Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Deep packet inspection wikipedia , lookup
Network tap wikipedia , lookup
Airborne Networking wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Zero-configuration networking wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Distributed firewall wikipedia , lookup
Wireless security wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Instructor: Prof. Michael P. Harris, CCNA CCAI ITSY 2400 – Operating Systems Security Chapter 1 Keeping Computers and Networks Secure Operating Systems Security - Chapter 1 Keeping Computers and Networks Secure Chapter Overview In this chapter, you will be introduced to Operating System and Network Security, from the viewpoint that such security is vital, and to careers in information security. You will learn about the cost of security and the cost of not having it. Also, you will learn about common types of attacks from viruses to denial-of-service attacks, and spoofing. Finally, you will discover the basics of important techniques used to guard against attacks on operating systems and on networks. Learning Objectives After reading this chapter and completing the exercises you will be able to: 1) 2) 3) 4) 5) Explain what Operating System and Network Security means Discuss why security is necessary Explain the cost factors related to security Describe the types of attacks on operating systems and networks Discuss system hardening, including features in operating systems and networks that enable hardening Lecture Notes What is Operating System and Network Security? Operating system and network security is the ability to reliably store, modify, protect, and grant access to information, so that the information is available only to its owners and to users who are authorized to access it, based on their roles in an organization. The designated users may be the general public, or they may be users determined by a company policy or specified by the owner of the information. Operating Systems and Security An operating system (OS) provides basic programming instructions to the computer hardware. An operating system is ideal for providing security because it takes care of the computer’s most basic input/output (I/O) functions, which enable other programs to easily talk to the computer hardware, and permit the computer user to access a network. By serving as an interface between applications software and hardware, an operating system performs the following tasks: Handles input from a keyboard, pointing device, and network. Handles output to the display monitor, printer, and network Enables communications through a modem or other communications adapter Michael Palmer, GUIDE TO Operating Systems Security Thompson/Course Technology ©2004 Page 1 ISBN: 0-619-16040-3 Instructor: Prof. Michael P. Harris, CCNA CCAI ITSY 2400 – Operating Systems Security Chapter 1 Keeping Computers and Networks Secure Controls input/output for all of its devices, including the network interface card Manages information storage and retrieval, through devices such as hard disks and CD-ROMs Enables multimedia functions, such as accessing video clips and playing music At every level of operation, the operating system has the potential to provide security functions. For example, the operating system can provide security to determine how the hard disk drive is accessed or how software can control hardware functions. Figure 1-1 on page 4 of the text shows how an operating system functions as an interface between the user, application software, and hardware. It also shows the most basic operating system components: The application programming interface (API) translates requests from the application into code that the kernel can understand and pass on to the hardware device drivers. The basic input/output system (BIOS) verifies hardware and establishes basic communications with components such as the monitor and disk drives. The operating system kernel coordinates operating system functions, such as control of memory and storage. Resource managers manage computer memory and central processor use. Device drivers take requests from the API via the kernel and translate them into commands to manipulate specific hardware devices, such as keyboards, monitors, disk drives, and printers. One of the most basic forms of security is to configure the BIOS password security. Some common password options offered in the BIOS are as follows: Setting a password that governs access to the hard disk drive Setting a password for access to the BIOS setup or to view the setup Establishing a special password that must be used to change the BIOS setup Specifying a password that must be entered in order for the computer to boot Specifying that the computer can only be booted from the floppy drive, and only when a password is entered for that drive Computer Networks and Security A computer network is a system of computers, print devices, network devices, and computer software linked by communications cabling or wireless technology. A local area network (LAN) consists of interconnected computers, printers, and other computer equipment that share hardware and software resources in close physical proximity. One example of a LAN is a library building in which there are computers in each office, servers in a secured computer room, and reference computers in the book stacks and study areas, all connected by communications cable and network devices. A metropolitan area network (MAN) spans a greater distance than a LAN and usually has more complicated networking equipment for midrange communications. A wide area network (WAN) is at the far end of the distance spectrum because it is a far-reaching system of networks that form a complex whole. One WAN is composed of two or more LANs or MANs that are connected across