1 / 44

INFO 320 Server Technology I

INFO 320 Server Technology I. Week 8 Security. Overview. A key feature of any networked operating system is its ability to control security Scope of security Security principles Sudo User and file security Application security Threat detection and response. Goal.

rasha
Download Presentation

INFO 320 Server Technology I

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. INFO 320Server Technology I Week 8 Security INFO 320 week 8

  2. Overview A key feature of any networked operating system is its ability to control security Scope of security Security principles Sudo User and file security Application security Threat detection and response INFO 320 week 8

  3. Goal Our goal is not to make you paranoid, but to give you appropriate information to establish sound security guidelines We’re not trying to cover each app or concept in detail, just provide an idea of what they are, and where to find more information INFO 320 week 8

  4. Scope of security No sources INFO 320 week 8

  5. Scope of security Security has many dimensions, as we’ve already touched upon Physical vs electronic Internal vs external Deliberate (intentional) vs accidental Natural vs man-made? INFO 320 week 8

  6. Physical security Physical security is focused on keeping the equipment safe from theft or attack Consider different levels of scale for physical security Location/facility Room Rack or device, including portable devices Access to inside a device INFO 320 week 8

  7. Electronic security Most of our immediate thoughts are on electronic security for a system Network access to the system across a LAN or the Internet HTTP, SNMP, RMON Wireless security 802.11, Bluetooth, IR Direct electronic connection to a device Console port, USB, Firewire, modem INFO 320 week 8

  8. Internal security Think of internal/external security as relative to your organization To whom does internal security apply? What determines rules for internal security? What basis could you have for setting rules? Can your security needs change over time? INFO 320 week 8

  9. External security Who is an external security threat? What is your first association? What about customers? Vendors/suppliers? Team members? Government agencies? INFO 320 week 8

  10. Deliberate security Referring to a deliberate attempt to violate your organization’s security What kinds of attacks fall into this category? INFO 320 week 8

  11. Accidental security Or accidental security threats… do they exist? INFO 320 week 8

  12. Natural vs man-made In discussing the need for backup, some natural events could be significant causes Power loss, weather, earthquake, etc. Are security threats all man-made? INFO 320 week 8

  13. Security principles Partly from (Rankin, 2009) INFO 320 week 8

  14. Security principles We’ll cover some guidelines to establishing the right level of security for an organization Keep it simple Complexity makes security rules harder to maintain INFO 320 week 8

  15. Security principles Use the principle of least privilege Give apps and people the least level of system privileges possible Similarly, restrict the use of root as much as possible Provide layers of protection More than one firewall, the DMZ concept, these help INFO 320 week 8

  16. Security principles Avoid security by obscurity It’s nice to use nontraditional port numbers, for example, but that only slows an attacker Keep current with security patches Sounds obvious, but when’s the last time you updated your spyware filter? INFO 320 week 8

  17. Sudo Partly from (Rankin, 2009) INFO 320 week 8

  18. Sudo We’ve been using sudo to execute root privilege commands Ubuntu has disabled the root account so you can’t log into it directly Root login is a key brute force login target Sudo helps prevent mistakes from overusing root INFO 320 week 8

  19. Sudo Key features of sudo include Your user password applies to using sudo, not the root password This allows you to execute root commands without knowing the root password Sudo can limit which commands you’re allowed to use, e.g. if you only need to use apachectl Sudo allows privileges by group membership INFO 320 week 8

  20. Sudo Once you use sudo, your login to it will automatically expire, providing protection if you leave the computer alone All sudo access is logged, in /var/log/auth.log Great for forensics! Some scripts (e.g. cron) might need to use sudo without a password, and that can be authorized INFO 320 week 8

  21. Sudo configuration The sudo configuration file (yes, everything in UNIX has a config file!) is at /etc/sudoers Members of the admin group can use all root privileges The default account when installing Ubuntu allows this automatically INFO 320 week 8

  22. Sudo configuration Somewhat recursively, you need to use sudo to edit its config file sudo visudo The use of visudo checks for errors automatically We won’t try to cover changing rules in sudoers, defining aliases for users and hosts, and commands they can use INFO 320 week 8

  23. User and file security INFO 320 week 8

  24. User and file security As we’ve covered, UNIX systems associate users with groups as a key security structure File and directory permissions are defined by read, write, and execute privileges (rwx) for the user, group, and others (ugo) The commands chgrp, chown and chmod change group and permissions INFO 320 week 8

