Linux OS : Security Aspects
Download
Report
Transcript Linux OS : Security Aspects
Third Andean Workshop on Electronic Communications,
20-24 November 2000, Lima, PERU
Introduction to Network/Linux
Security
Christian Benvenuti
International Center for Theoretical Physics (ICTP), Trieste, Italy
[email protected]
Overview
• What is computer security?
• Kind of security services one might desire
• What kind of attacks should we try to
protect a computer against?
• What are the available protection
strategies available?
• What can we expect for the future?
[email protected]
Third Andean Workshop on Electronic Communications, 20-24 November 2000, Lima, PERU
What is computer security?
• A computer is secure if you can depend
on it and its software to behave as you
expect.
• If you do not know what you are
protecting, why you are protecting it,
and what you are protecting it from,
your task will be rather difficult!
[email protected]
Third Andean Workshop on Electronic Communications, 20-24 November 2000, Lima, PERU
Kind of security one might desire
•
•
•
•
•
•
[email protected]
Authentication
Confidentiality (Privacy)
Integrity
Availability
Non-Repudation
Auditing
Third Andean Workshop on Electronic Communications, 20-24 November 2000, Lima, PERU
Authentication
• Authentication is the process of reliably verifying
the identity of someone (or something) by
means of:
•
•
•
•
A secret (password [one-time], ...)
An object (smart card, ...)
Physical characteristics (fingerprint, retina, ...)
Trust
• Do not mistake authentication for authorization!
[email protected]
Third Andean Workshop on Electronic Communications, 20-24 November 2000, Lima, PERU
Integrity Vs Confidentiality
• Integrity
• Protecting information from being deleted or
altered in any way without the permission of the
owner of that information.
• Confidentiality
• Protecting information from being read or copied
by anyone who has not been explicitly authorized
by the owner of that information.
[email protected]
Third Andean Workshop on Electronic Communications, 20-24 November 2000, Lima, PERU
Availability
If the system is unavailable when an
authorized user needs it, the result can
be as bad as having the information that
resides on the system deleted!
[email protected]
Third Andean Workshop on Electronic Communications, 20-24 November 2000, Lima, PERU
Non repudation
The ability of the receiver of something to
prove to a third party that the sender
really did send the message.
[email protected]
Third Andean Workshop on Electronic Communications, 20-24 November 2000, Lima, PERU
Auditing
The ability to record events that might
have some security relevance. In such
cases, you need to determine what was
affected. In some cases, the audit trail
may be extensive enough to allow “undo”
operations to help restore the system to a
correct state.
[email protected]
Third Andean Workshop on Electronic Communications, 20-24 November 2000, Lima, PERU
What kind of attacks should we try
to protect a computer against ?
• Physical Security
• Lockers, BIOS, weather, ...
• Personnel security
• Operating System security
• Network security
[email protected]
Third Andean Workshop on Electronic Communications, 20-24 November 2000, Lima, PERU
Personnel security
• All the security violations have one
common characteristic:
• They are caused by people!
• Training, Auditing, Least Privilege, ...
[email protected]
Third Andean Workshop on Electronic Communications, 20-24 November 2000, Lima, PERU
Operating System Security
(1/3)
• To fix bugs into applications/O.S. takes
longer than writing the
applications/O.S. themselves.
• What does it mean !?!?!?
[email protected]
Third Andean Workshop on Electronic Communications, 20-24 November 2000, Lima, PERU
Operating System Security
(2/3)
• Users, Groups and Passwords
• Shadow suite
• The root account needs special care
• Securetty, wheel, “su” restrictions
• Variable delay on failures (denial, ...)
• Restricted shells
• Linux (UNIX) filesystem
•
•
•
•
•
Restricted filesystem
Access control lists (ACLs)
Append only / Immutable files
Permissions
SUID/GUID files (scripts)
[email protected]
Third Andean Workshop on Electronic Communications, 20-24 November 2000, Lima, PERU
Operating System Security
(3/3)
Auditing & Logging
[email protected]
Third Andean Workshop on Electronic Communications, 20-24 November 2000, Lima, PERU
Some of the most common
network services
•
•
•
•
•
•
•
•
•
[email protected]
DNS
Apache
NFS
NIS/NIS+
Samba
Telnet
FTP
Mail
... ... ...
Third Andean Workshop on Electronic Communications, 20-24 November 2000, Lima, PERU
Network Security: common attacks
• Interception
• Modification
• Intrusion
• Modification, Fabrication
• Denial of service
• Interruption
• Information theft
[email protected]
Third Andean Workshop on Electronic Communications, 20-24 November 2000, Lima, PERU
Security tools
• Cryptography
•
•
•
•
Symmetric Vs Asymmetric (Certificates ...)
Kerberous Vs Secure RPC
SSL (Secure Socket Layer) / SSH (Secure shell)
IP Sec
• Firewalls & Proxyes
• Ipchains/Iptable ...
