CT320: Network and System Administration

Fall 2019

Security

Show Lecture.Security as a slide show.

CT320 Security

Thanks to:

for the contents of these slides.

Topics

  1. Introduction
  2. Vulnerabilities, threats and attacks
  3. Risk Management
  4. OS Hardening
  5. PAM
  6. Passwords
  7. Firewalls & Intrusion Prevention Systems

Overview

Computer Security
protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).

Security Objectives

Confidentiality
Prevent / detect / deter improper disclosure of information
Integrity
Prevent / detect / deter improper modification of information
Availability
Prevent / detect / deter improper denial of access to services provided by a system

Some Examples

Security Goals

Security Goals

Interesting Situation

You are the security admin of a company. One day you notice that an employee is downloading a very big file. You notice that downloading a file is not exactly against company policy. Should you flag this as a security issue?

An Even More Interesting Situation

User uploads some financial documents on Microsoft Cloud. You (Microsoft) analyze these documents and determine that user owes back taxes to the IRS …

Security Objectives (continued)

More Security Objectives

Computer Security Challenges

  1. Not simple
  2. Must consider potential attacks
  3. Procedures used may be counter-intuitive
  4. Involve algorithms and secret info
  5. Must decide where to deploy mechanisms

Computer Security Challenges

  1. Battle of wits between attacker / admin
  2. Not perceived on benefit until fails
  3. Requires regular monitoring
  4. Too often an after-thought
  5. Regarded as impediment to using system

Systems Security Components / Terminology

History

Security by Obscurity

Security by Legislation

⚢ ⚤ ⚣

Weakest Link In Computer Security

Vulnerabilities, Threats and Attacks

Vulnerabilities

  1. Bad/default passwords.
  2. Unused services with open ports.
  3. Unpatched software vulnerabilities.
  4. Transmitting confidential data in cleartext.
  5. Open modems or wireless networks.
  6. Physical access to critical systems.
  7. Uneducated users.

Vulnerability Databases

Some Common Security Threats

Threat Motives

Threat Consequences

Attacks

How Systems Are Attacked

Types of attacks

Risk Management

Risk is the relationship between your assets, the vulnerabilities characteristic to those assets, and attackers who wish to access or modify those assets.

Security Tips

Rules of Thumb

Password management

SetUID programs

Security issues

Security issues — continued

Assets

  1. Login account
  2. Network bandwidth
  3. Disk space
  4. Data
  5. Reputation

Defenses

OS Hardening

Secure the physical system

Install only Necessary Software

Security Patches

Use Secure Passwords

PAM

Problem:

Solution:

PAM Configuration

Format: module-interface control-flag module-name module-arguments

Module Interfaces

Module Stacking Example

rlogin PAM requirements

PAM config file:

    auth required pam_nologin.so
    auth required pam_securetty.so
    auth required pam_env.so
    auth sufficient pam_rhosts_auth.so
    auth required pam_stack.so service=system-auth

Control Flags

Password Quality

Password Aging

Disable Unnecessary Accounts

Disabling Remote Access

sudo

Jails

Check Logs

Firewalls and Intrusion Prevention Systems

Firewall Capabilities & Limits