CIT 470: Advanced Network and System AdministrationSlide #1 CIT 470: Advanced Network and System Administration Security.

Slides:



Advertisements
Similar presentations
CT 320: Network and System Administration Fall 2014 * Dr. Indrajit Ray Department of Computer.
Advertisements

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
Security+ Guide to Network Security Fundamentals
System and Network Security Practices COEN 351 E-Commerce Security.
Chapter 7 HARDENING SERVERS.
Intrusion Detection Systems and Practices
Network Security Testing Techniques Presented By:- Sachin Vador.
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Voyager Server Security and Monitoring Best practices and tools.
Security Guidelines and Management
IST346:  Information Security Policy  Monitoring and Logging.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
APA of Isfahan University of Technology In the name of God.
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
National Energy Research Scientific Computing Center (NERSC) Computer Security – The New Threats Stephen Lau NERSC Center Division, LBNL June 24, 2004.
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
CERN’s Computer Security Challenge
COEN 252 Computer Forensics Collecting Network-based Evidence.
User Manager Pro Suite Taking Control of Your Systems Joe Vachon Sales Engineer November 8, 2007.
CIS 450 – Network Security Chapter 16 – Covering the Tracks.
Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.
Module 14: Configuring Server Security Compliance
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
CIT 470: Advanced Network and System AdministrationSlide #1 CIT 470: Advanced Network and System Administration Disaster Recovery.
File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.
1 Linux Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise.
CIT 470: Advanced Network and System AdministrationSlide #1 CIT 470: Advanced Network and System Administration System Monitoring.
INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.
1 Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise your system.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
CIT 470: Advanced Network and System Administration
Module 7: Implementing Security Using Group Policy.
Computer Security Status Update FOCUS Meeting, 28 March 2002 Denise Heagerty, CERN Computer Security Officer.
Securing the Linux Operating System Erik P. Friebolin.
SCSC 455 Computer Security Chapter 3 User Security.
Lecture – Authentication Services
How to Mitigate Stay Safe. Patching Patches Software ‘fixes’ for vulnerabilities in operating systems and applications Why Patch Keep your system secure.
CSCE 201 Identification and Authentication Fall 2015.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►
Chapter 12 Operating System Security. Possible for a system to be compromised during the installation process before it can install the latest patches.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Information Systems Design and Development Security Precautions Computing Science.
IDS And Tripwire Rayhan Mir COSC 356. What is IDS IDS - Intrusion detection system Primary function – To monitor network or host resources to detect intrusions.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Working at a Small-to-Medium Business or ISP – Chapter 8
Critical Security Controls
Configuring Windows Firewall with Advanced Security
Secure Software Confidentiality Integrity Data Security Authentication
IS3440 Linux Security Unit 9 Linux System Logging and Monitoring
Chapter 27: System Security
Operating System Security
Welcome to all Participants
Designing IIS Security (IIS – Internet Information Service)
6. Application Software Security
Presentation transcript:

CIT 470: Advanced Network and System AdministrationSlide #1 CIT 470: Advanced Network and System Administration Security

CIT 470: Advanced Network and System AdministrationSlide #2 Topics 1.Risk Management 2.Security Policies 3.OS Hardening 4.Authentication 5.PAM 6.Passwords 7.Incident Response

CIT 470: Advanced Network and System AdministrationSlide #3 Risk Management Risk is the relationship between your assets, the vulnerabilities characteristic to those assets, and attackers who wish to access or modify those assets.

CIT 470: Advanced Network and System AdministrationSlide #4 Assets 1.Login account. 2.Network bandwidth. 3.Disk space. 4.Data. 5.Reputation.

CIT 470: Advanced Network and System AdministrationSlide #5 Security Goals Data confidentiality Customer account data (credit cards, identity) Trade secrets Administrative data (passwords, configuration) Data integrity Administrative data Software downloads (patches, free tools) Web pages

CIT 470: Advanced Network and System AdministrationSlide #6 Security Goals System integrity System binaries Kernel System/network availability Network bandwidth Network services (auth, file, mail, print) Disk space

CIT 470: Advanced Network and System AdministrationSlide #7 Threats Financial motives Identity theft Phishing Spam Extortion Botnets Political motives Danish sites hacked after Mohammed cartoons. Personal motives Just for fun. Insider revenge.

