1 / 29

SECURITY

SECURITY. - HARIPRIYA PURUSHOTHAMAN. SEVEN COMMON – SENSE RULES OF SECURITY. Avoid putting files on the system that are likely to be interesting to hackers Plug the holes that hackers can use to gain access to the system Don’t provide places for hackers to build nests on the system

fathia
Download Presentation

SECURITY

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SECURITY -HARIPRIYA PURUSHOTHAMAN

  2. SEVEN COMMON – SENSE RULES OF SECURITY • Avoid putting files on the system that are likely to be interesting to hackers • Plug the holes that hackers can use to gain access to the system • Don’t provide places for hackers to build nests on the system • Set the traps to detect intrusions and attempted intrusions

  3. RULES – CONTD • Monitor the reports generated by these security tools • Teach ourselves about UNIX system security • Prowl around looking for an unusual activity

  4. HOW THE SECURITY PROBLEMS ARE COMPROMISED • Unreliable wetware • Human users are the weakest links in the chain of security • Teaching the users about proper security hygiene • Software bugs • By exploiting the errors hackers could manipulate Unix into doing whatever they want • Keeping up wit patches and security bulletins • Open doors • Gaining access by exploiting software features that would be helpful • Making sure that we haven’t put a welcome mat for hackers

  5. /ETC/PASSWD FILE • Contents of this file determine who can log and what they can do once they get inside • This file is the systems first line of defense against the intruders • On FreeBSD systems this file is derived from /etc/master.passwd

  6. /ETC/PASSWD • Password checking and selection • Important to continually verify that every login has a password • Pseudo users should have a star(*) in the encrypted password field • Following command finds the null passwords perl –F: -ane ‘print if not $F[1];’ /etc/passwd • /etc/passwd and /etc/group must be readable by the world but writable only by the root

  7. /ETC/PASSWD • /etc/shadow file should be neither readable or writable by the world • Passwords are normally changed with passwd command

  8. /ETC/PASSWD • Need for Shadow passwords • Since /etc/passwd/ is world readable , encrypted password string is available to all the users • Evildoers can encrypt selected dictionaries or words and compare the results with the strings in the /etc/passwd and can find the password • To impose restrictions passwords are put in a separate file that is readable only by the root • This file wit the actual password information is then called the shadow password file

  9. /ETC/PASSWD • Group logins and shared logins • Instead of having “root” as a group login , use sudo program to control access to rootly powers • Password aging • Facility that allows us to compel the users to change their passwords • User shells • Rootly entries • More than one entry in the passwd file that uses UID of zero , so more than one way to log in as root • Defense against this subterfuge is a mini script perl –F: -ane ‘print if not $F[2];’ /etc/passwd

  10. SETUID PROGRAMS • Prone to security problems • Especially Setuid shellscripts cause security problems • Setuid and setgid could be disabled through the use of – o nosuid option to the mount • Disks should be scanned periodically to look for new setuid programs • For eg, find will mail a list of all setuid root files to the “netadmin”

  11. FILE PERMISSIONS • Device file /dev/kmem allows access to the kernels own virtual address space • This file should only be readable by the owner and group , never by the world • /dev/drum and /dev/mem provide unfettered access to the systems swap space and physical memory • /etc/passwd and /etc/group should not be world –writable and should have owner root

  12. FILE PERMISIONS • Directories that are accessible thru anonymous FTP should not be publicly writable • Only root should have both read and write permission on device disk file • Group owner is given read permissions to facilitate backups , but there shd be no permissions for the world

  13. MISCELLANEOUS SECURITY ISSUES • Remote event logging • Syslog allows log info for both the kernel and user processes to be forwarded to file , users or another host on our network • Secure host that acts as central logging machine and prints out security violations on an old line printer could be set up

  14. MISCELLANEOUS SECURITY ISSUES • Secure terminals • Secure channels are usually specified as a list of TTY devices or as a keyword in a configuration file • On solaris the file is /etc/default/login • On HP-UX and red hat linux , the file is /etc/securetty • On FreeBSD it is /etc/ttys

  15. MISCELLANEOUS SECURITY ISSUES • /etc/hosts.eqiv and ~/.rhosts • Allows users to login(via rlogin) and copy files(via rcp) without typing the passwords • The server processes rshd and rlogind that read them should be disabled

