Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Next-Generation Secure Computing Base wikipedia , lookup
Wireless security wikipedia , lookup
Post-quantum cryptography wikipedia , lookup
Information security wikipedia , lookup
Distributed firewall wikipedia , lookup
Secure multi-party computation wikipedia , lookup
Airport security wikipedia , lookup
Security printing wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Mobile security wikipedia , lookup
Computer security wikipedia , lookup
Security Issues in Unix OS Saubhagya Joshi Suroop Mohan Chandran Contents Current scenario – Major players – General threats – Top ten Unix threats Taxonomy of threats Examples Security Management Security Management 2 Major Players NIST, CERT, SANS Institute, CERIAS, Mitre Inc. Database + Tools CVE (121 vulnerabilities out of 3052 unique entries, CVE Version Number: 20040901) ICAT (213 out of 7493 vulnerabilities) Cassandra Security Management 3 General threats People (malicious, ignorance) Physical Communications Operations OS flaws A t t a c k s – – – – – – – Denial of Service (DoS) Spoofing Privilege Elevation Repudiation Replay Attacks Viruses/Trojans/Worms Disclosure of Information – Sabotage/Tampering Security Management 4 Top Ten Vulnerabilities (SANS Institute + FBI) BIND Domain Name System Web Server (CGI scripts) Authentication (weak, default or no password) Version Control Systems (buffer overflow on CVS) Mail Transport Service (insecure SMTP & MTA) Simple Network Management Protocol (SNMP) – Remotely manage systems, printers, routers Open Secure Sockets Layer (SSL) – Mainly buffer overflow (POP3, IMAP, LDAP, SMTP) Misconfiguration of Enterprise Services NIS/NFS Databases (MySQL, POSTgreSQL, Oracle) Security Management Kernel 5 Taxonomy operational coding configuration synchronization Incorrect permission Utility in wrong place Incorrect setup parameters environment condition validation Race condition Failure to handle exception Improper/inadequate Origin validation Input validation Boundary condition Access right validation Field value correlation syntax Type and number of input Missing input Security Management Source: Taimur Aslam, Taxonomy of Security Faults in Unix OS, Purdue University, 1995 6 Extraneous input Operational Examples operational coding environment configuration synchronization tftp (trivial file transfer protocol) Incorrect permission Utility in wrong place Incorrect setup parameters condition validation disclosure of information Race condition Failure to handle exception sendmail Origin validation Input validation wizard mode WIZ command Boundary condition Improper/inadequate Field value correlation default password = “wizzywoz” syntax Access right validation Type and number of input Missing input Security Management 7 Extraneous input Synchronization Examples operational coding configuration synchronization environment condition validation Incorrect permission “xterm” (window interface in X windows) Utility in wrong place foo Incorrect setupmknod parameters p Race condition Failure to handle exception Improper/inadequate Origin validation xterm –lf fooInput validation mv foo junk ln –s Boundary condition Accessfoo right validation /etc/passwd Field value correlation syntax Type and number of input cat junk Missing input Security Management 8 if run as root, existing files may be replaced Extraneous input /etc/exports (SunOS4.1) Condition Validation rcp Example (remote copy) operational coding configuration synchronization Incorrect permission Utility in wrong place Incorrect setup parameters condition validation Redirect characters from environment other user’s terminal uux rem_machine ! rmail anything & command fsck repairs file consistency Race condition Failure to handle exception Origin validation -- If fsck fails during Improper/inadequate bootup, privileged shell starts as root Input validation Boundary condition Access right validation Field value correlation syntax Type and number of input Missing input Security Management 9 Extraneous input Environment Examples operational coding configuration synchronization environment condition validation Incorrect permission “exec” system call Race condition Utility in wrong place Failure to handle exception executes some executable object file or Incorrect setup parameters Origin validation data file conaining commands Improper/inadequate Input validation SunOS version 3.2 condition and early Boundary link Access right with name = validation “-i” Field value correlation syntax Type and number of input exec –i (becomes interactive mode Missing input Security Management 10 Extraneous input Security Management in UNIX US/CERT, AUSCERT - UNIX Security Checklist (2001) US/CERT, AUSCERT – Steps to Recover from a UNIX or NT System compromise (2000) Security Management 11 UNIX Security Checklist v2.0 The First Step Basic Operating System Major Services Specific Operating Systems Security Management 12 The First Step Update software and security Patches of the OS. Make sure that all security mechanisms like Digital signatures and hashing schemes are up to date. Keep track of all updates to the OS and the services. Security Management 13 Basic Operating System Network Services Network Administration File System Security Account Security System Monitoring Security Management 14 Major Services Name Service Electronic Mail Web Security FTP – ftp and anonymous ftp File Services X-Windows System Security Management 15 Specific Operating Systems BSD-Derived Operating Systems Linux Distributions Solaris IRIX HP-UX Digital/Compaq Tru64 UNIX AIX Security Management 16 Steps to Recover from a Compromise Before you get Started Regain Control Analyze the Intrusion Contact relevant CSIRT and other sites involved Recover from the intrusion Improve the security of the system and network Reconnect to the Internet Update your Security Policy Security Management 17