Host security measures aim to comprehensively protect individual hosts through host-centric approaches tailored to the host's architecture and configuration. This involves securing configurations, access controls, permissions and services on Unix-like systems. Common weaknesses include password issues, exploitable services and improper permissions. Unix uses users, groups and world permissions on files and directories to control access. Proper configuration of these permissions and use of setuid programs is important for security. The Unix password system has evolved from storing passwords in plaintext to using shadow files and stronger encryption.
Basic of and Unix and Command. More presentation you can find on www.scmGalaxy.com.
scmGalaxy.com is dedicated to software configuration, build and Release management. This covers CVS, VSS (Visual Source Safe),Perforce, SVN(Subversion) MKS Integrity, ClearCase,TFS,CM Synergy, Best Practices ,AnthillPro, Apache Ant, Maven, Bamboo, Cruise Control and many more tools.
Basic of and Unix and Command. More presentation you can find on www.scmGalaxy.com.
scmGalaxy.com is dedicated to software configuration, build and Release management. This covers CVS, VSS (Visual Source Safe),Perforce, SVN(Subversion) MKS Integrity, ClearCase,TFS,CM Synergy, Best Practices ,AnthillPro, Apache Ant, Maven, Bamboo, Cruise Control and many more tools.
LInux: Basics & File System:The Unix operating system was conceived and implemented in 1969 at AT&T's Bell Laboratories in the United States by Ken Thompson, Dennis Ritchie, Douglas McIlroy, and Joe Ossanna. First released in 1971, Unix was written entirely in assembly language, as was common practice at the time. Later, in a key pioneering approach in 1973, it was rewritten in the C programming language by Dennis Ritchie (with exceptions to the kernel and I/O). The availability of a high-level language implementation of Unix made its porting to different computer platforms easier.
This ppt contains basic commands of UNIX operating system. This ppt is prepared by Dr. Rajiv Srivastava who is a director of SIRT, Bhopal which is a Best Engineering College in Central. India
This presentation examines the way files are stored in Linux following the File System Hierarchy. It also addresses the recent proposals by Fedora to change this to merge bin directories.
Most file systems have methods to assign permissions or access rights to specific users and groups of users.
These system control the ability of the users to view, change, navigate, and execute the contents of the file system.
Permissions on the linux- systems are managed in three distinct scopes or classes. Theses scopes are known as users, groups or others.
Uneori vrem sa aflam mai mult despre lumea in care traim sau cautam o informatie precisa, orice informatie de care ai nevoie o gasesti pe portalul de stiri stirila.com
Data Protection in the Age of BYOD and Social Media by Vicki Bowles (Barrister)Brian Miller, Solicitor
In this brief Part 2 introduction to all things data protection, Vicki Bowles looks at issues such as disclosure, BYOD (Bring Your Own Device) and the impact of social media.
LInux: Basics & File System:The Unix operating system was conceived and implemented in 1969 at AT&T's Bell Laboratories in the United States by Ken Thompson, Dennis Ritchie, Douglas McIlroy, and Joe Ossanna. First released in 1971, Unix was written entirely in assembly language, as was common practice at the time. Later, in a key pioneering approach in 1973, it was rewritten in the C programming language by Dennis Ritchie (with exceptions to the kernel and I/O). The availability of a high-level language implementation of Unix made its porting to different computer platforms easier.
This ppt contains basic commands of UNIX operating system. This ppt is prepared by Dr. Rajiv Srivastava who is a director of SIRT, Bhopal which is a Best Engineering College in Central. India
This presentation examines the way files are stored in Linux following the File System Hierarchy. It also addresses the recent proposals by Fedora to change this to merge bin directories.
Most file systems have methods to assign permissions or access rights to specific users and groups of users.
These system control the ability of the users to view, change, navigate, and execute the contents of the file system.
Permissions on the linux- systems are managed in three distinct scopes or classes. Theses scopes are known as users, groups or others.
Uneori vrem sa aflam mai mult despre lumea in care traim sau cautam o informatie precisa, orice informatie de care ai nevoie o gasesti pe portalul de stiri stirila.com
Data Protection in the Age of BYOD and Social Media by Vicki Bowles (Barrister)Brian Miller, Solicitor
In this brief Part 2 introduction to all things data protection, Vicki Bowles looks at issues such as disclosure, BYOD (Bring Your Own Device) and the impact of social media.
