The document discusses building a hardened customized Linux operating system called HCLOS. It describes implementing several security features in HCLOS including: 1) configuring the kernel for security, 2) implementing strong password policies, encryption, and restricting empty/old passwords, 3) limiting the file system and monitoring for issues, 4) implementing network security measures like firewalls, blocking services, and anonymous browsing, and 5) providing tools for system administration and security monitoring. The goal is to develop a pre-configured and secure OS for typical users.
The document describes developing a hardened customized Linux operating system (HCLOS) by modifying the Linux kernel for increased security, implementing security measures throughout the OS, and evaluating HCLOS against other Linux distributions. Key aspects of developing HCLOS included compiling a secure Linux kernel, customizing it with security-focused modules, creating an encrypted filesystem, implementing strong network and system security, and developing tools to audit the system and manage security. The document then analyzes HCLOS in comparison to other distributions based on network scanning, auditing, and attacking the systems to evaluate their resistance to vulnerabilities.
This document outlines steps to secure a Linux server running Ubuntu, including changing passwords, updating the system, installing fail2ban to block login attempts, creating a user account with SSH key-based authentication only, setting up a firewall with ufw, enabling automatic security updates, and installing logwatch to monitor logs. Additional steps mentioned include configuring two-factor authentication for SSH, securing databases, blocking brute force attacks, auditing for rootkits, and preventing IP spoofing.
The document discusses elements of Linux security. It outlines threats like remote access attacks, local access attacks, and post-exploit activities. It also discusses countermeasures like minimizing exploit potential through patching and firewalls, minimizing post-exploit damage through privileges and capabilities, and maximizing discovery through auditing and monitoring. Security elements covered include authentication, access control, availability, integrity, and confidentiality.
Protecting Your Key Asset – Data Protection Best Practices V2.0 FinalVinod Kumar
The document discusses various data protection best practices, including using encryption techniques like Encrypting File System (EFS) and Windows Rights Management Services (RMS) to secure files and data on devices. It also covers database security practices like implementing proper permissions on SQL Server principals and securables. The key recommendations are to use all available security controls including technology, processes and people, practice defense in depth, and reduce potential vulnerabilities.
This document provides guidelines for securing host-based systems. It recommends installing and configuring a host-based firewall, keeping the operating system and applications patched, backing up the system regularly, monitoring logs, disabling unused services, using strong passwords, replacing insecure services with secure alternatives like SSH, and restricting access to services where possible. It then provides more detailed recommendations for securing Windows, UNIX, Linux, and RedHat Linux systems during installation and configuration.
This document provides an overview of Linux security and auditing. It discusses the history and architecture of Linux, important security concepts like physical security, operating system security, network security, file system security and user/group security. It also describes various Linux security tools that can be used for tasks like vulnerability scanning, auditing, intrusion detection and password cracking.
This document discusses basic Linux system security. It recommends securing physical access to machines, using the principle of least privilege by limiting accounts, ports, and applications. It also recommends strong passwords, closing unnecessary ports, encrypting network connections, keeping software updated, using intrusion detection, and advanced techniques like auditing OSes and using virtual machines.
Threats, Vulnerabilities & Security measures in LinuxAmitesh Bharti
This presentation is made for my college presentation of explaining "Threats, Vulnerabilities & Security measures in Linux' and also suggestion how you could enhance ur Linux OS security.
The document describes developing a hardened customized Linux operating system (HCLOS) by modifying the Linux kernel for increased security, implementing security measures throughout the OS, and evaluating HCLOS against other Linux distributions. Key aspects of developing HCLOS included compiling a secure Linux kernel, customizing it with security-focused modules, creating an encrypted filesystem, implementing strong network and system security, and developing tools to audit the system and manage security. The document then analyzes HCLOS in comparison to other distributions based on network scanning, auditing, and attacking the systems to evaluate their resistance to vulnerabilities.
This document outlines steps to secure a Linux server running Ubuntu, including changing passwords, updating the system, installing fail2ban to block login attempts, creating a user account with SSH key-based authentication only, setting up a firewall with ufw, enabling automatic security updates, and installing logwatch to monitor logs. Additional steps mentioned include configuring two-factor authentication for SSH, securing databases, blocking brute force attacks, auditing for rootkits, and preventing IP spoofing.
The document discusses elements of Linux security. It outlines threats like remote access attacks, local access attacks, and post-exploit activities. It also discusses countermeasures like minimizing exploit potential through patching and firewalls, minimizing post-exploit damage through privileges and capabilities, and maximizing discovery through auditing and monitoring. Security elements covered include authentication, access control, availability, integrity, and confidentiality.
Protecting Your Key Asset – Data Protection Best Practices V2.0 FinalVinod Kumar
The document discusses various data protection best practices, including using encryption techniques like Encrypting File System (EFS) and Windows Rights Management Services (RMS) to secure files and data on devices. It also covers database security practices like implementing proper permissions on SQL Server principals and securables. The key recommendations are to use all available security controls including technology, processes and people, practice defense in depth, and reduce potential vulnerabilities.
This document provides guidelines for securing host-based systems. It recommends installing and configuring a host-based firewall, keeping the operating system and applications patched, backing up the system regularly, monitoring logs, disabling unused services, using strong passwords, replacing insecure services with secure alternatives like SSH, and restricting access to services where possible. It then provides more detailed recommendations for securing Windows, UNIX, Linux, and RedHat Linux systems during installation and configuration.
This document provides an overview of Linux security and auditing. It discusses the history and architecture of Linux, important security concepts like physical security, operating system security, network security, file system security and user/group security. It also describes various Linux security tools that can be used for tasks like vulnerability scanning, auditing, intrusion detection and password cracking.
This document discusses basic Linux system security. It recommends securing physical access to machines, using the principle of least privilege by limiting accounts, ports, and applications. It also recommends strong passwords, closing unnecessary ports, encrypting network connections, keeping software updated, using intrusion detection, and advanced techniques like auditing OSes and using virtual machines.
Threats, Vulnerabilities & Security measures in LinuxAmitesh Bharti
This presentation is made for my college presentation of explaining "Threats, Vulnerabilities & Security measures in Linux' and also suggestion how you could enhance ur Linux OS security.
Mc Afee And Georgia State University Taking Aim At Network Intruders With I...Tammy Clark
The document discusses Georgia State University's implementation of McAfee Intrusion Prevention System (IPS) technology. It describes how GSU has deployed IntruShield appliances since 2004 to detect and block network intrusions. It also outlines how GSU leverages features like stateful firewalls, signature-based filtering, and blocking of peer-to-peer traffic. The presentation emphasizes lessons learned around customizing IPS policies for different university departments and applying signatures incrementally with change management practices.
