CS 356 – Lecture 25 and 26 Operating System Security Spring 2013
Review • Chapter 1: Basic Concepts and Terminology • Chapter 2: Basic Cryptographic Tools • Chapter 3 – User Authentication • Chapter 4 – Access Control Lists • Chapter 5 – Database Security (skipped) • Chapter 6 – Malicious Software • Networking Basics (not in book) • Chapter 7 – Denial of Service • Chapter 8 – Intrusion Detection • Chapter 9 – Firewalls and Intrusion Prevention • Chapter 10 – Buffer Overflow • Chapter 11 – Software Security • Chapter 12 – OS Security
Chapter 12 Operating System Security
Operating System § each layer of code needs measures in place to provide appropriate security services § each layer is vulnerable to attack from below if the lower layers are not secured appropriately Security Layers
Measures • the 2010 Australian Defense Signals Directorate (DSD) list the “Top 35 Mitigation Strategies” • over 70% of the targeted cyber intrusions investigated by DSD in 2009 could have been prevented • the top four measures for prevention are: – patch operating systems and applications using auto- update – patch third-party applications – restrict admin privileges to users who need them – white-list approved applications
Operating System Security • possible for a system to be compromised during the installation process before it can install the latest patches • building and deploying a system should be a planned process designed to counter this threat • process must: – assess risks and plan the system deployment – secure the underlying operating system and then the key applications – ensure any critical content is secured – ensure appropriate network protection mechanisms are used – ensure appropriate processes are used to maintain security
System Security Planning the first step in deploying a new system is planning plan needs to identify appropriate personnel and planning should training to install and include a wide manage the system security assessment of the organization planning process needs to determine security aim is to maximize requirements for the security while system, applications, data, minimizing costs and users
System Security Planning Process any additional security the purpose of the system, who will administer the measures required on the the type of information system, and how they will system, including the use of stored, the applications and manage the system (via host firewalls, anti-virus or services provided, and their local or remote access) other malware protection security requirements mechanisms, and logging what access the system has the categories of users of to information stored on the system, the privileges other hosts, such as file or they have, and the types of database servers, and how information they can access this is managed how access to the how the users are information stored on the authenticated system is managed
Operating Systems Hardening • first critical step in securing a system is to secure the base operating system • basic steps • install and patch the operating system • harden and configure the operating system to adequately address the identified security needs of the system • install and configure additional security controls, such as anti-virus, host-based firewalls, and intrusion detection system (IDS) • test the security of the basic operating system to ensure that the steps taken adequately address its security needs
Initial Setup and Patching should stage and validate all system patches on the security begins test systems with the before installation of initial installation should install the overall boot deploying them the operating process must minimum in production system necessary for the also be secured desired system critical that the the integrity and full installation and system be kept up source of any ideally new hardening process to date, with all additional device systems should be should occur critical security driver code must constructed on a before the system related patches be carefully protected network is deployed to its installed validated intended location
• Remove Unnecessary Services, • when performing the initial Applications, installation the supplied defaults should not be Protocols used – default configuration is set to maximize ease of use • if fewer software packages and functionality rather are available to run the risk than security is reduced – if additional packages are • system planning process needed later they can be should identify what is installed when they are actually required for a required given system
• system planning process should consider: • Configure – categories of users on the Users, Groups, system and – privileges they have Authentication – types of information they can access – how and where they are defined and authenticated • default accounts included as part • not all users with access to a system will have the same of the system installation should be access to all data and secured resources on that system – those that are not required • elevated privileges should should be either removed or be restricted to only those disabled users that require them, and then only when they are – policies that apply to needed to perform a task authentication credentials configured
• Install • Configure • Additional • Resource • Security • Controls • Controls • once the users and • further security groups are defined, appropriate possible by installing permissions can be set and configuring on data and resources additional security • many of the security tools: hardening guides – anti-virus software provide lists of – host-based firewalls recommended changes – IDS or IPS software to the default access – application white-listing configuration
• checklists are included in security hardening guides • Test the • there are programs System specifically designed to: Security – review a system to ensure that a system meets the basic security requirements – scan for known vulnerabilities and poor configuration practices • final step in the process of initially securing the base • should be done following operating system is the initial hardening of the security testing system • goal: • repeated periodically as – ensure the previous part of the security security configuration steps maintenance process are correctly implemented – identify any possible vulnerabilities
Application Configuration • may include: – creating and specifying appropriate data storage areas for application – making appropriate changes to the application or service default configuration details • some applications or services may include: – default data – scripts – user accounts • of particular concern with remotely accessed services such as Web and file transfer services – risk from this form of attack is reduced by ensuring that most of the files can only be read, but not written, by the server
Encryption Technology is a key enabling technology if secure network that may be cryptographic services are used to file systems are provided using secure data must be another use of if secure network TLS or IPsec encryption both in configured services are suitable public and transit and and provided using private keys must SSH, appropriate when stored appropriate server and client be generated for cryptographic keys must be each of them keys created, created signed, and secured
Security Maintenance • process of maintaining security is continuous • security maintenance includes: – monitoring and analyzing logging information – performing regular backups – recovering from security compromises – regularly testing system security – using appropriate software maintenance processes to patch and update all critical software, and to monitor and revise configuration as needed
can only inform you automated about bad things analysis is that have already preferred happened generates significant in the event of a system volumes of information and breach or failure, system it is important that administrators can more sufficient space is quickly identify what allocated for them happened Logging key is to ensure you range of data acquired should capture the correct be determined during the data and then system planning stage information appropriately monitor can be and analyze this data generated by the system, network and applications
Data Backup and Archive needs and policy relating performing regular to backup and archive backups of data is should be determined a critical control backup archive during the system that assists with • the process of • the process of retaining planning stage maintaining the making copies copies of data over integrity of the of data at extended periods of • kept online or offline regular time in order to meet system and user • stored locally or transported to a intervals legal and operational remote site data requirements to access • trade-offs include ease of past data • may be legal or implementation and cost operational versus greater security and requirements for the robustness against different retention of data threats
Recommend
More recommend