An Introduction to Intellectual Property by Brian Miller, Trademark Lawyer an...Brian Miller, Solicitor
A whistlestop tour to protecting your brand and intellectual property by registration of trademarks, design rights and domain names and the consequences of not doing so. Includes guidance on how to deal with cybersquatters, copyright and its exceptions, how to register trade marks, design rights and patents, use of databases and website compliance.
Brian Miller, solicitor and partner at Stone King LLP takes you through from scratch how to create your profile (see separate video presentation entitled 'Creating Your LinkedIn Profile'*) and network successfully on social media network, LinkedIn.
Feel free to download to receive all of the notes to the presentation.
* on YouTube at http://youtu.be/AIBc9pogk2M
Protecting your IP and Data Trustee Responsibilities by Brian Miller (Solici...Brian Miller, Solicitor
From Ethics to Fraud. These slides focus on concerns about internet fraud and data protection faced by charities and other not-for-profit organisations. Session 2 of the 23rd Catholic Charity Conference. Chair - Richard Maitland, Sarasins, Melanie Roberts.Sarasins, Brian Miller, Stone King and Vicky Bowles, Stone King.
Are you concerned about whether your use of CCTV, whether in the classroom or workplace, is legal? Do you know what information people are legally entitled to request, if you use it? Kate Grimley Evans, solicitor at Stone King LLP, takes you through the basics of how to use CCTV legally and where to look for further advice.
Brian Miller, solicitor and partner at Stone King LLP and Lauren Mitchum, trainee solicitor, provide a useful guide to ensuring your website is compliant with the law in all aspects, including advice on domain names, website content, disability discrimination, online terms, display of mandatory information, the impact of the Consumer Contracts Regulations, privacy policies and cookies, online advertising and the processing of payments
Have you lost control of your brand since the arrival of social media? Are people abusing your good name? Is all lost or is there still a way to protect a brand's reputation? Brian Miller of solicitors Stone King takes a look at some of the ways you can effectively stop others from damaging your name and goodwill on social media.
What All Organisations Need to Know About Data Protection and Cloud Computing...Brian Miller, Solicitor
Solicitor Brian Miller and barrister Vicki Bowles explore the legal and security aspects of data protection and putting your data in the cloud. This is part one (basic) of a two part course on data protection and cloud computing.
Brian Miller, a solicitor and partner at Stone King LLP, goes through the new changes in the law as of 1 October 2015 which all businesses and organisations who deal with consumers need to know to ensure they are legally compliant.
How to Prevent Your Organisation’s IP from Being Stolen by Brian Miller Solic...Brian Miller, Solicitor
A whistle stop tour on copyright, trade marks, design rights, patents, website compliance, data security and putting your data in the cloud, presented by IP lawyer Brian Miller, Solicitor.
Social Media and Your Staff by Brian Miller and Jean Boyle, solicitors at Sto...Brian Miller, Solicitor
Brian Miller and Jean Boyle, solicitors at Stone King take you through the legal implication of using social media and how to ensure your staff are aware of the consequences of using it in your organisation.
In February, 2016 I had the privilege of working with employees of STARR Computers on a course to orient them to Linux. The course was delivered over a series of 90-120 minute sessions. It was designed so that
This is a compilation of the slides which were used. There were some other resources which were shared. There were practice exercises which were designed to reinforce some concepts.
Check http://churchroadman.blogspot.com/2016/04/basic-orientation-to-linux-course.html for some other details.
This presentation is completely designed for Industrial Training Presentation only that is needed by the Student in order to submit in the colleges. It contain Linux Introduction, Servers and Services, File System and many more about Linux
Basics of Linux Commands, Git and GithubDevang Garach
Teachers Day 2020 - Basics of Linux Commands, Git and Github
History of Linux? (Fast Forward)
Brief overview of Linux OS files/ folders system
Basics Commands on Linux (Useful in daily routine)
What is Git? How to use?