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security OverviewShawn Wells
Co-presented with Matt Jamison (Sr Architect, DoD Programs) at the IBM Teach the Teacher (IBM T3) conference. Discussed SELinux, Policy Enforcement, Discretionary Access Control, Multi-Level Security vs Multi-Category Security, Role-Based Access Control, usage of SELinux, Linux Audit Subsystem, and host hardening procedures.
File System Implementation & Linux SecurityGeo Marian
This document discusses file system implementation and Linux security. It begins by describing how file systems are typically stored on disks with partitions and sectors. It then explains how files are created, opened, read, written to, and deleted in a file system. Two common allocation methods are also summarized - contiguous allocation and linked allocation. Finally, it outlines some common security threats like intruders, malicious programs, and generic attacks and how TCP wrappers can be used to filter network access on Linux servers.
This document discusses authentication, authorization, and accounting (AAA) security on Cisco devices. It provides an overview of authentication methods including password-only, local database, and remote access. It also covers the configuration of AAA features such as usernames, passwords, and authentication.
Feb. 9, 2010 ICACT 2010@Phoenix Park, Korea webhostingguy
The document discusses existing approaches to changing runtime privileges in shared server environments and proposes a new low-cost runtime-privilege changing system. It describes problems with sharing a web server and outlines the proposed system's design to change server processes' privileges on a per-request basis to address security issues. An evaluation shows the system incurs little performance overhead compared to vanilla Apache.
Windows 7 professional Vs Windows 7 enterprise247infotech
The document compares Windows 7 Pro and Windows 7 Enterprise, highlighting additional features in Windows 7 Enterprise such as BitLocker, BitLocker To Go, AppLocker, booting from VHDs, BranchCache, and DirectAccess. BitLocker provides full disk encryption while AppLocker allows restricting applications. Booting from VHDs enables testing configurations without affecting the main OS. BranchCache and DirectAccess improve remote access performance and security by caching content locally and enabling VPN-less internet access.
Operating system vulnerability and control أحلام انصارى
Vulnerabilities exist in operating systems like Linux, UNIX and Windows. A vulnerability is a weakness that allows an attacker to compromise a system's security. Vulnerabilities occur at the intersection of a system flaw, an attacker's access to the flaw, and their ability to exploit it. Common UNIX vulnerabilities include setuid problems, trojan horses and terminal troubles. Windows is vulnerable to password issues, peer-to-peer file sharing exploits, and Outlook/Outlook Express bugs. Linux has flaws like missing permission checks, uninitialized data, and memory mismanagement. Control is important for operating systems to balance robustness, predictability and efficiency. The trusted computing base (TCB) aims to enforce security by containing all elements
This document provides a checklist for hardening the security of Windows Server systems. It outlines best practices for organizational security, preparing, installing, and configuring Windows Server, as well as user account, network, registry, and general security settings. It also addresses audit policy, software security, and finalization steps like imaging servers. Implementing the guidelines can help reduce security vulnerabilities and the risk of attacks compromising critical systems and data.
The document discusses Windows 7 security features such as Action Center, improved User Account Control, BitLocker, BitLocker To Go, biometric security, and Internet Explorer 8. It notes Windows 7 is an incremental update to Vista that uses the same security technologies but with a simpler interface and performance enhancements. The document emphasizes the importance of securing Windows 7 systems, educating users, using features like BitLocker, patching, and antivirus as threats continue to evolve beyond any single platform.
The document provides an overview of IBM Informix database security from both an operating system and database perspective. It discusses how Informix uses OS authentication, permissions, and network security capabilities. On the database side, it describes how Informix implements discretionary access control using SQL GRANT/REVOKE statements and label-based access control using security policies and labels. The document also outlines the seven distinct security roles in Informix and how to separate them, and provides details on configuring and using the Informix auditing functionality.
Top 10 ways to make hackers excited: All about the shortcuts not worth takingPaula Januszkiewicz
This document contains summaries from a presentation on various cybersecurity topics:
1) Windows Firewall configuration is often misconfigured and does not provide detailed logging or filtering capabilities. Firewalls are best used to segment networks and control which processes can communicate internally or externally.
2) Password reuse is common, with variants of company names and numbers often used. Continuous security awareness is needed to mitigate weak passwords.
3) Privileged accounts and service accounts pose risks as their passwords are stored in the registry and accessible offline. User privileges can be higher than expected, allowing access to sensitive system hives.
4) Third-party security tools also contain weaknesses that must be understood to ensure effective security. Configuration management
This document provides installation instructions and configuration details for securing and optimizing a Linux server. It covers topics such as hardening installation, system security, firewall configuration, cryptography, monitoring, and various network services. The document contains over 1200 pages and is intended to guide readers through optimizing all aspects of Linux server security and performance.
SELinux provides mandatory access control on Linux systems to confine processes and restrict what they can do. It works by labeling system resources like files, processes, and ports with security contexts. When a process tries to access a resource, SELinux checks if the process's security context is allowed to access the target resource based on the SELinux policy. This provides finer-grained access control than traditional Linux discretionary access control based on users and groups. The security context includes the SELinux user, role, and type (domain) that together determine the process's permissions.
Neville Varnham discusses various cyber security threats related to PeopleSoft systems. He notes that ransomware schemes now allow technically illiterate criminals to conduct cyber attacks. Password cracking software can crack simple passwords in under a minute. The document also discusses a past university data breach involving PeopleSoft after a student was able to access a database with Social Security numbers. Varnham provides an overview of steps organizations can take to harden their PeopleSoft security, such as enabling encryption, implementing password policies, and ensuring proper logging and auditing.
Windows 7 provides enhanced security features for IT professionals to securely manage access and protect data and infrastructure. It includes a fundamentally secure platform with strengthened access controls and auditing. Windows 7 also enables securing access from any location through improved network security, protection of mobile devices, and direct secure access. Additional features protect users and infrastructure through application control and data recovery tools, as well as protecting data from unauthorized viewing using encryption and information rights management.
Server Hardening Primer - Eric Vanderburg - JURINNOVEric Vanderburg
The document discusses hardening servers and networks against attacks. It recommends disabling nonessential systems; hardening operating systems by applying updates, securing the file system, and hardening applications; and hardening servers like web, mail, FTP, DNS, NNTP, print/file, and DHCP servers. It also recommends hardening networks by properly configuring equipment like routers and firewalls to filter packets.
This document provides instructions for installing SilkMeter and obtaining a SilkTest license policy. It describes finding the host ID of the license server computer, using the online License Generator to generate a license policy, and installing SilkMeter along with the license policy file on the license server. Administrative privileges and specific system requirements are needed to install SilkMeter on the license server computer.
