Transcript File System Security - FSU Computer Science

File System Security
Robert “Bobby” Roy
And
Chris “Sparky” Arnold
Overview
• What we are going to cover
• Brief History
• File Systems
• General Security Practices
• Specific Practices for File Systems
What is File System Security?
File system security: the policies and
procedures for ensuring the protection
of one’s files and file systems.
History of File System Security
• Roots
• Sensitive information was originally kept
in file cabinets and other such physical
barriers.
• Effective at keeping files from those who
were not allowed to access them.
History of File System Security
• Relevance
• Transition from analog to digital file
systems.
• Ideas put forth in the analog age of file
systems are still relevant in digital
security.
• Barriers
• Locks (Passwords)
• Authorities (Administrators)
History of File System Security
• Networking
• File system security became more
important to digital systems as they
became networked together.
• Access to systems and also the files within
the systems.
Types of File Systems
• Disk
• Database
• Network
• Transactional/Special
Types of File Systems
• Disk
• A system for organizing and storing files
on a physical drive.
• Hard Drive, Removable Storage, etc.
• Does not have to be directly connected to
the computer.
• Many Different types
• Windows: NTFS, FAT32 (Primitive)
• Linux: ext, ext2, ext3, ext3cow, ext4
Types of File Systems
• Database
• Newer concept of managing files.
• Instead of hierarchy or structure, files are
sorted by characteristics, type, or other
such metadata.
An example of a characteristic is Eye Color 
Types of File Systems
• Network
• Protocol for remote access on a server
• Common types: NFS, SMB, AFP, 9P
• Similar (Structurally): FTP, WebDAV
Types of File Systems
• Transactional/Special
• Transactional
• Logs events, transactions, or changes
• Groups related changes
• Used often in banking software
• Special
• Not Disk or Network
• Includes systems where files are arranged
dynamically by software
• Used for temporary storage
General Security Practices
• Entity Authentication
• Properties of an entity (what it has, is,
etc.)
• Usernames & Passwords
• Password defenses
• Checkers, generators, aging, limiting logins
• Protecting password file
• Cryptography
• Encryption algorithms
• Securing data transactions
Access Control
• Access control refers to how subjects
may manipulate objects
• Halts users from accessing restricted files
• It determines what privileges (if any) a
user has over a particular object
• Observe
• Alter
Access Control: Windows NT
• Types of permissions:
• Read
• Write
• Execute
• Changing of ownership
• Changing permissions
• Delete
Access Control: UNIX
• Types:
• Read
• Write
• Execute
With 777 you
have
permission to
access this
bread.
• For files and directories, respectively:
• View contents, view contents
• Append, rename/create
• Run, search within
Security Models
• Types of security models:
• Bell-LaPadula (BLP)
• Clark-Wilson
• Biba
• Harrison-Ruzzo-Ullman (HRU)
Types of File System Security
• In:
• Disk File Systems
• Database File Systems
• Network File Systems
Disk File System Security
• Tactics:
• Encryption
• Access Control
• Passwords
• Permissions
By denying access by some users to
certain files, you can protect the files
data and integrity.
Disk File System Security
• Workarounds:
• Encryption:
• Stealing secret keys
• Breaking secret keys
• Access Control:
• Interception of password
• Social engineering
• Brute force attacks on passwords
Disk File System Security
• Prevention:
• Encryption:
• More powerful ciphers
• Regular changing of encryption scheme
• Access Control:
• Password defenses
• checkers
• generators
• aging
• limiting logins
• Employ awareness of social engineering
vulnerabilities
Database File System Security: Apache
• Permissions
• Restrict access to upper level files
• SSI (Server Side Includes)
• These extra features can create weakness
within a database
• Protect system settings within config
files
Database File System Security: Oracle
• Virtual Private Database
• customizable, policy-based access control down
to the row level
• Data Encryption
• Protects data, even in media theft
• Enterprise User Security
• Centralized security management
• Secure Application Roles
• Powerful way of setting access control
• Enterprise Manager Grid Control
• Tools for setting configurations
Database File System Security: MySQL
• Take the time to audit SQL logins for null or weak
passwords
• Frequently check group and role memberships
• Physically secure the SQL Server
• Enable logging of all user login events
• Disable SQL Mail capability unless absolutely
necessary
• Remove the Guest user from databases to keep
unauthorized users out
• Secure the “sa” account with a strong password
• Choose only the network libraries you absolutely
require
Network File System Security
• Entity authentication
• Firewall
• Intrusion Prevention System (IPS)
• Honeypots
• Decoy server containing fake, desirable
information which is easily accessible used
to lure away attackers and record their
activity
Summary
We covered the history of file system security, basic
theory, types of file systems, security for those
systems, and potential threats.
?
Well science shows that general policies, such as
access control, password protection, permissions,
encryption, and roles can significantly improve
security on any kind of file system.
QUESTIONS?!1?!1
?!?!?!!!!ONE
Chris uses Windows XP Media
Center Edition 2005 sp2
Bobby uses the Ubuntu
release Edgy