Download Availability Confidentiality Integrity CIA

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
page
57
page
58
page
59
Document related concepts

VS/9 wikipedia , lookup

Unix security wikipedia , lookup

Security-focused operating system wikipedia , lookup

Transcript 
•Introduction to Computer Security
and Information Assurance
Objectives
• Describe major OS
functions
• Recognize OS related
threats
• Apply major steps in
securing the OS
• Perform a vulnerability
scan to identify
existing vulnerabilities
on an active system
Module 04: 1
•Introduction to Computer Security
and Information Assurance
An Operating System Is…
… a program that acts as an intermediary
between a computer user and computer
hardware.
What does that mean?
Module 04: 2
•Introduction to Computer Security
and Information Assurance
Early Operating Systems
• 1950s
–
–
–
–
Monitor system
Batch processing
Spooling
No interaction with program while running
• 1960s
– Multiprogrammed batch systems
– Graphical displays, pointing devices
– Timesharing (multitasking) – first
interaction with running programs
– MULTICS – multiuser forerunner of Unix
Module 04: 3
•Introduction to Computer Security
and Information Assurance
Operating System Evolution
• 1970s
– Personal computer systems – resident monitor
– Windowing, icons, menus, and pointers are
developed as an interface
• 1980s
– PCs become affordable
– Multiprocessor systems
• 1990s
– Distributed computing
– Mainstream graphical interface
Module 04: 4
•Introduction to Computer Security
and Information Assurance
Operating System Tasks
• Management Tasks
–
–
–
–
–
–
–
–
Process management
Main-memory management
File management
I/O system management
Secondary storage management
Networking management
Protection system
User interface management
• Command Line Interface (CLI)
• Graphical User Interface (GUI)
Module 04: 5
•Introduction to Computer Security
and Information Assurance
Process Management
• Many processes running on a modern computer
system
• Manage schedule, time to execute, and
resources for each process
–
–
–
–
–
Create and delete processes
Suspend and resume of processes
Provide for process synchronization
Provide for communication
Provide deadlock avoidance
Module 04: 6
•Introduction to Computer Security
and Information Assurance
Main Memory Management
• Memory is the storage area the CPU uses
for executing programs
• Each process (including the operating
system) must have its own piece of
memory
– Keep track of which process is where
– Decide which process to load when there is
room
– Allocate and deallocate memory as needed
Module 04: 7
•Introduction to Computer Security
and Information Assurance
File Management
• The basic storage unit from a user
perspective
• Provide structure (directories, file types,
etc.) to storage
– Create and delete files and directories
– Support manipulation of files and directories
– Map files to secondary storage
– Backup files
Module 04: 8
•Introduction to Computer Security
and Information Assurance
I/O System Management
• Hides the specifics of I/O devices from the
user
• Provides tools to handle the speed
difference between CPU and I/O devices
– Memory management for buffering, caching,
and spooling
– General device driver interface
– Hardware specific device drivers
Module 04: 9
•Introduction to Computer Security
and Information Assurance
Secondary Storage Management
• Why? Because main memory is usually
too small to hold all programs and
disappears when power is turned off
• Non-volatile (stays when power is turned
off) and larger than main memory
• Use disk drives (tapes, punch cards, etc.)
– Manage free space
– Allocate storage
– Schedule disk activity
Module 04: 10
•Introduction to Computer Security
and Information Assurance
Network Management
• Network communications for the system is
a special case of I/O
• Manages communication
links by
– Establishing connections
– Scheduling communication
– Directing communication
to correct processes
Module 04: 11
•Introduction to Computer Security
and Information Assurance
Protection System Management
• The operating system plays a basic role in
protecting information, especially on
multitasking and multiuser systems
– Protect memory for processes
– Provide file access mechanism
– Provide authentication and
access control mechanisms
Module 04: 12
•Introduction to Computer Security
and Information Assurance
User Interface Management
• A way to give commands to the computer
• Accomplished via command line and/or
Graphical User Interface (GUI)
• Accepts and acts on user
commands in a timely
manner
Module 04: 13
•Introduction to Computer Security
and Information Assurance
Operating Systems
• Operating system developers determine
which features are implemented and what
capabilities they have
– For example, early personal
computer operating
systems had no
protection mechanism
other than reserving special
memory locations for the
operating system
Module 04: 14
•Introduction to Computer Security
and Information Assurance
So Far
• Operating systems manage computer
resources
– Schedules time
– Allocates space (in memory, on disk)
– Handles I/O
– Protects system and information
Module 04: 15
•Introduction to Computer Security
and Information Assurance
Operating Systems Security
• Goals of operating system security
– Confidentiality: Only let authorized entities
access computer and information
• Corollary: Only run authorized
processes
– Integrity: Only allow authorized
changes to information
– Availability: Manage
resources to permit access
to information and system at
all required times
Module 04: 16
•Introduction to Computer Security
and Information Assurance
Authorization & Authentication
• Who is authorized?
