Linux’ Security Haifa Linux Club 21.10.99 Orr Dunkelman.

Slides:



Advertisements
Similar presentations
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Advertisements

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
System Security Scanning and Discovery Chapter 14.
Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN
System and Network Security Practices COEN 351 E-Commerce Security.
Network Security Testing Techniques Presented By:- Sachin Vador.
Linux Security 資管研究生 劉順德. Outline General Security –Account –Local –Network –Patch Services Security –Sendmail –BIND/DNS –Apache –FTP Recent Linux security.
Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.
TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.
Threats to I.T Internet security By Cameron Mundy.
OpenSSH: A Telnet Replacement Presented by Aaron Grothe Heimdall Linux, Inc.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
19 Jun 2001New Jersey Infragard1 Basic Linux/System Security Bill Stearns, Senior Research Engineer Institute for Security Technology Studies, Investigative.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
Demystifying Backdoor Shells and IRC Bots: The Risk … By : Jonathan.
PRACTICAL STEPS IN SECURING WINDOWS NT Copyright, 1996 © Dale Carnegie & Associates, Inc. TIP For additional advice see Dale Carnegie Training® Presentation.
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
CIS 450 – Network Security Chapter 16 – Covering the Tracks.
OS Hardening Justin Whitehead Francisco Robles. ECE Internetwork Security OS Hardening Installing kernel/software patches and configuring a system.
RANCID / WebSVN AfNOG 12, Dar Es Salaam, Tanzania.
INTRODUCTION. The security system is used as in various fields, particularly the internet, communications data storage, identification and authentication.
Secure Operating Systems Lesson C: Linux Security Features.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Linux Networking Security Sunil Manhapra & Ling Wang Project Report for CS691X July 15, 1998.
12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,
CIS 450 – Network Security Chapter 14 – Specific Exploits for UNIX.
Unix Security.  Security architecture  File system and user accounts  Integrity management  Auditing and intrusion detection.
1 Security Penetration Testing Angela Davis Mrinmoy Ghosh ECE4112 – Internetwork Security Georgia Institute of Technology.
Linux Security. Authors:- Advanced Linux Programming by Mark Mitchell, Jeffrey Oldham, and Alex Samuel, of CodeSourcery LLC published by New Riders Publishing.
File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.
1 Linux Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise.
Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.
1 LINUX SECURITY. 2 Outline Introduction Introduction - UNIX file permission - UNIX file permission - SUID / SGID - SUID / SGID - File attributes - File.
TCOM Information Assurance Management System Hacking.
1 Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise your system.
Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.
Securing the Linux Operating System Erik P. Friebolin.
CTC228 Nov Today... Catching up with group projects URLs and DNS Nmap Review for Test.
SCSC 455 Computer Security Chapter 3 User Security.
Computer Security By Duncan Hall.
Enumeration. Definition Scanning identifies live hosts and running services Enumeration probes the identified services more fully for known weaknesses.
UNIX SYSTEM SECURITY Tanusree Sen Agenda Introduction Three Different Levels of Security Security Policies Security Technologies Future of.
Web Server Security: Protecting Your Pages NOAA OAR WebShop 2001 August 2 nd, 2001 Jeremy Warren.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
Computer Security Sample security policy Dr Alexei Vernitski.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Final Project: Advanced Security Blade IPS and DLP blades.
By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Hacking Windows.
Working at a Small-to-Medium Business or ISP – Chapter 8
The Linux Operating System
Backdoor Attacks.
Outline What does the OS protect? Authentication for operating systems
Hacking Unix/Linux.
Outline What does the OS protect? Authentication for operating systems
Chapter 27: System Security
Haifa Linux Club Orr Dunkelman
Lab 7 - Topics Establishing SSH Connection Install SSH Configure SSH
SECURITY IN THE LINUX OPERATING SYSTEM
Operating System Security
Linux Security.
Welcome to all Participants
Test 3 review FTP & Cybersecurity
Convergence IT Services Pvt. Ltd
Presentation transcript:

Linux’ Security Haifa Linux Club Orr Dunkelman

What is a Secure System? Secure system is an abstract concept Defined as “Robust”, it depends on what you need, how much time you are willing to put in, and what resources are at your disposal

P.C. vs. Server Close all services Don’t open accounts to everyone. Only to good and trusted people Close as much services as possible Make sure users have good passwords - use crack-lib. Demand periodical password changes

