Security Issues in Unix OS - PowerPoint PPT Presentation

About This Presentation
Title:

Security Issues in Unix OS

Description:

CVE (121 vulnerabilities out of 3052 unique entries, CVE ... Mainly buffer overflow (POP3, IMAP, LDAP, SMTP) Misconfiguration of Enterprise Services NIS/NFS ... – PowerPoint PPT presentation

Number of Views:357
Avg rating:3.0/5.0
Slides: 18
Provided by: geoinform6
Learn more at: http://www.sis.pitt.edu
Category:
Tags: imap | issues | security | unix

less

Transcript and Presenter's Notes

Title: Security Issues in Unix OS


1
Security Issues in Unix OS
  • Saubhagya Joshi
  • Suroop Mohan Chandran

2
Contents
  • Current scenario
  • Major players
  • General threats
  • Top ten Unix threats
  • Taxonomy of threats
  • Examples
  • Security Management

3
Major Players
  • NIST, CERT, SANS Institute, CERIAS, Mitre Inc.
  • Database Tools
  • CVE (121 vulnerabilities out of 3052 unique
    entries, CVE Version Number 20040901)
  • ICAT (213 out of 7493 vulnerabilities)
  • Cassandra

4
General threats
  • Attacks
  • Denial of Service (DoS)
  • Spoofing
  • Privilege Elevation
  • Repudiation
  • Replay Attacks
  • Viruses/Trojans/Worms
  • Disclosure of Information
  • Sabotage/Tampering
  • People (malicious, ignorance)
  • Physical
  • Communications
  • Operations
  • OS flaws

5
Top Ten Vulnerabilities (SANS Institute FBI)
  • BIND Domain Name System
  • Web Server (CGI scripts)
  • Authentication (weak, default or no password)
  • Version Control Systems (buffer overflow on CVS)
  • Mail Transport Service (insecure SMTP MTA)
  • Simple Network Management Protocol (SNMP)
  • Remotely manage systems, printers, routers
  • Open Secure Sockets Layer (SSL)
  • Mainly buffer overflow (POP3, IMAP, LDAP, SMTP)
  • Misconfiguration of Enterprise Services NIS/NFS
  • Databases (MySQL, POSTgreSQL, Oracle)
  • Kernel

6
Taxonomy
coding
operational
environment
configuration
synchronization
condition validation
Incorrect permission
Race condition
Utility in wrong place
Failure to handle exception
Improper/inadequate
Incorrect setup parameters
Origin validation
Input validation
Field value correlation
Boundary condition
syntax
Access right validation
Type and number of input
Missing input
Extraneous input
Source Taimur Aslam, Taxonomy of Security Faults
in Unix OS, Purdue University, 1995
7
Operational Examples
coding
operational
environment
configuration
synchronization
  • tftp (trivial file transfer protocol)
  • disclosure of information
  • sendmail wizard mode
  • WIZ command
  • default password wizzywoz

condition validation
Incorrect permission
Race condition
Utility in wrong place
Failure to handle exception
Improper/inadequate
Incorrect setup parameters
Origin validation
Input validation
Field value correlation
Boundary condition
syntax
Access right validation
Type and number of input
Missing input
Extraneous input
8
Synchronization Examples
coding
operational
environment
configuration
synchronization
condition validation
Incorrect permission
  • xterm (window interface in X windows)
  • mknod foo p
  • xterm lf foo
  • mv foo junk
  • ln s /etc/passwd foo
  • cat junk
  • if run as root, existing files may be
    replaced

Race condition
Utility in wrong place
Failure to handle exception
Improper/inadequate
Incorrect setup parameters
Origin validation
Input validation
Field value correlation
Boundary condition
syntax
Access right validation
Type and number of input
Missing input
Extraneous input
9
Condition Validation Example
  • /etc/exports (SunOS4.1)
  • rcp (remote copy)
  • Redirect characters from other users terminal
  • uux rem_machine ! rmail
  • anything command
  • fsck repairs file consistency
  • -- If fsck fails during bootup, privileged shell
    starts as root

coding
operational
environment
configuration
synchronization
condition validation
Incorrect permission
Race condition
Utility in wrong place
Failure to handle exception
Improper/inadequate
Incorrect setup parameters
Origin validation
Input validation
Field value correlation
Boundary condition
syntax
Access right validation
Type and number of input
Missing input
Extraneous input
10
Environment Examples
coding
operational
environment
configuration
synchronization
condition validation
Incorrect permission
  • exec system call
  • executes some executable object file or data
    file conaining commands
  • SunOS version 3.2 and early
  • link with name -i
  • exec i (becomes interactive mode

Race condition
Utility in wrong place
Failure to handle exception
Improper/inadequate
Incorrect setup parameters
Origin validation
Input validation
Field value correlation
Boundary condition
syntax
Access right validation
Type and number of input
Missing input
Extraneous input
11
Security Management in UNIX
  • US/CERT, AUSCERT - UNIX Security Checklist
    (2001)
  • US/CERT, AUSCERT Steps to Recover from a UNIX
    or NT System compromise (2000)

12
UNIX Security Checklist v2.0
  • The First Step
  • Basic Operating System
  • Major Services
  • Specific Operating Systems

13
The First Step
  • Update software and security Patches of the OS.
  • Make sure that all security mechanisms like
    Digital signatures and hashing schemes are up to
    date.
  • Keep track of all updates to the OS and the
    services.

14
Basic Operating System
  • Network Services
  • Network Administration
  • File System Security
  • Account Security
  • System Monitoring

15
Major Services
  • Name Service
  • Electronic Mail
  • Web Security
  • FTP ftp and anonymous ftp
  • File Services
  • X-Windows System

16
Specific Operating Systems
  • BSD-Derived Operating Systems
  • Linux Distributions
  • Solaris
  • IRIX
  • HP-UX
  • Digital/Compaq Tru64 UNIX
  • AIX

17
Steps to Recover from a Compromise
  • Before you get Started
  • Regain Control
  • Analyze the Intrusion
  • Contact relevant CSIRT and other sites involved
  • Recover from the intrusion
  • Improve the security of the system and network
  • Reconnect to the Internet
  • Update your Security Policy
Write a Comment
User Comments (0)
About PowerShow.com