Download Threats in Unix OS

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
Document related concepts

Next-Generation Secure Computing Base wikipedia , lookup

Wireless security wikipedia , lookup

Post-quantum cryptography wikipedia , lookup

Information security wikipedia , lookup

Distributed firewall wikipedia , lookup

Secure multi-party computation wikipedia , lookup

Airport security wikipedia , lookup

Security printing wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Mobile security wikipedia , lookup

Computer security wikipedia , lookup

Security-focused operating system wikipedia , lookup

Unix security wikipedia , lookup

Transcript 
Security Issues in
Unix OS
Saubhagya Joshi
Suroop Mohan Chandran
Contents
Current scenario
– Major players
– General threats
– Top ten Unix threats
Taxonomy of threats
Examples
Security Management
Security Management
2
Major Players
NIST, CERT, SANS Institute, CERIAS,
Mitre Inc.
Database + Tools
CVE (121 vulnerabilities out of 3052 unique
entries, CVE Version Number: 20040901)
ICAT (213 out of 7493 vulnerabilities)
Cassandra
Security Management
3
General threats
People (malicious,
ignorance)
Physical
Communications
Operations
OS flaws
A
t
t
a
c
k
s
–
–
–
–
–
–
–
Denial of Service (DoS)
Spoofing
Privilege Elevation
Repudiation
Replay Attacks
Viruses/Trojans/Worms
Disclosure of
Information
– Sabotage/Tampering
Security Management
4
Top Ten Vulnerabilities
(SANS Institute + FBI)






BIND Domain Name System
Web Server (CGI scripts)
Authentication (weak, default or no password)
Version Control Systems (buffer overflow on CVS)
Mail Transport Service (insecure SMTP & MTA)
Simple Network Management Protocol (SNMP)
–
Remotely manage systems, printers, routers
 Open Secure Sockets Layer (SSL)
–
Mainly buffer overflow (POP3, IMAP, LDAP, SMTP)
 Misconfiguration of Enterprise Services NIS/NFS
 Databases (MySQL, POSTgreSQL, Oracle)
Security Management
 Kernel
5
Taxonomy
operational
coding
configuration
synchronization
Incorrect permission
Utility in wrong place
Incorrect setup parameters
environment
condition validation
Race condition
Failure to handle exception
Improper/inadequate
Origin validation
Input validation
Boundary condition
Access right validation
Field value correlation
syntax
Type and number of input
Missing input
Security Management
Source: Taimur Aslam, Taxonomy of Security Faults in Unix OS, Purdue University, 1995
6
Extraneous input
Operational Examples
operational
coding
environment
configuration
synchronization
tftp (trivial file transfer protocol)
Incorrect permission
Utility in wrong place
Incorrect setup parameters
condition validation
disclosure of information
Race condition
Failure to handle exception
sendmail
Origin
validation
Input validation

wizard mode
WIZ command
Boundary condition

Improper/inadequate
Field value correlation
default password
= “wizzywoz”
syntax
Access right validation
Type and number of input
Missing input
Security Management
7
Extraneous input
Synchronization Examples
operational
coding
configuration
synchronization
environment
condition validation
Incorrect permission
“xterm” (window interface in X windows)
Utility in wrong place
foo
Incorrect setupmknod
parameters
p
Race condition
Failure to handle exception
Improper/inadequate
Origin validation
xterm –lf fooInput validation
mv foo junk
ln –s
Boundary condition
Accessfoo
right validation
/etc/passwd
Field value correlation
syntax
Type and number of input
cat junk
Missing input
Security Management
8
if run as root, existing
files may be replaced
Extraneous input
/etc/exports (SunOS4.1)
Condition Validation rcp
Example
(remote copy)
operational
coding
configuration
synchronization
Incorrect permission
Utility in wrong place
Incorrect setup parameters
condition validation
Redirect characters from
environment
other user’s terminal
uux rem_machine ! rmail
anything & command
fsck repairs file consistency
Race condition
Failure to handle exception
Origin validation
-- If fsck fails during
Improper/inadequate
bootup,
privileged shell
starts as root
Input validation
Boundary condition
Access right validation
Field value correlation
syntax
Type and number of input
Missing input
Security Management
9
Extraneous input
Environment Examples
operational
coding
configuration
synchronization
environment
condition validation
Incorrect permission
“exec” system call
Race condition
Utility in wrong place
Failure
to handle exception
executes some
executable
object file or
Incorrect setup parameters
Origin
validation
data file conaining
commands
Improper/inadequate
Input validation
SunOS version
3.2 condition
and early
Boundary
link
Access
right
with
name
= validation
“-i”
Field value correlation
syntax
Type and number of input
exec –i (becomes interactive mode
Missing input
Security Management
10
Extraneous input
Security Management
in UNIX
US/CERT, AUSCERT - UNIX Security
Checklist (2001)
US/CERT, AUSCERT – Steps to
Recover from a UNIX or NT System
compromise (2000)
Security Management
11
UNIX Security
Checklist v2.0
The First Step
Basic Operating System
Major Services
Specific Operating Systems
Security Management
12
The First Step
Update software and security Patches of the
OS.
Make sure that all security mechanisms like
Digital signatures and hashing schemes are
up to date.
Keep track of all updates to the OS and the
services.
Security Management
13
Basic Operating
System
Network Services
Network Administration
File System Security
Account Security
System Monitoring
Security Management
14
Major Services
Name Service
Electronic Mail
Web Security
FTP – ftp and anonymous ftp
File Services
X-Windows System
Security Management
15
Specific Operating
Systems
BSD-Derived Operating Systems
Linux Distributions
Solaris
IRIX
HP-UX
Digital/Compaq Tru64 UNIX
AIX
Security Management
16
Steps to Recover from
a Compromise








Before you get Started
Regain Control
Analyze the Intrusion
Contact relevant CSIRT and other sites
involved
Recover from the intrusion
Improve the security of the system and
network
Reconnect to the Internet
Update your Security Policy
Security Management
17
Related documents
Short Course Revision - Burton Borough School
Short Course Revision - Burton Borough School
jmp_cv - Creative Wisdom
jmp_cv - Creative Wisdom
Extensive Report on Data Mining (Word Document)
Extensive Report on Data Mining (Word Document)
assignment 3 - Iain Pardoe
assignment 3 - Iain Pardoe
Monitoring Equipment to Support MOD-033
Monitoring Equipment to Support MOD-033
Model Comparison - NCSU Statistics
Model Comparison - NCSU Statistics
Is Your Site Accessible?
Is Your Site Accessible?
Walfish-Choosing the Best Device Sample Size for
Walfish-Choosing the Best Device Sample Size for
Literature
Literature
IntroductiontoDatabases
IntroductiontoDatabases