LERSAIS.  Access Control in Unix  Access Control in Windows  Port Redirection 2.

Slides:

Advertisements

Similar presentations

The UNIX File System Harry Chen Department of CSEE University of MD Baltimore County.

Advertisements

Linux File & Folder permissions. File Permissions In Ubuntu, files and folders can be set up so that only specific users can view, modify, or run them.

Engineering Secure Software. Linux File Permissions  Each file and directory has bits for.. Read, Write, Execute: rwx Files: works as it sounds  Directories:

Unix permissions, ownership and setuid File security and ownership The chmod(1) command Process Ownership Setuid, Setgid and the Sticky bit Writing setuid.

File Security. Viewing Permissions ls –l Permission Values.

Chapter 10 File System Security. Security Policies security policies are doors maintain a balance between total access and total security UNIX has two.

Linux+ Guide to Linux Certification, Second Edition

CS 497C – Introduction to UNIX Lecture 15: - File Attributes Chin-Chih Chang

Linux Linux File System.

Sharing Files Richard Newman based on Smith “Elementary Information Security”

UNIX Chapter 08 File Security Mr. Mohammad Smirat.

Linux File Security. What is Permission ? Specifies what right are granting to users to access the resources available in the computer. So that important.

Getting Started with Linux Linux System Administration Permissions.

File System Security 1. General Principles Files and folders are managed by the operating system Applications, including shells, access files through.

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

O.S security Ge Zhang Karlstad University. Outline Why O.S. security is important? Security schemes in Unix/Linux system Security schemes in windows system.

Filesystem Hierarchy Standard (FHS) –Standard of outlining the location of set files and directories on a Linux system –Gives Linux software developers.

Va-scanCopyright 2002, Marchany Unit 6 – Solaris File Security Randy Marchany VA Tech Computing Center.

Files & Directories Objectives –to be able to describe and use the Unix file system model and concepts Contents –directory structure –file system concepts.

Unix Basics Lecture 14. UNIX Introduction The UNIX operating system is made up of three parts;  the kernel, the shell and the programs. The kernel of.

CIT 140: Introduction to ITSlide #1 CSC 140: Introduction to IT File Security.

File Permissions. What are the three categories of users that apply to file permissions? Owner (or user) Group All others (public, world, others)

Linux+ Guide to Linux Certification, Second Edition

Managing Files CSCI N321 – System and Network Administration Copyright © 2000, 2011 by the Trustees of Indiana University except as noted.

Bash startup files Linux/Unix files stty Todd Kelley CST8207 – Todd Kelley1.

Module 4 - File Security. Security Overview File Ownership Access to Files and Dircetories Changing File and Directory Ownership Changing File and Directory.

File Permission and Access. Module 6 File Permission and Access ♦ Introduction Linux is a multi-user system where users can assign different access permission.

CS426Fall 2010/Lecture 91 Computer Security CS 426 Lecture 9 Unix Access Control.

Files and Directories File types stat functions for file information

IS2150/TEL2810: Introduction of Computer Security1 October 18, 2005 Introduction to Computer Security Lecture 6 Windows/Unix/Solaris 10 Design Principles.

1 LINUX SECURITY. 2 Outline Introduction Introduction - UNIX file permission - UNIX file permission - SUID / SGID - SUID / SGID - File attributes - File.

Linux+ Guide to Linux Certification, Third Edition

Linux+ Guide to Linux Certification, Third Edition

Workbook 4 User & Group Permissions RH030 Linux Computing Essentials.

PacNOG 6: Nadi, Fiji UNIX ™/ /Linux Permissions Hervey Allen Network Startup Resource Center.

Privileges: who can control what Introduction to Unix June 16, 2009 Papeete, French Polynesia Hervey Allen.

Privileges: who can control what Introduction to Unix May 24, 2008 Rabat, Morocco Hervey Allen.

Managing Files CSCI N321 – System and Network Administration Copyright © 2000, 2007 by the Trustees of Indiana University except as noted.

Chapter 8 File System Security. File Protection Schemes Login passwords Encryption File Access Privileges.

Linux Filesystem WeeSan Lee. Roadmap Disk Partitions The Filesystem Filesystem Mouting & Umounting File Tree File Type File Permission.

The Unix File system (UFS) Presented by: Gurpreet Singh Assistant Professor Department of School of Computing and Engineering Galgotias University.

IS 2150 / TEL 2810 Introduction to Security

CSCI 330 The UNIX System Unit V Permissions. all access to directories and files is controlled UNIX uses discretionary access control (DAC) model each.

Chapter 8 File System Security. File Protection Schemes Password-Based Protection Encryption-Based Protection Protection-Based on Access Permission.

Linux Use the Command-Line Interface to Administer the System.

CIT 383: Administrative ScriptingSlide #1 CIT 383: Administrative Scripting Directories.

