Operating System
Security
Lesson 1:
Security Principles
Objectives




Explain the need for security in Linux and
Windows 2000 environments
Describe industry evaluation criteria used
for security
Identify the guidelines for determining the
three general security levels
Discuss the security mechanisms used to
implement security systems
Objectives




(cont’d)
Identify the different areas of security
management
Describe Windows 2000 and Linux “out-ofthe-box” security measures
Implement tools to evaluate key security
parameters in Windows 2000 and Linux
Describe security components in the
Windows 2000 security architecture
Security
Services





Authentication
Access control
Data confidentiality
Data integrity
Nonrepudiation
Evaluation
Criteria



European Information Technology Security
Evaluation Criteria document BS 7799
Trusted Computer Systems Evaluation
Criteria
Common Criteria
Security Levels



Low
Medium
High
Security
Mechanisms

Specific
- Encipherment
- Digital signature
- Access control
- Data integrity
- Authentication
- Traffic padding

Wide
- Trusted
functionality
- Security labels
- Audit trails
- Security
recovery
Windows 2000
Security


Exploits
Windows 2000 registry
Windows 2000
Security Architecture




Windows 2000 security components
- C2 certification
Windows 2000 objects
Security components
- SIDs
- Access tokens
- Security descriptors
- Access control lists and entities
Security subsystem
Linux
Security

Configuration problems
- Misconfigured authentication settings
- Unnecessary services
- Default account policies
- Non-root user access to sensitive
commands
Pluggable
Authentication Modules




Editing PAM files
PAM directories
PAM entry format
Telnet access and the root account
Summary
 Explain the need for security in Linux and
Windows 2000 environments
 Describe industry evaluation criteria used
for security
 Identify the guidelines for determining the
three general security levels
 Discuss the security mechanisms used to
implement security systems
Summary
(cont’d)
 Identify the different areas of security
management
 Describe Windows 2000 and Linux “out-ofthe-box” security measures
 Implement tools to evaluate key security
parameters in Windows 2000 and Linux
 Describe security components in the
Windows 2000 security architecture
Lesson 2:
Account Security
Objectives



Describe the relationship between account
security and passwords
Explain techniques for securing accounts
in Windows 2000 and Linux
Prune users, detect account changes,
rename default accounts, and implement
password policies in Windows 2000 and
Linux
Objectives


(cont’d)
Identify Linux commands for password
aging and explain how to log unsuccessful
logon attempts
Explain Linux security threats, restrict
account access, and monitor accounts
Passwords


Windows 2000 and strong passwords
- Enforcing strong passwords
- Dictionary attacks
Linux and strong passwords
- Shadow passwords
- The root account
Verifying
System State





Cross-referencing information on nondomain controllers
Built-in and external tools
Renaming default accounts
Windows 2000 account policies
Password lockout
Password
Aging in Linux




Linux command options
Timing out users
Monitoring accounts
System-wide event logging facility
Summary
 Describe the relationship between account
security and passwords
 Explain techniques for securing accounts
in Windows 2000 and Linux
 Prune users, detect account changes,
rename default accounts, and implement
password policies in Windows 2000 and
Linux
Summary
(cont’d)
 Identify Linux commands for password
aging and explain how to log unsuccessful
logon attempts
 Explain Linux security threats, restrict
account access, and monitor accounts
Lesson 3:
File System
Security
Objectives





Identify the Windows 2000 file-level
permissions
Assign NTFS permissions
Explain the importance of drive partitioning
and how it relates to security
Describe how copying and moving a file
affect file security
Identify remote file access control
permissions
Objectives



(cont’d)
Describe Linux file system security
concepts
Explain the function of the umask
command
Discuss the purpose of setuid, setgid,
and sticky bits
Windows 2000
File System Security




File-level permissions
Standard 2000 permissions
Drive partitioning
Copying and moving files
Remote File
Access Control


Remote access permissions
- Full Control
- Modify
- Read & Execute
- No Access
Share permissions
Linux
File System Security







Files
File information
Permissions
The umask command
The chmod command
UIDs and GIDs
The set bits: setuid, setgid and sticky
bits
Summary
 Identify the Windows 2000 file-level
permissions
 Assign NTFS permissions
 Explain the importance of drive partitioning
and how it relates to security
 Describe how copying and moving a file
affect file security
 Identify remote file access control
permissions
Summary
(cont’d)
 Describe Linux file system security
concepts
 Explain the function of the umask
command
 Discuss the purpose of setuid, setgid,
and sticky bits
Lesson 4:
Assessing Risk
Objectives





Identify general and specific operating
system attacks
Describe a keylogger program’s function
Change Windows 2000 system defaults
Scan a system to determine security risks
Explain Linux security concerns
Security
Threats


Accidental threats
Intentional threats
- Passive threats
- Active threats
Types of
Attacks






Spoofing/masquerade
Replay
Denial of service
Insider
Trapdoor
Trojan horses
Windows 2000
Security Risks



Default directories
Default accounts
Default shares and services
General UNIX
Security Vulnerabilities


Viruses
Buffer overflows
Keyloggers



Invisible KeyLogger Stealth and Windows
2000
Keylogging and securing the Linux search
path
Protecting yourself against keyloggers
System
Port Scanning

Advanced security scanners
- WebTrends Security Analyzer
UNIX
Security Risks



The rlogin command
- Interactive sessions: Telnet vs. rlogin
Network Information System (NIS)
Network File System (NFS)
NIS
Security Concerns


NIS security problems
- No authentication requirements
- Contacting server by broadcast
- Plain-text distribution
- Encryption and authentication
- Portmapper processes and
TCPWrappers
- The securenets file
NIS+
NFS
Security Concerns



Users, groups and NFS
Secure RPC
NFS security summary
Summary
 Identify general and specific operating
system attacks
 Describe a keylogger program’s function
 Change Windows 2000 system defaults
 Scan a system to determine security risks
 Explain Linux security concerns
Lesson 5:
Reducing Risk
Objectives



Explain the purpose and importance of
system patches and fixes, and apply
system patches
Modify the Windows 2000 Registry for
security
Lock down and remove services for
effective security in Windows 2000 and
Linux
Patches
and Fixes


Microsoft service packs
Red Hat Linux errata
Windows 2000
Registry Security



Registry structure
- Subtrees and their uses
Auditing the registry
Setting registry permissions
Disabling and Removing
Services in Windows 2000



Securing network connectivity
Server Message Block
Miscellaneous configuration changes
Disabling and
Removing Services in UNIX

Bastille
- The tarball format
- Downloading and installing Bastille
- Running Bastille in text mode
Summary
 Explain the purpose and importance of
system patches and fixes, and apply
system patches
 Modify the Windows 2000 Registry for
security
 Lock down and remove services for
effective security in Windows 2000 and
Linux
Operating
System Security
 Security Principles
 Account Security
 File System Security
 Assessing Risk
 Reducing Risk