1 / 30

O.S security

O.S security. Ge Zhang Karlstad University. Outline. Why O.S. security is important? Security schemes in Unix/Linux system Security schemes in windows system. Why O.S. security is important?. Applications: my sql, apache, open office, firefox, etc. Operating system: Linux SUSE.

renee
Download Presentation

O.S security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. O.S security Ge Zhang Karlstad University

  2. Outline • Why O.S. security is important? • Security schemes in Unix/Linux system • Security schemes in windows system

  3. Why O.S. security is important? Applications: my sql, apache, open office, firefox, etc Operating system: Linux SUSE Hardware: memory, CPU, HD, etc • Application security can be bypassed from lower layer • Hardware layer is too narrow and inflexible • Application layer is too broad

  4. Security schemes in Unix/Linux • Account security • User authentication • File system security • File access control • Management issues • Audit log • Environment variables • Manage the superuser

  5. Account security (1) • User Accounts (/etc/passwd) • User name: a string up to 8 characters • User identities (UIDs) and group identities (GIDs) [Superuser (Root, UID=0)] • Unix does not distinguish between users with the same UID!!!! • Home directory • Shell root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/bin/bash jim:x:500:100:Jim Smith:/home/jim:/bin/bash

  6. Account security (2) • Shadow file (/etc/shadow) (only readable to the users with root privilege) • User name • Password (algorithm, salt, hashed password) • *: login is disabled • Empty: no password is required • Last password change • Minimum: the number of days left before the user is allowed to change his/her password • Maximum: The maximum number of days the password is valid (after that user is forced to change his/her password) root:$1$v3cNGjbW$WEvnoW8Cniswn3d:14523:0:99999:7::: bin:*:10933:0:99999:7::: jim::10933:0:99999:7:::

  7. Account security (3) salt Password (plaintext) One-way function Password (encrypted) root:$1$v3cNGjbW$WEvnoW8Cniswn3d:14523:0:99999:7::: bin:*:10933:0:99999:7::: jim::10933:0:99999:7:::

  8. Account security (4) • Groups • Users belong to one or more groups • To share files or other resource with a small number of users • Ease of user management (give privilege) • Group file (/etc/group) • Group name • Password • Group ID (GID) • Group list: members student:x:24:alice, bob, raj teacher:x:12:raj, nick

  9. File system (1) • The inode: each file entry in a directory is a pointer to a data structure • mode: types of file and access rights • uid: who is the owner • gid: group which owns the file • atime: access time • mtime: modification time • itime: inode alteration time • block count: size of file • physical location

  10. File system (2) • The type of the file: ‘-’ for regular file, ‘d’ for directory • File permissions • Link counter • Name of the owner and the group - rw-r--r-- 1 nick staff 1617 Oct 28 11:01 test.txt drwx------ 2 nick staff 512 Oct 25 17:55 tmp/

  11. File system (3) • Owner (r, w, x), group (r, w, x), other (r, w, x) • Two ways to represent • String: rwxr--r-- • Octal number: 744 • Default permissions: 666 or 777 • (umask): a three-digit number specifying the rights that should be withheld • Default permissions AND NOT umask • For example: umask 777 (denies all)

  12. File system (4) • Permission for directories • Read: find which files are in the directory (e.g., ls) • Write: add files or remove files • Execute: enter the directory and open files inside the directory (even for your own files)

  13. File system (5) • “a real pain if you try and install a permanent file in someone’s directory.” • Sticky bit: restrict the right to delete a file. • only the file's owner, the directory's owner, or the root can rename or delete files. drwxrwxrwx 4 root sys 485 Nov 10 06:01 /tmp drwxrwxrwt 4 root sys 485 Nov 10 06:01 /tmp

  14. File system (6) • Unix requires higher privilege temporarily to execute some operations • Change password • Open a port (0-123) • SUID (set userID), SGID (set groupID) • A user who is executing this program will get the privilege of the owner temporarily -rws--x--x 3 root root 16384 Nov 16 1996 passwd*

  15. Processes • Each process has a process ID (PID) • Two pairs of UID/GID for each process • A real UID/GID • An effective UID/GID • The login process

  16. File system (7) • To change the attributes • chmod • who: u, g, o, a • Permission: r, w, x, s, t • chmod 777 file • chmod o+r file • chown • chgrp

  17. File system (8) • How to set? • Need a fourth number • 4??? set user ID on execution • 2??? set group ID on execution • 1??? set sticky bit

  18. File system (9) • How to remove a file in a secure way? • Links • You removed the original file from its directory, but… • ncheck: list all links to a file • Furthermore, the file is not really deleted! • User wipe

  19. File system (9) • Protection of devices • Unix treats devices like files • Devices commonly found in the /dev is: • /dev/console • /dev/men • /dev/kmem Devices should be world-unreadable and world-unwritable

  20. Changing the root of the filesystem • Sandbox: access to objects outside the sandbox is prevented • chroot <directory> <command> • Changes the root directory from / to <directory> when <command> executes • For example, a web server

  21. Search path • Shell: a command line interpreter • For easy-to-use: user input command without specifying the full pathname • Searchpath in the .profile • PATH=.:$HOME/bin:/usr:/bin:/usr/bin:/usr/local:/usr/new:/usr/hosts

  22. Audit logs • /usr/adm/lastlog: records the last time a user has logged in • /usr/adm/utmp: records a list of users who are currently logged into a computer • /var/adm/wtmp: records every time a user logs in or logs out • /var/adm/acct: records all executed commands • Others: ps…

  23. Manage the superuser • Superuser is the major weakness • Compromise the account • Weak password • Change UID to 0 • Crash the process with root privillege • Presentation • Admin should not use root as their personal account (using SU, SUDO) • Strong password protection

  24. Windows security • Separation between user mode (ring 3) and kernel mode (ring 0) • User programs make API calls to invoke operating system services • Device drivers are running in kernel mode • Security subsystem • Log-on process (winlogon): the authentication process (winlogon.exe) • Local Security Authority (LSA): verification and auditing (lsass.exe) • Security Account Manager (SAM): user account database

  25. Domains • Domains: to facilitate single sign-on and centralized security administration • A domain is a collection of machines sharing a common user accounts database and security policy • DC: domain controller

  26. User authentication: interactive logon • Secure attention sequence CTRL+ALT+DEL • Winlogon.exe • Lsass.exe: verification • Start a shell (explorer.exe)

  27. Local Security settings

  28. Event viewer

  29. Key points (1) • The mechanism of user authentication in Unix. Where are the user’s account and password stored? • Root account • What is salt? How to use it and why it is important? • What is the “group” in Unix? Why to use it? • /etc/passwd, /etc/shadow, /etc/group • What are the A real UID/GID and An effective UID/GID? • What is an inode? • The permissions to access a file or a directory • umask • Sticky bit, SUID, SGID

  30. Key points (2) • chmod • How to delete a file in a secure way? • Protection of devices • Search path • Audit logs in windows and unix • Security subsystem in windows • Why users should press CTRL+ALT+DEL to get a logon window in windows?

More Related