a distance of more than approximately 30 miles. Another way to classify a network is as an enterprise network. This type of network connects many different kinds of users in one organization or throughout several organizations, providing a variety of resources to those users, as shown in Figure 1-2 on page 6 of the text. Michael Palmer, GUIDE TO Operating Systems Security Thompson/Course Technology ©2004 Page 2 ISBN: 0-619-16040-3 Instructor: Prof. Michael P. Harris, CCNA CCAI ITSY 2400 – Operating Systems Security Chapter 1 Keeping Computers and Networks Secure Careers in Information Security Many organizations, for example investment firms, accounting firms, and telecommunications companies, rely on information security professionals to keep their systems and data resources safe. Information security professionals are also used by computer consulting and financial auditing companies to evaluate the security needs of their clients. One advantage of a career as an information security professional is the potential for healthy salaries and organizational advancement. Why Security Is Necessary Security is necessary because computer systems and networks house a wide range of information and resources. Some of the reasons can be grouped under the following headings: Protecting information and resources Ensuring privacy Facilitating workflow Addressing security holes and software bugs Compensating for human error or neglect Protecting Information and Resources Computer systems are often loaded with information and resources to protect. In a business these may include accounting, human resources, management, sales, research, inventory, distribution, factory, and research system information. The computers at educational institutions house all kinds of resources, sometimes divided into academic computing and administrative resources. Academic computing resources include research databases, computers and software in student laboratories, class information and assignments, and computers used for highly technical projects. Administrative computing involves student information and registration resources, accounting and human resources systems, budget systems, grant management software, and alumni and development systems. Governments are a huge source of computer and electronic information resources, including military, legislative, judicial, executive, and personal information. Ensuring Privacy Computer systems contain many kinds of information about us that should be kept private. Some examples are: Social Security numbers Credit card numbers Health information Student information Retirement account information Michael Palmer, GUIDE TO Operating Systems Security Thompson/Course Technology ©2004 Bank account numbers Family information Employment information Investment account information Page 3 ISBN: 0-619-16040-3 Instructor: Prof. Michael P. Harris, CCNA CCAI ITSY 2400 – Operating Systems Security Chapter 1 Keeping Computers and Networks Secure Facilitating Workflow Workflow consists of a chain of activities that are necessary to complete a task, such as filling out and transmitting forms, entering data, updating databases, and creating new files. In a larger company, a chain of activities might be performed by several people, each responsible for a different task, such as a computer operator, a data entry person, and others. Security is important at every step in the workflow. If a step is compromised because of a security problem, then an organization may lose money, data, or both. Addressing Security Holes or Software Bugs Often new products that are rushed to market contain security holes or are unstable because they have not been fully tested. Some new operating systems have come out with Internet access security holes, bugs that have caused unexpected system crashes, new commands that do not work properly, undocumented commands, and other problems. When you purchase a new operating system, a new software, or new hardware, plan to rigorously test it for security and reliability. Also, check the security defaults, such as the guest account, to make sure you known how they are configured out of the box. Another source of problems is system patches that are rushed out before they are fully tested. Compensating for Human Error or Neglect The security features of an operating system or a network are only as effective as the people who configure and use them. An operating system or network-based directory service may include many security features, but the features do no good if users fail to implement them, or fail to use them to the best advantage. A directory service is a large repository of data and information about resources such as computers, printers, user accounts, and user groups that 1) provides a central listing of resources and ways to quickly find resources, and 2) provides a way to access and manage network resources. Active Directory (AD) is a directory service provided through Windows Server 2000, 2003, & 2008. Novel Directory Services (NDS) is offered through NetWare 6.x. There are many reasons for the failure to fully use security features, including: In adequate training or knowledge of the features Choosing convenience and ease of use over security Lack of time Organizational politics Improper testing A history of doing things only in a specific way There are several ways to overcome the human factors that diminish security in an organization. One way is to use operating systems that enable the organizations to set up security policies within the system. Developing written security policies is another way to ensure that people in the Michael Palmer, GUIDE TO Operating Systems Security Thompson/Course Technology ©2004 Page 4 ISBN: 0-619-16040-3 Instructor: Prof. Michael P. Harris, CCNA CCAI ITSY 2400 – Operating