CIS%20450%20

1
CIS 450 Network Security

• Chapter 13 Fundamentals of UNIX

2

• Variants of UNIX such as Solaris and BSD have
  been around for a long time
• Not truly secure but many vulnerabilities have
  been identified and fixed
• New vulnerabilities may be discovered
• Linux has been around a shorter time (1991)
• New vulnerabilities are targeting Linux systems

3
Vulnerable Areas of UNIX

• Sample Scripts
• Many UNIX applications are installed with default
  sample scripts that are not used and which the
  system administrators are not aware of
• Protection Against
• Remove them from the system if not needed
• Administrator should know the system and what is
  installed
• Implementing a principle of least privilege (give
  the least amount of access to do job)

4
Vulnerable Areas of UNIX

• Extraneous Software
• Similar to sample scripts
• Includes compilers and interpreters
• If no compiler installed attacker would have to
  have a similar UNIX system, pre-compile the
  script, and upload the binary
• Protection Against
• Remove them from the system if not needed
• Administrator should know the system and what is
  installed
• Implementing a principle of least privilege (give
  the least amount of access to do job)

5
Vulnerable Areas of UNIX

• Open Ports
• Most UNIX systems are set up as servers that are
  accessible from the Internet
• Default installation of most UNIX/Linux versions
  is to have a high number of ports open
• Protecting Against Open Ports
• Figure out which ports are needed for the system
  to function properly and close the rest
• Underlying services that run on these ports
  should be removed from the system
• Unpatched Systems
• Protecting Against Unpatched Systems
• Put procedures in place to check for new patches,
  test them, and apply them

6
UNIX Fundamentals

• Key commands
• Administrator should have familiarity with
  commands on page 484
• File Permissions (everything in UNIX is a file)
• Are used to control access to resources
• Permissions are read, write, and execute and can
  be assigned to the owner, a group, or everyone
  else and combination thereof
• Inetd
• Process that handles Internet standard services
• Configuration file is /etc/inted.conf
• File can be edited to turn services on/off
• Netstat
• Provides information about the network and the
  local network for the computer on which it is
  running
• Can be used to find all active connections and
  open ports for a given computer

7
UNIX Fundamentals

• Tripwire
• Looks for changes in binary programs to prevent
  key system files being Trojanized
• TCP Wrappers
• A tool commonly used on Unix systems to monitor
  and filter connections to network services
• Tcpd, the program implementing the tcp wrapper,
  is called and performs checks before the real
  daemon is called

8
UNIX Fundamentals

• Lsof (LiSt Open Files)
• Replacement for standard ls program
• Suid (Set User ID)
• If a file is SUID, it will run with the
  privileges of the files owner, instead of the
  privileges of the person running the program
• SUID programs are used to enable normal system
  users to accomplish tasks which would otherwise
  require privileged access
• Example passwd program
• The passwd program allows users to change their
  passwords. This requires the ability to write to
  the /etc/passwd file (and most often the shadowed
  password file), which unprivileged users should
  not normally have
• The file permissions of /usr/bin/passwd are
• -r-sr-xr-x 2 root wheel /usr/bin/passwd
• The 's' in the space normally occupied by the
  first 'x' signifies that this file is SUID. No
  matter who executes this program, it will always
  run with the privileges of the user root.