  25. Application security From (Rankin, 2009) and (Petersen, 2009), which have very different perspectives! INFO 320 week 8

  26. Application security We won’t try to cover every possible security threat (!), but we’ll hint at some of the categories of threats for common server applications INFO 320 week 8

  27. Mail server security A major mail server app is Postfix, derived from the earlier sendmailapplication Postfix is started and stopped like many other services sudo postfix start sudo postfix stop INFO 320 week 8

  28. Mail server security A major threat for mail servers is spam A key configuration option is the mynetworks setting It defines for which networks this mail server will relay mail If defined too broadly, spammers can use your mail server! INFO 320 week 8

  29. Mail server security Another configuration option of interest is relayhost This sets a different mail server to act as the relay point for your network Multiple internal mail servers could share a central outgoing mail server This gives a central point for monitoring outgoing email INFO 320 week 8

  30. Mail server security Another mail server concept is greylisting, also focused on reducing spam Spammers are often lazy – they won’t repeat sending spam Greylisting responds to new mail servers with a delay message, specifically SMTP response 450, “Requested mail action not taken: mailbox unavailable” INFO 320 week 8

  31. Mail server security Legit servers will respond, but spammers often won’t and are added to a greylist Known good mail servers can be added to a whitelist Look for the application postgrey to apply greylisting sudo apt-get install postgrey INFO 320 week 8

  32. SE-Linux Some apps need root privileges to run If those apps have security weaknesses, attackers can get root through them One option for applying access controls is SE-Linux (Security-Enhanced Linux) SE-Linux labels every object and allows access controls to be defined for them INFO 320 week 8

  33. AppArmor AppArmor is used in Ubuntu to add access control to specific services It’s designed to be simpler and easier to use than SE-Linux Focuses on web apps (Apache, etc.) Profiles are defined for each service, in /etc/apparmor.d/ under filenames for each service, e.g. /usr.sbin.nscd/ (name server caching daemon) INFO 320 week 8

  34. AppArmor AppArmor works on two modes – enforce and complain modes Enforce mode it will block any attempts to violate a program’s profile Complain mode will log the attempt but still allow it to happen (!) INFO 320 week 8

  35. ufw The ufw command is a key tool for managing firewall settings in Ubuntu It helps manage the obsolete ipchains and complex iptablescommands A ‘chain’ refers to a checklist of rules to decide how to handle packets with certain header contents Netfilter is a separate tool for managing iptables INFO 320 week 8

  36. ufw Like any good firewall, ufw will deny anything going into or out of a network To override that default you could use sudo ufw default allow To enable the ufw application sudo ufw enable INFO 320 week 8

  37. ufw To find the status of ufw sudo ufw status To log anything blocked by ufw sudo ufw logging on More often will use allow and deny commands to establish settings INFO 320 week 8

  38. ufw The allow and deny commands take port numbers or services as arguments sudo ufw allow 53 (DNS) sudo ufw deny 21 (FTP) Why is this command redundant? sudo ufw allow smtp There are a lot more possible rules for configuring ufw, but these are the basics INFO 320 week 8

  39. Threat detection and response Partly from (Rankin, 2009) INFO 320 week 8

  40. Tripwire Once security measures are in place, how do you detect an attack? One way is to monitor key configuration files, and look for changes to them That’s the idea behind Tripwire It isn’t a trivial program to configure; its policies are in /etc/tripwire/twpol.txt which lists what files it monitors INFO 320 week 8

  41. Incident response Good security planning includes planning what to do in the event of an attack Do you prosecute an attacker? When an attack is detected, often best to power down affected servers If running a virtual machine, capture an image first Prevents loss of critical forensic data INFO 320 week 8

  42. Incident response Then image the server’s current state, e.g. from running a rescue disk Make copies of the image for later analysis Then determine when it’s best to redeploy the affected servers Some systems can be rebuilt easily (e.g. clusters) but database or file servers might need to revert to a previous backup INFO 320 week 8

  43. Incident response Later could hand off the system image for forensic analysis How did they get in? What did they install or modify? Ubuntu even includes the forensic app autopsy front end for sleuthkit Another tool is chkrootkit, which looks for root kits (programs for hacking root) INFO 320 week 8

  44. Summary We’ve given an overview of The types of security threats General guidelines for security How we use sudo to protect the root user Reviewed permissions for files and directories Examined security concepts and tools for a UNIX environment INFO 320 week 8

More Related