Systems Security Chapter 1 Keeping Computers and Networks Secure organization known the policies and why they are important. Training is another approach that can help limit human failure and neglect. Cost Factors There are two costs associated with security: the cost of deploying security, and the cost of not deploying security. If you take no security measures, you will eventually lose money and data because of a failed system or because of an attack on a system. The cost of deploying security includes: Training computer professionals Training users Paying a little more for systems that have comprehensive security features Purchasing third-party security tools Paying for time used by computer professionals and users to configure security Testing system security Regularly implementing security patches in systems Deploying security is one element in the total cost of ownership (TCO) of a computer system. The TCO of a computer network is the total cost of owning the network and computers, including hardware, software, training, maintenance, security, and user support costs. Types of Attacks There are many kinds of attacks on computers, some targeted at operating systems, some at networks, and some at both. Some typical attacks include: Standalone workstation or server attacks Viruses, worms, and Trojan horses Source routing attacks E-mail attacks Wireless attacks Attacks enabled by access to passwords Buffer attacks Spoofing Port scanning Standalone Workstation or Server Attacks One of the simplest ways to attack an operating system is to take advantage of someone’s logged-on computer when that person is not present. Many operating systems enable you to configure a screen saver that starts after a specified time of inactivity. Sometimes even servers are targets, because a server administrator or operator may step away, leaving an account with administrator permissions logged on for anyone to use. Attacks Enabled by Access to Passwords Access to operating systems can be guarded by a user account name and a password. Sometimes Account users defeat the purpose of this protection by sharing their passwords with others. Another way that users defeat password protection is by writing down passwords and displaying them, or leaving them where they can be found in the work area. Michael Palmer, GUIDE TO Operating Systems Security Thompson/Course Technology ©2004 Page 5 ISBN: 0-619-16040-3 Instructor: Prof. Michael P. Harris, CCNA CCAI ITSY 2400 – Operating Systems Security Chapter 1 Keeping Computers and Networks Secure Telnet is a TCP/IP application protocol that provides terminal emulation services over a network or the Internet, as shown in Figure 1-4 on page 15 of the text. If an attacker is generally searching for an account to access, they might use the Domain Name System on a network connected to the Internet, to find possible user account names. The Domain Name System (DNS) is a TCP/IP service that converts a computer or domain name to an IP address, or an IP address to a computer or domain name, in a process called resolution. Viruses, Worms, and Trojan Horses A Virus is a program that is relayed by a disk or a file and has the ability to replicate throughout a system. A virus hoax is not a virus, but an e-mail falsely warning of a virus. A Worm is a program that endlessly replicates on the same computer, or that sends itself to many other computers on a network. The difference between a worm and a virus is that a worm continues to create new files, while a virus infects a disk or file and then that disk or file infects other disks or files with the virus. A Trojan horse is a program that appears useful and harmless, but instead does harm to the user’s computer. Often a Trojan horse is designed to provide an attacker with access to the computer on which it is running, or it may enable the attacker to control the computer. Backdoor.IRC.Yoink, Trojan.Idly, B02K, and NetBus are examples of Trojan horses designed to provide malicious access and control of an operating system. Buffer Attacks Many systems use buffers to store data until it is ready to be used. A buffer attack is one in which the attacker tricks the buffer software into storing more information in a buffer than the buffer is sized to hold (a situation called buffer overflow). That extra information can be malicious software that then has access to the host computer. Denial of Service A denial of service (DoS) attack is used to interfere with normal access to a network host, Web site, or service, by flooding a network with useless information or with frames or packets containing errors that are not identified by a particular network service. A remote attack might take the form of simply flooding a system with more packets than it can handle. Ping is a utility that network users and administrators frequently use to test a network connection. A different type of remote attack is the use of improperly formed packets or packets with errors. In some attacks, the computer originating the attack causes several other computers to send attack packets. The attack packets may target one site or host, or multiple computers may attack multiple hosts. This type of attack is called a distributed denial of service (DDoS) attack. Source Routing Attacks In source routing, the sender of a packet specifies the precise path that the packet will take to reach its destination. Source routing is not typically used in network communications, except on token ring networks and for network troubleshooting. In a source routing attack, the attacker modifies the source address and routing information to make a packet appear to come from a different source, such as one that is already trusted for communications on a network. Network Address Translation (NAT) can translate an IP address from a