• TCP Wrappers + UDP Relayers
• Pluggable Authentication Module
• It is a suite of shared libraries that enable the local system
administrator to choose how applications authenticate users
• Kernel Level Security
• Log files (/var/log/*)
[email protected]
Third Andean Workshop on Electronic Communications, 20-24 November 2000, Lima, PERU
Cryptography:
the solution for privacy
The security is based on the secrecy of the key and sometimes of the alghoritms too.
[email protected]
Third Andean Workshop on Electronic Communications, 20-24 November 2000, Lima, PERU
Cryptography
Symmetric Vs Asymmetric
• Symmetric
(Character based Vs Key based)
• The same password is used to both encrypt and
decrypt
• Faster algorithms
• PROBLEM: key management is not easy
• Asymmetric
(also called pubblic key algorithms)
• The password used to encrypt is different from the
one needed to decrypt
• More secure
• It allows to have non-repudiation
[email protected]
Third Andean Workshop on Electronic Communications, 20-24 November 2000, Lima, PERU
Data Encryption Standard
(DES)
•
•
•
•
•
It is a symmetric algorithm
Designed by IBM for the U.S. Government in 1977
It is based ona 56 bit key (why only 56?)
Hardware Vs Software implementation
How secure is DES?
• How much would a Des-Breaking engine would cost?
• Is it possible to make DES harder to break in?
• How does it work?
[email protected]
Third Andean Workshop on Electronic Communications, 20-24 November 2000, Lima, PERU
RSA
(Rivest, Shamin, Adleman)
• It is an asymmetric algorithm
• Variable Key Lenght (512 default)
• It is based on the fact that it is VERY
hard (impossible?) to factor a big
number in a reasonable amount of time
• It has NOT been demonstrated to be
safe, but ...
[email protected]
Third Andean Workshop on Electronic Communications, 20-24 November 2000, Lima, PERU
Secure Shell (ssh)
• It is a secure protocol for secure remote
login over an insecure network
• It can provide:
• Multiple strong authentication methods
• Authentication of both ends of connection
• Pubblic key – Password – Host
• Encryption and compression of data
• Tunnelling and encryption of arbitrary connections
• Negotiations
[email protected]
Third Andean Workshop on Electronic Communications, 20-24 November 2000, Lima, PERU
Secure Socket Layer (SSL)
• It is a protocol developed by Netscape
for secure transactions across the Web
• It is based on a public encryption
algorithm
• There are free SSL implementations
• Many servers have not SSL built in, and
there is a reason for that!
[email protected]
Third Andean Workshop on Electronic Communications, 20-24 November 2000, Lima, PERU
Security of cryptographic
algorithms
• Let us define the lifetime of an information as the amount of
time the information should be kept secret.
• An encryptioncan cab be considered secure if the time to
break it (for ex. with a brute force attack) is reasonably longer than the
lifetime of the information contained in the plain text.
Length of the key on bits
(estimated in 1995, Applied Cryptography)
Cost
40
56
64
80
112
128
$ 100K
2.00 s.
35 h.
1 y.
70,000 y.
1014 y.
1019 y.
$ 1M
0.20 s.
3.5 h
37 d.
7,000 y.
1013 y.
1018 y.
$ 10M
0.02 s.
21 min.
4 d.
700 y.
1012 y.
1017 y.
[email protected]
Third Andean Workshop on Electronic Communications, 20-24 November 2000, Lima, PERU
Wrappers
• Main idea:
• Limit the amount of information reaching a
network-capable progam/application.
• Why should we use wrappers?
• Two common wrappers:
• TCP Wrapper
• Socks
[email protected]
Third Andean Workshop on Electronic Communications, 20-24 November 2000, Lima, PERU
What can you do with the
TCP-Wrapper?
•
•
•
•
•
•
•
•
Remote warning banner
Double reverse lookup of the IP address
Access Control List (/etc/hosts.allow + /etc/hosts.deny)
Identd protocol
Advanced use of the Syslog logger
Run a command
Additional wrappers
PROCESS OPTION
[email protected]
Third Andean Workshop on Electronic Communications, 20-24 November 2000, Lima, PERU
TCP-Wrapper: downside
• Poor UDP handling
• IP Spoofing
• The destination IP address is not used
[email protected]
Third Andean Workshop on Electronic Communications, 20-24 November 2000, Lima, PERU
Socks
• It is a system that allows computers behind a
firewall to access services on the Internet
(Only TCP based services)
[email protected]
Third Andean Workshop on Electronic Communications, 20-24 November 2000, Lima, PERU
Firewall
(1/3)
The goal is to reduce the risk of a
security attack from the outside.
[email protected]
Third Andean Workshop on Electronic Communications, 20-24 November 2000, Lima, PERU
Firewall: Bastion Host
[email protected]
(2/3)
Third Andean Workshop on Electronic Communications, 20-24 November 2000, Lima, PERU
Firewall: Packet filtering
[email protected]
(3/3)
Third Andean Workshop on Electronic Communications, 20-24 November 2000, Lima, PERU
References
The pictures have been taken from this book:
• Practical Unix & Internet Security,
2nd edition, O’Reilly & Associates (1996)
[email protected]
Third Andean Workshop on Electronic Communications, 20-24 November 2000, Lima, PERU