Security and Protection
René Serral-Gracià Xavier Martorell-Bofill1
1Universitat Politècnica de Catalunya (UPC)
May 26, 2014
Introduction About security Security components
Lectures
1 System administration introduction2 Operating System installation3 User management4 Application management5 System monitoring6 Filesystem Maintenance7 Local services8 Network services9 Security and Protection
10 Virtualization
R. Serral-Gracià, et. al Security 2
Introduction About security Security components
Outline
1 IntroductionGoals
2 About security
3 Security components
R. Serral-Gracià, et. al Security 3
Introduction About security Security components
Goals
Knowledge
Main aspects of system’s securityLocal securityNetwork security
Network services security
Abilities
Installation, execution and analysis about the results ofsecurity auditing tools
R. Serral-Gracià, et. al Security 4
Introduction About security Security components
Outline
1 Introduction
2 About security
3 Security components
R. Serral-Gracià, et. al Security 5
Introduction About security Security components
What does security mean?
ConfidentialityProtection against undesired data access
IntegrityProtection against unwanted destruction modification, ordata loss
AvailabilitySystem must be up and running for legitimate users
ConsistencyAvoid unwanted changes to system behavior
IsolationAvoid unauthorized access to external people (hackers)
R. Serral-Gracià, et. al Security 6
Introduction About security Security components
Perfect security?
There is not such a thingEven if the machine is downWith enough resources (time, money, . . . ) everything ishackableNatural disasters
Goal: get a “secure enough” system
Secure against automatic attacks (script kiddies)Easy to be back up and running
R. Serral-Gracià, et. al Security 7
Introduction About security Security components
Security and usability
Normally two sides of the same coin
Highest security, lowest usabilityLimited access to services and appsConstant identifications
Burdensome to the usersSlow and tiring
More usability means less security
Too much security can have the opposed effect
Users write all their passwords in a post-itUse tools to automate resource access
R. Serral-Gracià, et. al Security 8
Introduction About security Security components
Goals in attacking a computer
Get informationGet/destroy dataDenial of ServiceObtain resourcesUse machines as proxy to other attacks (DDoS)
R. Serral-Gracià, et. al Security 9
Introduction About security Security components
Some attacks
Obtain passwordsFilesystem abuseUnexpected parametersBuffer overflowsRace conditionsResource abuseTroyan, Viruses, . . .Port scanning
Spoofing: IP, DNS, ARP,. . .
Man-in-the-middleSniffersWorms, . . .Social Engineering. . .
R. Serral-Gracià, et. al Security 10
Introduction About security Security components
Outline
1 Introduction
2 About security
3 Security componentsPhysical Security (I)Local SecurityNetwork Security
R. Serral-Gracià, et. al Security 11
Introduction About security Security components
Physical Security
Physical access to the consoleReboot with a system diskData stealing (hard drive, backups)System alterationComputer stealing
Physical access to network cablesNetwork MonitoringDenial of Service
Physical access to the officeLook for passwords below the keyboard!
Access to destroyed documents
R. Serral-Gracià, et. al Security 12
Introduction About security Security components
Physical Security (II)
Sometimes it doesn’t take a malicious attack to destroydata
Accidents: power shortages, fire, . . .Ambient conditions: temperature, humidity, . . .Natural catastrophes: hurricanes, earthquakes, . . .Other: bugs, food, beverages, . . .
Sensors, special materials, raised floor, . . .
R. Serral-Gracià, et. al Security 13
Introduction About security Security components
Local Security
Goal: protect against attacks form the users of the system
Attacker has a non privileged user accountEven a privileged oneUsers willing to escalate privilegesProtect the system locally before connecting it to thenetwork
R. Serral-Gracià, et. al Security 14
Introduction About security Security components
Passwords
Enforce a strong password policyLong passwords (+8 characters)Mix of numbers, letters, and special charactersHard to guessEasy to rememberNOT a dictionary word – or variation
Password expiration policyBe careful it can become quite annoying
Check password strength on each change/periodicallyProtect encrypted passwords (/etc/shadow)
R. Serral-Gracià, et. al Security 15
Introduction About security Security components
Permission and protection
Minimum access policy
An user should not access a file he/she doesn’t needGrant the minimum privileges and . . .
assign more under demandGrant only group level permissions
Assign a sensible file creation maskumask 027 (rwx r-x ---), 022 (rwx r-x r-x)
Be aware of potentially dangerous fileswith SetUID bitHolding system configuration
R. Serral-Gracià, et. al Security 16
Introduction About security Security components
Resource abuse
Excessive use of resources by a single userCPU/processesMemoryDisk
Set up limits and quotas/etc/security/limits.confulimitdisk quotas
R. Serral-Gracià, et. al Security 17
Introduction About security Security components
Filesystem integrity
Often attackers modify the filesystem to hide the attackModification of log filesRootkits
Tools to detect changes in the filesystemThrough digital signature of files
Partition/Devices in read-only
R. Serral-Gracià, et. al Security 18
Introduction About security Security components
System Logs
May contain information about the attacksPermit to know if a system has been compromisedPost-mortem analysis
Unsecure to store them on the same serverBetter in a remote serverPrint them?
