240 likes | 347 Views
Lesson 15-Unix Security Issues. Overview. Set up the system. Perform user management. Perform system management. Set up the System. Applying patches and disabling unused default services by modifying the system’s configuration files can help avoid common vulnerabilities. Set up the System.
E N D
Overview • Set up the system. • Perform user management. • Perform system management.
Set up the System • Applying patches and disabling unused default services by modifying the system’s configuration files can help avoid common vulnerabilities.
Set up the System • Startup files. • Services to allow. • System configuration files. • Patches.
Startup Files • Unix systems configure themselves when they boot using the appropriate startup files. • Unix systems start services by utilizing /etc/r2.d (Red Hat) and /etc/rc.d/rc2.d (Solaris). • Services generally started by these startup files include inetd, NFS, NTP, routed, RPC, Sendmail, and Web servers.
Services to Allow • The inetd.conf file controls startup of services such as FTP, telnet, and some RPC services. • Administrators should go through startup files and disable any service that is not needed for operations. • The default services in inetd.conf that should be turned off are chargen, discard, echo, finger, netstat, rexd, routed, rquotad, rusersd, sprayd, systat, tftp, uucp, and walld.
Services to Allow • SSH (Secure Shell) is a more secure connection method than telnet because SSH uses encryption while telnet operates in plaintext. • The NFS is used to allow mounting of file systems by other systems. However, if NFS is not required, it should be disabled.
Services to Allow • Systems in a DMZ are not protected by perimeter defenses such as firewalls and should be configured more securely at the host level. • TCP Wrappers can provide additional access controls and logging for services like telnet or FTP. • TCP Wrappers can be used on other services such as POP and IMAP.
System Configuration Files • There are a number of changes that can be made to a Unix system’s configuration files to increase the overall security of the system. • Login banners can be used to display legal statements before a user is allowed to log in.
System Configuration Files On Linux systems, two files are used for telnet banners: • /etc/issue • /etc/issue.net • The issue file is used for directly connected terminals, while issue.net is used when someone telnets into the system across the network.
System Configuration Files There are actually three steps to proper password management on a Unix system: • Setting up proper password requirements. • Preventing logins without passwords. • Establishing appropriate password content requirements.
System Configuration Files • File access is controlled by file permissions on Unix systems and can be changed by using the chmod command. • The permissions used on Unix are read, write, and execute. • Solaris and Linux allow you to limit root login to the console.
System Configuration Files • It is a good practice to restrict root logins to the console even for administrators. • Administrators should log in as themselves first and then use the su command to obtain root access or the sudo command to execute root commands.
Patches • UNIX is no different from any of the Windows operating systems in patches to correct bugs and security issues with software. • Patches should be applied on a regular basis to remove these vulnerabilities. • The various UNIX vendors have been adding tools to assist in patch management.
Perform User Management • Adding users to the system. • Removing users from the system.
Adding Users to the system Most Unix versions provide tools for adding users to the system. The key tasks are as follows: • Adding the user name to the password file. • Assigning an appropriate user ID number. • Assigning an appropriate group ID number. • Defining an appropriate shell for login.
Adding Users to the system Other key tasks are as follows: • Adding the user name to the shadow file. • Assigning an appropriate initial password. • Defining an appropriate electronic mail alias. • Creating a home directory for the user.
Removing Users from the System • On a UNIX system, all user files are owned by the user’s UID (user ID number). • If the user’s UID is reused for a new account, that new account will hold ownership of all the old user’s files. • Initially, when the user no longer needs the account, it should be locked. • After an appropriate amount of time (usually 30 days), the user’s files can be removed.
Perform System Management • Managing Unix systems consists of establishing appropriate logging and watching for suspicious activities. • Syslog, an extensive logging tool is provided by most UNIX systems. • Solaris allows you to capture failed login attempts. • Hidden files can pose a problem in a UNIX system by allowing hackers to hide their files and activities.
Perform System Management • If a system is put into promiscuous mode, it is capturing all packets on the wire. • The netstat command can be used to identify ports that are listening and active on the system.
Perform System Management • One disadvantage of the netstat tool is that it cannot tell you which process is holding a port open. • Another disadvantage is that when an intruder successfully accesses a system, they may change files to allow continued access to the system.
Perform System Management • Rootkits may install sniffers and commonly include binary replacements for the following programs: ftpd, inetd, login, netstat, passwd, ps, ssh, and telnetd. • To determine if a system file has been replaced, compare the checksum of a known good file to the current file. • If a system is suspected to have been compromised, recalculate the checksums and compare them to the originals.
Summary • Unix systems configure themselves when they boot using the appropriate startup files. • The inetd.conf file controls startup of several services such as FTP, telnet, and some RPC services. • Login banners can be used to display legal statements before a user is allowed to log in.
Summary • Most Unix versions provide tools for adding users to the system. • Managing Unix systems consists of establishing appropriate logging and watching for suspicious activities. • Syslog an extensive logging tool is provided by most UNIX systems.