340 likes | 430 Views
Security for Servers. IS/CS 698 Min Song. What is web server. Web Server. https(443). http (80). Internet. Internet Explorer. Netscape. Common Web Server security threats. Unauthorized access Defacement Content theft Data manipulation Improper usage
E N D
Security for Servers IS/CS 698 Min Song
What is web server Web Server https(443) http (80) Internet Internet Explorer Netscape
Common Web Server security threats • Unauthorized access • Defacement • Content theft • Data manipulation • Improper usage • Hosting improper/malicious contents (e.g phishing) • Denial of Service ***loss of revenue ****loss of data (A-I-C) ****Damage to organizational image • Motives • Financial Gain • fun • political • revenge • proving competency
Common security flaws • Insufficient network boundary security controls • Flaws, bugs or improper configuration in web hosting software (OS, application etc) • Insecure design and coding of hosted application • Weak password • Social engineering • Lack of operational control
Perimeter Defenses Network Defenses Assume Prior Layers Fail Host Defenses Application Defenses Data & Resources Defense-in-Depth Perimeter Defences: Packet Filtering, Stateful Inspection of Packets, Intrusion Detection Network Defences: VLAN Access Control Lists, Internal Firewall, Auditing, Intrusion Detection Host Defences: Server Hardening, Host Intrusion Detection, IPSec Filtering, Auditing Application Defences: AV, Content Scanning, Layer 7 (URL) Switching Source, Secure Web and Mail Servers Data and Resources: Databases, Network Services and Applications, File Shares
DMZ Network Internet WWW Server Router Firewall first line of defense Prevent unauthorized access
Choosing a firewall • Criteria • Firewall Types • Software • Hardware / Appliance • Certification • common criteria • A firewall is only effective when proper rules (local security policy) are applied. • Secure the host and consult specific security guidelines as specified by the firewall vendor. • Packet filter • Stateful Inspection Firewall • Application Proxy Firewall
Intrusion Detection System • IDS system analyzes and identifies attempts to hack or break into a computer system. • Identifies attacks through various methods including • anomaly detection • signature matching • Types • Host IDS • Network IDS • IPS • Host based • Network • Content based
WWW Server WWW Server DMZ Network Internet IDS Router Firewall DMZ Network Internet Router Firewall IPS
Perimeter Defenses Network Defenses Assume Prior Layers Fail Host Defenses Application Defenses Data & Resources
Host Defense Configure the Hosting operating system to provide optimum security • Security requirements when selecting the Operating system • Certification Level (common criteria) • Minimize the OS • Keep software up-to-date • strong password policy • enable detailed logging
Host Defense • Windows 2000 EAL 4 • Red Hat Enterprise Linux AS/WS V3 EAL 3 • Sun Solaris 8 EAL 4
In Unix, there are three levels of access control Individual (user): Each user has a unique id (uid) in the system. Group: All users by default belong to the “user” group (some distributions), or to a singleton group containing only that individual user. Users can belong to more than one group (most modern versions). Usually a group is defined for access control category. E.g: root/wheel (general administration) www/web (web server administration) mail (mail server administration) adhoc groups can be used to facilitate collaboration such as directory and file sharing World (or all): The universe of all users. Basic UNIX access control
File permissions • File ownership: Each file and directory in UNIX (including programs) is “owned” by a specific user, a specific group, and the world. • To each level of ownership there is an associated set of permission values: read, write and execute. These values can be true (permission granted) or false. Only the owner of a file (or the special user root) can change the file permission settings.Example: drwxr-xr-x 11 brenodem brenodem 374 30 Aug 13:39 . • Indicates that the file ‘.’ (the current directory) is owned by user brenodem, who belongs to the singleton group brenodem. The directory was last modified on Aug. 30th at 13:39. The user brenodem is granted read, write, and execute privileges to the file. The group and world are granted read and execute (but not write) privileges to the files.
Meaning of file permissions • The meaning of permissions for files is clear, but can be complex for directories. • For instance, if a world-accessible file is located deep within a directory structure, all the parent directories of the file must grant execute permissions to the whole world. • This is because, in order to traverse a directory structure, UNIX executes cd on each directory (starting from the lowest common directory, for instance ‘/home’ ). On the other hand, it is NOT necessary that the same directories be world-readable. • If a directory is not readable by a principal, its contents cannot be listed. However, it may well contain files that are readable by that principal, and these can be opened if their name are known.
Proper file and directory permissions • Any UNIX system contains several directories that are world executable, where most of the OS services reside: • /bin (commands) • /etc (configuration files for the above) • /usr (utilities and applications) • /usr/local or /local (extra utilities and applications) • These directories are not required to be world readable, only their content files need to be world readable. If the directories are not world readable (and owned by root) then only the system administrator will be able to have a global view of the system configuration and capabilities. • These directories should be writable only by root to prevent the installation of programs without the administrator’s knowledge. In particular they must be “owned” by root.
