Guide to Operating System Security Chapter 1 Operating Systems Security – Keeping Computers and Networks Secure Objectives Explain what operating system and network security means Discuss why security is necessary Explain the cost factors related to security Describe the types of attacks on operating systems and networks Discuss system hardening, including features in operating systems and networks that enable hardening Guide to Operating System Security 2 What Is Operating System and Network Security? Ability to reliably store, modify, protect, and grant access to information, so that information is only available to designated users Guide to Operating System Security 3 Operating Systems and Security Operating systems Provide basic programming instructions to computer hardware Interface with user application software and computer’s BIOS to allow applications to interact with hardware Security issue Potential to provide security functions at every level of operation Guide to Operating System Security 4 Operating System Components Application programming interface (API) Basic input/output system (BIOS) Basic form of security: Configure BIOS password security Kernel Resource managers Device drivers Guide to Operating System Security 5 Operating System Functions and Components Guide to Operating System Security 6 Computer Networks and Security Computer network System of computers, print devices, network devices, and computer software linked by communications cabling or radio and microwaves Security issue All networks have vulnerable points that require security Guide to Operating System Security 7 Types of Networks Classified by reach and complexity Local area networks (LANs) Metropolitan area networks (MANs) Wide area networks (WANs) Enterprise networks Guide to Operating System Security 8 Resources in an Enterprise Network Guide to Operating System Security 9 Careers in Information Security Number of jobs has increased by 100% per year since 1998 Potential for healthy salaries and organizational advancement Guide to Operating System Security 10 Why Security Is Necessary Protects information and resources Ensures privacy Facilitates workflow Addresses security holes and software bugs Compensates for human error or neglect Guide to Operating System Security 11 Protecting Information and Resources Security protects information and resources of: Businesses Educational institutions Government Telecommuters Personal users Guide to Operating System Security 12 Ensuring Privacy Potential for serious legal and business consequences when an intruder accesses private information Guide to Operating System Security 13 Facilitating Workflow Potential for loss of money, data, or both if a step in the work process is compromised due to a security problem Guide to Operating System Security 14 Addressing Security Holes or Software Bugs After purchasing a new OS, software, or hardware: Test rigorously for security and reliability Check security defaults Install patches immediately Guide to Operating System Security 15 Compensating for Human Error or Neglect Use an OS that enables the organization to set up security policies Develop written security policies Implement training Test security of new operating systems and software Guide to Operating System Security 16 Setting Up Local Security Policies Guide to Operating System Security 17 Cost Factors Cost of deploying security Should be an element in total cost of ownership (TCO) Cost of not deploying security Guide to Operating System Security 18 Types of Attacks Standalone workstation or server attacks Attacks enabled by access to passwords Viruses, worms, and Trojan horses Guide to Operating System Security Buffer attacks Denial of service Source routing attack Spoofing E-mail attack Port scanning Wireless attacks 19 Standalone Workstation or Server Attacks Easy to take advantage of a logged-on computer that is unattended and unprotected Avoid by setting up a password-protected screen saver Guide to Operating System Security 20 Attacks Enabled by Access to Passwords Users defeat password protection by Sharing them with others Writing them down and displaying them Attackers have sophisticated ways of gaining password access Guide to Operating System Security 21 Attempting to Log On to a Telnet Account Guide to Operating System Security 22 Viruses Virus Able to replicate throughout a system Infects a disk/file, which infects other disks/files Some cause damage; some don’t Virus hoax E-mail falsely warning of a virus Guide to Operating System Security 23 Worm Endlessly replicates on the same computer, or sends itself to many other computers on a network Continues to create new files but does not infect existing files Guide to Operating System Security 24 Trojan Horse Appears useful and harmless, but does harm Can provide hacker with access to or control of the computer Guide to Operating System Security 25 Buffer Attacks Attacker tricks buffer software into attempting to store more information than it can contain (buffer overflow) The extra information can be malicious software Guide to Operating System Security 26 Denial of Service (DoS) Attacks Interfere with normal access to network host, Web site, or service by flooding network with: Useless information, or Frames or packets containing errors that are not identified by a network service Distributed DoS attack One computer causes others to launch attacks directed at one or more targets Guide to Operating System Security 27 Source Routing Attack Attacker modifies source address and routing information to make a packet appear to come from a different source Can be used to breach a privately configured network A form of spoofing Guide to Operating System Security 28 Spoofing Address of source computer is changed to make a packet appear to come from a different computer Can be used to initiate access to a computer Can appear as just another