private network to a different address used on a public network or the Interneta technique Michael Palmer, GUIDE TO Operating Systems Security Thompson/Course Technology ©2004 Page 6 ISBN: 0-619-16040-3 Instructor: Prof. Michael P. Harris, CCNA CCAI ITSY 2400 – Operating Systems Security Chapter 1 Keeping Computers and Networks Secure used to protect the identity of a computer on a private network from attackers, as well as to bypass the requirement to employ universally unique IP addresses on the private network. Attackers may get through a specific NAT device by using a form of source routing called loose source record router (LSRR), which does not specify the complete route for the packet, but only a portion in the route, which is through the NAT device. Spoofing In spoofing, the address of the source computer is changed to make a packet appear to come from a different computer. Using spoofing, an attacker can initiate access to a computer or can appear as just another transmission to a computer from a legitimate source that is already connected. E-mail Attack An e-mail attack may appear to come from a friendly or even trusted sourcea familiar company, a family member, or a coworker. Sometimes an e-mail is sent with an appealing subject head, such as “Congratulations you’ve just won free software.” The e-mail that is received may have an attached file containing a virus, worm, or Trojan horse. A word-processing or spreadsheet attachment may house a macro that contains malicious code. Port Scanning Communications through TCP/IP use TCP ports, or UDP ports when User Datagram Protocol (UDP) is used with IP. A TCP port or UDP port is an access way, sometimes called a socket, in the protocol that is typically associated with a specific service, process, or function. A port is like a virtual circuit between two services or processes communicating between two different computers or network devices. The services might be FTP, e-mail services, or many others. There are 65,535 ports in TCP and UDP. NOTE: Communications on a TCP/IP network may involve UDP instead of TCP. TCP is a connection-oriented protocol used by systems that need more thorough error checking during communications. UDP is a connectionless protocol, which means it does not provide error checking to ensure the success of a communication. UDP may be used to remotely boot diskless workstations, or it may be used in conjunction with protocols that help troubleshoot a network. Examine Table 1-1 on page 19 of the text, which lists some sample TCP ports and their purposes . One way to block access through an open port is to stop operating system services or processes that are not in use, or to configure a service only to start manually with your knowledge. Figure 1-5 on page 20 of the text illustrates the use of the kill command in Red Hat Linux 9.x to stop the gain process, which is identified with the process ID of 1533. NetWare uses NetWare Loadable Modules (NLMs), which extend the capabilities and services of the operating system. For good security management, it is important to know what NLMs are loaded and how to unload NLMs that are not necessary. There are three NLMs that enable a workstation to remotely access the NetWare system console. REMOTE.NLM enables remote access, which requires a password. RS232.NLM give the REMOTE.NLM Michael Palmer, GUIDE TO Operating Systems Security Thompson/Course Technology ©2004 Page 7 ISBN: 0-619-16040-3 Instructor: Prof. Michael P. Harris, CCNA CCAI ITSY 2400 – Operating Systems Security Chapter 1 Keeping Computers and Networks Secure module the ability to work over a modem connection, and RSPX.NLM enables remote access over a local network connection. Wireless Attacks Wireless networks are particularly vulnerable to attacks, because it can be hard to determine when someone has compromised a wireless network. Attacks on wireless networks are sometimes called war-drives, because the attacker may drive around an area in a car, using a portable computer to attempt to pick up a wireless signal. Two key elements used in wireless attacks are a wireless network interface card (WIC) and an omnidirectional antenna, which is one that receives signals from all directions. Organizations That Help Prevent Attacks There are several public organizations that provide information, assistance, and training in the types of attacks and how to prevent them. Quick Reference Discuss the list of organizations that can help prevent attacks on pages 21 and 22 of the text. Hardening Your System Hardening involves taking specific actions to block or prevent attacks by means of operating system and network security methods. Quick Reference Discuss the general steps that should be kept in mind as you work to harden a system shown on page 23 of the text. Overview of Operating System Security Features Operating systems provide many features for hardening a system. This section provides a basic introduction to some of these features: Logon security File and folder security Security policies Wireless security Digital certificate security Shared resource security Remote access security Disaster recovery Logon Security Logon security involves requiring a user account and password to access a particular operating system or to be validated to access a network through a directory service. A domain is a fundamental component or container that holds information about all network resources that are grouped within itservers, printers, and other physical resources, users, and user groups. Every resource is called an object and is associated with a domain, as illustrated in Figure 1-7 on page 24 of the text. Michael Palmer, GUIDE TO Operating Systems Security Thompson/Course Technology ©2004 Page 8 ISBN: 0-619-16040-3 Instructor: Prof. Michael P. Harris, CCNA CCAI ITSY 2400 – Operating Systems Security Chapter 1 Keeping Computers and Networks Secure Digital Certificate Security In some operating systems, digital certificate services can be set up so that certificates are exchanged between communicating stations on a network. The certificates are used to verify the authenticity of the communication, to ensure that the communicating parties are who they say they are. Folder and File Security Operating systems provide a way to protect directories, folders, and files through lists of users and user groups that have permissions to access these resources. Attributes can also be associated with directories, folders, and files to manage access and support the creation of backups. An attribute is a characteristic or marker associated with a directory, folder, or file, and used to help manage access and backups. Shared Resources Security Operating systems and network directory services offer the ability to share resources across a network. Directories or folders and network printers are two important examples of resources that can be shared. Shared resources typically employ lists of users and groups that can and should be configured. Figure 1-8 on page 26 of the text illustrates an access list for a shared printer in Windows Server 2003. Security Policies A security policy is one or more security default settings that apply to a resource offered through an operating system or a directory service. Depending on the operating system, the security policy may apply only to the local computer or to other computers beyond the local computer. You can set many security policies on servers, such as which users are allowed to log on to the server over a network, and whether sharing specific resources is allowed. Remote Access Security The Remote Assistance feature of Windows XP Professional and Windows Server 2003 allows users to access operating system resources remotely. Also, Windows Server 2003 can be administered using the Remote Desktop Protocol (RDP) also known as the Remote Desktop Client, and NetWare 6.x can be remotely accessed when the REMOTE.NLM is loaded. Some operating systems can be configured for remote access services or virtual private network (VPN) services, which enable users to access those systems and use them to further access a local network. The remote client’s access may be from a local network, through a dial-up or telecommunications line, via a cable modem, or over the Internet. A sampling of the types of available security includes the list on page 27 of the text. Michael Palmer, GUIDE TO Operating Systems Security Thompson/Course Technology ©2004 Page 9 ISBN: 0-619-16040-3 Instructor: Prof. Michael P. Harris, CCNA CCAI ITSY 2400 – Operating Systems Security Chapter 1 Keeping Computers and Networks Secure Wireless Security There are several features available to help make communications more secure. First, plan to implement Wired Equivalent Privacy (WEP), which is a wireless communications authentication method. Another security feature offered by some wireless manufacturers is the ability to create a list of authorized wireless users based on the permanent address assigned to the wireless interface in a computer the Media Access Control (MAC) address. Disaster Recovery Disaster recovery involves using hardware and software techniques to prevent the loss of data. Some examples, of disaster recovery include performing backups, storing backups in a second location, and using redundant hard disks. Employing disaster recovery is vital when a hard disk is damaged or crashes and must be replaced. Quick Reference Have students attempt Hands-on Project 1-9 to find out more about the security features in Mac OS X. Overview of Network Security Features A sampling of network-hardening techniques includes: Authentication and encryption Topology Firewalls Monitoring Authentication and Encryption Authentication is the process of using some method to validate users who attempt to access a network and its resources, in order to ensure that they are authorized. User accounts with passwords are one method for performing authentication. Smart cards, which are small circuit boards with built-in identification, are another method. Biometrics, such as fingerprint scans, are yet another method of authentication. Firewalls A firewall is software or hardware placed between two or more networksbetween a public network and a private network, for examplethat selectively allows or denies access. Topology Different network topologies and designs yield different results in terms of security planning and hardening. For example, some networks have redundancy built in so that if one network path is down because of a problem or network attack, another path is available to the same destination. Michael Palmer, GUIDE TO Operating Systems Security Thompson/Course Technology ©2004 Page 10 ISBN: 0-619-16040-3 Instructor: Prof. Michael P. Harris, CCNA CCAI ITSY 2400 – Operating Systems Security Chapter 1 Keeping Computers and Networks Secure Monitoring Monitoring involves determining the performance and use of an operating system or of a network. Monitoring tools enable you to determine the weak points of a system or network and to address them before there is a problem with too much traffic or too few resources, or before an attacker strikes. Class Discussion Topics Discuss the importance of ensuring privacy ant what it takes to achieve it. Discuss the configuration options used in implementing network firewalls. Additional Activities Utilize the Internet to search for different types monitoring software and compare them. Utilize the Internet to search for different types of firewall software and compare them. Michael Palmer, GUIDE TO Operating Systems Security Thompson/Course Technology ©2004 Page 11 ISBN: 0-619-16040-3