaries Kernel System/network availability Network bandwidth Network services (auth, file, mail, print) Disk space CIT 470: Advanced Network and System Administration

7 CIT 470: Advanced Network and System Administration
Threats Financial motives Identity theft Phishing Spam Extortion Botnets Political motives Danish sites hacked after Mohammed cartoons. Personal motives Just for fun. Insider revenge. CIT 470: Advanced Network and System Administration

8 CIT 470: Advanced Network and System Administration
Vulnerabilities Bad/default passwords. Unused services with open ports. Unpatched software vulnerabilities. Transmitting confidential data in cleartext. Open modems or wireless networks. Physical access to critical systems. Uneducated users. CIT 470: Advanced Network and System Administration

9 CIT 470: Advanced Network and System Administration
Attack Trees CIT 470: Advanced Network and System Administration

10 CIT 470: Advanced Network and System Administration
Defense Types Perimeter Security Firewall off network to prevent intrusions. What about wireless? What about mobile computing? Defense in Depth Secure systems at all levels: Network perimeter (firewall) Intrusion detection System hardening CIT 470: Advanced Network and System Administration

11 CIT 470: Advanced Network and System Administration
Defenses Vulnerability mitigation Use secure authentication systems. Deploy software in secure configuration. Patch security flaws quickly. Attack mitigation Firewalls to prevent network attacks. IDS to detect attacks. Virus/spyware scanners. CIT 470: Advanced Network and System Administration

12 CIT 470: Advanced Network and System Administration
Security Policies User Level Policies Users must sign before receiving resources. Acceptable Use Policy Monitoring and Privacy Policy Remote Access Policy Business Level Policies Network Connectivity Policy Log Retention Policy CIT 470: Advanced Network and System Administration

13 CIT 470: Advanced Network and System Administration
OS Hardening Secure the physical system. Install only necessary software. Keep security patches up to date. Delete or disable unnecessary user accounts. Use secure passwords. Disable remote access except where necessary. Use sudo instead of su. Run publicly accessible services in a jail. Check logs regularly. Configure firewall on each host. Run security scanner to check security. Document security configuration. CIT 470: Advanced Network and System Administration

14 Secure the physical system
Place servers in a physically secure location. Physically secure the case. Place ID tags on all hardware. Password protect the BIOS. Disable booting from removable media. CIT 470: Advanced Network and System Administration

15 Install only Necessary Software
Put different services on different hosts. A compromise in ftp shouldn’t compromise mail. Improves reliability and maintainability too. Common unnecessary packages X-Windows Software development (gcc, gdb, etc.) CIT 470: Advanced Network and System Administration

16 CIT 470: Advanced Network and System Administration
Security Patches Subscribe to vendor security patch list. Or know vendor’s update schedule. MS Windows updates on 2nd Tuesday. Update test host first. yum update Patches can sometimes break services. Update other hosts after that. May need to schedule downtown if reboot required. CIT 470: Advanced Network and System Administration

17 CIT 470: Advanced Network and System Administration
Jails Complete isolation: virtual machines. Partial isolation: chroot chroot /var/httpd httpd chroot filesystem needs: /var/httpd/etc: limited /etc/{passwd,shadow,group} /var/httpd/usr/lib shared libraries /var/httpd/bin: extra binaries /var/httpd/var/log: log space /var/httpd/tmp: temporary space CIT 470: Advanced Network and System Administration

18 CIT 470: Advanced Network and System Administration
Check Logs Review logs every morning. Better yet, have a program scan them. logwatch swatch Send logs to a central server for security: attacker can’t hide tracks by deleting ease of use: you can read all logs in one place CIT 470: Advanced Network and System Administration

19 CIT 470: Advanced Network and System Administration
Security Scanning Scan host security Run bastille on host. Scan network security Scan for open ports with nmap. Scan for vulnerabilities with nessus. CIT 470: Advanced Network and System Administration

20 CIT 470: Advanced Network and System Administration
Intrusion Detection Host-based intrusion detection Check if system files are modified. Check for config / process modifications. Tools: tripwrite, osiris, samhain Network-based intrusion detection NIDS = Sniffer + traffic analysis + alert system. Check for suspicious activities: port scans, etc. Check for attack signatures: worms, etc. Tools: snort, p0f CIT 470: Advanced Network and System Administration

21 CIT 470: Advanced Network and System Administration
Security Auditing Internal and External Audits Internal: by a group within organization. External: by a group external to organization. Audit areas Check compliance with security policy. Check physical security of building, data center. Check that machines have up to date patches. Scan networks to verify hosts + services. Penetration testing. CIT 470: Advanced Network and System Administration

22 CIT 470: Advanced Network and System Administration
Authentication Binding of an identity to a subject Based on: What the entity knows (e.g., passwords) What the entity has (e.g., access card) What the entity is (e.g., fingerprints) Where the entity is (e.g., local terminal) Two-factor authentication CIT 470: Advanced Network and System Administration

23 Purpose of Authentication
Access Control Most systems base access rights on identity of principal executing the process. Accountability Logging and auditing functions. Need to track identity across account/role changes (e.g., su, sudo). CIT 470: Advanced Network and System Administration

24 CIT 470: Advanced Network and System Administration
Access Control Matrix Group Dev RE Fin Res HR Ops Infra Sec Developers W R Release Engineers Finance Human Resources Operations System Administration A Security Dev = developer, RE = release engineering, Fin = finance, Res = corporate resource (intranet), HR = human resources, Ops = operations, Inf = infrastructure (mail/auth servers, etc.), Sec=security (firewalls, IDS) A = administrative access, R = read, W = write CIT 470: Advanced Network and System Administration