CIT 470: Advanced Network and System AdministrationSlide #8 Vulnerabilities 1.Bad/default passwords. 2.Unused services with open ports. 3.Unpatched software vulnerabilities. 4.Transmitting confidential data in cleartext. 5.Open modems or wireless networks. 6.Physical access to critical systems. 7.Uneducated users.

CIT 470: Advanced Network and System AdministrationSlide #9 Attack Trees

CIT 470: Advanced Network and System AdministrationSlide #10 Defense Types Perimeter Security –Firewall off network to prevent intrusions. –What about wireless? –What about mobile computing? Defense in Depth –Secure systems at all levels: Network perimeter (firewall) Intrusion detection System hardening

CIT 470: Advanced Network and System AdministrationSlide #11 Defenses Vulnerability mitigation Use secure authentication systems. Deploy software in secure configuration. Patch security flaws quickly. Attack mitigation Firewalls to prevent network attacks. IDS to detect attacks. Virus/spyware scanners.

CIT 470: Advanced Network and System AdministrationSlide #12 Security Policies User Level Policies Users must sign before receiving resources. 1.Acceptable Use Policy 2.Monitoring and Privacy Policy 3.Remote Access Policy Business Level Policies 1.Network Connectivity Policy 2.Log Retention Policy

CIT 470: Advanced Network and System AdministrationSlide #13 OS Hardening 1.Secure the physical system. 2.Install only necessary software. 3.Keep security patches up to date. 4.Delete or disable unnecessary user accounts. 5.Use secure passwords. 6.Disable remote access except where necessary. 7.Use sudo instead of su. 8.Run publicly accessible services in a jail. 9.Check logs regularly. 10.Configure firewall on each host. 11.Run security scanner to check security. 12.Document security configuration.

CIT 470: Advanced Network and System AdministrationSlide #14 Secure the physical system 1.Place servers in a physically secure location. 2.Physically secure the case. 3.Place ID tags on all hardware. 4.Password protect the BIOS. 5.Disable booting from removable media.

CIT 470: Advanced Network and System AdministrationSlide #15 Install only Necessary Software Put different services on different hosts. A compromise in ftp shouldn’t compromise mail. Improves reliability and maintainability too. Common unnecessary packages X-Windows Software development (gcc, gdb, etc.)

CIT 470: Advanced Network and System AdministrationSlide #16 Security Patches Subscribe to vendor security patch list. Or know vendor’s update schedule. MS Windows updates on 2 nd Tuesday. Update test host first. yum update Patches can sometimes break services. Update other hosts after that. May need to schedule downtown if reboot required.

CIT 470: Advanced Network and System AdministrationSlide #17 Jails Complete isolation: virtual machines. Partial isolation: chroot chroot /var/httpd httpd chroot filesystem needs: /var/httpd/etc: limited /etc/{passwd,shadow,group} /var/httpd/usr/lib shared libraries /var/httpd/bin: extra binaries /var/httpd/var/log: log space /var/httpd/tmp: temporary space

CIT 470: Advanced Network and System AdministrationSlide #18 Check Logs Review logs every morning. Better yet, have a program scan them. logwatch swatch Send logs to a central server for security: attacker can’t hide tracks by deleting ease of use: you can read all logs in one place

CIT 470: Advanced Network and System AdministrationSlide #19 Security Scanning Scan host security Run bastille on host. Scan network security Scan for open ports with nmap. Scan for vulnerabilities with nessus.

CIT 470: Advanced Network and System AdministrationSlide #20 Intrusion Detection Host-based intrusion detection Check if system files are modified. Check for config / process modifications. Tools: tripwrite, osiris, samhain Network-based intrusion detection NIDS = Sniffer + traffic analysis + alert system. Check for suspicious activities: port scans, etc. Check for attack signatures: worms, etc. Tools: snort, air snort

CIT 470: Advanced Network and System AdministrationSlide #21 Security Auditing Internal and External Audits –Internal: by a group within organization. –External: by a group external to organization. Audit areas –Check compliance with security policy. –Check physical security of building, data center. –Check that machines have up to date patches. –Scan networks to verify hosts + services. –Penetration testing.

