1 / 43

Dr. Igor Santos

Dr. Igor Santos. Security of Information Systems Physical Security. Contents. What is physical security? Attacks and protection techniques at startup File System encryption Safe Data Removal Electromagnetic leakages. PORTADA. What is physical security ?. Physical Security.

Télécharger la présentation

Dr. Igor Santos

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.


Presentation Transcript

  1. Dr. Igor Santos • Security of InformationSystemsPhysical Security

  2. Contents • What is physical security? • Attacks and protection techniques at startup • File System encryption • Safe Data Removal • Electromagnetic leakages

  3. PORTADA Whatisphysicalsecurity?

  4. Physical Security • Definition Apply physical barriers and control procedures as preventive measures and countermeasures against threats to resources and sensitive information

  5. Physical Security • Physical security includes measures to: • Deny access to unauthorized personnel (attackers or accidental intruders) to buildings, places, resources, or stored information • Assist in the design of structures able to resist potentially hostile acts (natural or deliberate)

  6. Physical Security • A good physical security combinesthe following measures: • Passive: designed to stop or delayintrusions • Active: to detect and respond against intrusions

  7. Physical Security- Infrastructures • InfrastructureProtection • Physical access • Prevention: Security guards, smart cards, biometrics, etc.. • Basic rules: close doors, disable networks ... • Detection: alarms, surveillance cameras, CCTV, identification of co-workers, etc..

  8. Physical Security- Infrastructures • Natural disasters / EnvironmentDisturbances • Fires, floods, storms, earthquakes, etc.. • Short circuits, extremetemperatures, electrical noise, moisture, etc. • Eg: Risk -> Fire; Measurements: • Sensors • Alarms • Automatic extinguishing systems • ...

  9. Physical Security- Infrastructures • Hostileaction / human factors • Conflicts, deliberate internal and external sabotage, etc.. • 60-80% of a company attacks caused by insiders • Shouldersurfing, suplantación de identidad, ingeniería social, etc. • People are the weakest link

  10. Physical Security - Data • Data protection • Data theft/leakage • Data Loss Prevention (DLP)

  11. Physical Security - Data • Backups • Storing off site (eg safety case) • Non-electronic media • Located in restricted places • Paper shredders to destroy them if necessary

  12. Physical Security • Certifications • ISO 27000: http://www.iso27000.es/ • BS 7799: http://www.induction.to/bs7799/

  13. PORTADA Attacks and protection at startup

  14. Attacks and protection at startup • Multiplelevels of authentication • BIOS > MBR > FS > OS http://www.karmany.net/index.php/sistema-operativo/31-windows/12-arranque-boot-ordenador

  15. Attacks and protection at startup • BIOS • Firmware • Locates and prepares the electronic components or peripherals from one machine to communicate with any OS that govern them • BIOS protection • Set boot sequence (Legitimate OS on 1) • Avoid OS overloadthroughremovablemedia (LiveCD) • Protect with password • Boot Password (Uncomfortable) • Password Setup (Essential)

  16. Attacks and protection at startup • Attacksagainst BIOS • There are master passwords • Depending on the manufacturer • Based on the server ID • Read the default passwords stored in the BIOS • CmosPwd • Reset default values • Write on the Flash-ROM • Jumper on the motherboard • Remove battery power

  17. Attacks and protection at startup • Bootloader • A programthatmanagesOS startup • Allowstochoosebetweendifferent OS installed • Installed in theMBR (Master Boot Record) • Disk sector zero (512 bytes) • Stores: • PC bootinformation • PartitionTable

  18. Attacks and protection at startup • LILO (LInuxLOader) • Leave only read and write permissions to the owner (root) of lilo.conf chmod 600 /etc/lilo.conf • Add options in lilo.conf to prevent parameters to the charger time-out=00 restricted password=WHATEVER • Set file as read-only chattr +i /etc/lilo.conf

  19. Attacks and protection at startup • GRUB (GRandUnifiedBootloader) • Passwordprotection(version <= 2.0) • A passwordwill be askedwheneditinganentry • Generate md5 fromthepassword grub-md5-crypt • Edit/boot/grub/menu.lst password --md5$1$qbVqI/$0bD/vLQxVzqEiOev2fFw0

  20. Attacks and protection at startup • Access tosingle-user-mode • Start a multiuser OS in superusermode • Usedformaintenance • http://orvtech.com/howto/iniciar-modo-singleuse/ • Limitaccessto single-user-mode(Authentication) • Edit /etc/inittab ~~:S:wait:/sbin/sulogin • Edit /etc/init/rcS.conf: exec /sbin/sulogin

  21. Attacks and protection at startup • Booting from alternate devices • Typically, the OS is responsible that the access control is installed in a device, which is started by default • Depending on how you configured the BIOS, you can boot another OS (from floppy, cdrom) • Live CD

