Safeguarding System Security: Concepts and Controls

1. The Security Problem • A system is secure iff its resources are used and accessed as intended under all circumstances • Security must consider the external environment of the system, and protect it from: • unauthorized access. • malicious modification or destruction • accidental introduction of inconsistency. • Easier to protect against accidental than malicious misuse. • Four levels of control • Physical • Human • Network • OS • Hardware support for protection (internal) needed for security in the OS Operating System Concepts

2. Authentication • Control access to resources by login • User identity most often established through passwords • Login and lower level access • Basic mechanism of matching encrypted strings • Passwords must be kept secret. • Frequent change of passwords. • Use of “non-guessable” passwords. • Log all invalid access attempts. Operating System Concepts

3. Authentication • Attacks • User information (cat’s name) • Brute force (try them all) • Surveillance (shoulder surfing) • Dummy logins (trojan horse) • Sniffing (telnet) • Offsite passwd file attacks • Alternatives • Password passing (system generated) • Passcards (physical control) • Biometrics (retina images) • Signature (False negatives) • Algorithms (Little danger if response is exposed) • Challenges • Onetime passwords • Password generators (timed smartcards) • Books of passwords Operating System Concepts

4. Program Threats • Trojan Horse • Exploits mechanisms for allowing programs written by users to be executed by other users, e.g., login, editor, passwd, ls • Search paths as a way to invoke • Trap Door • Specific user identifier or password that circumvents normal security procedures. • Could be included in a compiler. • Stack and Buffer Overflow • Exploits a bug in a program (overflow either the stack or memory buffers.) Operating System Concepts

5. System Threats • Worms • Standalone program • Use spawn mechanism • Internet worm • Exploited UNIX networking features (remote access), and stack overflow in finger and debug features in sendmail. • Grappling hook program uploaded main worm program. Operating System Concepts

6. System Threats • Viruses – fragment of code embedded in a legitimate program. • Mainly affect microcomputer systems. • Downloading viral programs from public bulletin boards or exchanging floppy disks containing an infection. • Macro viruses • Safe computing, e.g., RTF • Denial of Service • Overload the targeted computer preventing it from doing any useful work. • Change boot device Operating System Concepts

7. Threat Monitoring • Check for suspicious patterns of activity • Several incorrect password attempts may signal password guessing - limit attempts • Cage rattlers - limit attempts from an IP address • Unexpected long-running processes • Rejected file accesses • Audit log – records the time, user, and type of all accesses to an object; useful for recovery from a violation and developing better security measures. Operating System Concepts

8. Threat Monitoring (Cont.) • Scan the system periodically for security holes; done when the computer is relatively unused. • Short or easy-to-guess passwords • Unauthorized set-uid programs • Unauthorized programs in system directories • Improper directory protections • Improper protections on system data files • Dangerous entries in the program search path (Trojan horse) • Changes to system programs: monitor checksum values Operating System Concepts

9. Firewalls • A firewall is placed between trusted and untrusted hosts. • The firewall limits network access between these two security domains. Operating System Concepts