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015Jan Ketil Skanke
The document discusses several new security features in Windows 10 including Credential Guard, Microsoft Passport, Device Guard, Enterprise Data Protection, and Windows Hello. Credential Guard isolates credential material and passwords from malicious or compromised processes and apps. Microsoft Passport aims to create a world without passwords by utilizing familiar devices secured by hardware for user credentials. Device Guard uses virtualization-based security and Windows Defender to help protect systems from malware and zero-day attacks. Enterprise Data Protection separates and contains corporate data on devices to protect it wherever it resides. Windows Hello allows biometric and PIN sign-in for convenient and secure user authentication.
This document discusses cloud computing and security features of Microsoft Azure. It describes Azure's physical security measures, network security, platform integrity, data protection, and application security controls. Azure provides DDoS protection, storage redundancy, encryption, access controls, logging and more to help secure customer data and applications in the cloud. The trust center provides a single source of information about Azure's security, privacy and compliance.
Security is more critical than ever with new computing environments in the cloud and expanding access to the internet. There are a number of security protection mechanisms available for MongoDB to ensure you have a stable and secure architecture for your deployment. We'll walk through general security threats to databases and specifically how they can be mitigated for MongoDB deployments. Topics will include general security tools, how to configure those for MongoDB, and security features available in MongoDB such as LDAP, SSL, x.509 and Authentication.
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara
The document provides a step-by-step guide for securing a company's IT architecture. It outlines creating a network and system administration policy, mapping out the company's IT elements, and then securing each element. Key steps include applying security through obscurity, hardening operating systems and services, updating software, and implementing monitoring, backups, and disaster recovery policies. Specific recommendations are given for securing SSH, Postfix, NFS, Apache, and PHP.
Mc Afee And Georgia State University Taking Aim At Network Intruders With I...Tammy Clark
The document discusses Georgia State University's implementation of McAfee Intrusion Prevention System (IPS) technology. It describes how GSU has deployed IntruShield appliances since 2004 to detect and block network intrusions. It also outlines how GSU leverages features like stateful firewalls, signature-based filtering, and blocking of peer-to-peer traffic. The presentation emphasizes lessons learned around customizing IPS policies for different university departments and applying signatures incrementally with change management practices.
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security OverviewShawn Wells
Co-presented with Matt Jamison (Sr Architect, DoD Programs) at the IBM Teach the Teacher (IBM T3) conference. Discussed SELinux, Policy Enforcement, Discretionary Access Control, Multi-Level Security vs Multi-Category Security, Role-Based Access Control, usage of SELinux, Linux Audit Subsystem, and host hardening procedures.
File System Implementation & Linux SecurityGeo Marian
This document discusses file system implementation and Linux security. It begins by describing how file systems are typically stored on disks with partitions and sectors. It then explains how files are created, opened, read, written to, and deleted in a file system. Two common allocation methods are also summarized - contiguous allocation and linked allocation. Finally, it outlines some common security threats like intruders, malicious programs, and generic attacks and how TCP wrappers can be used to filter network access on Linux servers.
This document discusses authentication, authorization, and accounting (AAA) security on Cisco devices. It provides an overview of authentication methods including password-only, local database, and remote access. It also covers the configuration of AAA features such as usernames, passwords, and authentication.
Feb. 9, 2010 ICACT 2010@Phoenix Park, Korea webhostingguy
The document discusses existing approaches to changing runtime privileges in shared server environments and proposes a new low-cost runtime-privilege changing system. It describes problems with sharing a web server and outlines the proposed system's design to change server processes' privileges on a per-request basis to address security issues. An evaluation shows the system incurs little performance overhead compared to vanilla Apache.
Windows 7 professional Vs Windows 7 enterprise247infotech
The document compares Windows 7 Pro and Windows 7 Enterprise, highlighting additional features in Windows 7 Enterprise such as BitLocker, BitLocker To Go, AppLocker, booting from VHDs, BranchCache, and DirectAccess. BitLocker provides full disk encryption while AppLocker allows restricting applications. Booting from VHDs enables testing configurations without affecting the main OS. BranchCache and DirectAccess improve remote access performance and security by caching content locally and enabling VPN-less internet access.
Operating system vulnerability and control أحلام انصارى
Vulnerabilities exist in operating systems like Linux, UNIX and Windows. A vulnerability is a weakness that allows an attacker to compromise a system's security. Vulnerabilities occur at the intersection of a system flaw, an attacker's access to the flaw, and their ability to exploit it. Common UNIX vulnerabilities include setuid problems, trojan horses and terminal troubles. Windows is vulnerable to password issues, peer-to-peer file sharing exploits, and Outlook/Outlook Express bugs. Linux has flaws like missing permission checks, uninitialized data, and memory mismanagement. Control is important for operating systems to balance robustness, predictability and efficiency. The trusted computing base (TCB) aims to enforce security by containing all elements
This document provides a checklist for hardening the security of Windows Server systems. It outlines best practices for organizational security, preparing, installing, and configuring Windows Server, as well as user account, network, registry, and general security settings. It also addresses audit policy, software security, and finalization steps like imaging servers. Implementing the guidelines can help reduce security vulnerabilities and the risk of attacks compromising critical systems and data.
The document discusses Windows 7 security features such as Action Center, improved User Account Control, BitLocker, BitLocker To Go, biometric security, and Internet Explorer 8. It notes Windows 7 is an incremental update to Vista that uses the same security technologies but with a simpler interface and performance enhancements. The document emphasizes the importance of securing Windows 7 systems, educating users, using features like BitLocker, patching, and antivirus as threats continue to evolve beyond any single platform.
The document provides an overview of IBM Informix database security from both an operating system and database perspective. It discusses how Informix uses OS authentication, permissions, and network security capabilities. On the database side, it describes how Informix implements discretionary access control using SQL GRANT/REVOKE statements and label-based access control using security policies and labels. The document also outlines the seven distinct security roles in Informix and how to separate them, and provides details on configuring and using the Informix auditing functionality.
Top 10 ways to make hackers excited: All about the shortcuts not worth takingPaula Januszkiewicz
This document contains summaries from a presentation on various cybersecurity topics:
1) Windows Firewall configuration is often misconfigured and does not provide detailed logging or filtering capabilities. Firewalls are best used to segment networks and control which processes can communicate internally or externally.
2) Password reuse is common, with variants of company names and numbers often used. Continuous security awareness is needed to mitigate weak passwords.
3) Privileged accounts and service accounts pose risks as their passwords are stored in the registry and accessible offline. User privileges can be higher than expected, allowing access to sensitive system hives.
4) Third-party security tools also contain weaknesses that must be understood to ensure effective security. Configuration management
This document provides installation instructions and configuration details for securing and optimizing a Linux server. It covers topics such as hardening installation, system security, firewall configuration, cryptography, monitoring, and various network services. The document contains over 1200 pages and is intended to guide readers through optimizing all aspects of Linux server security and performance.
