INLS 187 - PowerPoint PPT Presentation

1 / 16
About This Presentation
Title:

INLS 187

Description:

In the early days, 'UNIX' and 'security' were a contradiction in terms ... sometimes necessary, but can create gaping security holes (remember, root can do ... – PowerPoint PPT presentation

Number of Views:98
Avg rating:3.0/5.0
Slides: 17
Provided by: BB16
Category:
Tags: inls | gaping

less

Transcript and Presenter's Notes

Title: INLS 187


1
INLS 187
  • September 23, 2004
  • Network and System Security

2
UNIX System Security
  • In the early days, UNIX and security were a
    contradiction in terms
  • Original system had plaintext passwords only, no
    concept of separate users, groups, etc.
  • NIX security has come a long way to arrive at
    what you see today
  • Along the way, companies often shipped systems
    wide open and you were supposed to lock them down
    as you saw fitcontrast with today

3
Basic concepts
  • Two basic ways of preventing security problems in
    UNIX
  • Passwordsdesigned to prevent unauthorized access
  • File permissionsallow access control over users
    on the system
  • Root, or superuser account has complete access

4
More basic concepts
  • /etc/passwd is the UNIX password fileworld
    readable
  • /etc/shadow holds shadow passwordsonly
    readable by root
  • The concept of groups was soon added to solve
    workgroup-related access control problems
  • /etc/group

5
System logins
  • In a big enough environment, logins may be
    handles centrally using NIS (yellowpages), AFS,
    Kerberos, or another system

6
File and directory permissions
  • Symbolic file access modes
  • ls l command reveals file access information
  • Three operationsreading, writing, executing
  • Three tiers of privilegeowner, group, and other
  • Nine slots 1 (called the mode)

7
Useful features of ls
  • Not only can ls show you the access rights, it
    can also show you
  • Owner
  • Group
  • Creation timestampactually, denotes last
    change to inode (ctime)
  • Last modification timestamp (mtime)
  • Last access timestamp (atime)

8
Setting permissions
  • ls command also reveals owner group
  • chmod or change mode command allows you to set
    or change file/directory permissions
  • -rwxrxwrxw
  • drwxrwxrwx
  • srwxrwxrwx

9
Setting permissions
  • Two ways to do this
  • Use the alpha charactes
  • Octal notation

10
Changing owner or group
  • Other commands allow you to change the owner,
    group, or both
  • chown
  • chgrp
  • chown usergroup

11
File mode
  • Denotes a directory
  • Denotes special files such as block special or
    character special files (not really
    security-related, so read about these offline)
  • Also can denote suid root filesfiles that if
    run, run as root
  • Suid is sometimes necessary, but can create
    gaping security holes (remember, root can do
    anything and by setting the sticky bit, you are
    handing over the keys to the castle in a sense)

12
Sticky bit
  • If a user has file write permission on a
    directory, they can rename or remove any files
    underneath
  • This can be prevented by setting the sticky bit
    on the directory
  • Chmod 1777 test

13
Other useful tools
  • ps command view running processes
  • who
  • last
  • uptime
  • netstat
  • setting the umask

14
Okay, now Windows
  • Windows security is now very similar to that of
    UNIX
  • Concept of users and groups exists
  • All GUI based, however
  • Windows password file is very cryptic and
    obscure, but not really any more secure

15
Windows Logins
  • Using active directory or netbios, users can
    login to multiple different workstations
  • Can also substitute AFS or Kerberos to achieve
    the same things
  • UNC GINA
  • Novell Netware

16
File access in Windows
  • Demonstrate
Write a Comment
User Comments (0)
About PowerShow.com