Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
•Introduction to Computer Security and Information Assurance Objectives • Describe major OS functions • Recognize OS related threats • Apply major steps in securing the OS • Perform a vulnerability scan to identify existing vulnerabilities on an active system Module 04: 1 •Introduction to Computer Security and Information Assurance An Operating System Is… … a program that acts as an intermediary between a computer user and computer hardware. What does that mean? Module 04: 2 •Introduction to Computer Security and Information Assurance Early Operating Systems • 1950s – – – – Monitor system Batch processing Spooling No interaction with program while running • 1960s – Multiprogrammed batch systems – Graphical displays, pointing devices – Timesharing (multitasking) – first interaction with running programs – MULTICS – multiuser forerunner of Unix Module 04: 3 •Introduction to Computer Security and Information Assurance Operating System Evolution • 1970s – Personal computer systems – resident monitor – Windowing, icons, menus, and pointers are developed as an interface • 1980s – PCs become affordable – Multiprocessor systems • 1990s – Distributed computing – Mainstream graphical interface Module 04: 4 •Introduction to Computer Security and Information Assurance Operating System Tasks • Management Tasks – – – – – – – – Process management Main-memory management File management I/O system management Secondary storage management Networking management Protection system User interface management • Command Line Interface (CLI) • Graphical User Interface (GUI) Module 04: 5 •Introduction to Computer Security and Information Assurance Process Management • Many processes running on a modern computer system • Manage schedule, time to execute, and resources for each process – – – – – Create and delete processes Suspend and resume of processes Provide for process synchronization Provide for communication Provide deadlock avoidance Module 04: 6 •Introduction to Computer Security and Information Assurance Main Memory Management • Memory is the storage area the CPU uses for executing programs • Each process (including the operating system) must have its own piece of memory – Keep track of which process is where – Decide which process to load when there is room – Allocate and deallocate memory as needed Module 04: 7 •Introduction to Computer Security and Information Assurance File Management • The basic storage unit from a user perspective • Provide structure (directories, file types, etc.) to storage – Create and delete files and directories – Support manipulation of files and directories – Map files to secondary storage – Backup files Module 04: 8 •Introduction to Computer Security and Information Assurance I/O System Management • Hides the specifics of I/O devices from the user • Provides tools to handle the speed difference between CPU and I/O devices – Memory management for buffering, caching, and spooling – General device driver interface – Hardware specific device drivers Module 04: 9 •Introduction to Computer Security and Information Assurance Secondary Storage Management • Why? Because main memory is usually too small to hold all programs and disappears when power is turned off • Non-volatile (stays when power is turned off) and larger than main memory • Use disk drives (tapes, punch cards, etc.) – Manage free space – Allocate storage – Schedule disk activity Module 04: 10 •Introduction to Computer Security and Information Assurance Network Management • Network communications for the system is a special case of I/O • Manages communication links by – Establishing connections – Scheduling communication – Directing communication to correct processes Module 04: 11 •Introduction to Computer Security and Information Assurance Protection System Management • The operating system plays a basic role in protecting information, especially on multitasking and multiuser systems – Protect memory for processes – Provide file access mechanism – Provide authentication and access control mechanisms Module 04: 12 •Introduction to Computer Security and Information Assurance User Interface Management • A way to give commands to the computer • Accomplished via command line and/or Graphical User Interface (GUI) • Accepts and acts on user commands in a timely manner Module 04: 13 •Introduction to Computer Security and Information Assurance Operating Systems • Operating system developers determine which features are implemented and what capabilities they have – For example, early personal computer operating systems had no protection mechanism other than reserving special memory locations for the operating system Module 04: 14 •Introduction to Computer Security and Information Assurance So Far • Operating systems manage computer resources – Schedules time – Allocates space (in memory, on disk) – Handles I/O – Protects system and information Module 04: 15 •Introduction to Computer Security and Information Assurance Operating Systems Security • Goals of operating system security – Confidentiality: Only let authorized entities access computer and information • Corollary: Only run authorized processes – Integrity: Only allow authorized changes to information – Availability: Manage resources to permit access to information and system at all required times Module 04: 16 •Introduction to Computer Security and Information Assurance Authorization & Authentication • Who is authorized? – Authorized by policy of organization and operational requirements • How do we know? – Accounts (identification) – Known systems – Password – Secure communication channel Module 04: 17 •Introduction to Computer Security and Information Assurance Access Control • Controls how users and systems communicate and interact with other systems and resources • First line of defense • Authenticate before allowing access to authorized resources Module 04: 18 •Introduction to Computer Security and Information Assurance Operating System Access Controls • Two basic methods – Access Control List (ACL) • For every resource, indicates who has access and what kind of access – Permissions based on identification • User permissions • Group permissions • Additional controls – Passwords for files, resources, etc. Module 04: 19 •Introduction to Computer Security and Information Assurance Managing Identities • Local user and group accounts • Directory server – LDAP – Microsoft Domain Controller • Policies and operational requirements • Introduces need for “trust” relationships Module 04: 20 •Introduction to Computer Security and Information Assurance Auditing – A Trail To Follow • Detect auditable events – What is an auditable event? • Collect and save in secure location – Where do you save them? – How do you protect logs? • Analyze results – Human readable? Searchable? Prioritized? – Fix problems Module 04: 21 •Introduction to Computer Security and Information Assurance Access & Audit What? • Resources – Computer system – Processes – Files – Memory – Disk drives – Printers – Communication – Etc. Module 04: 22 •Introduction to Computer Security and Information Assurance Threats To Operating Systems • Compromise system to gain unauthorized access to system resources – Weak/broken identification – Weak internal security structures – Programming errors in operating system Module 04: 23 •Introduction to Computer Security and Information Assurance It’s You! • How do you let people know who you are? Identification • How can we tell you are who you say you are? Authentication • Will this allow me to trace actions back to you? Non-repudiation Module 04: 24 •Introduction to Computer Security and Information Assurance Once Identified, Authorize • User accounts are the mechanism used to identify and authorize people • Access control is based on identification • Most common authentication: password Joe • Password and account policies help improve security Module 04: 25 •Introduction to Computer Security and Information Assurance Implementing Policies • Recall: policies can be topic specific • Procedures can be one way to implement policies • Policies can also be implemented in hardware or software • Password and account policies are often implemented using operating system features Module 04: 26 •Introduction to Computer Security and Information Assurance Password Policy • What makes a good password policy? – How many new passwords should you use before you can reuse an old password? – How long should a password be valid? – How long must you use a password before you change it? – What is the minimum length for a password? – Should there be complexity requirements? – Should the password be stored so it can be decrypted? Module 04: 27 •Introduction to Computer Security and Information Assurance Account Policy • Should your account be locked if you don’t log in correctly? If so, how long should it be locked? • How many login failures should occur before your account is locked? • How much time should elapse before a failed login is no longer counted? Module 04: 28 •Introduction to Computer Security and Information Assurance Activity 04.1: Account And Local Security Policies For Windows • Purpose: – Walk you through ways to harden the security of the Microsoft Windows operating system to lessen its vulnerability to attack • Estimated completion time: – 20 - 25 minutes • Additional information: – Account password for Windows machine Module 04: 29 •Introduction to Computer Security and Information Assurance Hints For Activity 04.1 • Student password: XXXXXXXX • Action on errors: – Adding new users: • Click “OK” on error message • Add “&123” to the end of suggested passwords • Audit Logs – Security logging may not be turned on, so there may be no entries Module 04: 30 •Introduction to Computer Security and Information Assurance Activity 04.1: Account And Local Security Policies For Windows • What did you see? • What policies are in place in your organization? Do they help with security? Module 04: 31 •Introduction to Computer Security and Information Assurance Activity 04.2: Account And Local Security Policies For Fedora • Purpose: – Walk you through ways to harden the security of the Fedora Linux operating system to lessen its vulnerability to attack • Estimated completion time: – 25 - 30 minutes • Additional information: – Account password for Fedora Linux virtual machine Module 04: 32 •Introduction to Computer Security and Information Assurance Hints For Activity 04.2 • student password: student • root password: student • Action on errors: – Adding new users: • Click “YES” on error message that says “Use Anyway?” • If password is too short, add “123” and try again • Remember, Linux is case sensitive Module 04: 33 •Introduction to Computer Security and Information Assurance Activity 04.2: Account And Local Security Policies For Fedora • What did you see? • Could you implement the same policies in both Windows and Fedora? • Which seemed more secure to you? Module 04: 34 •Introduction to Computer Security and Information Assurance Vulnerabilities • Protection function – Access control – Compromise access control to attack other functions • Process management – Unauthorized processes – Hidden processes – Affect other processes • Main memory management – Access other processes’ memory Module 04: 35 •Introduction to Computer Security and Information Assurance More Vulnerabilities • File management – Unauthorized access to files – Create unauthorized files • I/O system management – Unauthorized I/O – Affect authorized I/O • Secondary storage – Access or corrupt Module 04: 36 •Introduction to Computer Security and Information Assurance Even More Vulnerabilities • Network – Unauthorized connections/communications – Disable or compromise – Affect authorized use • User interface – Eavesdrop – Deny access to authorized users – Permit access to unauthorized users Module 04: 37 •Introduction to Computer Security and Information Assurance Threats • How do threats affect the system? – Affect availability – Compromise confidentiality or integrity • How do you tell if you have a problem? – Process listing – Memory check – Auditing logs – Network connections – Storage size • What if management tools are compromised? Module 04: 38 •Introduction to Computer Security and Information Assurance Specific Operating System Attacks • • • • • DoS Hack (or crack) the system Backdoor