Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
ELEMENTS OF LINUX 
SECURITY 
Dr. Jayaraj Poroor 
Presented at TIFAC CORE in Cyber Security 
(2009) 
Amrita University
SYSTEM MODEL 
/ 
ROOT-FS 
FS FS 
Primary Memory/CPU 
P 
KNL 
P (Kernel) P 
P 
LOAD, CRUD 
Secondary Memory 
(Process) 
(Fi...
SECURITY 
 CIA Triad 
 Confidentiality – Eavesdropping, Viewing 
 Integrity - Modification 
 Availability – Denial of ...
THREAT MODEL 
(3) PHYSICAL NETWORK 
USER-FS 
P 
KNL 
P 
ACCESS 
(1) REMOTE ACCESS 
(2) LOCAL ACCESS 
ATTACKER-FS
LOCAL/PHYSICAL ACCESS ATTACKS 
 Threat: Single User Mode Login 
 Prevention: Set GRUB boot password 
 Threat: Attacker ...
REMOTE ACCESS ATTACKS 
 INDIRECT 
 DIRECT 
 INFRASTRUCTURE 
 ATTACKER 
WORM 
 BOTNET ZOMBIE 
 PERSON
REMOTE – 
INDIRECT/INFRASTRUCTURE 
 Phishing emails 
http://militarybankonline.bankofamerica.com.f1hj.net 
 Virus/trojan...
DIRECT REMOTE ATTACKS 
• Open/Weak WiFi 
– Use WPA2 and strong keys 
• Attacking Network Services 
– Port scanning 
– Bann...
POST-EXPLOIT 
 Install Root-kit, backdoor 
 Botnet Zombie 
 Steal data and leave without trace 
 Destroy data
COUNTER-MEASURES 
 Principle of Least Privilege 
 Fail-safe Defaults 
 Open Design 
 Separation of Privilege 
 Least ...
IN PRACTICE 
 MINIMIZE EXPLOIT POTENTIAL 
 MINIMIZE POST-EXPLOIT DAMAGE 
 MAXIMIZE CHANCE OF DISCOVERY
MINIMIZE EXPLOIT POTENTIAL 
• Update patches 
• Configure iptables firewall 
• iptables -A INPUT -p tcp --dport 80 --syn -...
NETSTAT
MINIMIZE POST-EXPLOIT DAMAGE 
 Don’t run as root 
 setuid(), setgid() 
 Use CHROOT jail 
 chroot 
 Use POSIX Capabili...
CAPABILITY BOUNDING SET
MAXIMIZE CHANCE OF DISCOVERY 
• IDS 
– Tripwire, Snort 
• Monitor Syslog 
• Use chkrootkit 
 Use Kernel Audits for critic...
EXTENDED ATTRIBUTES
TRY OUT WITHOUT BURNING 
YOURSELF 
 SCRATCH FILE SYSTEM 
 dd if=/dev/zero bs=1024 count=1024 of=disk.img 
mke2fs disk.i...
REFERENCES 
OWASP – http://www.owasp.org 
 Open Web Application Security Project 
MITRE – http://www.mitre.org 
 SANS ...
THANK YOU
Upcoming SlideShare
Loading in …5
×
Upcoming SlideShare
linux security: interact with linux
Next
Download to read offline and view in fullscreen.

0

Share

Download to read offline

Linux security-fosster-09

Download to read offline

An old presentation on Linux Security (all points presented are still relevant).