1 IS 2150 / TEL 2810 Introduction to Security James Joshi Assistant Professor, SIS Secure Design Principles OS Security Overview Lecture 2 September 6,

File System Security ls -l. First Columm d = directory l = symbolic link b = block special file c = character special file p = fifo (or named pipe) special.

Jozef Goetz, expanded by Jozef Goetz, 2008 Credits: Parts of the slides are based on slides created by UNIX textbook authors, Syed M. Sarwar, Robert.

Lecture 4 & 5: System Architecture  File systems  Devices  File system permissions  Review of Linux runlevels  In-class exercise.

Access Control. Many models Traditional Unix model Windows model Role-based access control (SE Linux)‏ Access control for confidentiality (Bell-La Padula.

Karlstad University Operating System security Ge Zhang Karlstad University.

File System Security in Unix Annie Calpe. Overview Unix Basics File System Security: - Account Security: Passwords - File Permissions - Access Control.

Linux Permissions ● Meryll Larkin - that's me ● Why you are here: – You do this at work or want to – General curiosity - want to learn – Your first choice.

Linux Filesystem Management

Privileges: who can control what

Permissions: who can control what Unix/IP Preparation Course July 19, 2009 Eugene, Oregon, USA

File permissions Operating systems I800

Chapter 8 File Security.

IS 2150 / TEL 2810 Introduction to Security

Privileges: who can control what

Unix Access Control Basic CE 2

Presented by, Mr. Satish Pise

Security and File Permission

Engineering Secure Software

IS 2150 / TEL 2810 Introduction to Security

Operating System Security

Department of School of Computing and Engineering

Engineering Secure Software

Figure 6-13: Managing Permissions

Presentation transcript:

LERSAIS

 Access Control in Unix  Access Control in Windows  Port Redirection 2

Exercise 3

 Each file/directory has owner and group  How are the permissions set by a owner for  Read, write, execute  Owner, group, other ???  Only owner, root can change permissions  This privilege cannot be delegated or shared 4

 File type, owner, group, others  ls –l drwx jjoshi isfac 512 Aug risk management lrwxrwxrwx 1 jjoshi isfac 15 Apr 7 09:11 risk_m->risk management -rw-r--r-- 1 jjoshi isfac 1754 Mar 8 18:11 words05.ps -r-sr-xr-x 1 root bin 9176 Apr /usr/bin/rs -r-sr-sr-x 1 root sys 2196 Apr /usr/bin/passwd  File types  regular -, directory d, symlink l, device b/c, socket s, fifo f/p  Permissions  r, w, x  Any other permissions? 5

 Do Part I: File Structure Setup  chgrp: change the group associated with a file  chown: change the owner of a file  Do Part II: Exercise File and Folder Permissions  chmod: change file system modes (permissions/special modes) of a file/directory 6 set uid set gid stic ky rwxrwxrwx specialownergroupothers

 Specifies the permission you do not want given by default to new files  Bitwise AND with the bitwise complement of the umask value  Example  proposed permission: 0775, umask: 0026 ▪ : 0026 umask ▪ : 7751 complement of umask ▪ ˄ : 0775 proposed permission ▪ = : 0751 actual permission 7

 Do Part III: Default File Permissions  What is the initial mask?  What are the permissions for testmask1?  What are the permissions for testmask2?  What about umask = 0000? 8 umask User Access Group AccessOther Access 0000All 0002All Read, Execute 0007All None 0022AllRead, Execute 0027AllRead, ExecuteNone 0077AllNone

 Three setid bits  suid ▪ set EUID of process to ID of file owner  sgid ▪ set EGID of process to GID of file  suid/sgid used when a process executes a file ▪ If suid(sgid) bit is on – the EUID (EGID) of the process changed to UID (GUID) of the file  Sticky ▪ Off: if user has write permission on directory, can rename or remove files, even if not owner ▪ On: only file owner, directory owner, and root can rename or remove file in the directory 9 -r--r-sr-t 1 root user Mar /tmp/example What does this mean?

 Do Part IV: setuid bit, setgid bit and sticky bit  chmod 4755 /bin/touch  Why touch is denied second time? 10 set uid set gid stic ky rwxrwxrwx specialownergroupothers

Demo 11

 Basic permission setting  Properties > Security > Edit ▪ Add/remove users and groups ▪ Define allowed/denied permissions  Advanced permissions? 12

 Advanced permissions 13

 Access control management in Unix vs. Windows  How different?  Which one is easier?  Which one is more efficient? 14

Exercise 15

 Exploit a machine and obtain access to a server with a filtered port by piping another unfiltered port  Trojans are hard to detect and can be used to mount such an attack 16

 An internally used FTP server  Information security department blocks certain known ports including 21, which is for FTP  A user logs into the server, and accidentally plants a trojan  The trojan enables port redirection on the FTP server  Attacker gains access to the FTP server via the redirected port! 17

 What security problems can occur due to port redirection?  What about useful purposes 18