Presentation is loading. Please wait.

Presentation is loading. Please wait.

SECURITY IN THE LINUX OPERATING SYSTEM

Published byLiani Budiaman Modified over 5 years ago

Similar presentations

Presentation on theme: "SECURITY IN THE LINUX OPERATING SYSTEM"— Presentation transcript:

1 SECURITY IN THE LINUX OPERATING SYSTEM
Andy Saxena Somudra Chakraborty CSE 258, Fall 1999

2 Introduction Linux is a multi-user operating system.
Security mechanisms must allow users to service their legitimate needs without compromising the server system security. Private data must still remain private, Resource and file management must maintain integrity; User privileges must still be granted. Overall system stability and correctness cannot suffer.

3 External Security User login Uses passwords for authentication
Passwords encrypted using DES “Shadow Technique” to hide encrypted password - /etc/shadow

4 External Security Password Shadowing /etc/passwd :
user:passwd:UID:GID:full_name:home_directory:shell /etc/shadow user:x:UID:GID:full_name:home_directory:shell Shadowing does not change the structure of /etc/passwd It simply moves the passwords.

5 External Security Password Attacks Brute Force
Cycle through all 256 possible keys until one works July 17,1998, Deep Crack cracked the 56-bit key 56 hours. Dictionary Attack Search key space that comprises weak passwords Crack-

6 External Security Remote Access Precautions
Secure Shell - Replaces telnet, rlogin, ftp Provides secure means of data transmission Insecure networks are no loner a problem

7 External Security SSH - 3 major components
Transport Layer [SSH-TRANS] - provide server authentication, confidentiality, and integrity User authentication protocol [SSH-USERAUTH] - runs over the transport layer protocol, authenticates the client- side user to the server Connection protocol [SSH-CONN] - runs over the user authentication protocol, multiplexes the encrypted tunnel into several logical channels

8 External Security Administering Trusted Users and Hosts
The .rhosts file exists in a user's home directory Specifies trusted hosts based on the user’s choice More headaches for administrator - loss of control Solution - disable or monitor contents. Limiting User Access to System Resources In /etc/pam.d/limits.conf Limit processes per user. Limit memory usage.

9 Internal Security 5 functional mechanisms implemented
audit trail mechanisms, discretionary access control, information labels, mandatory access control and privilege.

10 Internal Security Audit Trail Functionality
System generated records - Include system and kernel messages syslogd & klogd ---> /var/log/messages syslogd -> program name, facility type, priority, etc. klogd -> intercepts and logs kernel messages Application generated records - Store in user-managed space. Limit User Access to System Resources In /etc/pam.d/limits.conf Limit processes per user. Limit memory usage.

11 Internal Security Discretionary Access Control (DAC)
Limit a user’s access to a file. Let owner determine file access permissions. Information Labels Contain file information about origin of file, a release marking, DAC advisories, project related information, etc. Purpose - tracking

12 Internal Security Privilege (Dynamic implementation)
Elevating subject permissions temporarily. Let’s subject override access access control information for an object. Set SUID bit Mandatory Access Control Protection decisions must not be decided by the object owner. The system must enforce the protection decisions.

13 Internal Security File Access
Permission Bit Mechanism (Part of DAC) is implemented. Read, write, execute permissions for owner, group and other. 10 bits used. ACL object. Groups Grant privileges to a group of users. Information stored in the groups vector in the task_struct(defined in sched.h).

14 Internal Security Memory Access Each process has its own page table.
All memory access via page table. Easy for OS to terminate process which references an invalid memory address. Access control information for page held in the page table entry (PTE). Prevents executable code from being overwritten Separates kernel code and user code.

15 Internal Security Memory Access
KRE Code running in kernel mode can read this page URE Code running in user mode can read this page KWE Code running in kernel mode can write to this page UWE Code running in user mode can write to this page

16 Internal Security Process Execution Control
Kernel generates signals to executing processes. Processes may choose to ignore most signals. Cannot ignore SIGSTOP and SIGKILL SIGSTOP - Halt execution. SIGKILL - Terminate process. This is a mandatory access control implementation.

17 Conclusion Linux is a versatile OS.
Security implementation in the OS is spread throughout the system - memory management, file management, process management, etc. Therefore every aspect of security needs to be configured from scratch since default is not maximum security.

Download ppt "SECURITY IN THE LINUX OPERATING SYSTEM"

Similar presentations

Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Access Control Methodologies

Access Control Methodologies
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.

Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
SSH: An Internet Protocol By Anja Kastl IS 373 - World Wide Web Standards.

SSH: An Internet Protocol By Anja Kastl IS World Wide Web Standards.
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.

CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Operating System Security Chapter 9. Operating System Security Terms and Concepts An operating system manages and controls access to hardware components.

Operating System Security Chapter 9. Operating System Security Terms and Concepts An operating system manages and controls access to hardware components.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
Linux Security.

Linux Security.
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
Computation for Physics 計算物理概論 Introduction to Linux.

Computation for Physics 計算物理概論 Introduction to Linux.
Systems Security & Audit Operating Systems security.

Systems Security & Audit Operating Systems security.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.

Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
Andreas Steffen, 15.11.2011, 11-SSH.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen M. Liebi Institute for Internet Technologies and Applications.

Andreas Steffen, , 11-SSH.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen M. Liebi Institute for Internet Technologies and Applications.
Operating System Security. OS manages and controls access to hardware components Older OSs focused on ensuring data confidentiality Modern operating systems.

Operating System Security. OS manages and controls access to hardware components Older OSs focused on ensuring data confidentiality Modern operating systems.
The protection of the DB against intentional or unintentional threats using computer-based or non- computer-based controls. Database Security – Part 2.

The protection of the DB against intentional or unintentional threats using computer-based or non- computer-based controls. Database Security – Part 2.
Breno de MedeirosFlorida State University Fall 2005 Windows servers The NT security model.

Breno de MedeirosFlorida State University Fall 2005 Windows servers The NT security model.
Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.

Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.

Similar presentations

Ads by Google