1 / 47

Security Features and Implementations in Unix

Security Features and Implementations in Unix. Robert Wylie, DBA, VLC Upendra Singh Rathore, DBA, VLC O/o, The Accountant General(A&E), Rajasthan, Jaipur. Thinking About Security. Security discussions often begin by considering the kinds of threats facing a system.

janet
Télécharger la présentation

Security Features and Implementations in Unix

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Features and Implementations in Unix Robert Wylie, DBA, VLC Upendra Singh Rathore,DBA, VLC O/o, The Accountant General(A&E), Rajasthan, Jaipur.

  2. Thinking About Security • Security discussions often begin by considering the kinds of threats facing a system. • Before we can address any security-related issue on our system, we need to be able to answer the following questions: • What are we trying to protect? • What valuable asset might be lost? Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  3. Continued… • If you can answer these questions, we go a long way toward identifying and solving potential security problems. • Imagine one morning that your entire computer system had been stolen. This would upset everyone, but for many different reasons: • Loss of equipment • Loss of data or information • Loss of use Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  4. Continued… • Once you’ve identified what needs to be protected as well as the potential acts and/or events from which it needs to be protected, you’ll be in a much better position to determine what concrete steps to take to secure your system or site. • The final complication is that security inevitably varies inversely with convenience: the more secure a system, the less convenient it is to use, and vice-versa. (For example, isolated systems are easier to make secure than those on networks. Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  5. Continued… • The key to a well-secured system is a combination of policies that: • Prevent every possible relevant threat, to the extent that they can be prevented. • Plan and prepare for what to do when the worst happens anyway. It’s helpful to imagine that even the impossible can happen. If it’s important that certain people not have access to the root account, then don’t leave root logged in on an unattended terminal, not even on the console in the locked machine room. Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  6. Security Policies and Plans • Many sites find written security policies and plans helpful. At some sites, the computer security policy is part of a more comprehensive security policy. • Security policies A good computer security policy will cover these areas: • Who is allowed to use the account • Password requirements and prohibitions • Proper and improper use of local computers and those accessed via the Internet. Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  7. Security Policies (Contd…) • Conditions under which the user can lose his account. • Rules about what kinds of use are allowed on which computers. • Consent to monitoring of all aspects of account activity by system administration staff. • Policies concerning how printed output is to be disposed of. Some sites will need more than one policy for different classes of users. Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  8. Security Plans • Formulating or revising a security plan is often a good way to assess and review the general state of security on a system or network. • General computer access policies: what general classes of users are present on the system, along with the access and privileges that they are allowed. • Optional system security features that are in effect. • Preventative measures in effect. • What periodic system monitoring is performed and how it is implemented. • How often complete system security audits are performed and what items they encompass. Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  9. Security Plans (Contd…) • Policies and strategies for actively handling and recovering from security breaches. Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  10. UNIX Lines of Defense • Unix offers two basic ways of preventing security problems: • Passwords are designed to prevent unauthorized users from obtaining any access to the system at all. • File permissions are designed to allow to the various commands, files, programs, and system resources only to designated groups of authorized users. Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  11. Unix Lines of Defense (Contd…) • In theory, passwords prevent the bad guys from getting on the system in the first place, and proper file permissions prevent normal users from doing things they aren’t supposed to, but the presence of networks, dialup lines, or nonsecure terminals and workstations complicates the picture enormously. • Physical security The first line of defense is the physical access to your computer. The most security-conscious installations protect their computers by eliminating all network and dialup access and then strictly limiting who can get near them. Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  12. Unix Lines of Defense (Contd…) Although this extreme level of physical security is not needed by most sites, all administrators will face some physical security issues. Some of the most common include: • Preventing theft and vandalism, by locking the door or locking the equipment to a table or desk. • Limiting access to the console and the CPU unit to prevent someone from crashing the system and rebooting it to single-user mode. Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  13. Unix Lines of Defense (Contd…) • Controlling environmental factors, as much as is realistically possible. This concern can include considering special power systems to prevent downtime or loss of data, and fire detection and extinguishing systems to prevent equipment damage. • Restricting or monitoring access to other parts of the system, like terminals, workstations, network cables, and so on. • Limiting access to backup tapes. If the security of its data is important to your system backup tapes need to be protected from theft and damage as well as the system itself. Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  14. Unix Lines of Defense (Contd…) • Passwords If someone gains access to the system, or you have voluntarily given up complete physical security, passwords form the next line of defense against unauthorized users and the risks associated with them. • File permissions File permissions form the next line of defense, against both bad guys who’ve succeeded in breaking into an account and legitimate users trying to do something they’re not supposed to. Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  15. Unix Lines of Defense (Contd…) Properly set up file protection can prevent many potential problems. • Encrypting data There is one exception to the complete loss of security if the root account is compromised. For some of data files, encryption can form a fourth line of defense, providing protection against root and other privileged accounts. Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  16. Unix Lines of Defense (Contd…) • Backups Backups provide the final line of defense against some kinds of security problems and system disasters. In these cases, a good backup scheme will almost always enable you to restore the system to something near its previous state. Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  17. Managing Access Control Lists (ACLs) • Access Control Lists (ACLs) give you a more precise way to control access to files. The ACL contains one-line entries naming specific users and groups and what access is granted to each. • ACLs are associated with each file on the Secure (sfs) and Veritas (vxfs) filesystems. • A plus sign (+) appears at the end of the permission bit characters. It shows that additional access permissions, beyond those shown by the three sets of three bits, have been granted or denied through the ACL mechanism. Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  18. Managing Access(Contd…) • There are at least four (4) entries in an ACL and correspond to the permissions on the file. • For example, if a file’s permissions were 644, the ACL entries are: • user: :rwgroup: • :r-- • class: :r-- • other: :--- • The class entry is the maximum permission that can be granted to another group, however, it can be overridden. Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  19. Managing Access(Contd…) • The root user and the owner of a file can set or unset ACLs. • You can view ACLs with the getacl(1) command, enter: • getacl filename Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  20. Describing Trusted System Concepts • Because no computer system is completely free from risk, systems are referred to as “trusted” rather than “secure.” A trusted system is one that achieves a greater level of control over access to information, providing mechanisms to prevent (or at least detect) unauthorized access, along with additional means to confirm that these mechanisms are functioning properly. • In addition to traditional UNIX security, passwords, and permissions, UnixWare 7 incorporates a trust, known as Trusted Facility Management (TFM). The TFM is a collection of software that maintains parts of the operating system related to security. Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  21. Describing Trusted (Contd…) • When combined with traditional UNIX security, these features are provided: Discretionary Access Control (DAC) determines the objects a user can access, including • programs, data files, and directories Identification and Authentication (I&A) offers greater control over login attempts and the entire login process Accountability traces an action to an individual user Authorizations specify user attributes required to perform a certain action Protected Subsystems offer related collections of files, devices, and commands that serve particular functions. The security features provide control of the users who maintain these functions. Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  22. Describing Trusted (Contd…) • The TFM implements the security policy of the system. The security policy is a set of rules to oversee and guard interaction between “subjects” (processes running on the system) and “objects” (files and devices). • Object Reuse ensures that information is cleared in RAM before reallocating the resource to another process . Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  23. Security Implementations in Unix • System Security • Administrators should keep in mind that a system is vulnerable when the host is placed in an easily accessible location. • Beyond physical security, there are several ways in which UnixWare 7 helps administrators to govern access to the systems under their control. Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  24. Security Implementations (Contd…) Security Profiles • UnixWare 7 offers four predefined security profiles: - Low - Traditional - Improved - High Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  25. Security Implementations (Contd…) • Low Security Low security is the least restrictive. It is recommended for systems that are not publicly accessible and that have a small number of cooperating users. With low security: • A maximum of 99 unsuccessful login attempts may be made before the login terminates. • There is no minimum delay between login attempts on a terminal. • Logins must be completed with in a maximum of 300 seconds. Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  26. Security Implementations (Contd…) • Umask defaults to 022 (Read and Execute permissions for group members as well as other users) • User accounts can be deleted, and UIDs can be reused. • Passwords are not required on accounts and never expire. • The minimum password length is one. • The maximum generated password length is eight. • Remote printing is allowed. • All networking services are enable. Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  27. Security Implementations (Contd…) • Traditional Security Traditional security is recommended for systems on which standard UNIX security is desired. With traditional security: • A maximum of 99 unsuccessful login attempts may be made before the login terminates. • There is a minimum delay of 10 seconds between login attempts on a terminal. • Logins must be completed with in a maximum of 60 seconds Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  28. Security Implementations (Contd…) • Umask defaults to 022 (Read and Execute permissions for group members as well as other users) • User accounts can be deleted, and UIDs can be reused. • Passwords are not required on accounts and never expire. • The minimum password length is three. • The maximum generated password length is eight. • Remote printing is allowed. • All networking services are enable Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  29. Security Implementations (Contd…) • Improved Security Improved security is recommended for systems on which groups of users can share information. With improved security: • A maximum of five unsuccessful login attempts may be made before the login terminates. • There is a minimum delay of 20 seconds between login attempts on a terminal. • Logins must be completed with in a maximum of 60 seconds Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  30. Security Implementations (Contd…) • Umask defaults to 027 (Read and Execute permissions for group members and no permissions for other users) • User accounts can be deleted, and UIDs can be reused after sufficient aging. • Passwords are required on accounts and have a maximum life of 24 days. • The minimum password length is six. • The maximum generated password length is ten. • Remote printing is not allowed. • Most networking services are enable Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  31. Security Implementations (Contd…) • High Security High security is recommended for systems on which many users access confidential information individually. With high security: • A maximum of three unsuccessful login attempts may be made before the login terminates. • There is a minimum delay of 20 seconds between login attempts on a terminal. • Logins must be completed with in a maximum of 60 seconds Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  32. Security Implementations (Contd…) • Umask defaults to 077 (no permissions for group members or other users) • User accounts can be deleted, but UIDs cannot be reused. • Passwords are required on accounts and have a maximum life of 12 days. • The minimum password length is eight. • The maximum generated password length is ten. • Remote printing is not allowed. • Networking services are limited. Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  33. Security Implementations (Contd…) • Changing Security Profiles • While you are allowed to change security profiles to one that is more restrictive than your current setting, it is not recommended. • The security profile on a system can be changed through SCOadmin, System, Security Profile Manager. • If you select a higher security profile, you are warned that security may have been compromised while at the lower settings, but are still allowed to make the change. Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  34. Security Implementations (Contd…) • User Security User privileges on a system can be governed in a number of ways. • System Owner Privileges User accounts can be granted system owner privileges. The system owner can perform system administration tasks and has the following privileges: • Shut Down System – Use the Shutdown Manager to shut down the system. • Administer Printers – Use the Printer Manager to add, configure, and remove printers. Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  35. User Security (Contd…) • Administer File Systems – Use the Filesystem Manager to add, configure and manage filesystems. • Change System Tunables – Use the System Tuner Manager to change tunable kernel parameters. • Monitor System Resources – Use the System Monitor to view usage of system resources. • Administer Intranet – Use the Network Configuration manager to configure and manage network connections to remote systems. Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  36. User Security (Contd…) These privileges are available to the system owner from the desktop only; this account cannot perform system administration tasks from the command line. These authorizations can be added to and removed from user accounts through SCOadmin, Account Manager. • Roles and Command Access Roles can be defined to encompass groups of permissions. You can then assign one or more roles to a user account. By using roles you can eliminate the need for any users to know the root password. Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  37. Roles and Command (Contd…) • Adding and Removing Roles • The adminrole command is used with the –n option to create a new role. • #adminrole –n wylie To list the commands associated with an existing role, use adminrole with no options followed by the name of role. To remove a role, use adminrole with –d option. • Associating Commands with a Role When a role has been created, you can define which commands are associated with it. The allprivs privilege must be given along with the desired commands to allow non-root users to execute root-only commands. Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  38. Roles and Command (Contd…) • To add commands to a role, use the adminrole command with the –a option, followed by the command, its path, and the privilege associated with the command. For example, to add the shutdown command to the role of wylie, use #adminrole –a shutdown:/sbin/shutdown:allprivs wylie • Use the –r option to adminrole to remove commands from a role. To remove the shutdown command from the role of wylie, use #adminrole -r shutdown wylie • Assigning Roles to Users • The adminuser command assigns the defined roles to user accounts. The first time you assign a role to a user, use –n option otherwise use -o option. For example, to assign the wylie role to the user vlc, use #adminuser –n –o wylie vlc Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  39. Restricting Root Logins • Root logins can be restricted to the console only. The root account will not be allowed access from any other location. To set this feature, edit the /etc/default/login file and add the following entry: CONSOLE=/dev/console • Monitoring the Use of the su Command • To enable logging of attempts to use the su command, both successful and unsuccessful, verify that the following entry exists in /etc/default/su: SULOG=/var/adm/sulog Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  40. Monitoring the Use of the su Command (Contd…) • You can check the sulog in /var/adm to monitor su attempts. If the attempt was successful, a plus sign (+) appears after the date and time. If unsuccessful, a minus sign (-) will be recorded. Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  41. Network Security • In addition to handling security through system and user controls, you can use several tools to increase network security. Restricting FTP access, TCP wrappers, packet filtering, and proxy servers are all tools in creating a more secure network environment. Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  42. Network Security(Contd…) • ftpusers • Individual user accounts can be restricted from FTP access by entering the usernames in /etc/ftpusers, one per line. By default, root is restricted from FTP access. • TCP Wrappers • UnixWare 7 provides a service called TCP wrappers. This enables you to control access to a host on a per-system and per-service basis. The in.tcpd daemon handles TCP wrappers. Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  43. Network Security(Contd…) • Configuring /etc/inet/inetd.conf • The in.tcpd daemon starts some services by default. The /etc/inet/inetd.conf file can be modified to use in in.tcpd to start services that would otherwise be started by inetd. • The service to be started is given as an argument to in.tcpd program. In the excerpt from /etc/inet/inetd.conf that follows, there are two lines each for telnet and ftp services. The first, which is active, uses in.tcpd to start the service, thereby enabling the use of TCP wrappers. The second, which starts with # and is therefore merely a comment, illustrates the services being started directly. Were the services started directly, access could not be controlled by TCP wrappers. ftp stream tcp nowait root /usr/sbin/in.tcpd in.ftpd -a #ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd -a telnet stream tcp nowait root /usr/sbin/in.tcpd in.telnetd #telnet stream tcp nowait root /usr/sbin/in.telnetd in.telnetd Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  44. Network Security(Contd…) • Configuring hosts.allow and hosts.deny • TCP wrappers control access with two files: /etc/inet/hosts.allow /etc/inet/hosts.deny • These files contain rules that in.tcpd applies to service requests to determine whether to grant access. • When a service request is received, in.tcpd first checks the hosts.allow file. If the host requesting service is allowed to use that service, either by explicit statement or by a rule containing wildcards, the service daemon is invoked immediately. Otherwise, the hosts.deny file is checked. • Although the files are named hosts.allow and hosts.deny, rules to allow or deny service can be placed in either file. The rules in the hosts.allow file will be applied before hosts.deny is read, however. Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  45. Network Security(Contd…) • The rules in hosts.allow and hosts.deny should be formatted as follows: daemon_list : client_list [: options] [:allow | deny] • For example, one way to configure a system in which only hosts on the 10.1.1 subnet can access services, and only the host 10.1.1.103 is authorized for telnet, is to add the following entries to the /etc/inet/hosts.allow file: in.telnetd: ALL EXCEPT 10.1.1.103: DENY ALL: 10.1.1.0/255.255.255.0 ALL: ALL: DENY Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  46. More Administrative Virtues • Security monitoring primarily requires two of the seven administrative virtues: attention to detail and adherence to routine. They are related, of course, and mutually reinforce on another. Both also depend on that metavirtue, foresight, to keep you on the right path during those times when it seems like too much trouble. • Attention to detail: Many large security problems display only tiny symptoms, which the inattentive system administrator will miss, but you will not. • Adherence to routine: The night you decide to forego security monitoring so that some other job can run overnight has a much better than average chance of being the night the crackers find your system. Robert Wylie,Upendra Singh DBA/VLC, O/o the AG(A&E), Raj.,Jaipur.

  47. The End

More Related