  16. MISCELLANEOUS SECURITY ISSUES • rexd,rexecd, and tftpd • Rexd- poorly secured remote command execution server which shd be disabled • Rexecd – another remote command execution daemon • Server for rexec library routine • requests sent to this include plaintext password • tftpd –server for Trivial File Transfer Protocol • Allows machines on the network to request files from ur hard disk

  17. MISCELLANEOUS SECURITY ISSUES • fingerd • finger prints a short report about the particular user • Information returned by finger user@host When supported by fingerd daemon on remote host is potentially useful to hackers • NIS (Network Information Service) • Sun database distribution tool that many sites use to maintain and distribute files • Easy information access for the hackers

  18. MISCELLANEOUS SECURITY ISSUES • Sendmail • Massive network system that runs as root • Often subjected to attacks of hackers and numerous vulnerabilities • Backups • Backup tapes shd be kept under lock and key • Trojan horses • Programs that are not what they seem to be

  19. SECURITY POWER TOOLS • Nmap - network port scanner • Checks a set of target hosts to see which TCP and UDP ports have servers listening to them • command looks like %nmap –sT host1.uexample.com • -sT argument asks nmap to try and connect to each TCP port on the target host in the normal way • It probes ports without initializing an actual connection • the –o option gives the nmap the ability to guess what OS a remote system is running

  20. SECURITY POWER TOOLS • SAINT : • Similar to nmap in finding out what servers they are running • Unlike nmap , it knows quite a lot about the actual UNIX server pgms and their vulnerabilities • Its user interface is entirely web based

  21. SECURITY POWER TOOLS • Crack: • Sophisticated tool that implements several password guessing techniques • Passwords should be crack resistant • tcpd: • Referred as “TCP wrappers” package • Allows to log connections to TCP services • Piggybacks on top of inetd

  22. SECURITY POWER TOOLS • COPS (Computer Oracle an Password System) • It’s a classic tool that identifies many classic security problems • Warns us of the potential problem by sending emails • tripwire • Monitors the permission and checksums of important system files so that we can easily detect files that have been replaced

  23. CRYPTOGRAPHIC SECURITY TOOLS • Kerberos • Its an authentication system • Facility that guarantees that users and services are in fact who they claim to be • Uses DES to construct nested set of credentials called “tickets”. • Tickets are passed around network to certify the identity and to provide access • It never transmits unencrypted passwords and relieves the users from typing the passwords repeatedly

  24. CRYPTOGRAPHIC SECURITY TOOLS • PGP :Pretty Good Privacy • Focused primarily on email security • Used to encrypt data , generate signatures and to verify the origin of files and messages • Software packages are often distributed with PGP signature file that guarantees the origin and purity of software

  25. CRYPTOGRAPHIC SECURITY TOOLS • SSH : the secure shell • Confirms user’s identity and encrypts all communications between two hosts • The server daemon sshd authenticates in different ways • Method A: user logged in automatically if the name of the remote host that user is logging is in ~/.rhosts or equivalent files • Method B: uses public key crytography to verify the identity of remote host • Method C : uses public key cryptography to establish users identity • Method D : allows user to enter his or her normal login password

  26. CRYPTOGRAPHIC SECURITY TOOLS • SRP : Secure Remote Password • Highly secure way to verify passwords over public network • telnet and ftp could be used • One Time Passwords in Everything • Instead of encrypting passwords , its jus made sure that they work only once • One time passwords are generated on our behalf

  27. FIREWALLS – basic tool for network security • Its only a supplemental security measure • Packet filtering firewalls • Limits the types of traffic that can pass thru the internet gateway based on information on the packet header • How the services are filtered • the daemons that provide these services bind to the appropriate ports and wait for connectiions from remote sites • Service specific filtering is based on the assumption that the client will use a non privileged port to contact a privileged port on the server

  28. FIREWALLS • Service proxy fire walls • service proxies intercepts the connections to and from the outside world • establishes new connections to services inside our network • Acts as a sort of shuttle or chaperone between the worlds . • Stateful inspection firewalls • Designed to inspect the traffic that flows through them and compare the actual network activity to what “should” be happening

  29. What to do when a site has been attacked • Don’t panic • Decide on an appropriate level of response • Hoard all available tracking information • Assess your degree of exposure • Pull the plug • Devise a recovery plan • Communicate the recovery plan • Implement the recovery plan • Report the incident to authorities

More Related