Security

Security

Linux is not secure

•No computer system can ever be "completelysecure".

–make it increasingly difficult for someone tocompromise your system.

•The more secure your system, the moremiserable you and your users will tend to be

•Security = 1/(1.072 * Convenience)

Example of Attacks

•Program Level Security

–Non-malicious Program Errors: Buffer Overflow, Format String…

–Malicious Codes: Trojan Horse, Logic Bomb, Virus, Worm…

•Network Attacks

–Threat Precursors: Port Scan, Social Engineering, Reconnaissance, OSand App. Fingerprinting

–Protocol Flaws: Impersonation

–Spoofing: Session Hijacking, Man-in-the-Middle

–Message Confidentiality Threat

–Message Integrity Threats

–Denial of Service: Connection Flooding (Ping of Death, Smurf), SynFlood, DNS attack

–Distributed Denial of Service

Security Attacks

Security Mechanisms

Access Control

Linux Security

•What level of threat the system needs to be protected against?

–Analyze the system

•Packet Filtering

•Turn off unnecessary services

–Be aware of what is happening on your system

–Keep track the vulnerabilities - Software patches

•Backups

–Recover effectively from a security incident

•User accounts

–Minimal amount of privilege they need

–Remove inactive accounts

–The use of the same user-ID on all computers and networks is desirablefor the purpose of account maintenance

–User account provides accountability

Linux Security

•Root Security

–Only become root to do single specific tasks

–Never use the rlogin/rsh/rexec suite of tools (calledthe r- utilities) as root

–Always be slow and deliberate running as root.Your actions could affect a lot of things. Thinkbefore you type!

Password security and encryption

•Use shadow password

•Password checking and selection

•Pluggable Authentication Modules – PAM

–man pam.d

Restricting access

•Control access to your system

–TCP wrappers allows you to restrict access tosome services on your system

•http://www.vtcif.telstra.com.au/pub/docs/security/tcp_wrapper.txt

–/etc/hosts.deny

•man hosts.deny

–/etc/hosts.allow

•man hosts.allow

Miscellaneous Security Issues

•Remote event logging

•hosts.equiv and ~/.rhosts

–Rshd, rlogind should be disabled

•fingerd

•Security and NIS

–/etc/group, /etc/passwd, /etc/hosts…

•Security and NFS

•Security and sendmail

Security of NFS

•A client request will include the client user-id of theprocess making the request

•The server must decide whether to believe the client'suser-ids.

•NFS provides a means to authenticate users andmachines

•Recommend the use of globally unique UID and theroot_squash

•Use /etc/hosts.deny and /etc/hosts.allow to grantaccess

Security Tools

•nmap

•nessus

•tripwire

•tcpd

•crack

•Other powerful tools

Security Preparation

•Make a full backup of your machine

•Keep track of your system accounting data

•Apply all new system updates

•Subscribe to mailing lists to get informationabout potential problems

Cryptographic Security Tools

•Kerberos

–A secret key based service for providing authentication in a network

–Improve traditional Linux password security:

•Never transmit unencrypted passwords on the network

•Users do not have to type passwords repeatedly

–For more information:

•http://web.mit.edu/kerberos/www/dialogue.html

•SSH

–The secure shell to replace rlogin, rcp, and telnet

–http://www.openssh.com/

–Server side: sshd

–Client side: ssh, scp

–ssh-keygen

Firewall

•Filter-based

Should arrivingpacket be allowedin? Departing packetlet out?

•Proxy-based

How iptables work

One iptables Example

Useful Websites

•http://www.cert.org

•http://www.sans.org/

–http://www.sans.org/rr

•http://www.securityfocus.com/

http://www.phrack.org/