SELinux provides mandatory access control on Linux systems to confine processes and restrict what they can do. It works by labeling system resources like files, processes, and ports with security contexts. When a process tries to access a resource, SELinux checks if the process's security context is allowed to access the target resource based on the SELinux policy. This provides finer-grained access control than traditional Linux discretionary access control based on users and groups. The security context includes the SELinux user, role, and type (domain) that together determine the process's permissions.
Neville Varnham discusses various cyber security threats related to PeopleSoft systems. He notes that ransomware schemes now allow technically illiterate criminals to conduct cyber attacks. Password cracking software can crack simple passwords in under a minute. The document also discusses a past university data breach involving PeopleSoft after a student was able to access a database with Social Security numbers. Varnham provides an overview of steps organizations can take to harden their PeopleSoft security, such as enabling encryption, implementing password policies, and ensuring proper logging and auditing.
Windows 7 provides enhanced security features for IT professionals to securely manage access and protect data and infrastructure. It includes a fundamentally secure platform with strengthened access controls and auditing. Windows 7 also enables securing access from any location through improved network security, protection of mobile devices, and direct secure access. Additional features protect users and infrastructure through application control and data recovery tools, as well as protecting data from unauthorized viewing using encryption and information rights management.
Server Hardening Primer - Eric Vanderburg - JURINNOVEric Vanderburg
The document discusses hardening servers and networks against attacks. It recommends disabling nonessential systems; hardening operating systems by applying updates, securing the file system, and hardening applications; and hardening servers like web, mail, FTP, DNS, NNTP, print/file, and DHCP servers. It also recommends hardening networks by properly configuring equipment like routers and firewalls to filter packets.
This document provides instructions for installing SilkMeter and obtaining a SilkTest license policy. It describes finding the host ID of the license server computer, using the online License Generator to generate a license policy, and installing SilkMeter along with the license policy file on the license server. Administrative privileges and specific system requirements are needed to install SilkMeter on the license server computer.
Security @ Windows 10 Partner Technical Bootcamp Microsoft Norway October 2015Jan Ketil Skanke
The document discusses several new security features in Windows 10 including Credential Guard, Microsoft Passport, Device Guard, Enterprise Data Protection, and Windows Hello. Credential Guard isolates credential material and passwords from malicious or compromised processes and apps. Microsoft Passport aims to create a world without passwords by utilizing familiar devices secured by hardware for user credentials. Device Guard uses virtualization-based security and Windows Defender to help protect systems from malware and zero-day attacks. Enterprise Data Protection separates and contains corporate data on devices to protect it wherever it resides. Windows Hello allows biometric and PIN sign-in for convenient and secure user authentication.
This document discusses cloud computing and security features of Microsoft Azure. It describes Azure's physical security measures, network security, platform integrity, data protection, and application security controls. Azure provides DDoS protection, storage redundancy, encryption, access controls, logging and more to help secure customer data and applications in the cloud. The trust center provides a single source of information about Azure's security, privacy and compliance.
Security is more critical than ever with new computing environments in the cloud and expanding access to the internet. There are a number of security protection mechanisms available for MongoDB to ensure you have a stable and secure architecture for your deployment. We'll walk through general security threats to databases and specifically how they can be mitigated for MongoDB deployments. Topics will include general security tools, how to configure those for MongoDB, and security features available in MongoDB such as LDAP, SSL, x.509 and Authentication.
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara
The document provides a step-by-step guide for securing a company's IT architecture. It outlines creating a network and system administration policy, mapping out the company's IT elements, and then securing each element. Key steps include applying security through obscurity, hardening operating systems and services, updating software, and implementing monitoring, backups, and disaster recovery policies. Specific recommendations are given for securing SSH, Postfix, NFS, Apache, and PHP.
The document discusses various topics related to user security in Linux systems. It covers selecting strong passwords, managing passwords using tools like passwd and PAM, using utilities like sudo and vlock to control access, and seeing who is logged into the system. It emphasizes the importance of password security and provides tips for creating secure passwords.
1) The document discusses a presentation about implementing security best practices on Linux systems. It provides information about the speaker's background and qualifications in cybersecurity and Linux.
2) The presentation covers topics like cybersecurity principles, Linux security hardening techniques, and using the CIS benchmarks and CIS-CAT Lite tool to assess and improve the security of Ubuntu systems.
3) It encourages attendees to ask questions to learn more about securing Linux and have a chance to win prizes from the event sponsor, Biznet Gio.
The document discusses security concerns related to hacking Novell Netware networks. It covers common default accounts and passwords in Netware that can be exploited, such as the supervisor account. It also describes various password cracking and hacking tools that can be used to attack Netware systems, such as password crackers, and tools to access password files, spoof logs, and conduct denial of service attacks. Finally, it discusses recommended practices for hardening Netware server settings to help prevent attacks.
Tips to Remediate your Vulnerability Management ProgramBeyondTrust
In this presentation from her webinar, renowned cybersecurity expert Paula Januszkiewicz delves into what a truly holistic vulnerability management program should look like. When all parts are correctly established and working together, organizations can dramatically dial down their risk exposure. This presentation covers:
- The key phases and activities of the vulnerability management lifecycle
- The tools you need for an effective vulnerability management program
- How to prioritize your VM needs
- How an effective VM program can help you measurably reduce risk and meet compliance objectives
You can watch the full webinar here: https://www.beyondtrust.com/resources/webinar/tips-remediate-vulnerability-management-program
Study notes for CompTIA Certified Advanced Security PractitionerDavid Sweigert
The document provides information on various topics for the CompTIA CASP exam, including:
1. A virtual trusted platform module (vTPM) which provides secure storage and cryptographic functions to virtual machines similarly to a physical TPM chip.
2. SELinux, which added mandatory access control to the Linux kernel to require authorization for processes to access files.
3. A storage area network (SAN) that provides block-level access to consolidated storage over a dedicated network, rather than using a local area network.
4. Issues with using BitLocker to encrypt the drive of a computer with multiple operating systems installed, such as only being available on certain Windows versions and requiring recovery keys
We provide a comprehensive list of best practices for Azure security that can help users ensure the safety and protection of their cloud computing infrastructure. By following these guidelines, Microsoft Azure users can effectively safeguard their systems and data against potential security threats. These practices are essential for maintaining a secure environment and minimizing the risks associated with cloud computing.
This document discusses system security and password management. It describes how passwords authenticate users and determine their privileges. For example, in UNIX systems the password is encrypted using DES algorithm with a salt value to prevent duplicates. The document also discusses strategies for strong password selection, such as user education, computer-generated passwords, and reactive/proactive password checking. It provides guidelines for components of a good password. Additionally, it covers operating system hardening techniques like disabling unneeded services/accounts, updating software, and removing unneeded programs/utilities. Specific steps are outlined for securing Windows and UNIX systems.
