Presentation is loading. Please wait.

Presentation is loading. Please wait.

IS3440 Linux Security Unit 2 Securing a Linux Platform―Core Components

Published byJocelin Malone Modified over 5 years ago

Similar presentations

Presentation on theme: "IS3440 Linux Security Unit 2 Securing a Linux Platform―Core Components"— Presentation transcript:

1 IS3440 Linux Security Unit 2 Securing a Linux Platform―Core Components

2 Class Agenda 3/23/16 Covers Chapter 2 and 3 Learning Objectives
Lesson Presentation and Discussions. Discussion on Assignments. Discussion on Lab Activities. Lab will be perform in class. Break Times as per School Regulations. Quiz 3.1 will be held in the next class. It will cover chapter 1 to 3

3 Learning Objective Configure the basic settings to secure a Linux platform.

4 Key Concepts Secure boot loaders
Security considerations while using kernel and user space components Discretionary access control (DAC) and access control lists (ACLs) Mandatory access control (MAC) with Security Enhanced Linux (SELinux) Concepts of a packet filtering firewall

5 Linux Kernel more robust-Monolithic and modular.
Open source-source code available Developers are mostly volunteers. The Kernel can be customized-recompiled Is Multi-User Operating System Can be configured as a Domain Controller for Windows

6 Full function Linux can be booted from CD or a USB
Security challenges Full function Linux can be booted from CD or a USB Linux can be booted with admin privilege without a password Security issued of booting from CDs or USB. Students should explore. The GUI pose security risk Many distribution with variety of desktop.

7 Common Boot Loaders Grand Unified Bootloader (GRUB)
Linux Loader (LILO) Loadlin Universal Bootloader (U-Boot)

8

9 GRUB need to be hardened.

10 GRUB Configuration Options
Comments default=0 This option is for default kernel to boot. When multiple kernels are listed, the first one in the list will start at zero. timeout=0 This option sets the time out to zero. color green/blue This option specifies the color for the GRUB screen. In this case, green is the foreground color and blue is the background color. password – md5 <encrypted password> This option is for the encrypted password. splashimage=(hd0,0)/grub/splash.xpm.gz This option is for “splash” image that shows when you access the GRUB menu.

11 Enable firewall

12 The Linux Firewall Location of netfilter Location of iptables User
Kernel Space User Space Hardware User

13 Sudo Access

14 Access control mechanisms
Layered Security Physical security Firewall Access control mechanisms Encryption Monitoring Backups

15 SELinux

16 Common Linux Access Controls
MAC allows the file sharing service to interact with the shared filesystem. DAC provides the required permissions to access files. The firewall allows user access based on the file service port and user’s Internet Protocol address.

17 Immutable permission

18 Special Permission

19 Access Control Mechanisms
11/27/2018 Access Control Mechanisms DAC Defines the access control for objects in the filesystem ACLs Grants “special” permissions to users or groups for an object in the filesystem that are not specified in the DAC permissions MAC Adds additional categories to objects in the filesystem DAC: For example, user Joe owns the file “readme.txt” and gives read access permission to everyone but only Joe has the write permissions. MAC: Any user or process accessing the object must have proper access before interacting with it. (c) ITT Educational Services, Inc.

20 Kernel Space Kernel Space has access and can control all aspects of a Linux system. Loadable kernel modules (LKMs) are a common avenue for rootkits.

21 User Space User space is the most likely avenue that black-hat hackers attempt to exploit the Linux system. It is common for black-hat hackers to gain unauthorized access simply by guessing an easy password from a user account.

22 Importance of a Firewall
Firewall on each host server provides an additional layer of security: If the network perimeter firewall allows unauthorized traffic into the network, firewall protects servers from the unauthorized traffic. Firewall provides additional protection to host servers if a rogue program infects the local area network (LAN).

23 Importance of Securing Core Components
Default settings, improper file permissions, and insecure user accounts are common methods used by black-hat hackers to gain unauthorized access. Best practices and compliance standards require basic security and can result in hefty fines, if not followed.

24 Summary In this presentation, the following concepts were covered:
Common boot loaders The process of Linux access control Access control mechanisms such as DAC, ACL, and MAC Considerations for using kernel space and user space Importance of firewall and securing core components

25 Discussion 2.1 Identifying Layers of Access Control in Linux
Discussions and Lab Discussion 2.1 Identifying Layers of Access Control in Linux Lab 2.2 Configure Basic Security Controls on a Fedora Linux Server

Download ppt "IS3440 Linux Security Unit 2 Securing a Linux Platform―Core Components"

Similar presentations

Planning and Administering Windows Server® 2008 Servers

Planning and Administering Windows Server® 2008 Servers
INSTALLING LINUX.  Identify the proper Hardware  Methods for installing Linux  Determine a purpose for the Linux Machine  Linux File Systems  Linux.

INSTALLING LINUX.  Identify the proper Hardware  Methods for installing Linux  Determine a purpose for the Linux Machine  Linux File Systems  Linux.
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Strategies in Linux Platforms and.

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
History DHCP was first defined as a standards track protocol in RFC 1531 in October 1993, as an extension to the Bootstrap Protocol (BOOTP). The motivation.

History DHCP was first defined as a standards track protocol in RFC 1531 in October 1993, as an extension to the Bootstrap Protocol (BOOTP). The motivation.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Linux+ Guide to Linux Certification, Second Edition Chapter 3 Linux Installation and Usage.

Linux+ Guide to Linux Certification, Second Edition Chapter 3 Linux Installation and Usage.
Lesson 4-Installing Network Operating Systems. Overview Installing and configuring Novell NetWare 6.0. Installing and configuring Windows 2000 Server.

Lesson 4-Installing Network Operating Systems. Overview Installing and configuring Novell NetWare 6.0. Installing and configuring Windows 2000 Server.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Linux Security.

Linux Security.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Strategies in Linux Platforms and.

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.
© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.

© 2010 VMware Inc. All rights reserved VMware ESX and ESXi Module 3.
Chapter 11: Dial-Up Connectivity in Remote Access Designs

Chapter 11: Dial-Up Connectivity in Remote Access Designs
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
Securing a Wireless Network

Securing a Wireless Network

Similar presentations

Ads by Google