1 / 15

Securing Careless Security Flaws: A Focused Analysis of the International Capture the Flag Virtual Machines

Securing Careless Security Flaws: A Focused Analysis of the International Capture the Flag Virtual Machines. Nadine Sundquist CS591-F2008 University of Colorado, Colorado Springs Dr. C. Edward Chow. Roadmap. What kinds of services are usually on a web server? How do I secure my database?

ann
Download Presentation

Securing Careless Security Flaws: A Focused Analysis of the International Capture the Flag Virtual Machines

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Securing Careless Security Flaws:A Focused Analysis of the International Capture the Flag Virtual Machines Nadine Sundquist CS591-F2008 University of Colorado, Colorado Springs Dr. C. Edward Chow

  2. Roadmap • What kinds of services are usually on a web server? • How do I secure my database? • How do I secure SSH? • How do I secure Apache Tomcat? • How do I limit user privileges? • How do I find configuration files?

  3. What kinds of services are usually on a web server? • Just a few languages and services are: • Java, C, PHP, Python, and Ruby • Other configurations that need protection: • SSH, the MySQL database, and Apache Tomcat

  4. How do I secure my database?(Locking down MySQL Users) • Set the root password (no password should be blank in the mysql->user table). • Change obvious passwords (same username and password). • In general, allow users access to the database only from the local machine.

  5. How do I secure my database?MySQL Commands UPDATE mysql.user SET Password=PASSWORD(newpassword') WHERE User='user'; FLUSH PRIVILEGES; ************************************************** DROP USER ‘user’;

  6. How do I secure my database? • Limit privileges for application users using GRANT. • Be able to select and insert for only the database that the user was created. • Application users do not need administrative privileges. • Host should not be ‘%’. This means access from everywhere.

  7. How do I secure my database? • Drop the test database. • DROP DATABASE [database_name];

  8. How do I secure my database?In Linux (my.cnf) • All MySQL database configuration is in my.cnf. • Protect the file with a chmod where the mysql user can see the file. • In the user table, the host field should not be ‘%’ and/or my.cnf should have skip-networking under [mysql]. • Turn off mysqldump in /etc/mysql/my.cnf. • bind-address in my.cnf should also be set to 127.0.0.1.

  9. How do I secure SSH? • If possible, turn off SSH (though not realistic). • Set PermitRootLogin to no • Set up a list of users that are allowed to SSH into the server in /etc/ssh/sshd_config. • PermitRootLogin no • AllowUsers user1 user2@localhost user3@localhost user4@localhost • PermitEmptyPasswords no • Change the SSH port to a higher port (if possible).

  10. How do I secure Apache Tomcat? • If using the Tomcat manager web interface, make sure the default users in tomcat-users.xml are not used. • Create a Tomcat user. Do not run Tomcat as root in Linux. • Remove extraneous example applications from webapps. • If not being used, remove the Tomcat manager application from server/webapps.

  11. How do I secure Apache Tomcat? • Return an empty error page instead of a stack trace from Tomcat. • webapps/[app_name]/WEB-INF/web-xml inside the web-app tag • Change the shutdown port and shutdown command in conf/server.xml. • Protect server.xml.

  12. How do I limit user privileges? • Find users with privileges in /etc/passwd. • Limit to the home directory and what application users are allowed to execute. • Limit directory traversal. • Set directory permissions (chmod). • Scan startup scripts for flaws in /etc/init.d for each of the services.

  13. How do I find configuration files? • This command will help you find a file if you know the file name: • find . | grep [name of file] • This command will help you find a file if you know a few key phrases in the file: • find . | xargs grep [phrase in file] • e.g. find . | xargs grep DATABASE_ENGINE for Django settings file.

  14. Conclusions and Further Work • Most of the problems in security seem to come from how tools and frameworks are configured. • In the future, I would like to look into: • The proper configurations of other frameworks such as Django. • How to configure and properly use lighttpd.

  15. References • Forum: Permitting specific users to SSH. Retrieved November 1, 2008 from http://ph.ubuntuforums.com/showthread.php?t=875164. • Georgia Tech – Securing MySQL. Retrieved November 11, 2008, from http://www.lugatgt.org/articles/sec_mysql/#toc_4. • MySQL 5.0 Reference Guide. Retrieved November 20, 2008 from http://dev.mysql.com/doc/refman/5.0/en/. • Secure SSH: Debian. Retrieved from October 28, 2008, from http://www.debian-administration.org/articles/455. • Securing Apache: Step-by-Step. Retrieved November 27, 2008 from http://www.securityfocus.com/infocus/1694. • Securing MySQL: Step-by-Step. Retrieved November 11, 2008, from http://www.securityfocus.com/infocus/1726. • Securing Tomcat. Retrieved November 26, 2008 from http://www.owasp.org/index.php/Securing_tomcat.

More Related