Presentation prepared by AbdelSalam AlDiwaikat and Manhal Tawfiq
Download
Report
Transcript Presentation prepared by AbdelSalam AlDiwaikat and Manhal Tawfiq
New York Institute of Technology (NYIT)- Jordan’s
campus-2006
Prepared By: Abdelsalam Aref
Manhal Tawfiq
Supervised By: Dr. Lo’ai Tawalbeh
2006
outlines
•
•
•
•
•
•
•
•
•
What is UNIX?
UNIX POPULARITY
Structure of UNIX
Advantages of UNIX
Disadvantages of UNIX
Unix security
Unix forensics tools
Summary
references
What is UNIX ?
Is a general – purpose multi-user operating system developed at Bell
Laboratories as a private research project by a small group of people
starting in 1969.
About one year later during the early 1970 , unix was unveiled to the
general public.
The main goals of the group were to design an operating system to
satisfy the following objectives:
•Simple and elegant .
•Written in a high level language rather than assembly language .
•Allow re-use of code .
Cont.
•
•
•
•
Today UNIX has evolved into three main categories:
BSD (Berkley software distributed)
System V Release 4
And hybrid
•
•
•
•
•
•
•
Some of the most populer UNIX are:
IBM’s AIX
Sun Microsystems’ salaries
SGI’S IRIX
LINUX
OPEN BSD
AND FREE BSD
UNIX POPULARITY
• Only a very small amount of code in UNIX is written in
assembly language. This makes it relatively easy for a
computer vendor to get.
• The application program interface allows many different types
of applications to be easily implemented under UNIX without
writing assembly language.
•
Vendor-independent networking allows users to easily
network multiple systems from many different vendors.
Structure of UNIX:
The Unix system consists of 3 levels:
• Kernel that schedules tasks and manages data storage. It
performs low levels jobs to schedule processes, keep track of
files and control hardware devices.
• The shell is a program that interprets the commands typed by
the user and translates them into commands that the kernel
understands.
• The outermost layer consists of tools and applications adding
special capabilities to the operating system. The tools come
either with the operating system or could be obtained from
third party to enhance the functioning of the operating system.
Advantages of UNIX
• UNIX is portable from large systems to medium-sized systems
to single user systems .
• UNIX's utilities are brief, single-operation commands that can
be combined to achieve almost any desired result.
• UNIX is device independent. Since it includes the device
drivers as part of the operating system, UNIX can be
configured to run any device.
• UNIX is multitasking. Multiple programs can run at one time.
• UNIX is multi-user. The same design that permits multitasking
permits multiple users to use the computer. Multiple users can
simultaneously use a single computer running UNIX.
Cont.
•UNIX runs on older, less powerful machines. Chances are that if
a computer does not have enough CPU speed and memory for
Windows, it can still run UNIX .
• Several UNIX variants, such as FreeBSD, are free. High
quality, free applications, like the emacs text editor, Apache web
server and GIMP image editor are available for UNIX platforms .
cont.
•Unix is more flexible and can be installed on many different types of
machines, including main-frame computers, supercomputers and microcomputers.
• Unix is more stable and does not go down as often as Windows does,
therefore requires less administration and maintenance.
• Unix has greater built-in security and permissions features than Windows.
•Unix possesses much greater processing power than Windows.
• Unix is the leader in serving the Web. About 90% of the Internet relies on
Unix operating systems running on Apache, the world's most widely used
Web server.
• Software upgrades from Microsoft often require the user to purchase new
or more hardware or prerequisite software. That is not the case with Unix.
Disadvantages of UNIX
• UNIX is harder to install, maintain and upgrade than Windows .
• UNIX's commands are so brief that novice users find the operating
system unfriendly.
• More home oriented applications run under Windows than UNIX.
• There is no single standard version of the operating system.
Unix security :
Design concepts
User and administrative techniques
Unix security: Design
concepts
1. Permissions :
•A core security feature in these systems is the permissions system.
All files have permissions set enabling different access to a file.
•Unix permissions permit different users access to a file. Different
user groups have different permissions on a file.
•More advanced Unix file systems include the Access Control List
concept which allows permissions to be granted to multiple users or
groups. An Access Control List may be used to grant permission to
additional individual users or groups.
Unix security: Design
concepts
UNIX defines three fields of 3 bits each – r w x
r controls read access
w controls write access
x controls execution
In this scheme 9 bits per file are needed to record
protection information.
A separate field is kept for the file owner, for the file’s
group, and for all other users.
Unix security: Design
concepts
A Sample UNIX Directory Listing
• The first field describes the file or directory’s protection.
• A d as the first character indicates a subdirectory.
• Also, shown are:
– The number of links to the file
– The owner’s name
– The group’s name
– The size of the file in units of bytes
– The date of last modification
– The file’s name (with optional extension)
Unix security: Design
concepts
2. User groups:
Users under Unix operating systems often belong to managed groups
with specific access permissions. This enables users to be grouped
by the level of access they have to this system.
3. Issues :
Most Unix style systems have an account or group which enables a
user to exact complete control over the system, often known as a
root account. If access to this account is gained by an unwanted
user, this results in a complete breach of the system. A root account
however is necessary for administrative purposes .
usage of the root account can be more closely monitored.
Unix security :User and
administrative techniques
1. Passwords :
• Selecting a strong password and guarding it properly is probably the
most important things a user can do to improve Unix security. In Unix
systems passwords are usually stored under the file /etc/passwd.