Memory issues Escalation of privileges • Default settings Module 04: 39 •Introduction to Computer Security and Information Assurance Denial of Service (DoS) • An attack on availability • Consume resources – CPU or memory – Communication • Recall terms – ping, Smurf, botnet CIA Availability Module 04: 40 •Introduction to Computer Security and Information Assurance Hack The System • Exploit a vulnerability to gain unauthorized access to the system • Access as an existing user • Perform other actions – Add unauthorized account – Add malicious software – Use system resources CIA Availability Module 04: 41 •Introduction to Computer Security and Information Assurance Backdoor • What is a backdoor? – An access method that bypasses the normal security of the system • How does it get there? • What impact might it have? CIA Availability Module 04: 42 •Introduction to Computer Security and Information Assurance Memory Issues • Memory is not erased before given to another process – Gives new process access to information from old process – What is the impact? • Memory is not released by a process – What is the impact? CIA Availability Module 04: 43 •Introduction to Computer Security and Information Assurance Escalation Of Privileges • User exploits vulnerability to gain unauthorized access – Gain administrator access – Gain access as a specific account – What is the impact? CIA Availability Module 04: 44 •Introduction to Computer Security and Information Assurance Default Settings • Most operating systems ship in the simplest configuration… unsecure • Security features disabled • Default accounts enabled with standard passwords CIA • Available services (programs) running Availability Module 04: 45 •Introduction to Computer Security and Information Assurance How Do They Do It? • The key is gaining access • Break an operating system management function to gain command access – Connect to print server, cause process to create a command line as administrator – Send special packets to network controller to cause a buffer overflow to execute program – And many more Module 04: 46 •Introduction to Computer Security and Information Assurance Securing Systems • Perform system “hardening” • Find out what vulnerabilities are still present – Perform a vulnerability scan • Fix them Module 04: 47 •Introduction to Computer Security and Information Assurance Activity 04.3: Vulnerability Scanning Using Nessus 3 • Purpose: – Demonstrate that port scanning is one of the most common forms of attacks and can be used to gather information about a target environment • Estimated completion time: – 20 - 25 minutes • Additional information: – We need to perform one or two scans using Nessus – IP address ranges to scan Module 04: 48 •Introduction to Computer Security and Information Assurance Hints For Activity 04.3 • Perform Nessus scans on the indicated IP ranges • First Scan – Start IP: – End IP: XX.XX.XX.XX XX.XX.XX.XX • Second Scan – Start IP: – End IP: XX.XX.XX.XX XX.XX.XX.XX Module 04: 49 •Introduction to Computer Security and Information Assurance Activity 04.3: Vulnerability Scanning Using Nessus 3 • What vulnerabilities did you discover? • Would this be useful for system administrators? • Does this tool identify all vulnerabilities? Module 04: 50 •Introduction to Computer Security and Information Assurance Countermeasures: DoS • Set network and host firewall filters for known bad traffic • Apply operating system patches for known vulnerabilities • Limit time and resources for processes • Monitor for threat activity on the network and host using Intrusion Detection Systems Module 04: 51 •Introduction to Computer Security and Information Assurance Countermeasures: Hack The System • Use account and password policies – Reduce likelihood of password guessing or cracking – Limit privileges of users to those they need – Manage by responsibilities (group permissions) • Change default accounts, settings, passwords • Use restricted accounts for services (don’t run everything as administrator) • Apply operating system patches for known vulnerabilities • Turn off unnecessary services • Watch for social engineering Module 04: 52 •Introduction to Computer Security and Information Assurance Countermeasures: Backdoor • Disable any unnecessary default accounts • Apply operating system patches for known vulnerabilities • Scan system periodically • Monitor system Module 04: 53 •Introduction to Computer Security and Information Assurance Countermeasures: Memory Issues • Apply operating system patches for known vulnerabilities • Turn on security features (some operating systems will clear memory before reallocating it) • Reclaim memory on process termination Module 04: 54 •Introduction to Computer Security and Information Assurance Countermeasures: Escalation Of Privileges • Apply operating system patches for known vulnerabilities • Monitor system • Establish restricted accounts for services (don’t run everything as administrator) Module 04: 55 •Introduction to Computer Security and Information Assurance Countermeasures: Default Settings • Disable unnecessary accounts and services • Apply operating system patches for known vulnerabilities • Follow lockdown procedures when possible • Monitor system Module 04: 56 •Introduction to Computer Security and Information Assurance Additional Countermeasures • HIDS – Provides system monitoring function – Can raise alert when changes occur • Backups – Allow restoration of system to known good state • Physical security – Don’t allow unauthorized access to systems Module 04: 57 •Introduction to Computer Security and Information Assurance Are We Done? • Not yet • Recurring theme – Apply operating system patches for known vulnerabilities – Disable unnecessary accounts and services – Monitor system • Always balance security and ease of use Module 04: 58 •Introduction to Computer Security and Information Assurance Operating System Security: System Specific Stuff • History and general functions of operating systems • Major vulnerabilities and threats for operating systems • Steps in securing system accounts • Using a vulnerability scanner to test systems • Countermeasures for operating system threats Module 04: 59