– Authorized by policy of organization and
operational requirements
• How do we know?
– Accounts (identification)
– Known systems
– Password
– Secure communication channel
Module 04: 17
•Introduction to Computer Security
and Information Assurance
Access Control
• Controls how users and systems
communicate and interact with other
systems and resources
• First line of defense
• Authenticate before
allowing access to
authorized resources
Module 04: 18
•Introduction to Computer Security
and Information Assurance
Operating System Access Controls
• Two basic methods
– Access Control List (ACL)
• For every resource, indicates who has access and
what kind of access
– Permissions based on identification
• User permissions
• Group permissions
• Additional controls
– Passwords for files, resources, etc.
Module 04: 19
•Introduction to Computer Security
and Information Assurance
Managing Identities
• Local user and group accounts
• Directory server
– LDAP
– Microsoft Domain Controller
• Policies and operational requirements
• Introduces need for “trust” relationships
Module 04: 20
•Introduction to Computer Security
and Information Assurance
Auditing – A Trail To Follow
• Detect auditable events
– What is an auditable event?
• Collect and save in secure location
– Where do you save them?
– How do you protect logs?
• Analyze results
– Human readable? Searchable? Prioritized?
– Fix problems
Module 04: 21
•Introduction to Computer Security
and Information Assurance
Access & Audit What?
• Resources
– Computer system
– Processes
– Files
– Memory
– Disk drives
– Printers
– Communication
– Etc.
Module 04: 22
•Introduction to Computer Security
and Information Assurance
Threats To Operating Systems
• Compromise system to gain unauthorized
access to system resources
– Weak/broken identification
– Weak internal security structures
– Programming errors in operating system
Module 04: 23
•Introduction to Computer Security
and Information Assurance
It’s You!
• How do you let people know who you are?
Identification
• How can we tell you are who you say you
are?
Authentication
• Will this allow me to trace actions back to
you?
Non-repudiation
Module 04: 24
•Introduction to Computer Security
and Information Assurance
Once Identified, Authorize
• User accounts are the mechanism used to
identify and authorize people
• Access control is based on identification
• Most common authentication:
password
Joe
• Password and account
policies help improve
security
Module 04: 25
•Introduction to Computer Security
and Information Assurance
Implementing Policies
• Recall: policies can be topic specific
• Procedures can be one way to implement
policies
• Policies can also be implemented in
hardware or software
• Password and account policies are often
implemented using operating system
features
Module 04: 26
•Introduction to Computer Security
and Information Assurance
Password Policy
• What makes a good password policy?
– How many new passwords should you use
before you can reuse an old password?
– How long should a password be valid?
– How long must you use a password before
you change it?
– What is the minimum length for a password?
– Should there be complexity requirements?
– Should the password be stored so it can be
decrypted?
Module 04: 27
•Introduction to Computer Security
and Information Assurance
Account Policy
• Should your account be locked if you don’t
log in correctly? If so, how long should it
be locked?
• How many login failures should occur
before your account is locked?
• How much time should elapse before a
failed login is no longer counted?
Module 04: 28
•Introduction to Computer Security
and Information Assurance
Activity 04.1: Account And Local
Security Policies For Windows
• Purpose:
– Walk you through ways to harden the security
of the Microsoft Windows operating system to
lessen its vulnerability to attack
• Estimated completion time:
– 20 - 25 minutes
• Additional information:
– Account password for Windows machine
Module 04: 29
•Introduction to Computer Security
and Information Assurance
Hints For Activity 04.1
• Student password: XXXXXXXX
• Action on errors:
– Adding new users:
• Click “OK” on error message
• Add “&123” to the end of suggested passwords
• Audit Logs
– Security logging may not be turned on, so
there may be no entries
Module 04: 30
•Introduction to Computer Security
and Information Assurance
Activity 04.1: Account And Local
Security Policies For Windows
• What did you see?
