Introduction to Unix Security Greg Porter Data Processing Manager USPFO For California.

Slides:

Advertisements

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Advertisements

Why ha.ckers. org doesn’t get hacked. Who we are. James Flom (id) COO SecTheory Ltd

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Cryptography and Network Security Chapter 20 Intruders

1 UNIX Postmortem Mark Henman. 2 Introduction For most system administrators, there is no question that at some point at least one of their systems is.

IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.

Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.

Beth Johnson April 27, What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

EMU/ICT Incident Response Team Firewall Access Session Presenter: IRT TEAM Member.

Computer Network (MASQ/NAT/PROXY)

1 Computer Security: Protect your PC and Protect Yourself.

Introduction to Big Brother Greg Porter Data Processing Manager USPFO For California.

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

CIS 460 – Network Design Seminar Network Security Scanner Tool GFI LANguard.

What Is A Trojan Horse? A Trojan horse is: An unauthorized program contained within a legitimate program. This unauthorized program performs functions.

Honeypot and Intrusion Detection System

CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.

CIS 450 – Network Security Chapter 16 – Covering the Tracks.

Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.

SECURITY ZONES. Security Zones  A security zone is a logical grouping of resources, such as systems, networks, or processes, that are similar in the.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

TECHNOLOGY GUIDE THREE Protecting Your Information Assets.

Denial-of-Service Attacks Justin Steele Definition “A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate.

FORESEC Academy FORESEC Academy Security Essentials (III)

Build It Right; Build It Secure Tom Neff USAF Software Engineer & Process Improvement Specialist CERT Conference ‘99CERT Conference ‘99.

1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.

HONEYPOT By SIDDARTHA ELETI CLEMSON UNIVERSITY. Introduction Introduced in 1990/1991 by Clifford Stoll’s in his book “The Cuckoo’s Egg” and by Bill Cheswick’s.

Intrusion Detection (ID) Intrusion detection is the ART of detecting inappropriate, incorrect, or anomalous activity There are two methods of doing ID.

CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.

For brownies this PowerPoint will help you understand computer viruses and help stop them!!!!

Cracking Techniques Onno W. Purbo

1.1 1 Purpose of firewall : –Control access to or from a protected network; –Implements network access policy connections pass through firewall and are.

Viruses For… What is a virus? A virus, affects your computer and damages its software. It can affect your computer, and some viruses can damage your.

Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.

Introduction to Secure Shell Greg Porter Data Processing Manager USPFO For California.

Onguardonline.gov By Austin Kellogg. Main ideas  Protect your personal information  Know who your dealing with  Use security software that updates.

Anatomy of a Network Hack: How To Get Your Network Hacked in Ten Easy Steps! Jesper M. Johansson Senior Security Strategist Microsoft Corporation

OWASP Secure Configuration Guide Alexander Antukh 25/11/2014.

Role Of Network IDS in Network Perimeter Defense.

UNIX SYSTEM SECURITY Tanusree Sen Agenda Introduction Three Different Levels of Security Security Policies Security Technologies Future of.

IOAP Setup and Maintenance of Assessment Laptop. Introduction In order to have smooth functioning of laptops during ion assessments, a few setup activities.

Web Server Security: Protecting Your Pages NOAA OAR WebShop 2001 August 2 nd, 2001 Jeremy Warren.

SMOOTHWALL FIREWALL By Nitheish Kumarr. INTRODUCTION  Smooth wall Express is a Linux based firewall produced by the Smooth wall Open Source Project Team.

ARE YOU A CYBER SECURITY RISK?. Pass the Hat Al QaedaFARCHezbollahIRAHAMAS.

General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use.

Chapter 14.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems.

An Introduction To Gateway Intrusion Detection Systems Hogwash GIDS Jed Haile Nitro Data Systems.

Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.

OSSEC HIDS ● Jonathan Schipp ● Dubois County Linux User Group ● Sept 4 th, 2011 ● jonschipp (at) gmail.com.

ITS220 – How To Prevent Your PC From Infected by Virus presented by Desmond Ho.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Seminar On Ethical Hacking Submitted To: Submitted By:

CSCE 548 Student Presentation By Manasa Suthram

Firmware threat Dhaval Chauhan MIS 534.

