Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Operating Systems Lesson C: Linux Security Features.

Published bySuzanna Floyd Modified over 8 years ago

Similar presentations

Presentation on theme: "Secure Operating Systems Lesson C: Linux Security Features."— Presentation transcript:

1 Secure Operating Systems Lesson C: Linux Security Features

2 Where are we?  Multics is beautiful, Multics is beautiful, Multics is beautiful…  And also, we’ve looked at some of the ways operating systems get broken  Let’s look at a well known OS today: Linux

3 Linux: Overview  Accounts, authentication  File permissions  Secure Access  Encrypted storage  Logging  Resource usage controls…  It’s a long list. Let’s take a look.

4 User Accounts  The Unix model is pretty straightforward  An entity has a user account; this account can be associated with groups  Usually, there is one superuser, root – this account has complete control of the system

5 PAM: Authentication  User accounts don’t help if you can’t authenticate, so Linux provides PAM Pluggable Authentication Module  PAM allows us fine grained support on logins and authentication Account modules: auth is valid under current conditions (time of day, phase of moon…) Authentication modules: authenticates the user Password modules: Updating passwords, and measuring password strength Session modules: things to do at the start and end of every session

6 Protection: Files  Files can be protected at the user, group, world, level  Valid permissions are read, write, execute  umask provides default permissions for a user on files and directories  Setuid bit – is this a vuln or a feature? Let’s discuss…

7 Secure Access  None of the above matters if we can’t log in to the box securely  Linux has a few features.  Most notably, we can restrict the places root can log in from – perhaps to a local physical console  All remote connections come in through sshd – compare to telnet

8 Encrypted storage  First, let’s be clear… what are we protecting from?  With that said, we can create an encrypted bootload and encrypted storage in Linux  Protecting the boot sequence is pretty important – we’ll revisit that when we look at Windows 8

9 Logging  Or even audit…there’s syslog and auditing  In more up to date Linii, there’s auditd Very flexible auditing system, that provides very granular logging of events Configured by audit rules Tampering?  At the less granular level, there’s syslog etc.  In essence: you have the ability to see, if you choose to look

10 Resource control  Linux can control how much of a resource a particular user uses, too  Quota can also provide hard limits

11 Non-Executable Memory  Linux has supported the NX bit for almost TEN years (!!!)  You do need to check your distribution and kernel configuration though  Remind me: what does this achieve?

12 ASLR  Yes, Linux has address space layout randomization as a kernel option

13 GCC assistance  Pointer encryption  -Wformat –Wformat-security Not much use if you don’t pay attention  -D_FORTIFY_SOURCE=2 –O2 – put in runtime and compile time checks on buffers  Built in stack canaries  Position Independent Executables (PIE)  ELF hardening (mark segments r/o before execution

14 Things to Do  Take a look at the little Linux machine you installed earlier in the semester. What security features are available? What areas can you harden the configuration. Tell me what you did to try and harden the OS…

15 Questions & Comments  What do you want to know?

Download ppt "Secure Operating Systems Lesson C: Linux Security Features."

Similar presentations

©2006 Microsoft Corporation. All rights reserved. Windows Vista Security Tidbits Steve Riley Senior Security Strategist Microsoft Corporation

©2006 Microsoft Corporation. All rights reserved. Windows Vista Security Tidbits Steve Riley Senior Security Strategist Microsoft Corporation
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.

Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
Secure Operating Systems Lesson 10: SCOMP. Where are we?  Multics is busy being explored, which is kind of cool…  But Multics wasn’t the end of custom.

Secure Operating Systems Lesson 10: SCOMP. Where are we?  Multics is busy being explored, which is kind of cool…  But Multics wasn’t the end of custom.
Chapter One The Essence of UNIX.

Chapter One The Essence of UNIX.
15.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.

15.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.
Linux’ Security Haifa Linux Club 21.10.99 Orr Dunkelman.

Linux’ Security Haifa Linux Club Orr Dunkelman.
CS 153 Design of Operating Systems Spring 2015 Lecture 19: Page Replacement and Memory War.

CS 153 Design of Operating Systems Spring 2015 Lecture 19: Page Replacement and Memory War.
Chapter 2 Accessing Your System and the Common Desktop Environment.

Chapter 2 Accessing Your System and the Common Desktop Environment.
Guide To UNIX Using Linux Third Edition

Guide To UNIX Using Linux Third Edition
TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.

TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.
 Contents 1.Introduction about operating system. 2. What is 32 bit and 64 bit operating system. 3. File systems. 4. Minimum requirement for Windows 7.

 Contents 1.Introduction about operating system. 2. What is 32 bit and 64 bit operating system. 3. File systems. 4. Minimum requirement for Windows 7.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Remote Assistance  Using this program you can allow someone to work on your computer, chat with you and view your screen with your permission  The other.

Remote Assistance  Using this program you can allow someone to work on your computer, chat with you and view your screen with your permission  The other.
A crash course in njit’s Afs

A crash course in njit’s Afs
Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.

Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Eucalyptus Virtual Machines Running Maven, Tomcat, and Mysql.

Eucalyptus Virtual Machines Running Maven, Tomcat, and Mysql.
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

Similar presentations

Ads by Google