• What policies are in place in your
organization? Do they help with security?
Module 04: 31
•Introduction to Computer Security
and Information Assurance
Activity 04.2: Account And Local
Security Policies For Fedora
• Purpose:
– Walk you through ways to harden the security
of the Fedora Linux operating system to
lessen its vulnerability to attack
• Estimated completion time:
– 25 - 30 minutes
• Additional information:
– Account password for Fedora Linux virtual
machine
Module 04: 32
•Introduction to Computer Security
and Information Assurance
Hints For Activity 04.2
• student password: student
• root password: student
• Action on errors:
– Adding new users:
• Click “YES” on error message that says “Use
Anyway?”
• If password is too short, add “123” and try again
• Remember, Linux is case sensitive
Module 04: 33
•Introduction to Computer Security
and Information Assurance
Activity 04.2: Account And Local
Security Policies For Fedora
• What did you see?
• Could you implement the same policies in
both Windows and Fedora?
• Which seemed more secure to you?
Module 04: 34
•Introduction to Computer Security
and Information Assurance
Vulnerabilities
• Protection function – Access control
– Compromise access control to attack other
functions
• Process management
– Unauthorized processes
– Hidden processes
– Affect other processes
• Main memory management
– Access other processes’ memory
Module 04: 35
•Introduction to Computer Security
and Information Assurance
More Vulnerabilities
• File management
– Unauthorized access to files
– Create unauthorized files
• I/O system management
– Unauthorized I/O
– Affect authorized I/O
• Secondary storage
– Access or corrupt
Module 04: 36
•Introduction to Computer Security
and Information Assurance
Even More Vulnerabilities
• Network
– Unauthorized connections/communications
– Disable or compromise
– Affect authorized use
• User interface
– Eavesdrop
– Deny access to
authorized users
– Permit access to unauthorized users
Module 04: 37
•Introduction to Computer Security
and Information Assurance
Threats
• How do threats affect the system?
– Affect availability
– Compromise confidentiality or integrity
• How do you tell if you have a problem?
– Process listing
– Memory check
– Auditing logs
– Network connections
– Storage size
• What if management tools are
compromised?
Module 04: 38
•Introduction to Computer Security
and Information Assurance
Specific Operating System Attacks
•
•
•
•
•
DoS
Hack (or crack) the system
Backdoor
Memory issues
Escalation of
privileges
• Default settings
Module 04: 39
•Introduction to Computer Security
and Information Assurance
Denial of Service (DoS)
• An attack on availability
• Consume resources
– CPU or memory
– Communication
• Recall terms
– ping, Smurf, botnet
CIA
Availability
Module 04: 40
•Introduction to Computer Security
and Information Assurance
Hack The System
• Exploit a vulnerability to gain unauthorized
access to the system
• Access as an existing user
• Perform other actions
– Add unauthorized
account
– Add malicious
software
– Use system
resources
CIA
Availability
Module 04: 41
•Introduction to Computer Security
and Information Assurance
Backdoor
• What is a backdoor?
– An access method that
bypasses the normal
security of the system
• How does it get there?
• What impact might
it have?
CIA
Availability
Module 04: 42
•Introduction to Computer Security
and Information Assurance
Memory Issues
• Memory is not erased before
given to another process
– Gives new process
access to information
from old process
– What is the impact?
• Memory is not
released by a
process
– What is the impact?
CIA
Availability
Module 04: 43
•Introduction to Computer Security
and Information Assurance
Escalation Of Privileges
• User exploits vulnerability to
gain unauthorized
access
– Gain administrator
access
– Gain access as a
specific account
– What is the impact?
CIA
Availability
Module 04: 44
•Introduction to Computer Security
and Information Assurance
Default Settings
• Most operating systems ship in the simplest
configuration…
unsecure
• Security features disabled
• Default accounts
enabled with standard
passwords
CIA
• Available services
(programs) running
Availability
Module 04: 45
•Introduction to Computer Security
and Information Assurance
How Do They Do It?