CIT 470: Advanced Network and System AdministrationSlide #22 Authentication Binding of an identity to a subject Based on: 1.What the entity knows (e.g., passwords) 2.What the entity has (e.g., access card) 3.What the entity is (e.g., fingerprints) 4.Where the entity is (e.g., local terminal) Two-factor authentication

CIT 470: Advanced Network and System AdministrationSlide #23 Purpose of Authentication Access Control –Most systems base access rights on identity of principal executing the process. Accountability –Logging and auditing functions. –Need to track identity across account/role changes (e.g., su, sudo ).

CIT 470: Advanced Network and System AdministrationSlide #24 Access Control Matrix GroupDevREFinResHROpsInfraSec DevelopersWRR Release EngineersRWR FinanceWR Human ResourcesRW OperationsRRW System AdministrationAAAAAAA SecurityAAAAAAAA Dev = developer, RE = release engineering, Fin = finance, Res = corporate resource (intranet), HR = human resources, Ops = operations, Inf = infrastructure (mail/auth servers, etc.), Sec=security (firewalls, IDS) A = administrative access, R = read, W = write

CIT 470: Advanced Network and System AdministrationSlide #25 Single-sign on Login once to access all computing resources UNIX Windows Web Applications Databases Remote access Difficult to achieve in practice. Kerberos (Active Directory)

CIT 470: Advanced Network and System AdministrationSlide #26 PAM Problem: Many programs require authentication. Ex: ftp, rlogin, ssh, etc. New auth schemes require rewrites. Ex: longer passwords, keys, one-time passwords Solution: Separate authentication from programs. Use Pluggable Authentication Modules for auth. Programs choose PAMs to use at runtime by reading config files.

CIT 470: Advanced Network and System AdministrationSlide #27 PAM Configuration Configured under /etc/pam.d Each PAM-aware service has a file there. Format: Module interface: one of 4 module types. Control flag: how module will react to failure or success (multiple successes may be required.) Module name: PAM shared library. Module args: Files to use, other options.

CIT 470: Advanced Network and System AdministrationSlide #28 Module Interfaces auth — Authenticates use of service. For example, it may request and verify a password. account — Verifies that access is permitted, e.g. check for expired accounts or location/time. password — Sets and verifies passwords. session — Configures and manages user sessions, e.g. mounting user home directories or mailboxes.

CIT 470: Advanced Network and System AdministrationSlide #29 Module Stacking Example rlogin PAM requirements The file /etc/nologin must not be present. Root may not login over network (securetty.) Environment variables may be loaded. ~/.rhosts entry allows login without password. Otherwise perform standard password login. PAM config file auth required pam_nologin.so auth required pam_securetty.so auth required pam_env.so auth sufficient pam_rhosts_auth.so auth required pam_stack.so service=system-auth

CIT 470: Advanced Network and System AdministrationSlide #30 Control Flags required — Module result must be successful for authentication to continue. User is not notified on failure until results on all modules referencing that interface are available. requisite — Module result must be successful for authentication to continue. User is notified immediately with a message reflecting the first failed required or requisite module. sufficient — Module result ignored if it fails. If a sufficient flagged module result is successful and no required flagged modules above it have failed, then no other results are required and the user is authenticated to the service. optional — Module result is ignored. Only necessary for successful authentication when no other modules reference the interface.

CIT 470: Advanced Network and System AdministrationSlide #31 PAM Files /etc/pam.d : PAM configuration files. /lib/libpam.so : Main PAM library. Reads configuration files. Loads other PAM modules. /lib/security : Pluggable modules. /usr/share/doc/*pam* : Documentation.

CIT 470: Advanced Network and System AdministrationSlide #32 Use Secure Passwords Attacks against Passwords Password sniffing Password guessing via login Password cracking Defences Do not transfer passwords over the network. Secure /etc/{passwd,shadow} Configure password quality/aging rules. Test your passwords by cracking them.