Red Hat Enterprise Linux provides strong security features that align with the defense in depth philosophy. These include hardening the operating system, applying security patches, using SELinux for mandatory access control, and implementing strong authentication methods. Proper authorization and profiling of users is also important to only grant necessary privileges.
This document discusses the importance of patching databases to address security vulnerabilities. It notes that while patching does not guarantee security, it is a fundamental technique for addressing threats from known problems. The document advises tracking security bulletins from vendors to understand where your database environment may be vulnerable, as vendors do not always release patches for every issue. Patching can help reduce exposure to attacks during the inherent time delay between a vulnerability being discovered and patched. However, patching is difficult and testing/applying patches can also delay fixing issues.
The document discusses system security and provides seven common sense rules for security. It covers account security, file permissions, data encryption, single user security, dialup modems, security tools, and an overview of viruses, trojans, and worms. Monitoring logs, using security scanning tools, and educating yourself on security best practices are emphasized as important ways to help secure systems.
The document discusses system security and provides seven common sense rules for security. It covers account security, file permissions, data encryption, single user security, dialup modems, security tools, and an overview of viruses, trojans, and worms. Monitoring logs, using security scanning tools, and educating yourself on security best practices are emphasized as important ways to help secure systems.
Unleash the Power: How to Install Kali Linux With a TwistFredReynolds2
This is a comprehensive installation guide for Kali Linux, in which we will cover fundamental and essential topics such as What Linux is, What Kali Linux is, Need for Kali Linux, and How to Install Kali Linux.
Network security consists of provisions and policies to prevent unauthorized access to computer networks and resources. It involves controlling access to data on a network through authorization. Network security covers both public and private networks used for business, government, and personal communications and transactions. It aims to protect vital information while allowing authorized access, and to provide authentication, access control, and availability of resources. Common methods for securing networks include identification and authentication of users, access control policies, encryption of data at rest and in transit, and securing wireless networks.
This module discusses securing Windows servers using Group Policy Objects. It covers configuring security settings like templates, user rights, options and auditing. It also discusses restricting software using AppLocker and configuring the Windows Firewall. The lessons include demonstrations and labs on implementing these security configurations and restrictions.
Similar to HCLOS.Reduce to 600 dpi average quality (20)
1. Building a Hardened Customised Linux Operating System
Presented by : Vinayak Wadhwa
M.Tech. IS ( 4th Semester )
01310100814
Thesis Presentation
Ambedkar Institute of Advanced Communication
Technologies and Research
Geeta Colony, Delhi-110031
Mentor: Mrs. Bhar7 Nagpal
Assistant Professor
AIACTR
2. About ME
Hello , this is Mr. Vinayak Wadhwa, M.Tech , AIACT&R
Today I will be presenting my research work on hardening and building a custom Linux based Operating
System. For what Linux offers is flexibility and is totally dependent on the user to configure and create a secure
environment to work on. Thus it creates a necessity for a normal student/user to know how to configure security
in Linux. My researched aimed at development of such an Operating System that is pre configured and pre
patched for all the known and future threats to Linux Operating Systems. This OS is named ‘HCLOS’. It is
currently in testing phase.
Vinayak Wadhwa, Research Student
5. Principles of HCLOS Security
KNOW YOUR ENEMIES
PROTECTION IS KEY, DETECTION IS MUST
DEFENCE IN DEPTH
PRINCIPLE OF LEAST PRIVILEGE
Know YOUR SYSTEM
DEFENCE IN DEPTH
7. 2011
Linux kernel
vulnerabilities: State-of-
the-art defenses and open
problems. In. Proceedings of
the Second Asia-Pacific
Workshop on Systems. ACM
2013
Advanced Linux Security,
In. American Journal of
Engineering Research (AJER)
2014
Overview of Linux
Vulnerabilities. In 2nd
International Conference on
Soft Computing in Information
Communication Technology.
Atlantis Press
2011
Faults in Linux: Ten years
later. In Proc. Int’l Conf.
Architectural Support for
Programming Languages and
Operating Systems (ASPLOS),
pages 305–318. ACM Press
2013
25 Years of Vulnerabilities:
1988-2012, Sourcefire Crop,
2013.
LITERATURE SURVEY
2011
2011
2013
2013
2014
9. Red Hat Suse Gentoo Ubuntu Mac OSX Windows XP Chrome
Linux Kernel Internet explorer Firefox
SOME IMPORTANT FACTS
Vulnerabilities in Linux Distributions Top Vulnerabilities Classified in [5]
11. HCLOS DEVELOPMENT FLOWCHART
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nunc bibendum eleifend tortor, non porta justo gravida posuere.
12. Security Checklist
This checklist will be our problem formulation, and will be used to validate our implementation
S. No. Security Classifications Short Description Tick
1 Boot Loader Security Additional layer of security for
bootloader access, secure
configuration of boot files, etc.
2 Kernel Security Configure Kernel Compile time
parameters for security.
3 Password Security and Encryption Ensuring Password strength,
Password Policies, Pluggable
USB Authentication, Restrict
old or empty passwords, etc.
4 File System Security Limiting filesystem, UMask
configuration, Administer
filesystem, minimization of
packages, etc.
5 Network Security Packet sniffers, Iptable
firewalling, Anti port scanning
and maintaining anonymity.
6 Security Preparedness D a t a B a c k u p s , B a c k u p
encryption, Log monitoring
tools etc.
7 Intrusion Detection Auditd and NIDS etc.
8 Cryptovirus Protection Crypdef service.
9 Other Necessary Security Elements SeLinux Patches, Truecrypt,
Nmap etc tools etc.
14. Hardening of Custom Linux Distribution
Following eight Elements of security were implemented thoroughly in HCLOS.
Additional Layer of Security
Secure Boot Configuration
Physical Security
BOOTLOADER SECURITY
Packet Sniffers
TCP Wrapper
Network Parameters
Limiting System Services
IP Tables
Network Scanners
Anti Port Scanners
Anonymous Browsing
NETWORK SECURITY
Kernel Compilation Options
KERNEL SECURITY
Full Data Backup
Disable USB Detection
Backup Encryption
Logspot Tool
SECUIRTY PREPAREDNESS
Password Policies
Password Strength
Password Logging
Indirect Root Login
PAM USB
Restrict Old Passwords
Restrict Empty Passwords
PASSWORD SECURITY
List all current listening ports
List all current services
Turn off dangerous Network Services
Check users with Empty Passwords
HCLOSADMIN
Limiting Filesystem
hclosADMTracker
umask Configuration
Integrity checking
Minimisation of Packages
Configure /Boot
FILE SYSTEM SECURITY
Anti - Cryptovirus shell scripts
CRYPDEF
15. BOOTLOADER SECURITY
Exploits Faced:
• Init = /bin/bash Vulnerability
• Recovery CD Bypass
• Hardware Bypass
1.Additional Layer of Security
2. Secure Boot Configuration
3. Physical security Recommended.
For This, BIOS settings are configured to
set Main hard disk as only booting option.