P.C. vs. Server (cont.) Don’t install what you don’t know its origin Download only from known places ( etc.) Remove Suid’s if you are not the only user Don’t install what you don’t know its origin Download only from known places ( etc.) Remove as more Suid’s as possible

Securing Passwords Crack-lib them. Ensure passwords are not too short, and not too easy to crack Shadow them. Don’t put them in /etc/passwd but in /etc/shadow (today’s default in RH 6.1 installation) Connect to remote system using SSH and SCP (FTP over SSH channel) to prevent passwords from being sent as cleartext

S vs. R SSH require password or a RSA phrase (SSH agent) SCP require password (no one will sent files without authorization) Several Authentication method are available RSH doesn’t require any password RCP - no passwords needed Work with Kreberos solely

S vs. R Use CompressionPlain Connection Don’t require password at all - no password is moved, if one of the encryption functions has been broken - no one get the password!

Authentication Prevents IP spoofing (claiming to be other IP then you are) Sometimes the algorithm allows also setting up a key for the rest of the session (Kreberos for example) Slow a little bit the connection (in the beginning) Known (and used) algorithms - Kreberos, RSA Challenges.

Dangerous Permissions Suid/Sgid - Check very carefully. Especially when the file is owned by root/wheel Write to all (xx2) Nouser/Nogroup.rhosts file (open R-services) Use “find” to find the files

Example - How to remove Suid’s? First find them - find -perm 4000 / Then check if you need them - login, wanted deamons (Qmail, telnet, SSH, FTP) Close services not needed in the /etc/inetd.conf Use TCP Wrappers to the rest of the ports (Those you usually get nuked - 139)

Monitor your Computer! Be the hacker yourself. Check for scripts and exploits which might be used against you Port scan your machine once in a while - ensure no ports and services are open (unless you opened them) Put Firewall. Hiding behind a firewall might help in reducing hackability (though those who pass it, are likely to hack better)

Introduction to Hacker 1 Use port scanner on the machine you are about to attack (nmap does great, and helps you in finding the OS running on the computer) Go to hackers web-sites, and look for the right exploits and scripts Try to examine the Services code, maybe you’ll find a backdoor

Security HOWTO Restrict physical approach (locks etc.) Consider BIOS and LILO passwords Lock workstation when you’re not near (vlock/xlock) Try to reduce root access to one of tty declared in /etc/securetty Try to use “su -” instead of login as root

Security HOWTO - Files When you need to allow root-like access minimize it using sudo Don’t allow Suid/Sgid where non-root users write to hard drive (mount as nosuid) Umask the right access permissions Limit resources in the machine (Nproc, CPUtime, etc.) Set /var/log/wtmp /var/run/utmp permissions to 644

Security HOWTO (cont.) Use chattr to set special permission (disable deleting, creating symbolic links etc.) Run Integrity Checker (like Tripwire) routinely (find changed files) Install PGP for users Install PAM (Plugable Authentication Module) Secure X connections (ssh for example)

Security HOWTO (cont.) Backup! Don’t use NFS/NIS without really needing it (and secure it when you does, those things are really not secure) Look at your logs once in awhile (/vat/log/) Look at the system log file

Auditing Audit your system Check Network once in awhile (Denial of Service attacks can be identified using this) Check who log on and from where. Check if it make sense

Virtual Machine Concept Use the VM (like VMWare) to be the machine which the rest of the world access Make sure the VM has privileges to change only where it should (no access to write to root partition, etc.) Check the VM is secure (!) your counting on that the VM can’t access what it’s not allowed

Tips and Ideas

Basic Concepts Use PAM (change of passwords etc. is not at your responsibility - less vulnerability) Check permissions before actions Check overflow/underflow. Be as Robust as you can If you are writing a deamon double check everything (and quad check it again).

Basic Concepts (cont.) Use available security tools - PGP (mail), SSH (telnet connections), SCP (ftp connections), Kreberos (Authenticate), IPSec (Network), etc. Enable Verbose mode - help users find problems which might affect them and their security

Basic Concepts (cont.) Check if you can hack the thing (be a malicious user) Treat carefully any file, before overwrite backup. Before delete check if the file is a system one. Log all actions (in case someone use your program to hack and cause damage, for tracing purpose)

Links Hackers Search Engine - Neworder.box.sk Security policy - RFC ietf.org/rfc/rfc2196.txt Krebero FAQ - faq.html Linux Security HOWTO - HOWTO.html

Links (cont.) Security Links - SSH FAQ - wwwfg.rz.uni-karlsruhe.de/~ig25/ssh- faq/ Homepage of PGP -