Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Unix Security Greg Porter Data Processing Manager USPFO For California.

Published byRandolf French Modified over 8 years ago

Similar presentations

Presentation on theme: "Introduction to Unix Security Greg Porter Data Processing Manager USPFO For California."— Presentation transcript:

1 Introduction to Unix Security Greg Porter Data Processing Manager USPFO For California

2 Go to dpnet.caus.ca.ngb.army.m il for the latest information A True Story We loaded linux on a PC, and connected it to the network. Some ‘script kiddie’ came along with a scanner and determined that the linux box had an unpatched bind service. Within hours, they hacked the box, got root access, and installed a ‘root kit’ to hide their tracks. Fortunately we run tools that allow us to detect and deny unauthorized access. Our Intrusion Detection System (IDS) found them. WITHOUT IDS YOU WILL NEVER KNOW. Proactive detection is your frontline defense. Don’t wait until bad guys are attacking the CP….

3 Go to dpnet.caus.ca.ngb.army.m il for the latest information Disclaimers IANASE I Am Not A Security Expert Existing CERT teams are unix illiterate ACERT approves security tools –NT point and click, no knowledge needed –You can’t afford them Proactive DP shops must do ‘self-help’ DP shops are not CERT teams

4 Go to dpnet.caus.ca.ngb.army.m il for the latest information Basic Security Steps Detect Them Stop them Document them Turn them in Harden your systems

5 Go to dpnet.caus.ca.ngb.army.m il for the latest information Detect Them Intrusion Detection System (IDS) –Not a firewall, more like a radar detector –Watches network traffic –Notifies you if suspect traffic is found –A good free system is snort, www.snort.org –Will run on low powered Pentium –READ YOUR LOGS!!!! Use an automatic log reader (Logcheck, www.psionic.com). No one has the time to read logs by hand.

6 Go to dpnet.caus.ca.ngb.army.m il for the latest information Stop Them Have a local firewall you control –OK, so it’s not an official ‘firewall’ –Could be same system as IDS –IDS could trigger firewall response –Will run on low powered Pentium with free software We use OpenBSD (www.openbsd.org) Refer to it as a ‘bridge’ or a ‘router’

7 Go to dpnet.caus.ca.ngb.army.m il for the latest information Document Them Compromise should be in your COOP plan Think ‘crime scene’, don’t destroy evidence Disconnect system from network Make an entire system backup for evidence Reload from media, binaries may be hacked If they got one, they probably got all –They sniffed your local net, all passwords stolen –Consider reload from media on all systems

8 Go to dpnet.caus.ca.ngb.army.m il for the latest information Turn Them In Your state CERT is your direct support –Probably new and inexperienced –Usually NT oriented, no unix knowledge –Assist them in escalating to NGB NGB CERT has some of the same problems, probably will be of little help LET SOMEONE HIGHER CALL THE FEDS or ACERT!

9 Go to dpnet.caus.ca.ngb.army.m il for the latest information Harden Your Systems Ideally they didn’t get in the door, the IDS and ‘firewall’ stopped them A good source of unix (and NT) hardening info is at www.sans.org The Bastille Linux hardening scripts have good ideas, but need tweaks for HP-UX http://www.bastille-linux.org/

10 Go to dpnet.caus.ca.ngb.army.m il for the latest information Harden Your Systems, Cont. Some things you can do now –CHECK YOUR LOGS!!! Use Logcheck, www.psionic.com –Turn off non-essential network services –Consider loading network related patches –Know if you are port-scanned, use PortSentry, www.psionic.com –Load TCPWrappers –Implement Secure Shell, kill telnet and ftp

11 Go to dpnet.caus.ca.ngb.army.m il for the latest information For More Information Check out DPNet –DP specific web site –Lots of topics, DP security discussion –Links to lots of good security sites –Our ‘how-tos’ on how to load for HP-UX –Get help in real-time http://dpnet.caus.ca.ngb.army.mil

Download ppt "Introduction to Unix Security Greg Porter Data Processing Manager USPFO For California."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Why ha.ckers. org doesn’t get hacked. Who we are. James Flom (id) COO SecTheory Ltd

Why ha.ckers. org doesn’t get hacked. Who we are. James Flom (id) COO SecTheory Ltd
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Cryptography and Network Security Chapter 20 Intruders

Cryptography and Network Security Chapter 20 Intruders
1 UNIX Postmortem Mark Henman. 2 Introduction For most system administrators, there is no question that at some point at least one of their systems is.

1 UNIX Postmortem Mark Henman. 2 Introduction For most system administrators, there is no question that at some point at least one of their systems is.
IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.

IT Security Doug Brown Jeff Bollinger. What is security? P.H.P. People Have Problems Security is the mitigation and remediation of human error in information.
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.

Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
Beth Johnson April 27, 1998. What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.

Beth Johnson April 27, What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
EMU/ICT Incident Response Team Firewall Access Session Presenter: IRT TEAM Member.

EMU/ICT Incident Response Team Firewall Access Session Presenter: IRT TEAM Member.
Computer Network (MASQ/NAT/PROXY)

Computer Network (MASQ/NAT/PROXY)
1 Computer Security: Protect your PC and Protect Yourself.

1 Computer Security: Protect your PC and Protect Yourself.
Introduction to Big Brother Greg Porter Data Processing Manager USPFO For California.

Introduction to Big Brother Greg Porter Data Processing Manager USPFO For California.
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
CIS 460 – Network Design Seminar Network Security Scanner Tool GFI LANguard.

CIS 460 – Network Design Seminar Network Security Scanner Tool GFI LANguard.
What Is A Trojan Horse? A Trojan horse is: An unauthorized program contained within a legitimate program. This unauthorized program performs functions.

What Is A Trojan Horse? A Trojan horse is: An unauthorized program contained within a legitimate program. This unauthorized program performs functions.
Honeypot and Intrusion Detection System

Honeypot and Intrusion Detection System
CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.

CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.
CIS 450 – Network Security Chapter 16 – Covering the Tracks.

CIS 450 – Network Security Chapter 16 – Covering the Tracks.

Similar presentations

Ads by Google