SECURITY - PowerPoint PPT Presentation

1 / 29
About This Presentation
Title:

SECURITY

Description:

... links in the chain of security. Teaching the users about proper security hygiene. Software bugs ... Keeping up wit patches and security bulletins. Open doors ... – PowerPoint PPT presentation

Number of Views:90
Avg rating:3.0/5.0
Slides: 30
Provided by: hari8
Category:

less

Transcript and Presenter's Notes

Title: SECURITY


1
SECURITY
  • -HARIPRIYA PURUSHOTHAMAN

2
SEVEN COMMON SENSE RULES OF SECURITY
  • Avoid putting files on the system that are likely
    to be interesting to hackers
  • Plug the holes that hackers can use to gain
    access to the system
  • Dont provide places for hackers to build nests
    on the system
  • Set the traps to detect intrusions and attempted
    intrusions

3
RULES CONTD
  • Monitor the reports generated by these security
    tools
  • Teach ourselves about UNIX system security
  • Prowl around looking for an unusual activity

4
HOW THE SECURITY PROBLEMS ARE COMPROMISED
  • Unreliable wetware
  • Human users are the weakest links in the chain of
    security
  • Teaching the users about proper security hygiene

  • Software bugs
  • By exploiting the errors hackers could manipulate
    Unix into doing whatever they want
  • Keeping up wit patches and security bulletins
  • Open doors
  • Gaining access by exploiting software features
    that would be helpful
  • Making sure that we havent put a welcome mat for
    hackers

5
/ETC/PASSWD FILE
  • Contents of this file determine who can log and
    what they can do once they get inside
  • This file is the systems first line of defense
    against the intruders
  • On FreeBSD systems this file is derived from
    /etc/master.passwd

6
/ETC/PASSWD
  • Password checking and selection
  • Important to continually verify that every login
    has a password
  • Pseudo users should have a star() in the
    encrypted password field
  • Following command finds the null passwords
  • perl F -ane print if not F1 /etc/passwd
  • /etc/passwd and /etc/group must be readable by
    the world but writable only by the root

7
/ETC/PASSWD
  • /etc/shadow file should be neither readable or
    writable by the world
  • Passwords are normally changed with passwd
    command

8
/ETC/PASSWD
  • Need for Shadow passwords
  • Since /etc/passwd/ is world readable , encrypted
    password string is available to all the users
  • Evildoers can encrypt selected dictionaries or
    words and compare the results with the strings in
    the /etc/passwd and can find the password
  • To impose restrictions passwords are put in a
    separate file that is readable only by the root
  • This file wit the actual password information is
    then called the shadow password file

9
/ETC/PASSWD
  • Group logins and shared logins
  • Instead of having root as a group login , use
    sudo program to control access to rootly powers
  • Password aging
  • Facility that allows us to compel the users to
    change their passwords
  • User shells
  • Rootly entries
  • More than one entry in the passwd file that uses
    UID of zero , so more than one way to log in as
    root
  • Defense against this subterfuge is a mini script

  • perl F -ane print if not F2
    /etc/passwd

10
SETUID PROGRAMS
  • Prone to security problems
  • Especially Setuid shellscripts cause security
    problems
  • Setuid and setgid could be disabled through the
    use of o nosuid option to the mount
  • Disks should be scanned periodically to look for
    new setuid programs
  • For eg, find will mail a list of all setuid root
    files to the netadmin

11
FILE PERMISSIONS
  • Device file /dev/kmem allows access to the
    kernels own virtual address space
  • This file should only be readable by the owner
    and group , never by the world
  • /dev/drum and /dev/mem provide unfettered access
    to the systems swap space and physical memory
  • /etc/passwd and /etc/group should not be world
    writable and should have owner root

12
FILE PERMISIONS
  • Directories that are accessible thru anonymous
    FTP should not be publicly writable
  • Only root should have both read and write
    permission on device disk file
  • Group owner is given read permissions to
    facilitate backups , but there shd be no
    permissions for the world

13
MISCELLANEOUS SECURITY ISSUES
  • Remote event logging
  • Syslog allows log info for both the kernel and
    user processes to be forwarded to file , users or
    another host on our network
  • Secure host that acts as central logging machine
    and prints out security violations on an old line
    printer could be set up

14
MISCELLANEOUS SECURITY ISSUES
  • Secure terminals
  • Secure channels are usually specified as a list
    of TTY devices or as a keyword in a configuration
    file
  • On solaris the file is /etc/default/login
  • On HP-UX and red hat linux , the file is
    /etc/securetty
  • On FreeBSD it is /etc/ttys

15
MISCELLANEOUS SECURITY ISSUES
  • /etc/hosts.eqiv and /.rhosts
  • Allows users to login(via rlogin) and copy
    files(via rcp) without typing the passwords
  • The server processes rshd and rlogind that read
    them should be disabled