This is recommended as Security is
incomplete with physical security
hence alarms/tripwires need to be
implemented.
A SHA 512 Password is generated, and configured as entry
level access control to Bootloader. Thus ensuring no
unauthorised personnel can bypass HCLOS Login.
16. KERNEL SECURITY
While Kernel Compilation, there are certain Options that are Otherwise ignored, that I configured in HCLOS
1. Enables security options:
[*] Enable different security models
[*] Default Linux Capabilities
2. Now Following Options were also configured :
• Network Firewalls (CONFIG_FIREWALL)
This option should be on if you intend to run any firewalling or masquerading on your Linux machine. In HCLOS its configured to be on.
• IP: syn cookies (CONFIG_SYN_COOKIES)
a "SYN Attack" is a denial of service (DoS) attack that consumes all the resources on your machine, forcing you to reboot. I can't think of a reason you wouldn't
normally enable this.
• IP: firewall packet logging (CONFIG_IP_FIREWALL_VERBOSE)
This option gives you information about packets your firewall received, like sender, recipient, port, etc.
• IP: Drop source routed frames (CONFIG_IP_NOSR)
This option should be enabled. Source routed frames contain the entire path to their destination inside of the packet. This means that routers through which the packet
goes do not need to inspect it, and just forward it on. This could lead to data entering your system that may be a potential exploit.
• Packet Signatures (CONFIG_NCPFS_PACKET_SIGNING)
This is an option that is available in the HCLOS that will sign NCP packets for stronger security.
18. 1. Strong Password Policies
Strong Password Policies are framed for our custom linux distribution keeping in mind following parameters:
Number of days a password
is valid
Validity
Minimum Number of days
between change of
Password.
LIFE
Number of days before
expiry warning is showed
EXPIRY WARNING
BEFORE
AFTER
HCLOS
19. 2. PASSWORD STRENGTH
To increase strength of password default configuration is altered, so that only a highly secure password is accepted by user.
Only 3 attempts are
allowed
Limiting Attempts
Minimum length of
password is 8 characters
Minimum length
Old and New password
must differ by three
characters
Different passwords
BEFORE
AFTER
Mandatory Characters
There must be one
uppercase, one lowercase,
one non-alphanumeric/
special, and one numerical
character.
HCLOS
20. 3. PASSWORD LOGGING
Maintenance of Audit Trails and all necessary changes to passwords are logged in HCLOS
Only 3 attempts are
allowed
CREATION OF LOG FILE
Minimum length of
password is 8 characters
LINKING PAM TO LOG.
Log File
Creation
Log
Config.
HCLOS
21. 4. INDIRECT ROOT LOGIN
Disabling direct root login enables better tracking of any privilege escalation scenario
Only 3 attempts are
allowed
CONFIGURE ALL PAM FILES
Minimum length of
password is 8 characters
MARKING SECURETTY NULL
2. Append logging parameters in /etc/pam.d file.
Fig, 13. – Modification of PAM for password logging.
3.2.5.3.4 Indirect root Login
Disallowing Direct root login enables audit trails so as to know which local user gained
privileges and hence is very useful in tracking. Also we don’t want any intruder to
directly gain privileges from an unprivileged account. Thus to insure only local users
can gain privileges I have done the following
1. Ensure all the PAM configuration files, even the ones used for display manager
have the following command in their configuration file. Examples of such files are
/etc/pam.d/login.defs , /etc/pam.d/gdm-password.
Command:
# auth required /lib/security/pam_securetty.so
2. Now I will specify that that no device is authenticated for root login by making
‘securrety’ null.
Command:
#echo "null" > /etc/securetty
3.2.5.3.5 Pluggable Authentication Module USB
Linux Distributions ship with a unified authentication mechanism known as
‘Pluggable Authentication Module’. This module helps in configuring Authentication
methods and criteria. One more enhancement to securing the system is by introducing
a second factor to authentication using this module.
Passwords lie under category of ‘Something you know’, linking it with ‘some-
thing you possess’ can increase factors to authentication. This possession can be any
physical device that has a unique identifier attached to it. For such purpose PAM device
is being configured. It is a USB device, distributed along with the HCLOS, it serves as
a primary authentication device to login to the system or gain super user privileges. To
setup this two factor authentication, follow these steps:
1. Installation of PAM modules
22. 5. PLUGGABLE AUTHENTICATION MODULE USB
This will add another layer of security by requiring a smart token authentication to login to OS or for gaining privilege
Device are registered first
based on their UUID and
Serial Numbers
CreatING Device
Users are registered for
particular device
REGISTERING USERS
PAM USB configured to
system with ‘required’
privileges, making it
necessary to have device
and password both for
authentication
CONFIGURING PAM INTO SYSTEM
With USB
Without
USB
23. 6. Restricting EMPTY PASSWORDS
EMPTY password are clue towards an unauthorised access to the system. So in HCLOS they are restricted
This is a tool made specially
for HCLOS, that helps the
user/consumer to monitor
their system. one of its
option is to check and
remove all accounts with
empty passwords.
HCLOSADMTRACKER
24. FILESYSTEM SECURITY
Needs to be Addressed:
• Review Trojan horses
• Review Unowned files
• Review SUID/SGID processes
• Integrity checking
• Protection of Important
• directories
• Configuring umask.1.Limiting File System
2.hclosAdmTracker - HCLOS Admin tool
3.umask Configuration
4.Integrity checking ( checks integrity of files )
5.Minimisation of Packages ( reduce no. of modules)
6.Configuration of /boot ( make it read only )
25. 1. Limiting FILEsystem
Limiting the number of processes per user can be useful for giving users only required rights over processing.
New users are prohibited
creation of core files,
number of processes are
limited to 40 and memory to
4mb per user.
Resource Limitation
3.2.5.4 File System Security
Preparation before and attack is a must and securing File system guarantees that attacker does
not get a chance to exploit any vulnerable loophole in the system. Correctly configured access
control and properly managed admin logs can evade any attacker. What we have to address to
while securing the file system:
1. Review if any Trojan Horses are installed
2. Review if any Unowned files exist
3. Review if any .rhosts are there
4. Review for SUID and SGID processes running
5. Integrity checking of important binaries.
6. Protect Start up Files, Audit Trails and Security Logs.
7. Configuration of Default Protection for new file creation
Keeping in mind above mentioned problems, following features were implemented in HCLOS:
3.2.5.4.1 Limiting File System
By Limiting filesystem I mean, limiting number of open files and processes for a user.
Default value is unlimited. This can be configured for single users or group. This is done
by using the resource−limits PAM module and/etc/pam.d/limits.conf. A Sample configu-
ration is
@commonusers hard core 0
@commonusers hard nproc 40
@commonusers hard rss 4000
This says to prohibit the creation of core files, restrict the number of processes to 40, and
restrict memory usage per user to 4Mb.