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

Linux security-fosster-09

  1. 1. ELEMENTS OF LINUX SECURITY Dr. Jayaraj Poroor Presented at TIFAC CORE in Cyber Security (2009) Amrita University
  2. 2. SYSTEM MODEL / ROOT-FS FS FS Primary Memory/CPU P KNL P (Kernel) P P LOAD, CRUD Secondary Memory (Process) (File System)
  3. 3. SECURITY  CIA Triad  Confidentiality – Eavesdropping, Viewing  Integrity - Modification  Availability – Denial of Service  Authentication – Identity Spoofing, Fabrication  Access Control – Intrusion, Privilege Escalation  Policy  Enforcement
  4. 4. THREAT MODEL (3) PHYSICAL NETWORK USER-FS P KNL P ACCESS (1) REMOTE ACCESS (2) LOCAL ACCESS ATTACKER-FS
  5. 5. LOCAL/PHYSICAL ACCESS ATTACKS  Threat: Single User Mode Login  Prevention: Set GRUB boot password  Threat: Attacker Boot CD/USB Disk  Prevention: Set BIOS password  Threat: Physical HD removal  Prevention: Encrypted File System/Files  Threat: Login Trojan  Prevention: Ctrl+Alt+Backspace, Ctrl-Z, Ctrl-C  Threat: Data Loss in all cases  Prevention: Backup
  6. 6. REMOTE ACCESS ATTACKS  INDIRECT  DIRECT  INFRASTRUCTURE  ATTACKER WORM  BOTNET ZOMBIE  PERSON
  7. 7. REMOTE – INDIRECT/INFRASTRUCTURE  Phishing emails http://militarybankonline.bankofamerica.com.f1hj.net  Virus/trojans via emails, usb-drives  Pharming – DNS Cache Poisoning  Use TLS Sites and verify Certificates
  8. 8. DIRECT REMOTE ATTACKS • Open/Weak WiFi – Use WPA2 and strong keys • Attacking Network Services – Port scanning – Banner grabbing, OS Fingerprinting – Exploit known vulnerabilities – DoS attacks – Remote login: password guessing
  9. 9. POST-EXPLOIT  Install Root-kit, backdoor  Botnet Zombie  Steal data and leave without trace  Destroy data
  10. 10. COUNTER-MEASURES  Principle of Least Privilege  Fail-safe Defaults  Open Design  Separation of Privilege  Least Common Mechanism
  11. 11. IN PRACTICE  MINIMIZE EXPLOIT POTENTIAL  MINIMIZE POST-EXPLOIT DAMAGE  MAXIMIZE CHANCE OF DISCOVERY
  12. 12. MINIMIZE EXPLOIT POTENTIAL • Update patches • Configure iptables firewall • iptables -A INPUT -p tcp --dport 80 --syn -j ACCEPT • iptables -A INPUT -p tcp --syn -j DROP • Disable unnecessary services • Use netstat, nmap • Don’t run insecure services • Don’t use ftp/telnet, use sftp/ssh
  13. 13. NETSTAT
  14. 14. MINIMIZE POST-EXPLOIT DAMAGE  Don’t run as root  setuid(), setgid()  Use CHROOT jail  chroot  Use POSIX Capabilities  lcap, getpcaps, setpcaps  Use EXT2 ACL mount –o acl, setfacl, getfacl  setfacl –m u:test:r file
  15. 15. CAPABILITY BOUNDING SET
  16. 16. MAXIMIZE CHANCE OF DISCOVERY • IDS – Tripwire, Snort • Monitor Syslog • Use chkrootkit  Use Kernel Audits for critical files  auditctl, ausearch  Use EXT2 Extended Attributes  lsattr, chattr  Immutable (i), Append-only (a), Safe-delete (s), Allow Undelete (u)
  17. 17. EXTENDED ATTRIBUTES
  18. 18. TRY OUT WITHOUT BURNING YOURSELF  SCRATCH FILE SYSTEM  dd if=/dev/zero bs=1024 count=1024 of=disk.img mke2fs disk.img mount –o loop,acl disk.img <dir>  VIRTUA L MACHINE  http://www.virtualbox.org
  19. 19. REFERENCES OWASP – http://www.owasp.org  Open Web Application Security Project MITRE – http://www.mitre.org  SANS – http://www.sans.org  System Administration & Network Security  COBIT – http://www.isaca.org/cobit/  Control Objectives for Information & Related Technology  ISO 17799 – http://www.iso.org  Risk-based Information Security Management  Anti-Phishing.Org - http://www.antiphishing.org/  CMU CERT/CC - http://www.cert.org/
  20. 20. THANK YOU

An old presentation on Linux Security (all points presented are still relevant).

Views

Total views

635

On Slideshare

0

From embeds

0

Number of embeds

39

Actions

Downloads

32

Shares

0

Comments

0

Likes

0

×