transmission to a computer from a legitimate source Guide to Operating System Security 29 E-mail Attack Attached file may contain: Virus, worm, or Trojan horse Macro that contains malicious code E-mail may contain Web link to a rogue Web site Guide to Operating System Security 30 Port Scanning Attacker determines live IP address, then runs port scanning software (eg Nmap or Strobe) to find a system on which a key port is open or not in use To block access through open ports: Stop OS services or processes that are not in use Configure a service only to start manually with your knowledge Unload unnecessary NLMs Guide to Operating System Security 31 Sample TCP Ports Guide to Operating System Security 32 Using the kill Command in Red Hat Linux Guide to Operating System Security 33 Managing Mac OS X Sharing Services Guide to Operating System Security 34 Wireless Attacks Generally involve scanning multiple channels Key elements Wireless network interface card Omnidirectional antenna War-driving software Difficult to determine when someone has compromised a wireless network Guide to Operating System Security 35 Organizations That Help Prevent Attacks (Continued) American Society for Industrial Security (ASIS) Computer Emergency Response Team Coordination Center (CERT/CC) Forum of Incident Response and Security Teams (FIRST) InfraGard Guide to Operating System Security 36 Organizations That Help Prevent Attacks (Continued) Information Security Forum (ISF) Information Systems Security Association (ISSA) National Security Institute (NSI) SysAdmin, Audit, Network, Security (SANS) Institute Guide to Operating System Security 37 Hardening Your System Taking specific actions to block or prevent attacks by means of operating system and network security methods Guide to Operating System Security 38 General Steps to Harden a System (Continued) Learn about OS and network security features Consult Web sites of security organizations Only deploy services and processes that are absolutely necessary Deploy dedicated servers, firewalls, and routers Guide to Operating System Security 39 General Steps to Harden a System (Continued) Use OS features that are provided for security Deploy as many obstructions as possible Audit security regularly Train users to be security conscious Monitor OSs and networks regularly for attackers Guide to Operating System Security 40 Overview of Operating System Security Features Logon security Digital certificate security File and folder security Shared resource security Guide to Operating System Security Security policies Remote access security Wireless security Disaster recovery 41 Logon Security Requires user account and password to access OS or network User account provides access to the domain Guide to Operating System Security 42 Objects in a Domain Guide to Operating System Security 43 Digital Certificate Security Verifies authenticity of the communication to ensure that communicating parties are who they say they are Guide to Operating System Security 44 File and Folder Security Lists of users and user groups can be given permission to access resources Attributes can be associated with resources to manage access and support creation of backups Guide to Operating System Security 45 Shared Resource Security Ways to control access to resources: Use a list of users and groups that should be configured Use domains Publish resources in a directory service (eg, Active Directory or NDS) Guide to Operating System Security 46 Using an Access List Guide to Operating System Security 47 Security Policies Security default settings that apply to a resource offered through an OS or directory service May apply only to local computer, or to other computers May specify that user account passwords must be a minimum length and be changed at regular intervals Guide to Operating System Security 48 Remote Access Security Enable remote access only when absolutely necessary Many forms, including: Callback security Data encryption Access authentication Password security Guide to Operating System Security 49 Wireless Security Implement Wired Equivalent Privacy (WEP) Create a list of authorized wireless users based on the permanent address assigned to the wireless interface in the computer Guide to Operating System Security 50 Disaster Recovery Use of hardware and software techniques to prevent loss of data Perform backups Store backups in a second location Use redundant hard disks Enables restoration of systems and data without loss of critical information Guide to Operating System Security 51 Overview of Network Security Features Authentication and encryption Firewalls Topology Monitoring Guide to Operating System Security 52 Authentication Using a method to validate users who attempt to access a network or resources, to ensure they are authorized Examples User accounts with passwords Smart cards Biometrics Guide to Operating System Security 53 Encryption Protects information sent over a network by making it appear unintelligible Generally involves using a mathematical key Guide to Operating System Security 54 Firewalls Software or hardware placed between networks that selectively allows or denies access Guide to Operating System Security 55 Topology Different designs yield different results in terms of security planning and hardening Also affects security in terms of where specific devices are placed Guide to Operating System Security 56 Monitoring Involves determining performance and use of an OS or network Enables you to determine weak points of a system or network and address them before a problem occurs Guide to Operating System Security 57 Summary Operating system and network security Why such security is vital Careers in information security The cost of security; the cost of not having security Common types of attacks Techniques for guarding against attacks on operating systems and on networks Guide to Operating System Security 58