Download
1 / 17
190 likes | 390 Views
Security Issues in Unix OS. Saubhagya Joshi Suroop Mohan Chandran. Contents. Current scenario Major players General threats Top ten Unix threats Taxonomy of threats Examples Security Management. Major Players. NIST, CERT, SANS Institute, CERIAS, Mitre Inc. Database + Tools
E N D
Security Issues in Unix OS Saubhagya Joshi Suroop Mohan Chandran
Contents • Current scenario • Major players • General threats • Top ten Unix threats • Taxonomy of threats • Examples • Security Management Security Management
Major Players • NIST, CERT, SANS Institute, CERIAS, Mitre Inc. • Database + Tools • CVE (121 vulnerabilities out of 3052 unique entries, CVE Version Number: 20040901) • ICAT (213 out of 7493 vulnerabilities) • Cassandra Security Management
General threats Attacks • Denial of Service (DoS) • Spoofing • Privilege Elevation • Repudiation • Replay Attacks • Viruses/Trojans/Worms • Disclosure of Information • Sabotage/Tampering • People (malicious, ignorance) • Physical • Communications • Operations • OS flaws Security Management
Top Ten Vulnerabilities (SANS Institute + FBI) • BIND Domain Name System • Web Server (CGI scripts) • Authentication (weak, default or no password) • Version Control Systems (buffer overflow on CVS) • Mail Transport Service (insecure SMTP & MTA) • Simple Network Management Protocol (SNMP) • Remotely manage systems, printers, routers • Open Secure Sockets Layer (SSL) • Mainly buffer overflow (POP3, IMAP, LDAP, SMTP) • Misconfiguration of Enterprise Services NIS/NFS • Databases (MySQL, POSTgreSQL, Oracle) • Kernel Security Management
Taxonomy operational coding environment configuration synchronization condition validation Incorrect permission Race condition Utility in wrong place Failure to handle exception Improper/inadequate Incorrect setup parameters Origin validation Input validation Field value correlation Boundary condition syntax Access right validation Type and number of input Missing input Security Management Extraneous input Source:Taimur Aslam, Taxonomy of Security Faults in Unix OS, Purdue University, 1995
Operational Examples operational coding environment configuration synchronization • tftp (trivial file transfer protocol) • disclosure of information • sendmail wizard mode • WIZ command • default password = “wizzywoz” condition validation Incorrect permission Race condition Utility in wrong place Failure to handle exception Improper/inadequate Incorrect setup parameters Origin validation Input validation Field value correlation Boundary condition syntax Access right validation Type and number of input Missing input Security Management Extraneous input
Synchronization Examples operational coding environment configuration synchronization condition validation Incorrect permission • “xterm” (window interface in X windows) • mknod foo p • xterm –lf foo • mv foo junk • ln –s /etc/passwd foo • cat junk • if run as root, existing files may be replaced Race condition Utility in wrong place Failure to handle exception Improper/inadequate Incorrect setup parameters Origin validation Input validation Field value correlation Boundary condition syntax Access right validation Type and number of input Missing input Security Management Extraneous input
/etc/exports (SunOS4.1) • rcp (remote copy) • Redirect characters from other user’s terminal • uux rem_machine ! rmail anything & command • fsck repairs file consistency -- If fsck fails during bootup, privileged shell starts as root Condition Validation Example operational coding environment configuration synchronization condition validation Incorrect permission Race condition Utility in wrong place Failure to handle exception Improper/inadequate Incorrect setup parameters Origin validation Input validation Field value correlation Boundary condition syntax Access right validation Type and number of input Missing input Security Management Extraneous input
Environment Examples operational coding environment configuration synchronization condition validation Incorrect permission • “exec” system call • executes some executable object file or data file conaining commands • SunOS version 3.2 and early • link with name = “-i” • exec –i (becomes interactive mode Race condition Utility in wrong place Failure to handle exception Improper/inadequate Incorrect setup parameters Origin validation Input validation Field value correlation Boundary condition syntax Access right validation Type and number of input Missing input Security Management Extraneous input
Security Management in UNIX • US/CERT, AUSCERT - UNIX Security Checklist (2001) • US/CERT, AUSCERT – Steps to Recover from a UNIX or NT System compromise (2000) Security Management
UNIX Security Checklist v2.0 • The First Step • Basic Operating System • Major Services • Specific Operating Systems Security Management
The First Step • Update software and security Patches of the OS. • Make sure that all security mechanisms like Digital signatures and hashing schemes are up to date. • Keep track of all updates to the OS and the services. Security Management
Basic Operating System • Network Services • Network Administration • File System Security • Account Security • System Monitoring Security Management
Major Services • Name Service • Electronic Mail • Web Security • FTP – ftp and anonymous ftp • File Services • X-Windows System Security Management
Specific Operating Systems • BSD-Derived Operating Systems • Linux Distributions • Solaris • IRIX • HP-UX • Digital/Compaq Tru64 UNIX • AIX Security Management
Steps to Recover from a Compromise • Before you get Started • Regain Control • Analyze the Intrusion • Contact relevant CSIRT and other sites involved • Recover from the intrusion • Improve the security of the system and network • Reconnect to the Internet • Update your Security Policy Security Management