Changing ownership and permissions • The root user can change ownership and permissions on files at will. • chown username filename • In some distributions, a user may change ownership of its own files to other users. • To change group ownership of a file, you must own the file and you must belong to the new group the file will be assigned to: • chgrp groupname filename • To change permissions, you must be the file’s owner • chmod [o|g|a|u][+|-][r|w|x] filename • example: chmod og+wx filename adds permissions to write and execute the file to both the file owner and file group owner.
Effective ID • When a user tries to execute a program • The UNIX system decides whether the user is authorized to execute (for instance, the user may belong the the file group owner, and the file may be executable by the group). • When the program is initiated, its effective ID is set to the ID of the user (or program) calling it. • For instance, if a utility program is owned by root (typical), but called by a regular user, the effective id of the running program will equal that of the caller (user), not root. • This standard mechanism is not sufficient in some cases. For instance, the login program.
SUID • The login program is invoked by regular users, but must have root privileges in order to access the protected password files (/etc/shadow), and to authenticate the user. (Effectively spawning a program under a particular user name even if called by another.) • This is called a “set user id” program (suid). -r-sr-xr-x 1 root wheel 26756 16 Aug 10:32 /usr/bin/login • Note the ‘s’ in the list of privileges. That means that the caller (could be anybody, as the file is world executable) will spawn a program with the privileges of the group wheel (which can access the password file, and spawn programs (shell) under arbitrary user identities.)
Proper configuration of file permissions • The system of file access permissions underscores most of the access control decisions of the UNIX operating system. • It is a flexible mechanism that enables different configurations to accommodate different usage needs. • Improper configuration of file and directory permissions can create serious vulnerabilities. • The use of SUID programs is a powerful mechanism that should be utilized only when necessary. For instance, a fragile program with SUID permissions can be easily exploited to grant administrative privileges to an attacker.
Perimeter Defenses Network Defenses Assume Prior Layers Fail Host Defenses Application Defenses Data & Resources
Web and Application Server Security • Selecting the Application Software • Minimize • Keep up-to-date • Avoid remote updation • Use secured and encrypted channel to update content
Database Security • Aggregation • Bypass attacks • Improper or unauthorized access • Data contamination • Denial of Service
Antivirus • Use an anti-virus package on Web Server system and on clients used for administration and content management • All documents and files hosted on the web server should checked for virus and Trojans.
Logging, Backup and Integrity check • Enforce a proper backup policy • Centralized Syslog server • Ensure log files are regularly archived, secured and analyzed • Maintain a latest copy of Web site content on a secure host or on media. • Maintain integrity check of all important files in the system.
Network Security vs. Physical Security “With all the talk of network security and online threats…a baseball bat may be the most effective denial-of-service weapon of all.” (TechTV News, 2000)
Physical Access • If an intruder gets physical access to a computer, they can easily gain access to the information stored on the computer. • Methods • Destroying • Simply tucking the computer under their arm and walking off with it to collect the data at their leisure. • Starting a computer with no passwords. • Removing the hard drive and starting it on their own computer with full access to the information stored on the drive.
What is Physical Security? • “Physical Security’ is almost everything that happens before an attacker starts typing commands on the keyboard.” 1 • - For instance… • An alarm system that dials the police when there is a break-in at the office. • A key lock on a computer to disable the keyboard and keep unauthorized users from gaining access. • A UPS to prevent power surges from damaging your equipment and provide reserve power during a power-outage 1 Garfinkel, Simson and Spafford, Gene, Practical Unix & Internet Security, O’Reilly and Associates, 1996, page 357
2003 CSI/FBI Computer Crime and Security Survey • Most (91 %) employ some kind of physical security to protect their computer. • Almost one in ten organizations do not use any extra physical precautions to protect their computer assets. • Difficulties involved with safeguarding portable devices • Laptop theft – 250 respondents, Financial loss of $6,830,500,
Implementation Cont. • Physically securing the servers • Servers must be placed in a locked room. • If needed, protect the room using electronic card access, thus recording any access to the room. • If no hardware-based RAID system is installed in servers, there should be at least a software-based RAID system installed. • If needed, use surveillance cameras. • Lock CPU case and ensure key is protected. • Make a backup key and keep this key in a safety deposit box (outside the office).
Implementation Cont. • Physically securing the servers cont. • The server room should be arranged in a way that people outside the room cannot see the keyboard (thus seeing users/admin passwords). • Any unused modem must be disabled/removed. • No password evidence around the system. • Any documentation concerning LAN settings, telecom equipments settings. • Only a limited number of people should have access to the server room (no maintenance person should be allowed in these rooms). • Keep track of your computer inventory (e.g. laptops are often stolen without company knowledge).
Challenges • Enforcing security policies to everybody in an organization. • Social Engineering. • Implementing tighter security prevents having open atmosphere to share knowledge at universities.