CIT 470: Advanced Network and System AdministrationSlide #33 Password Quality Use pam_cracklib.so in system-auth Options retry=#: Maximum # of retries. minlen=#: Minimum password length. lcredit=#: Min # of lower case letters. ucredit=#: Min # of upper case letters. dcredit=#: Min # of digits. ocredit=#: Min # of other chars.

CIT 470: Advanced Network and System AdministrationSlide #34 Password Aging Configure /etc/login.defs before creating accounts. PASS_MAX_DAYS: Max # of days before password expires. PASS_MIN_DAYS: Min # of days before user can change pw. PASS_WARN_AGE: # of days for pw change notice given. Also configure /etc/default/useradd INACTIVE: # of days after pw expiration that account is disabled. EXPIRE: Account expiration date in format YYYY-MM-DD. Remember old passwords with pam_unix.so Prevents users from changing password back to old value. Modify /etc/pam.d/system-auth Set pam_unix.so option remember=26 Create /etc/security/opasswd to store old passwords.

CIT 470: Advanced Network and System AdministrationSlide #35 One-Time Passwords A password that’s invalidated once used. Challenge: number of auth attempt Response: one-time password Problems –Generation of one-time passwords Use hash or crytographic function –Synchronization of the user and the system Number or timestamp passwords

CIT 470: Advanced Network and System AdministrationSlide #36 Biometrics Identify by physical chars –Fingerprint –Iris scan Unique identifiers. –Not secrets. –Can’t be changed at will. Possible outcomes: 1.Correct person accepted 2.Imposter rejected 3.Correct person rejected (False Rejection) 4.Imposter accepted (False Acceptance) A tradeoff always exists between false acceptances and false rejections.

CIT 470: Advanced Network and System AdministrationSlide #37 Disable Unnecessary Accounts /etc/passwd contains application accounts. Delete unnecessary application accounts. Common ex: uucp, games, gdm, xfs, rpcuser, rpc All should have locked passwords. Set shell to /bin/noshell or /bin/false. Disable user accounts immediately on termination of employment.

CIT 470: Advanced Network and System AdministrationSlide #38 Disabling Remote Access Disable cleartext protocols telnet, ftp, rsh, rlogin Disable root access via ssh. Set PermitRootLogin to “no” in sshd_config Remove root non-terminal consoles Set in /etc/securetty Disable password access via ssh Use keys instead.

CIT 470: Advanced Network and System AdministrationSlide #39 sudo Login as root only for single-user mode. Use sudo instead of su. sudo command Advantages: Uses user password instead of root’s password. Logs who executed what commands as root. Can delegate limited powers to some users.

CIT 470: Advanced Network and System AdministrationSlide #40 What is an Incident? Violation of security policy: –Unauthorized access of information –Unauthorized access to machines –Embezzlement –Virus or worm attack –Denial of service attacks – spam or harassment

CIT 470: Advanced Network and System AdministrationSlide #41 Incident Response Goals 1.Determine if a security breach occurred. 2.Contain intrusion to prevent further damage. 3.Recover systems and data. 4.Prevent future intrusions of same kind. 5.Investigate and/or prosecute intrusion. 6.Prevent public knowledge of incident.

CIT 470: Advanced Network and System AdministrationSlide #42 Incident Response Phases to restore system to satisfy site security policy: 1.Preparation for attack (before attack detected) 2.Identification of attack 3.Containment of attack (confinement) 4.Damage assessment 5.Preserve evidence (if necessary) 6.Eradication of attack (stop attack) 7.Recovery from attack (restore system to secure state) 8.Follow-up to attack (analysis and other actions)

CIT 470: Advanced Network and System AdministrationSlide #43 References 1.Michael D. Bauer, Linux Server Security, 2 nd edition, O’Reilly, Aeleen Frisch, Essential System Administration, 3 rd edition, O’Reilly, Simson Garfinkel, Gene Spafford, and Alan Schartz, Practical UNIX and Internet Security, 3 rd edition, O’Reilly & Associates, Andrew Morgan, Linux PAM System Administrator’s Guide, html/pam.html, html/pam.html 5.Evi Nemeth et al, UNIX System Administration Handbook, 3 rd edition, Prentice Hall, RedHat, Red Hat Enterprise Linux 4 Reference Guide, guide/, guide/

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.