Top 5 Open Source Firewall Software for Linux User

Security+ All-In-One Edition Chapter 1 – General Security Concepts

The Linux Operating System

TECHNOLOGY GUIDE THREE

Outline Introduction Characteristics of intrusion detection systems

Traffic Analysis with Ethereal

Kennesaw State University

Your Computer Wants To Ruin Your Life

Apple TV Error. Check Here.

Computer Security Elaine Munn Introduction to Computer Security.

Pertemuan-12 Firewall.

Network hardening Chapter 14.

The Troubleshooting theory

6. Application Software Security

Presentation transcript:

Introduction to Unix Security Greg Porter Data Processing Manager USPFO For California

Go to dpnet.caus.ca.ngb.army.m il for the latest information A True Story We loaded linux on a PC, and connected it to the network. Some ‘script kiddie’ came along with a scanner and determined that the linux box had an unpatched bind service. Within hours, they hacked the box, got root access, and installed a ‘root kit’ to hide their tracks. Fortunately we run tools that allow us to detect and deny unauthorized access. Our Intrusion Detection System (IDS) found them. WITHOUT IDS YOU WILL NEVER KNOW. Proactive detection is your frontline defense. Don’t wait until bad guys are attacking the CP….

Go to dpnet.caus.ca.ngb.army.m il for the latest information Disclaimers IANASE I Am Not A Security Expert Existing CERT teams are unix illiterate ACERT approves security tools –NT point and click, no knowledge needed –You can’t afford them Proactive DP shops must do ‘self-help’ DP shops are not CERT teams

Go to dpnet.caus.ca.ngb.army.m il for the latest information Basic Security Steps Detect Them Stop them Document them Turn them in Harden your systems

Go to dpnet.caus.ca.ngb.army.m il for the latest information Detect Them Intrusion Detection System (IDS) –Not a firewall, more like a radar detector –Watches network traffic –Notifies you if suspect traffic is found –A good free system is snort, –Will run on low powered Pentium –READ YOUR LOGS!!!! Use an automatic log reader (Logcheck, No one has the time to read logs by hand.

Go to dpnet.caus.ca.ngb.army.m il for the latest information Stop Them Have a local firewall you control –OK, so it’s not an official ‘firewall’ –Could be same system as IDS –IDS could trigger firewall response –Will run on low powered Pentium with free software We use OpenBSD ( Refer to it as a ‘bridge’ or a ‘router’

Go to dpnet.caus.ca.ngb.army.m il for the latest information Document Them Compromise should be in your COOP plan Think ‘crime scene’, don’t destroy evidence Disconnect system from network Make an entire system backup for evidence Reload from media, binaries may be hacked If they got one, they probably got all –They sniffed your local net, all passwords stolen –Consider reload from media on all systems

Go to dpnet.caus.ca.ngb.army.m il for the latest information Turn Them In Your state CERT is your direct support –Probably new and inexperienced –Usually NT oriented, no unix knowledge –Assist them in escalating to NGB NGB CERT has some of the same problems, probably will be of little help LET SOMEONE HIGHER CALL THE FEDS or ACERT!

Go to dpnet.caus.ca.ngb.army.m il for the latest information Harden Your Systems Ideally they didn’t get in the door, the IDS and ‘firewall’ stopped them A good source of unix (and NT) hardening info is at The Bastille Linux hardening scripts have good ideas, but need tweaks for HP-UX

Go to dpnet.caus.ca.ngb.army.m il for the latest information Harden Your Systems, Cont. Some things you can do now –CHECK YOUR LOGS!!! Use Logcheck, –Turn off non-essential network services –Consider loading network related patches –Know if you are port-scanned, use PortSentry, –Load TCPWrappers –Implement Secure Shell, kill telnet and ftp

Go to dpnet.caus.ca.ngb.army.m il for the latest information For More Information Check out DPNet –DP specific web site –Lots of topics, DP security discussion –Links to lots of good security sites –Our ‘how-tos’ on how to load for HP-UX –Get help in real-time