• The key is gaining access
• Break an operating system management
function to gain command access
– Connect to print server, cause process to
create a command line as administrator
– Send special packets to network controller to
cause a buffer overflow to execute program
– And many more
Module 04: 46
•Introduction to Computer Security
and Information Assurance
Securing Systems
• Perform system “hardening”
• Find out what vulnerabilities are still
present
– Perform a vulnerability scan
• Fix them
Module 04: 47
•Introduction to Computer Security
and Information Assurance
Activity 04.3: Vulnerability Scanning
Using Nessus 3
• Purpose:
– Demonstrate that port scanning is one of the most
common forms of attacks and can be used to gather
information about a target environment
• Estimated completion time:
– 20 - 25 minutes
• Additional information:
– We need to perform one or two scans using Nessus
– IP address ranges to scan
Module 04: 48
•Introduction to Computer Security
and Information Assurance
Hints For Activity 04.3
• Perform Nessus scans on the indicated
IP ranges
• First Scan
– Start IP:
– End IP:
XX.XX.XX.XX
XX.XX.XX.XX
• Second Scan
– Start IP:
– End IP:
XX.XX.XX.XX
XX.XX.XX.XX
Module 04: 49
•Introduction to Computer Security
and Information Assurance
Activity 04.3: Vulnerability Scanning
Using Nessus 3
• What vulnerabilities did you discover?
• Would this be useful for system
administrators?
• Does this tool identify all vulnerabilities?
Module 04: 50
•Introduction to Computer Security
and Information Assurance
Countermeasures: DoS
• Set network and host firewall filters for
known bad traffic
• Apply operating system patches for known
vulnerabilities
• Limit time and resources for
processes
• Monitor for threat activity on
the network and host using
Intrusion Detection Systems
Module 04: 51
•Introduction to Computer Security
and Information Assurance
Countermeasures: Hack The System
• Use account and password policies
– Reduce likelihood of password guessing or cracking
– Limit privileges of users to those they need
– Manage by responsibilities (group permissions)
• Change default accounts, settings, passwords
• Use restricted accounts for
services (don’t run everything
as administrator)
• Apply operating system patches
for known vulnerabilities
• Turn off unnecessary services
• Watch for social engineering
Module 04: 52
•Introduction to Computer Security
and Information Assurance
Countermeasures: Backdoor
• Disable any unnecessary default accounts
• Apply operating system patches for known
vulnerabilities
• Scan system periodically
• Monitor system
Module 04: 53
•Introduction to Computer Security
and Information Assurance
Countermeasures: Memory Issues
• Apply operating system patches for known
vulnerabilities
• Turn on security features (some operating
systems will clear memory
before reallocating it)
• Reclaim memory on process
termination
Module 04: 54
•Introduction to Computer Security
and Information Assurance
Countermeasures: Escalation Of
Privileges
• Apply operating system patches for known
vulnerabilities
• Monitor system
• Establish restricted accounts
for services (don’t run
everything as administrator)
Module 04: 55
•Introduction to Computer Security
and Information Assurance
Countermeasures: Default Settings
• Disable unnecessary accounts and
services
• Apply operating system patches for known
vulnerabilities
• Follow lockdown procedures
when possible
• Monitor system
Module 04: 56
•Introduction to Computer Security
and Information Assurance
Additional Countermeasures
• HIDS
– Provides system monitoring function
– Can raise alert when changes occur
• Backups
– Allow restoration of system to
known good state
• Physical security – Don’t
allow unauthorized access
to systems
Module 04: 57
•Introduction to Computer Security
and Information Assurance
Are We Done?
• Not yet
• Recurring theme
– Apply operating system patches for known
vulnerabilities
– Disable unnecessary accounts and services
– Monitor system
• Always balance security and ease of use
Module 04: 58
•Introduction to Computer Security
and Information Assurance
Operating System Security: System
Specific Stuff
• History and general functions of operating
systems
• Major vulnerabilities and threats for
operating systems
• Steps in securing system accounts
• Using a vulnerability scanner to test
systems
• Countermeasures for operating system
threats
Module 04: 59
Related documents
Document
Document
Regional Plan for Regulatory System For Blood, Blood Components
Regional Plan for Regulatory System For Blood, Blood Components
Quality Management Slides
Quality Management Slides
What is Public Health?
What is Public Health?
Uniqua Consulting Gmbh - Data Mining Analyst
Uniqua Consulting Gmbh - Data Mining Analyst
COBIT
COBIT
Orthodontic Course spec. form no. 10
Orthodontic Course spec. form no. 10
COURSE TITLE (COURSE CODE)
COURSE TITLE (COURSE CODE)
Health Protection Assurance
Health Protection Assurance
Key To Personal Information Security
Key To Personal Information Security
COURSE TITLE (COURSE CODE)
COURSE TITLE (COURSE CODE)
Document
Document