Difference between Git and GitHub
How can we host HTML based website,
and to get github.io domain, Free of cost ₹ 0/-
Linux administration classes in mumbai
best Linux administration classes in mumbai with job assistance.
our features are:
expert guidance by it industry professionals
lowest fees of 5000
practical exposure to handle projects
well equiped lab
after course resume writing guidance
What is Linux?
Command-line Interface, Shell & BASH
Popular commands
File Permissions and Owners
Installing programs
Piping and Scripting
Variables
Common applications in bioinformatics
Conclusion
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
2. Host security measures
Host-centric:
Tailored to host architecture:
Comprehensive:
Takes into account not only type of
operating system but also configuration
protect installed applications
Complex, costly, protects single host
6. Common Unix Configuration
Weaknesses
Password
management issues:
weak passwords
default passwords
re-used passwords
Exploitable services
FTP/TFTP
Sendmail
other services
Improper file and
directory permissions
Improper use of setuid
Improper network file
configuration
Unpatched known
vulnerabilities
7. Basic UNIX access control
In Unix, there are three levels of access control
Individual (user): Each user has a unique id (uid) in the system.
Group: All users by default belong to the “user” group (some
distributions), or to a singleton group containing only that
individual user.
Users can belong to more than one group (most modern versions).
Usually a group is defined for access control category. E.g:
root/wheel (general administration)
www/web (web server administration)
mail (mail server administration)
adhoc groups can be used to facilitate collaboration such as directory and
file sharing
World (or all): The universe of all users.
8. File permissions
File ownership: Each file and directory in UNIX (including programs) is
“owned” by a specific user, a specific group, and the world.
To each level of ownership there is an associated set of permission values:
read, write and execute. These values can be true (permission
granted) or false. Only the owner of a file (or the special user root) can
change the file permission settings.
Example:
drwxr-xr-x
11 brenodem
brenodem 374 30 Aug 13:39 .
Indicates that the file ‘.’ (the current directory) is owned by user brenodem,
who belongs to the singleton group brenodem. The directory was last
modified on Aug. 30th at 13:39. The user brenodem is granted read, write,
and execute privileges to the file. The group and world are granted read
and execute (but not write) privileges to the files.
9. Meaning of file permissions
The meaning of permissions for files is clear, but can be complex
for directories.
For instance, if a world-accessible file is located deep within a
directory structure, all the parent directories of the file must grant
execute permissions to the whole world.
This is because, in order to traverse a directory structure, UNIX
executes cd on each directory (starting from the lowest common
directory, for instance ‘/home’ ). On the other hand, it is NOT
necessary that the same directories be world-readable.
If a directory is not readable by a principal, its contents cannot be
listed. However, it may well contain files that are readable by that
principal, and these can be opened if their name are known.
10. Proper file and directory
permissions
Any UNIX system contains several directories that are world executable,
where most of the OS services reside:
/bin (commands)
/etc (configuration files for the above)
/usr (utilities and applications)
/usr/local or /local (extra utilities and applications)
These directories are not required to be world readable, only their content
files need to be world readable. If the directories are not world readable
(and owned by root) then only the system administrator will be able to
have a global view of the system configuration and capabilities.
These directories should be writable only by root to prevent the
installation of programs without the administrator’s knowledge. In particular
they must be “owned” by root.
11. Changing ownership and
permissions
The root user can change ownership and permissions on files at
will.
In some distributions, a user may change ownership of its own files
to other users.
To change group ownership of a file, you must own the file and you
must belong to the new group the file will be assigned to:
chown username filename
chgrp groupname filename
To change permissions, you must be the file’s owner
chmod [o|g|a|u][+|-][r|w|x] filename
example: chmod og+wx filename adds permissions to write and
execute the file to both the file owner and file group owner.
12. Effective ID
When a user tries to execute a program
When the program is initiated, its effective ID is set to the
ID of the user (or program) calling it.
The UNIX system decides whether the user is authorized to
execute (for instance, the user may belong the the file group
owner, and the file may be executable by the group).
For instance, if a utility program is owned by root (typical), but
called by a regular user, the effective id of the running program
will equal that of the caller (user), not root.
This standard mechanism is not sufficient in some cases.
For instance, the login program.
13. SUID
The login program is invoked by regular users, but must have root
privileges in order to access the protected password files (/etc/shadow),
and to authenticate the user. (Effectively spawning a program under a
particular user name even if called by another.)