R. Serral-Gracià, et. al Security 19
Introduction About security Security components
Local security – Example
tiger: security auditing tool$ sudo tigerConfiguring...Will try to check using config for x86_64 running Linux 3.6.8...--CONFIG-- [con005c] Using configuration files for Linux 3.6.8. Using
configuration files for generic Linux 3.Tiger security scripts *** 3.2.3, 2008.09.10.09.30 ***11:21> Beginning security report for asuso.lomillor.org.11:21> Starting file systems scans in background...11:21> Checking password files...11:21> Checking group files...11:21> Checking user accounts...11:29> Checking .rhosts files...11:29> Checking .netrc files...11:29> Checking ttytab, securetty, and login configuration files...11:29> Checking PATH settings...11:30> Checking anonymous ftp setup...11:30> Checking mail aliases...11:30> Checking cron entries...11:30> Checking services configuration...11:30> Checking NFS export entries...11:30> Checking permissions and ownership of system files...11:30> Checking for indications of break-in...11:30> Performing rootkit checks...11:37> Performing system specific checks...12:12> Performing root directory checks...12:12> Checking for secure backup devices...12:12> Checking for the presence of log files...12:12> Checking for the setting of user s umask...12:12> Checking for listening processes...12:12> Checking SSHD s configuration...12:12> Checking the printers control file...12:12> Checking ftpusers configuration...12:12> Checking NTP configuration...12:12> Waiting for filesystems scans to complete...12:12> Filesystems scans completed...12:12> Performing check of embedded pathnames...12:14> Security report completed for asuso.lomillor.org.Security report is in /var/log/tiger/security.report.hostname.121204-11:21
R. Serral-Gracià, et. al Security 20
Introduction About security Security components
Exercise
Which issues might present if an attacker modifies theenvironment variables? (i.e., PATH)
R. Serral-Gracià, et. al Security 21
Introduction About security Security components
Network Security
Goal: Protect against attacks coming from the outside
Aimed at:The services we are offeringThe network itselfThe information our servers is keeping
R. Serral-Gracià, et. al Security 22
Introduction About security Security components
Network Security
Mandatory to use firewallsTwo level security: Protected vs DMZ
Public services
HTTP
SMTP
Private network
R. Serral-Gracià, et. al Security 23
Introduction About security Security components
Offered services
Security level depends on the offered services
System and user informationfinger, rdate, rusers, . . .
Remote login and connectiontelnet, rlogin, rsh, . . .
File and data sharingNFS, Samba, LDAP, FTP, HTTP, . . .
R. Serral-Gracià, et. al Security 24
Introduction About security Security components
Network security
Minimum access policy
Disable all the servicesOr even uninstall them
Enable only the required servicesand limit the access only to current users
Validate the configuration of the installed services
Even if disabled
R. Serral-Gracià, et. al Security 25
Introduction About security Security components
Network security
Monitor the activity of the installed services
nmap: list running services$ nmap 10.1.1.1
Starting Nmap 6.00 ( http://nmap.org ) at 2012-12-04 12:03 CETNmap scan report for 10.1.1.1 (10.1.1.1)Host is up (0.00031s latency).Not shown: 989 closed portsPORT STATE SERVICE22/tcp open ssh25/tcp open smtp111/tcp open rpcbind139/tcp open netbios-ssn445/tcp open microsoft-ds631/tcp open ipp2049/tcp open nfs3306/tcp open mysql5900/tcp open vnc8080/tcp open http-proxy9090/tcp open zeus-admin
R. Serral-Gracià, et. al Security 26
Introduction About security Security components
Limit access to the services
Who has acces to what services?How to validate user identity
Through IP addresses? → IP Spoofing
Reverse DNS→ DNS SpoofingUser level – authentication, digital certificates, . . .
Service forwardingssh -R 12443:10.1.1.10:443 [email protected] -L 443:gw.ac.upc.edu:12443 [email protected]
Kerberos
R. Serral-Gracià, et. al Security 27
Introduction About security Security components
Kerberos
Protocol used for network authentication
Based on Secret key cryptography (password)Kerberos server is used as identity proof
Client contacts Key Distribution Center for a ticketKDC encrypts a ticket using client’s passwdClient gets the ticket
The ticket enables access to specific services
Transparent for the user
R. Serral-Gracià, et. al Security 28
Introduction About security Security components
Intrusion Detection Systems (IDS)
Network basedTraffic analysis to search for attacks
Host basedSystem activity to search for attacks
logs, filesystem, . . .
R. Serral-Gracià, et. al Security 29
Introduction About security Security components
Security through obscurity
Not a very good security policyOffers a false sense of security
Added security on an already secured environmentExamples
Change web server versionChange default ports for applications
R. Serral-Gracià, et. al Security 30
Introduction About security Security components
Contingency plan
Actuation protocol in case of system failure
What to do?Who to notify? Using which information?It must be defined for each failure
Service failureHardware failureData center collapsing
Do simulations to prove its usefulnessAccordingly to company policies
R. Serral-Gracià, et. al Security 31
Introduction About security Security components
Security tools
Local system configurationtitantiger
Network system configurationnmapnessus
IDStripwiresnortlocgcheck
R. Serral-Gracià, et. al Security 32
Introduction About security Security components
Some advice
Never be overconfidentThere is always someone smarter
Be somewhat paranoidBe prepared for the worst
BackupsVirtualization
Run attacks to your systemsBetter yet from the outside
Be up to dateSecurity evolves constantlySecurity forums, newsletters, . . .
R. Serral-Gracià, et. al Security 33
Introduction About security Security components
Activitat
De la xarxa vista al final del tema de Xarxa indica:On posaries el (o els) firewallQuines consideracions tindries a l’hora de configurar-los
Internet
Servidor 1
Client 11
Servidor 2
Client 1
Client 10
Client 25
R. Serral-Gracià, et. al Security 34
Introduction About security Security components
Activitat
Preguntes
Indica si compraries algun equip mà c©s a part dels equipsde xarxa anteriorsDistribueix els serveis entre tots els servidorsIndica on instal·laries el (o els) firewall i quins criterisseguiries per configurar-los
R. Serral-Gracià, et. al Security 35