16
MISCELLANEOUS SECURITY ISSUES
  • rexd,rexecd, and tftpd
  • Rexd- poorly secured remote command execution
    server which shd be disabled
  • Rexecd another remote command execution daemon

  • Server for rexec library routine
  • requests sent to this include plaintext password

  • tftpd server for Trivial File Transfer
    Protocol
  • Allows machines on the network to request files
    from ur hard disk

17
MISCELLANEOUS SECURITY ISSUES
  • fingerd
  • finger prints a short report about the particular
    user
  • Information returned by
  • finger user_at_host
  • When supported by fingerd daemon on remote host
    is potentially useful to hackers
  • NIS (Network Information Service)
  • Sun database distribution tool that many sites
    use to maintain and distribute files
  • Easy information access for the hackers

18
MISCELLANEOUS SECURITY ISSUES
  • Sendmail
  • Massive network system that runs as root
  • Often subjected to attacks of hackers and
    numerous vulnerabilities
  • Backups
  • Backup tapes shd be kept under lock and key
  • Trojan horses
  • Programs that are not what they seem to be

19
SECURITY POWER TOOLS
  • Nmap - network port scanner
  • Checks a set of target hosts to see which TCP and
    UDP ports have servers listening to them
  • command looks like
  • nmap sT host1.uexample.com
  • -sT argument asks nmap to try and connect to each
    TCP port on the target host in the normal way
  • It probes ports without initializing an actual
    connection
  • the o option gives the nmap the ability to
    guess what OS a remote system is running

20
SECURITY POWER TOOLS
  • SAINT
  • Similar to nmap in finding out what servers they
    are running
  • Unlike nmap , it knows quite a lot about the
    actual UNIX server pgms and their vulnerabilities

  • Its user interface is entirely web based

21
SECURITY POWER TOOLS
  • Crack
  • Sophisticated tool that implements several
    password guessing techniques
  • Passwords should be crack resistant
  • tcpd
  • Referred as TCP wrappers package
  • Allows to log connections to TCP services
  • Piggybacks on top of inetd

22
SECURITY POWER TOOLS
  • COPS (Computer Oracle an Password System)
  • Its a classic tool that identifies many classic
    security problems
  • Warns us of the potential problem by sending
    emails
  • tripwire
  • Monitors the permission and checksums of
    important system files so that we can easily
    detect files that have been replaced

23
CRYPTOGRAPHIC SECURITY TOOLS
  • Kerberos
  • Its an authentication system
  • Facility that guarantees that users and services
    are in fact who they claim to be
  • Uses DES to construct nested set of credentials
    called tickets.
  • Tickets are passed around network to certify the
    identity and to provide access
  • It never transmits unencrypted passwords and
    relieves the users from typing the passwords
    repeatedly

24
CRYPTOGRAPHIC SECURITY TOOLS
  • PGP Pretty Good Privacy
  • Focused primarily on email security
  • Used to encrypt data , generate signatures and to
    verify the origin of files and messages
  • Software packages are often distributed with PGP
    signature file that guarantees the origin and
    purity of software

25
CRYPTOGRAPHIC SECURITY TOOLS
  • SSH the secure shell
  • Confirms users identity and encrypts all
    communications between two hosts
  • The server daemon sshd authenticates in different
    ways
  • Method A user logged in automatically if the
    name of the remote host that user is logging is
    in /.rhosts or equivalent files
  • Method B uses public key crytography to verify
    the identity of remote host
  • Method C uses public key cryptography to
    establish users identity
  • Method D allows user to enter his or her normal
    login password

26
CRYPTOGRAPHIC SECURITY TOOLS
  • SRP Secure Remote Password
  • Highly secure way to verify passwords over public
    network
  • telnet and ftp could be used
  • One Time Passwords in Everything
  • Instead of encrypting passwords , its jus made
    sure that they work only once
  • One time passwords are generated on our behalf

27
FIREWALLS basic tool for network security
  • Its only a supplemental security measure
  • Packet filtering firewalls
  • Limits the types of traffic that can pass thru
    the internet gateway based on information on the
    packet header
  • How the services are filtered
  • the daemons that provide these services bind to
    the appropriate ports and wait for connectiions
    from remote sites
  • Service specific filtering is based on the
    assumption that the client will use a non
    privileged port to contact a privileged port on
    the server

28
FIREWALLS
  • Service proxy fire walls
  • service proxies intercepts the connections to
    and from the outside world
  • establishes new connections to services inside
    our network
  • Acts as a sort of shuttle or chaperone between
    the worlds .
  • Stateful inspection firewalls
  • Designed to inspect the traffic that flows
    through them and compare the actual network
    activity to what should be happening

29
What to do when a site has been attacked
  • Dont panic
  • Decide on an appropriate level of response
  • Hoard all available tracking information
  • Assess your degree of exposure
  • Pull the plug
  • Devise a recovery plan
  • Communicate the recovery plan
  • Implement the recovery plan
  • Report the incident to authorities
Write a Comment
User Comments (0)
About PowerShow.com