3.2.5.4.2 hclosAdmTracker – HCLOS tool
One potential way for a user to escalate privileges on a system is to exploit a vulnerability
in an SUID or SGID program. SUID and SGID are legitimately used when programs need
special permissions above and beyond those that are available to the user who is running
them. Therefore, these programs should be monitored and any suspicious program must be
revoked of privileges.
Another executable that can be vulnerable are world writable files, these files have all per-
missions to all users, hence anybody can read, modify, execute such files. Moreover, world
writable directories allow anyone to add or delete files in them. Attackers can take ad-
vantage of such directories. Hence they also need to be monitored.
There may be certain files in your system that are unowned. These files may indicate sus-
picious activity as they do not belong to any user, and possibly are created from an un-
privileged user.
26. 2. HCLOSADMTRACKER
This is an all in one tool for monitoring various files that are necessary for security
This is a tool made specially
for HCLOS, that helps the
user/consumer to monitor
their system. SGID/SUID files,
unowned files, .rhost files
can be tracked. More
options to check for empty
passwords, listening ports is
also present.
HCLOSADMTRACKER
27. 3. UMASK Configuration
Umask tell the default permissions for a new file.
077, is the default
configured umask in HCLOS
Default ROOT UMASK
New files are given 644
permissions because of
above umask.
RESULTING NEW FILE UMASK
29. 1. Avoiding Packet Sniffers
Avoiding Sniffers can be effective even if the system is compromised as crucial information is still hidden
To avoid these sniffers
secure shel is used for
encryption of passwords.
SSH v2 is used
Default port is changed
Root access s disallowed
after configuration
SSH
30. 2. TCPWRAPPERS AcCess control
Access control can be achieved with help of TCP Wrappers.
It disables access to
services that are TCP
Wrapper aware or use
tcpd.
TCP Wrappers
31. 3. NETWORK PARAMETERS
This helps in configuring
net.ipv4.tcp_max_syn_backlog
= 4096
This will handle sun packets
better by clearing extraneous
packets.
Handling SYN FLOOD
32. 4. Limiting Network Services
This helps in configuring Vulnerable network services
T h i s h e l p s i n l i m i t i n g
dangerous network services
t h a t a u t h e n t i c a t e w i t h
passwords sent in clear text.
More over NFS will be
terminated by this
HCLOSADMINTRACKER Tools
33. 5. IPTABLES - FIREWALLS
Pre Configured Ip Tables enable better packet handling and intrusion prevention, its implemented in HCLOS
This is necessary to avoid
locking out.
ALLOW SSH PACKETS
Flagless TCP packets are
dropped.
DROP ALL TCP PACKETS
Limit connections for new
traffic , enabling protection
against DOS Attacks.
LIMIT NEW TRAFFIC
REJECT SYN FLOOD
Limit burst of new SYN
forged packets
ALL flag set - TCP packets
are dropped.
REJECT ALL XMAS PACKETS
ICMP bursts are limited.
LIMIT SMURF PACKETS
Logging of all dropped
packets
LOG EVERYTHING
34. EXAMPLE OF IPTABLE rule in HCLOS
This rule blocks all NEW traffic on port 80 to prevent Denial of Service Attacks
# sudo iptables -A INPUT -p tcp --dport 80 -m state --state NEW
-m limit --limit 50/minute --limit-burst 200 -j ACCEPT
Lets break that rule down into intelligible chunks.
-p tcp --dport 80 => Specifies traffic on port 80 (Normally
Apache, but as you can see here I am using nginx).
-m state NEW => This rule applies to NEW connections.
-m limit --limit 50/minute --limit-burst 200 -j ACCEPT
=>This is the essence of
preventing DOS.In a nutshell 200 new connections (packets
really) are allowed before the limit of 50 NEW connections
(packets) per minute is applied.
35. 6. NETWORK VULNERABILITY SCANNERS
These scanning tools are pre installed in HCLOS for referencing
it is Open source, it checks
whole system for
vulnerabilities.
NIKTO
It helps in validation of SQL
injection, XSS, etc.
VEGA
36. 7. PORT SCAN ACTIVE DETECTION
This module is a behavioural IDPS, which creates IPTable rules automatically by observing traffic.
Danger levels are
configured for monitoring
burst of packets, according
to which particular IPs are
blocked. This detects
rigorous NMAP scans and
Blacklists that IP.
PSAD
37. 8. Anonymous Browsing
For this purpose onion browsing protocol is used and TOR is pre implemented and configured in HCLOS
This peer to peer
anonymous network,
provide a sufficient secure
communication path and
avoids direct linkage with
any server.
ONION BROWSING
39. 1. BACKUP ENCRYPTION
Backing up and encrypting the backup is pretty easy in HCLOS as custom commands are built.
RSA keys are generated
from OpenSSL.
Generation of RSA key pair
Encryption commands
backs up home directory
and encrypts it.
ENCRYPTION SCRIPT
This decrypts the home
directory and replaces
original one when required.
DECRYPTION SCRIPT
Encryption
Script
Decryption
Script
40. 2. LOGSPOT TOOL
This tool is one stop for all logs to be monitored. User can easily manage their logs here
All logs are aggregated as
viewable in the diagram in
this tool.
LOGSPOT
43. Security Checklist EVALUATION
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nunc bibendum eleifend tortor, non porta justo gravida posuere.
S. No. Security Classifications Short Description Tick
1 Boot Loader Security Additional layer of security for
bootloader access, secure
configuration of boot files, etc.
DONE
2 Kernel Security Configure Kernel Compile time
parameters for security.
DONE
3 Password Security and Encryption Ensuring Password strength,
Password Policies, Pluggable
USB Authentication, Restrict
old or empty passwords, etc.
DONE
4 File System Security Limiting filesystem, UMask
configuration, Administer
filesystem, minimization of
packages, etc.
DONE
5 Network Security Packet sniffers, Iptable
firewalling, Anti port scanning
and maintaining anonymity.
DONE
6 Security Preparedness D a t a B a c k u p s , B a c k u p
encryption, Log monitoring
tools etc.
DONE
7 Intrusion Detection Auditd and NIDS etc. DONE
8 Cryptovirus Protection Crypdef service. DONE
9 Other Necessary Security Elements SeLinux Patches, Truecrypt,
Nmap etc tools etc.
DONE
44. NETWORK SCANNING
S. No. Machine Name DHCP Address
1 Ubuntu 16.04 LTS 192.168.1.38
2 Mac OSX El Capitan v10.11 192.168.1.36
3 Windows 10 192.168.1.41
4 HCLOS 192.168.1.40
Original Fingerprint Original system Identification by
Network
Mapper
Match Percentage
Ubuntu Linux 2.6.17 100%
Windows 10 Microsoft Windows 8 93%
Mac OSX Apple OSX 10.7-10 100%
HCLOS Not identified 0%
Detected Fingerprint Match Ratio
NMAP
These are the Network Mapper results, were obtained by doing an intensive scan with OS detection. HCLOS was
not guessed by NMAP.