25 CIT 470: Advanced Network and System Administration
Single-sign on Login once to access all computing resources UNIX Windows Web Applications Databases Remote access Difficult to achieve in practice. Kerberos (Active Directory) CIT 470: Advanced Network and System Administration

26 CIT 470: Advanced Network and System Administration
Use Secure Passwords Attacks against Passwords Password sniffing Password guessing via login Password cracking Defences Do not transfer passwords over the network. Secure /etc/{passwd,shadow} Configure password quality/aging rules. Test your passwords by cracking them. CIT 470: Advanced Network and System Administration

27 CIT 470: Advanced Network and System Administration
Password Quality Use pam_cracklib.so in system-auth Options retry=#: Maximum # of retries. minlen=#: Minimum password length. lcredit=#: Min # of lower case letters. ucredit=#: Min # of upper case letters. dcredit=#: Min # of digits. ocredit=#: Min # of other chars. CIT 470: Advanced Network and System Administration

28 CIT 470: Advanced Network and System Administration
Password Aging Configure /etc/login.defs before creating accounts. PASS_MAX_DAYS: Max # of days before password expires. PASS_MIN_DAYS: Min # of days before user can change pw. PASS_WARN_AGE: # of days for pw change notice given. Also configure /etc/default/useradd INACTIVE: # of days after pw expiration that account is disabled. EXPIRE: Account expiration date in format YYYY-MM-DD. Remember old passwords with pam_unix.so Prevents users from changing password back to old value. Modify /etc/pam.d/system-auth Set pam_unix.so option remember=26 Create /etc/security/opasswd to store old passwords. CIT 470: Advanced Network and System Administration

29 CIT 470: Advanced Network and System Administration
One-Time Passwords A password that’s invalidated once used. Challenge: number of auth attempt Response: one-time password Problems Generation of one-time passwords Use hash or crytographic function Synchronization of the user and the system Number or timestamp passwords CIT 470: Advanced Network and System Administration

30 CIT 470: Advanced Network and System Administration
Biometrics Identify by physical chars Fingerprint Iris scan Unique identifiers. Not secrets. Can’t be changed at will. Possible outcomes: Correct person accepted Imposter rejected Correct person rejected (False Rejection) Imposter accepted (False Acceptance) A tradeoff always exists between false acceptances and false rejections. CIT 470: Advanced Network and System Administration

31 Disable Unnecessary Accounts
/etc/passwd contains application accounts. Delete unnecessary application accounts. ex: uucp, games, gdm, xfs, rpcuser, rpc All should have locked passwords. Set shell to /bin/noshell or /bin/false. Disable user accounts immediately on termination of employment. CIT 470: Advanced Network and System Administration

32 Disabling Remote Access
Disable cleartext protocols telnet, ftp, rsh, rlogin Disable root access via ssh. Set PermitRootLogin to “no” in sshd_config Remove root non-terminal consoles Set in /etc/securetty Disable password access via ssh Use keys instead. CIT 470: Advanced Network and System Administration

33 CIT 470: Advanced Network and System Administration
sudo Login as root only for single-user mode. Use sudo instead of su. sudo command Advantages: Uses user password instead of root’s password. Logs who executed what commands as root. Can delegate limited powers to some users. CIT 470: Advanced Network and System Administration

34 CIT 470: Advanced Network and System Administration
What is an Incident? Violation of security policy: Unauthorized access of information Unauthorized access to machines Embezzlement Virus or worm attack Denial of service attacks spam or harassment CIT 470: Advanced Network and System Administration

35 Incident Response Goals
Determine if a security breach occurred. Contain intrusion to prevent further damage. Recover systems and data. Prevent future intrusions of same kind. Investigate and/or prosecute intrusion. Prevent public knowledge of incident. CIT 470: Advanced Network and System Administration

36 CIT 470: Advanced Network and System Administration
Incident Response Phases to restore system to site security policy: Preparation for attack (before attack detected) Identification of attack Containment of attack (confinement) Damage assessment Preserve evidence (if necessary) Eradication of attack (stop attack) Recovery from attack (restore system to secure state) Follow-up to attack (analysis and other actions) CIT 470: Advanced Network and System Administration

37 CIT 470: Advanced Network and System Administration
References Michael D. Bauer, Linux Server Security, 2nd edition, O’Reilly, 2005. Aeleen Frisch, Essential System Administration, 3rd edition, O’Reilly, 2002. Simson Garfinkel, Gene Spafford, and Alan Schartz, Practical UNIX and Internet Security, 3rd edition, O’Reilly & Associates, 2003. Andrew Morgan, Linux PAM System Administrator’s Guide, Evi Nemeth et al, UNIX System Administration Handbook, 3rd edition, Prentice Hall, 2001. RedHat, Red Hat Enterprise Linux 4 Reference Guide, CIT 470: Advanced Network and System Administration

Download ppt "CIT 470: Advanced Network and System Administration"

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
CT 320: Network and System Administration Fall 2014 * Dr. Indrajit Ray Department of Computer.

CT 320: Network and System Administration Fall 2014 * Dr. Indrajit Ray Department of Computer.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.

Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Voyager Server Security and Monitoring Best practices and tools.

Voyager Server Security and Monitoring Best practices and tools.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Similar presentations

Ads by Google