1 / 17

Security Issues in Unix OS

Security Issues in Unix OS. Saubhagya Joshi Suroop Mohan Chandran. Contents. Current scenario Major players General threats Top ten Unix threats Taxonomy of threats Examples Security Management. Major Players. NIST, CERT, SANS Institute, CERIAS, Mitre Inc. Database + Tools

akiko
Download Presentation

Security Issues in Unix OS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Security Issues in Unix OS Saubhagya Joshi Suroop Mohan Chandran

  2. Contents • Current scenario • Major players • General threats • Top ten Unix threats • Taxonomy of threats • Examples • Security Management Security Management

  3. Major Players • NIST, CERT, SANS Institute, CERIAS, Mitre Inc. • Database + Tools • CVE (121 vulnerabilities out of 3052 unique entries, CVE Version Number: 20040901) • ICAT (213 out of 7493 vulnerabilities) • Cassandra Security Management

  4. General threats Attacks • Denial of Service (DoS) • Spoofing • Privilege Elevation • Repudiation • Replay Attacks • Viruses/Trojans/Worms • Disclosure of Information • Sabotage/Tampering • People (malicious, ignorance) • Physical • Communications • Operations • OS flaws Security Management

  5. Top Ten Vulnerabilities (SANS Institute + FBI) • BIND Domain Name System • Web Server (CGI scripts) • Authentication (weak, default or no password) • Version Control Systems (buffer overflow on CVS) • Mail Transport Service (insecure SMTP & MTA) • Simple Network Management Protocol (SNMP) • Remotely manage systems, printers, routers • Open Secure Sockets Layer (SSL) • Mainly buffer overflow (POP3, IMAP, LDAP, SMTP) • Misconfiguration of Enterprise Services NIS/NFS • Databases (MySQL, POSTgreSQL, Oracle) • Kernel Security Management

  6. Taxonomy operational coding environment configuration synchronization condition validation Incorrect permission Race condition Utility in wrong place Failure to handle exception Improper/inadequate Incorrect setup parameters Origin validation Input validation Field value correlation Boundary condition syntax Access right validation Type and number of input Missing input Security Management Extraneous input Source:Taimur Aslam, Taxonomy of Security Faults in Unix OS, Purdue University, 1995

  7. Operational Examples operational coding environment configuration synchronization • tftp (trivial file transfer protocol) • disclosure of information • sendmail wizard mode • WIZ command • default password = “wizzywoz” condition validation Incorrect permission Race condition Utility in wrong place Failure to handle exception Improper/inadequate Incorrect setup parameters Origin validation Input validation Field value correlation Boundary condition syntax Access right validation Type and number of input Missing input Security Management Extraneous input

  8. Synchronization Examples operational coding environment configuration synchronization condition validation Incorrect permission • “xterm” (window interface in X windows) • mknod foo p • xterm –lf foo • mv foo junk • ln –s /etc/passwd foo • cat junk • if run as root, existing files may be replaced Race condition Utility in wrong place Failure to handle exception Improper/inadequate Incorrect setup parameters Origin validation Input validation Field value correlation Boundary condition syntax Access right validation Type and number of input Missing input Security Management Extraneous input

  9. /etc/exports (SunOS4.1) • rcp (remote copy) • Redirect characters from other user’s terminal • uux rem_machine ! rmail anything & command • fsck repairs file consistency -- If fsck fails during bootup, privileged shell starts as root Condition Validation Example operational coding environment configuration synchronization condition validation Incorrect permission Race condition Utility in wrong place Failure to handle exception Improper/inadequate Incorrect setup parameters Origin validation Input validation Field value correlation Boundary condition syntax Access right validation Type and number of input Missing input Security Management Extraneous input

  10. Environment Examples operational coding environment configuration synchronization condition validation Incorrect permission • “exec” system call • executes some executable object file or data file conaining commands • SunOS version 3.2 and early • link with name = “-i” • exec –i (becomes interactive mode Race condition Utility in wrong place Failure to handle exception Improper/inadequate Incorrect setup parameters Origin validation Input validation Field value correlation Boundary condition syntax Access right validation Type and number of input Missing input Security Management Extraneous input

  11. Security Management in UNIX • US/CERT, AUSCERT - UNIX Security Checklist (2001) • US/CERT, AUSCERT – Steps to Recover from a UNIX or NT System compromise (2000) Security Management

  12. UNIX Security Checklist v2.0 • The First Step • Basic Operating System • Major Services • Specific Operating Systems Security Management

  13. The First Step • Update software and security Patches of the OS. • Make sure that all security mechanisms like Digital signatures and hashing schemes are up to date. • Keep track of all updates to the OS and the services. Security Management

  14. Basic Operating System • Network Services • Network Administration • File System Security • Account Security • System Monitoring Security Management

  15. Major Services • Name Service • Electronic Mail • Web Security • FTP – ftp and anonymous ftp • File Services • X-Windows System Security Management

  16. Specific Operating Systems • BSD-Derived Operating Systems • Linux Distributions • Solaris • IRIX • HP-UX • Digital/Compaq Tru64 UNIX • AIX Security Management

  17. Steps to Recover from a Compromise • Before you get Started • Regain Control • Analyze the Intrusion • Contact relevant CSIRT and other sites involved • Recover from the intrusion • Improve the security of the system and network • Reconnect to the Internet • Update your Security Policy Security Management

More Related