45. NETWORK SCANNING
IPTables before Attack IPTables after Attack
These results shows PSAD in Action and active blocking of Malicious IP
46. AUDITINGTable below gives the summary of audit reports:
Table. 3. – Comparison of Lynis Audit Report summary for HCLOS and Ubuntu
Audit Category Ubuntu 16.04
Hardening Index
HCLOS
Hardening Index
Index No. of Tests Index No. of Tests
Accounting 6 14 94 18
Authentication 10 32 92 33
File Permissions 3 10 97 11
Logging 12 25 97 26
Kernel Hardening 26 11 78 12
Firewalling 15 14 95 11
Networking 1 19 95 20
Hardening 1 13 90 14
Average: 9.25%, Total tests = 138 92.25 %, Total tests = 145
This is represented graphically also as:
Comparison of Hardening between
HCLOS and Ubuntu with Lynis Auditing
Index
This Table shows the No. of Auditing tests performed and their index per category between HCLOS and Ubuntu
47. AUDITING
The result is presented graphically here :
T h i s c o n c l u d e s t h a t t h e r e i s
approximately 83% difference in the
hardening of both the systems proving
that our HCLOS is far better secure than
a normal Ubuntu distribution
48. DENIAL OF SERVICE ATTACK
58
To test and verify network hardening in HCLOS, we will use apache benchmarking tool.
‘ab’ is a tool for benchmarking your Apache Hypertext Transfer Protocol (HTTP) server. It is
designed to give you an impression of how your current Apache installation performs. This
especially shows you how many requests per second your Apache installation is capable of
serving. Whereas DOS attack tool performs Denial of Service attack by forging packets and
continuously bombarding on the specified host. Results are shared as follows:
1. Apache Benchmark Test:
First case – without any rules (like stock Ubuntu )
#ab -n 100 -c 10 http://hclos_machine_server/
This is ApacheBench, Version 2.3 <$Revision: 655654
$>
Copyright 1996 Adam Twiss, Zeus Technology Ltd,
http://www.zeustech.net/
Licensed to The Apache Software Foundation,
http://www.apache.org/
Benchmarking hclos_machine_server (be pa
tient).....done
connection Times (ms)
min mean [+/-sd] median max
Connect: 122 129 2.2 128 134
Processing: 1151 1182 19.1 1177 1260
Waiting: 125 132 8.2 128 170
Total: 1280 1310 19.3 1305 1390
Percentage of the requests served within a certain
time (ms)
50% 1305
66% 1313
75% 1316
80% 1321
90% 1328
95% 1354
98% 1386
99% 1390
100% 1390 (longest request)
Results:
Requests per second: 7.59 [#/sec]
Total time for requests: 13 seconds
(Data) Transfer rate: 444.98 [Kbytes/sec]
Apache Benchmark Results
Second case – with Iptables rules implemented.
Benchmarking hclos_machine_server.com (be patient)
...
apr_poll: The timeout specified has expired (70007)
Total of 99 requests completed
Thus it proves that a minor DOS simulation from apache benchmark was detected and stopped
at HCLOS server end.
4.2.4 Cryptoviral Extortion Attack
This Attack is mitigated by using a custom detection and removal script particularly written
for Linux Encoder. Currently detection of Zepto and Locky based viruses are also supported.
It is a benchmarking framework i used
to bombard packets on to our server HCLOS
We received timeout message on out System
49. CRYPTOVIRAL EXTORTION ATTACK
We used Zepto and Locky samples to attack the system
and were able to detect and mitigate attacks
50. LOGIN BYPASS ATTACK
Trying to bypass Login with Init=/
bin/bash vulnerability failed as
additional password was required in
HCLOS
However in Ubuntu I succeeded.
51. COMPARITVE
ANALYSIS
This Table shows a
Comparative analysis
between the top ten
most used
Operating Systems
in market with our
Hardened Customized
Linux Operating System
(HCLOS)
53. ReFERENCES
[1] Chen,Haogang,et al., Linux kernel vulnerabilities: State-of-the-art defenses and open problems. Proceedings of the Second
Asia-Pacific Workshop on Systems. ACM, 2011.
[2] N. Palix, G. Thomas, S. Saha, C. Calvès, J. Lawall, and G. Muller. Faults in Linux: Ten years later. In Proc. Int’l Conf.
Architectural Support for Programming Languages and Operating Systems (ASPLOS), pages 305–318. ACM Press, 2011.
[3] Nimbalkar R,Patel P,Meshram. Advanced Linux Security, American Journal of Engineering Research (AJER),2013.
[4] Younan Y. 25 Years of Vulnerabilities: 1988-2012[J], Sourcefire Crop,2013.
[5] S. Niu, J. Mo, Z. Zhang, and Z. Lv. Overview of Linux Vulnerabilities. In 2nd International Conference on Soft Computing
in Information Communication Technology. Atlantis Press, May 2014.
[6] P. E. McKenney and J. Walpole. Introducing technology into the Linux kernel: a case study. ACM SIGOPS Operating
Systems Review, 42(5):4– 17, 2008.
[7] N. Elhage. CVE-2010-4258: Turning denial-of-service into privilege escalation. http://blog.nelhage.com/2010/ 12/
cve-2010-4258-from-dos-to-privesc/, 2010.
[8] S. A. Mokhov, M.-A. Laverdiere, and D. Benredjem. Taxon- omy of Linux kernel vulnerability solutions. Innovative Tech-
niques in Instruction Technology, E-learning, E-assessment, and Education, 2008.
[9] Cisco 2014 Annual security report[J], Cisco, 2014.
[10] Linux. http://en.wikipedia.org/wiki/Linux.
[11] Lyon, Gordon Fyodor. Nmap network scanning: The official Nmap project guide to network discovery and security
scanning. Insecure, 2009.
[12] Jung, Sung-Jae, and Kyung Sung. "A Study on the Iptables Ruleset Against DoS Attacks." The Journal of Advanced
Navigation Technology 19.3 (2015): 257-263.
[13] Lynis auditing framework , https://cisofy.com/lynis/
[14] Nmap Network Mapper , https://nmap.org/
[15] Wadhwa V., Nagpal B.: Chapter 34. Cryptoviral Extortion: Evolution, Scenarios and Analysis , In: Proceedings of the
International Conference on Signal, Networks, Computing, and Systems: Volume 2, Springer India, 2016
[16] Linux Security checklist, SANS Institute; https://www.sans.org/media/score/checklists/linuxchecklist.pdf