1 / 22

Security Strategies in Linux Platforms and Applications Lesson 3

Security Strategies in Linux Platforms and Applications Lesson 3 Basic Security: Facilities Through the Boot Process. Learning Objective. Lock down the Linux boot process. Key Concepts. Physical server security Challenges of the standard kernel and possible security issues

kanoa
Télécharger la présentation

Security Strategies in Linux Platforms and Applications Lesson 3

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Strategies in Linux Platforms and Applications Lesson 3 Basic Security: FacilitiesThrough the Boot Process

  2. Learning Objective • Lock down the Linux boot process.

  3. Key Concepts • Physical server security • Challenges of the standard kernel and possible security issues • Secure boot loaders • Obscurity as a security enhancement

  4. DISCOVER: CONCEPTS

  5. Physical Security-Server Room

  6. Challenges of Standard Kernel • Different kernels for different architectures • What kernels can be installed on your system? • What kernel is best for your needs? • When do you consider a different kernel? • You may need to customize a kernel or install a new kernel for more security.

  7. Boot Loader Security • Black-hat hacker use poorly configured boot systems and boot loaders to gain administrative access to systems

  8. DISCOVER: PROCESS

  9. Locking Down Boot Loaders • Back up boot loader before making changes • If something goes wrong: • Use rescue mode on local distribution or a live CD to boot system • Access local drives • Restore the boot loader from backup • Use the appropriate command (grub-install or lilo)

  10. Securing LILO

  11. Linux Loader Configuration File

  12. Securing GRUB

  13. Traditional GRUB Configuration File

  14. A Protected GRUB Configuration File

  15. DISCOVER: ROLES

  16. Five Process Controls

  17. DISCOVER: CONTEXTS

  18. TPM and Trusted Computing • Trusted Platform Module (TPM) • Not open source • Password protection • Software license protection • Digital rights management (DRM) • Disk encryption • Chain of trust • TPM in a open source environment • trousers, package with the TCG software stack, tpm-tools

  19. DISCOVER: RATIONALE

  20. Why Use Obscurity?

  21. The /etc/fstab file Can Use More Obscurity

  22. Summary • Physical server security • Challenges of the standard kernel and possible security issues • Secure boot loaders • Obscurity as a security enhancement

More Related