Security Issues in Unix OS - PowerPoint PPT Presentation
Title:
Security Issues in Unix OS
Description:
CVE (121 vulnerabilities out of 3052 unique entries, CVE ... Mainly buffer overflow (POP3, IMAP, LDAP, SMTP) Misconfiguration of Enterprise Services NIS/NFS ... – PowerPoint PPT presentation
Number of Views:358
Avg rating:3.0/5.0
Title: Security Issues in Unix OS
1
Security Issues in Unix OS
- Saubhagya Joshi
- Suroop Mohan Chandran
2
Contents
- Current scenario
- Major players
- General threats
- Top ten Unix threats
- Taxonomy of threats
- Examples
- Security Management
3
Major Players
- NIST, CERT, SANS Institute, CERIAS, Mitre Inc.
- Database Tools
- CVE (121 vulnerabilities out of 3052 unique
entries, CVE Version Number 20040901) - ICAT (213 out of 7493 vulnerabilities)
- Cassandra
4
General threats
- Attacks
- Denial of Service (DoS)
- Spoofing
- Privilege Elevation
- Repudiation
- Replay Attacks
- Viruses/Trojans/Worms
- Disclosure of Information
- Sabotage/Tampering
- People (malicious, ignorance)
- Physical
- Communications
- Operations
- OS flaws
5
Top Ten Vulnerabilities (SANS Institute FBI)
- BIND Domain Name System
- Web Server (CGI scripts)
- Authentication (weak, default or no password)
- Version Control Systems (buffer overflow on CVS)
- Mail Transport Service (insecure SMTP MTA)
- Simple Network Management Protocol (SNMP)
- Remotely manage systems, printers, routers
- Open Secure Sockets Layer (SSL)
- Mainly buffer overflow (POP3, IMAP, LDAP, SMTP)
- Misconfiguration of Enterprise Services NIS/NFS
- Databases (MySQL, POSTgreSQL, Oracle)
- Kernel
6
Taxonomy
coding
operational
environment
configuration
synchronization
condition validation
Incorrect permission
Race condition
Utility in wrong place
Failure to handle exception
Improper/inadequate
Incorrect setup parameters
Origin validation
Input validation
Field value correlation
Boundary condition
syntax
Access right validation
Type and number of input
Missing input
Extraneous input
Source Taimur Aslam, Taxonomy of Security Faults
in Unix OS, Purdue University, 1995
7
Operational Examples
coding
operational
environment
configuration
synchronization
- tftp (trivial file transfer protocol)
- disclosure of information
- sendmail wizard mode
- WIZ command
- default password wizzywoz
condition validation
Incorrect permission
Race condition
Utility in wrong place
Failure to handle exception
Improper/inadequate
Incorrect setup parameters
Origin validation
Input validation
Field value correlation
Boundary condition
syntax
Access right validation
Type and number of input
Missing input
Extraneous input
8
Synchronization Examples
coding
operational
environment
configuration
synchronization
condition validation
Incorrect permission
- xterm (window interface in X windows)
- mknod foo p
- xterm lf foo
- mv foo junk
- ln s /etc/passwd foo
- cat junk
- if run as root, existing files may be
replaced
Race condition
Utility in wrong place
Failure to handle exception
Improper/inadequate
Incorrect setup parameters
Origin validation
Input validation
Field value correlation
Boundary condition
syntax
Access right validation
Type and number of input
Missing input
Extraneous input
9
Condition Validation Example
- /etc/exports (SunOS4.1)
- rcp (remote copy)
- Redirect characters from other users terminal
- uux rem_machine ! rmail
- anything command
- fsck repairs file consistency
- -- If fsck fails during bootup, privileged shell
starts as root
coding
operational
environment
configuration
synchronization
condition validation
Incorrect permission
Race condition
Utility in wrong place
Failure to handle exception
Improper/inadequate
Incorrect setup parameters
Origin validation
Input validation
Field value correlation
Boundary condition
syntax
Access right validation
Type and number of input
Missing input
Extraneous input
10
Environment Examples
coding
operational
environment
configuration
synchronization
condition validation
Incorrect permission
- exec system call
- executes some executable object file or data
file conaining commands - SunOS version 3.2 and early
- link with name -i
- exec i (becomes interactive mode
Race condition
Utility in wrong place
Failure to handle exception
Improper/inadequate
Incorrect setup parameters
Origin validation
Input validation
Field value correlation
Boundary condition
syntax
Access right validation
Type and number of input
Missing input
Extraneous input
11
Security Management in UNIX
- US/CERT, AUSCERT - UNIX Security Checklist
(2001) - US/CERT, AUSCERT Steps to Recover from a UNIX
or NT System compromise (2000)
12
UNIX Security Checklist v2.0
- The First Step
- Basic Operating System
- Major Services
- Specific Operating Systems
13
The First Step
- Update software and security Patches of the OS.
- Make sure that all security mechanisms like
Digital signatures and hashing schemes are up to
date. - Keep track of all updates to the OS and the
services.
14
Basic Operating System
- Network Services
- Network Administration
- File System Security
- Account Security
- System Monitoring
15
Major Services
- Name Service
- Electronic Mail
- Web Security
- FTP ftp and anonymous ftp
- File Services
- X-Windows System
16
Specific Operating Systems
- BSD-Derived Operating Systems
- Linux Distributions
- Solaris
- IRIX
- HP-UX
- Digital/Compaq Tru64 UNIX
- AIX
17
Steps to Recover from a Compromise
- Before you get Started
- Regain Control
- Analyze the Intrusion
- Contact relevant CSIRT and other sites involved
- Recover from the intrusion
- Improve the security of the system and network
- Reconnect to the Internet
- Update your Security Policy
Recommended
CrystalGraphics Presentations
