Presentation is loading. Please wait.

Presentation is loading. Please wait.

Linux Security Presenter: Dolev Farhi (@0x6466) | dolev@dc416.com.

Published byMaximillian Long Modified over 6 years ago

Similar presentations

Presentation on theme: "Linux Security Presenter: Dolev Farhi (@0x6466) | dolev@dc416.com."— Presentation transcript:

1 Linux Security Presenter: Dolev Farhi |

2 Acknowledgements

3 ? You need to deploy a public facing web server…
- what security countermeasures do you apply?

4 Common hardening techniques
Limiting the attack surface by removing unnecessary packages Local Firewall rules (iptables, Firewalld) Disabling root and using a sudo account(s) Keeping the system up to update (rpm, dpkg) User account management / enforcing password complexity and passwords Locking down certain services

5 but they won’t prevent the following scenario…

6 SELinux & AppArmor SELinux: Context based, installed by default (CentOS/Red Hat) - Well defnied policy interfaces - Flexible policies - CLI/GUI apps exist to administer an enabled SELinux system. - auditing features - Permissive & Enforcing modes AppArmor: Profile-based, controls the directories/files the app is using. - Easy deployment - Console app for administration - Reports scheduling and auditing - Complain & Enforce modes Both mechanisms provide another layer of security, but security often comes with usability difficulties/issues.

7

8 More on SELinux …but other than that. * Medium-High Linux skill set is required to administer SELinux * Systems that are already deployed with apps will have to be modified to work with SELinux, it is not a pleasant sight… …many vendors don’t support SELinux enabled. Estimated performance hit of ~7%

9 ? root user is compromised, is it game over?

10 The power of SELinux

11 root challenge

12 Automating auditing processes with Lynis
Lynis is security auditing tool, for Unix, Linux and Mac OS systems. It is used by system administrators, auditors and security professionals, all over the world. Some of the features are: Open source Shell script No dependencies Easy to understand Report on screen and details in report file Reporting of warnings and suggestions Detailed logging Hardening index Dynamic OS detection 300+ built-in tests Support for custom tests Plugin support Compliance checks Extensive software support Reporting

13 Behavioral analysis with using honeypots
Kippo is a medium interaction open source SSH honeypot designed to log brute force attacks and the entire shell interaction Github project: Features: Fake filesystem (and real), session logging, tricks user in different ways. Pros: easy to deploy, provides a relatively easy to way to create your own custom honeypot. Cons: - Easy to fingerprint - A real experienced Linux user would be able to understand he’s in a honeypot pretty quickly with out of the box configuration.

14 Behavioral analysis with Kippo honeypot
Some of Kippo’s features: Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included Possibility of adding fake file contents Kippo saves files downloaded files (wget) for later inspection

15 ~1 month old honeypot statistics
Attacks statistics: Total unique IP Addresses: 115 Overall attempts: Over 9000 Top 10 targeted accounts: root admin 100 - support 83 - ubnt 74 - oracle 62 - user 59 - git 45 - test 36 - pi 34 - minecraft Top 10 targeted passwords: 520 - 199 - admin 186 - root 143 - 138 - support 107 - password 87 - changeme

16 Honeypot trolling mechanism

Download ppt "Linux Security Presenter: Dolev Farhi (@0x6466) | dolev@dc416.com."

Similar presentations

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.

Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.
Managing User Settings with Group Policy

Managing User Settings with Group Policy
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Copyright 2010 Justin C. Klein Keane Using Kojoney Open Source Low Interaction Honeypot to Develop Defensive Strategies and Fingerprint Post-Compromise.

Copyright 2010 Justin C. Klein Keane Using Kojoney Open Source Low Interaction Honeypot to Develop Defensive Strategies and Fingerprint Post-Compromise.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
Department Of Computer Engineering

Department Of Computer Engineering
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.

Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
Module 16: Software Maintenance Using Windows Server Update Services.

Module 16: Software Maintenance Using Windows Server Update Services.
Microsoft ® Official Course Module 9 Configuring Applications.

Microsoft ® Official Course Module 9 Configuring Applications.
GROUP POLICY An overview of Microsoft Windows Group Policy.

GROUP POLICY An overview of Microsoft Windows Group Policy.
Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.

Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Linux Operations and Administration

Linux Operations and Administration
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
© 2005,2006 NeoAccel Inc. Partners Presentation SSL VPN-Plus 2.0 Quick Start Guide.

© 2005,2006 NeoAccel Inc. Partners Presentation SSL VPN-Plus 2.0 Quick Start Guide.
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam 70-217 Microsoft® Windows® 2000 Directory Services Infrastructure Goals 

5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam Microsoft® Windows® 2000 Directory Services Infrastructure Goals 
Instant Messaging for the Workplace A pure collaborative communication tool that does not distract users from their normal activities.

Instant Messaging for the Workplace A pure collaborative communication tool that does not distract users from their normal activities.
Instant Messaging for the Workplace A pure collaborative communication tool that does not distract users from their normal activities.

Instant Messaging for the Workplace A pure collaborative communication tool that does not distract users from their normal activities.

Similar presentations

Ads by Google