This is called a “set user id” program (suid).
-r-sr-xr-x
1 root
wheel
26756 16 Aug 10:32 /usr/bin/login
Note the ‘s’ in the list of privileges. That means that the caller (could be
anybody, as the file is world executable) will spawn a program with the
privileges of the group wheel (which can access the password file, and
spawn programs (shell) under arbitrary user identities.)
14. Proper configuration of file
permissions
The system of file access permissions underscores most of
the access control decisions of the UNIX operating system.
It is a flexible mechanism that enables different
configurations to accommodate different usage needs.
Improper configuration of file and directory permissions can
create serious vulnerabilities.
The use of SUID programs is a powerful mechanism that
should be utilized only when necessary. For instance, a
fragile program with SUID permissions can be easily
exploited to grant administrative privileges to an attacker.
15. RPC Utilities
Most Unix systems include
the RPC utilities suite for
remote command execution:
rlogin (remote login)
rsh (remote shell)
rcp (remote copy)
Two modes of
authentication: host-based
and password-based
RPCs originating at a trusted
host (i.e., a host listed in
/etc/hosts or
/etc/hosts.allow or
/etc/hosts.equiv),
identified by network packet
source address, are
accepted and given uid equal
to the claimed username.
•RPCs called from non-trusted computers must provide both
username and password. (Both sent as cleartext over the network.)
16. Disabling RPC utilities
The use of RPC utilities has been deprecated in favor of the ssh
and scp programs, both built onto the SSH protocol, which
provides encryption.
For backward compatibility the SSH program supports host-based
authentication. (This is stronger than in the RPC case, as hosts
have SSH keys with which they can mutually authenticate their
identities.)
It is important to ensure that the configuration of the /etc/hosts files
reflects the trust policies of your network, and that the RPC utilities
are disabled whenever possible.
18. Early Unix Password System
In early versions of Unix,
the password was
processed using a “secure
hash” function derived
from the DES cipher.
The salt was restricted to
12 bits, resulting in 4096
possible hash values for
each password.
Passwords were restricted
to 8-character length.
8-character passwords
converted into 56-bit DES
keys
Password shorter than 8
characters long padded w/
zeros.
Longer passwords truncated
in some systems.
Salt used to change the DES
cipher, which is applied 25
times.
Results stored in world
readable /etc/passwd file
20. DES: IP and FP stand for initial and
final permutations, respectively.
F: Round function
E: Expansion function 32→48 bits,
is changed on crypt3() using the salt.
21. Old /etc/passwd file
An entry in the /etc/passwd file has the following form:
Name:Password:UserID:PrincipleGroup:Gecos: HomeDirectory:Shell
smith:Ep6mckrOLChF.:100:100:John
Smith/home/smith:/usr/bin/sh
guest:*:200:0::/home/guest:/usr/bin/sh
An entry ‘*’ for password means that the account has been
disabled, while an empty password means that password is not
required for login!
When shadow passwords are used, ‘!’ or ‘x’ substitutes for the
password.
23. /etc/shadow file
Entries of the form:
smithj:Ep6mckrOLChF.:10193:0:99999:5:::
Where the password is followed by:
The date when the password was last changed, measured in
elapsed days since Jan. 1st, 1970.
The number of days before the password can be changed again
The number of days after which the password must be changed
The number of days to warn user of an expiring password
The number of days after password expires that account is disabled
The number of days since January 1, 1970 that an account has
been disabled
A reserved field for possible future use
24. Other changes
Since the introduction of shadow
passwords, and the new crypt(), other
modifications have been introduced, such
as the use of MD5 passwords, and also
Blowfish-encrypted passwords.
Blowfish is an interesting choice: The
algorithm is very slow to change keys,
making hashing password expensive (good
for security).
25. Reading assignment for 01/16
Use of a Taxonomy of Security Faults, by T. Aslam, I.
Krsul, and E. H. Spafford
M. Bishop and D. Klein, Improving System Security
Through Proactive Password Checking,Computers and
Security 14(3) pp. 233-249 (May/June 1995)
http://nob.cs.ucdavis.edu/~bishop/papers/1995c+s/proact.pdf