Actually this file stores more rather than just passwds, it keeps track
of the users registered in the system and their main definitions. The
entries in /etc/passwd are like this:
• nickname:password_hash:UserID:GroupID:Complete_Name:home_
dir:shell_bin
• An example would be:
xfze:$1$zuW2nX3sslp3qJm9MYDdglEApAc36r/:1000:100:José
Carlos D. S. Saraiva:/home/xfze:/bin/bash
Cont.
But as all users must have access to this file in order for the system
to compare the password given at the login prompt with the one
stored in the file , anyone could have access to the file and retrieve
other users' password hash .
To solve this problem, is to use what is known as a "shadow" file
(/etc/shadow). The whole idea is then to move the encrypted
passwords from /etc/passwd to /etc/shadow, and make the latter not
readable by normal users.
Unix security :User and
administrative techniques
2. Users and accounts :
• Administrators should delete old accounts promptly.
• only, no remote root logins
UNIX forensics tools
•
•
•
•
•
Data Acquisition / IR Tools
Media Management Analysis Tools
File System Analysis Tools
Application Analysis Tools
Network Analysis Tools
Data Acquisition / IR Tools
• Title: Automated Image and Restore (AIR)
• Description: AIR (Automated Image & Restore) is a GUI front-end to
dd/dcfldd designed for easily creating forensic bit images.
• Title: dcfl-dd
• Description: dcfl-dd is a modified version of the GNU binutils
version of 'dd'. It calculates the MD5 hash value of the data while it
copies the data.
• Title: dd
• Description: 'dd' is a common UNIX tool that copies data from one
file to another. It can also be used with 'netcat' to send data to a
server over the network.
Media Management
Analysis Tools
•
•
•
•
Title:CDfs
Description:CDfs is a file system for Linux systems that `exports' all tracks
and boot images on a CD as normal files. These files can then be mounted
(e.g. for ISO and boot images), copied, played (audio and VideoCD tracks).
Title: Cdrecord
Description: Cdrecord supports DVD-R and DVD-RW with all known DVDwriters on all UNIX-like OS and on Win32. DVD writing support is
implemented in cdrecord since march 1998. Cdrecord writes DVD media
similar to CD media. The readcd tool can be used to read the contents of a
CD.
Title:disktype
Description: The purpose of disktype is to detect the content format of a disk or
disk image. It knows about common file systems, partition tables, and boot
codes. (Ed: It is similar to 'file', but gives much more details about the file
system or partition table)
File System Analysis
Tools
•
•
Title: Autopsy Forensic
Description: Autopsy is a graphical interface to the command line tools in
The Sleuth Kit and allows one to view deleted NTFS, FAT, EXTxFS, and FFS
files, perform keyword searches, and create timelines of file activity.
•
•
Title:disktype
Description: The purpose of disktype is to detect the content format of a
disk or disk image. It knows about common file systems, partition tables, and
boot codes. (Ed: It is similar to 'file', but gives much more details about the
file system or partition table)
• Title: e2salvage
• Description: e2salvage is a utility which tries to do in-place data
recovery a from damaged ext2 filesystems. Unlike e2fsck, it does not
look for the data at particular places and it don't tend to believe the
data it finds; thus it can handle much more damaged filesystem.
Network Analysis Tools
• Title: tcpflow
• Description: tcpflow is a program that captures data transmitted as
part of TCP connections (flows), and stores the data in a way that is
convenient for protocol analysis or debugging. A program like
'tcpdump' shows a summary of packets seen on the wire, but usually
doesn't store the data that's actually being transmitted. In contrast,
tcpflow reconstructs the actual data streams and stores each flow in
a separate file for later analysis.
• Title: Ethereal
• Description: Ethereal is used by network professionals around the
world for troubleshooting, analysis, software and protocol
development, and education. It has all of the standard features you
would expect in a protocol analyzer, and several features not seen in
any other product. Its open source license allows talented experts in
the networking community to add enhancements. It runs on all
popular computing platforms, including Unix, Linux, and Windows.
Application Analysis Tools
•
•
Title: Autopsy Forensic Browser
Description: Autopsy is a graphical interface to the command line tools in
The Sleuth Kit and allows one to view deleted NTFS, FAT, EXTxFS, and FFS
files, perform keyword searches, and create timelines of file activity.
•
•
Title: binutils
Description: The GNU Binutils are a collection of binary tools. For forensics,
these are used for binary analysis, including 'strings'.
• Title: findAuthor:
• Description: The find program searches a directory tree to find a file
or group of files. It traverses the directory tree and reports all
occurrences of a file matching the user's specifications. The find
program includes very powerful searching capability.
Summary
• Unix operating systems are widely used in both servers and
workstations.
• UNIX has several advantages as an operating system, such as
portability, powerful utilities, device independence, being multitasking,
allowing multi-user, low system requirements, and the availability of
free software.
• There are disadvantages of using the UNIX operating system. Some
of them are unfriendly commands, no standard version of UNIX,
difficult installation, and lack of commercially available software.
• We found that Windows NT has slightly more rigorous security
features than “standard” UNIX but the two systems display similar
vulnerabilities. The conclusion is that there are no significant
differences in the “real” level of security between these systems.
Resources:
•Books:
•Maurice J. Bach, The Design of The UNIX
Operating System. Prentice-Hall Inc,1986.
•UNIX System Security: A Guide for Users and
System Administrators. Addison- Wesley, 1994,
•Abraham Silberschatz and Peter Galvin, “Operating
System Concepts,” 6th Edition by,Addison-Wesley
Publisher 2001
•Websites:
•http://ftimes.sourceforge.net/FTimes/index.shtml
•http://sourceforge.net/projects/biatchux
•http://directory.fsf.org/sysadmin/Backup/sdd.html
•http://freshmeat.net/projects/cdrecord/
Questions?