  22. Attacks and protection at startup • LiveCD – KonBOOT • Allows to skipthe OS authentication phase • Countermeasures • Protection in the BIOS (avoidable) http://www.piotrbania.com/all/kon-boot/

  23. PORTADA File Systemencryption

  24. File Systemencryption • Severalapproaches • Encryptfiles and folders • Encrypta wholepartition • Real Partition • Use a file tocontain a large file system • Encrypt a sharedresourcebyNFS (Network File System) onlocalhost (CFS Cryptographic File Systemto TCFS - TransparentCrypto. File System)

  25. File Systemencryption • Encryption mechanisms • MSWindows • EFS (EncryptingFileSystem -> NTFS cifrado) • Truecrypt • GNU/Linux • cryptoloop • loop-AES • dm-crypt • ecryptfs

  26. EFS (EncryptingFileSystem) • Transparent Encryption for NTFS 3.0 (or higher) • It can be enabled for files, directoriesor whole file systems • Encrypt files with symmetricalgorithms (DES), but it protects the key (FEK) with RSA • The RSA key is protected by the user password

  27. EFS (EncryptingFileSystem)

  28. EFS (EncryptingFileSystem) • Vulnerabilities • The symmetric key with which the data is encrypted (FEK) is protected by RSA • The RSA key is protected by the Windows user password (logon) • If this key (LM / NTLM) is guesses, access is achieved to the RSA key and password and it is possible to access the FEK key, decrypting EFS • EFS uses temporary fileswith known names to encryptthat are deleted insecurely • DES is used by default, although Windows XP uses AES

  29. TrueCrypt • Third-party application to encrypt • File containers • File systems • All the hard disk • Open source: http://www.truecrypt.org • Multi-plataform: Windows, Linux, Mac

  30. TrueCrypt

  31. cryptoloop • Loopdevicewithencryptionfor GNU / Linux • Load the Modules # modprobecryptoloop loop • Encrypt a volume using AES • Create a volume # dd if=/dev/zero of=SecureVolume.imgcount=1 bs=1MB • Associate the volume with a loop device and encryption module # losetup -e aes /dev/loop0 VolumenSeguro.img

  32. cryptoloop • Create the filesystem # mkfs.ext4 /dev/loop0 • Mount the filesystem # mount VolumenSeguro.img -o loop=/dev/loop0,encryption=AES /mnt/seguro -t ext4

  33. loop-aes • Replacement for cryptoloop • We need support in the kernel #apt-get install module-assistant loop-aes-source # m-a prepare # m-a build loop-aes # apt-get install loop-aes-utils # m-a install loop-aes

  34. loop-aes • We create the large container file # dd if=/dev/urandomof=file bs=1k count=100000 • To treat the file as a device, we use the "loop device" # losetup –e AES128 /dev/loop0 file # mkfs.ext2 /dev/loop0 # mount –t ext2 /dev/loop0 /mnt # losetup –d /dev/loop0

  35. Portada borrado seguro de datos SafeData Removal

  36. Safe Data Removal • Goal • Ensuring that a file in a running system has been erased and its recovery is (nearly) impossible • ¿Nearly? • “Secure Deletion of Data from Magnetic and Solid-State Memory”, by Peter Gutmannfrom the University of Auckland http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

  37. Safe Data Removal • Programs based in these idead • Wipe • Sterilize • BCWipe • THC removal tools • srm • sswap • sfill • smem

  38. Safe Data Removal • Common Features • They make several remove iterations over the disk sectors • Different Random Number Generators (RNGs) → / dev / urandom, RC4 ...

  39. Safe Data Removal • Wipe& BCWipe • Rewrite repeatedly used the blocks forcing the writing (fsync()) • They use 35 patterns recommended for that (8 trials) by Peter Gutmann • They can delete "file slacks"

  40. Safe Data Removal • THC removal tools http://www.thc.org/releases.php?q=delete • srm(secure rm): safe removal of files • sfill(secure fill): fills the free space in the disk with random data • smem(secure fill): securely overwrites the RAM • sswap(secure swap): securely overwrites aswappartition

  41. PORTADA Electromagneticleakages

  42. Electromagneticleakages • EMSEC (Emanations Security) • Electromagneticemanationsrelatedwithsecurity • Codename TEMPEST • ColdWar (50, 60) • Study and use of unintentional electromagnetic emissions from electronic equipment to obtain information

  43. References • Images • RTVE • Microsoft • TrueCrypt • http://www.flickr.com/photos/andycastro/835453399 • http://www.flickr.com/photos/ilike/3707503212 • http://www.flickr.com/photos/roadsidepictures/329603188 • http://www.flickr.com/photos/dnax/2176225044 • http://www.flickr.com/photos/shaylor/13945880

More Related