INFO 320 Server Technology I

1
INFO 320Server Technology I

• Week 8
• Security

2
Overview

• A key feature of any networked operating system
  is its ability to control security
• Scope of security
• Security principles
• Sudo
• User and file security
• Application security
• Threat detection and response

3
Goal

• Our goal is not to make you paranoid, but to give
  you appropriate information to establish sound
  security guidelines
• Were not trying to cover each app or concept in
  detail, just provide an idea of what they are,
  and where to find more information

4
Scope of security
No sources
5
Scope of security

• Security has many dimensions, as weve already
  touched upon
• Physical vs electronic
• Internal vs external
• Deliberate (intentional) vs accidental
• Natural vs man-made?

6
Physical security

• Physical security is focused on keeping the
  equipment safe from theft or attack
• Consider different levels of scale for physical
  security
• Location/facility
• Room
• Rack or device, including portable devices
• Access to inside a device

7
Electronic security

• Most of our immediate thoughts are on electronic
  security for a system
• Network access to the system across a LAN or the
  Internet
• HTTP, SNMP, RMON
• Wireless security
• 802.11, Bluetooth, IR
• Direct electronic connection to a device
• Console port, USB, Firewire, modem

8
Internal security

• Think of internal/external security as relative
  to your organization
• To whom does internal security apply?
• What determines rules for internal security?
• What basis could you have for setting rules?
• Can your security needs change over time?

9
External security

• Who is an external security threat?
• What is your first association?
• What about customers?
• Vendors/suppliers?
• Team members?
• Government agencies?

10
Deliberate security

• Referring to a deliberate attempt to violate your
  organizations security
• What kinds of attacks fall into this category?

11
Accidental security

• Or accidental security threats do they exist?

12
Natural vs man-made

• In discussing the need for backup, some natural
  events could be significant causes
• Power loss, weather, earthquake, etc.
• Are security threats all man-made?

13
Security principles
Partly from (Rankin, 2009)
14
Security principles

• Well cover some guidelines to establishing the
  right level of security for an organization
• Keep it simple
• Complexity makes security rules harder to
  maintain

15
Security principles

• Use the principle of least privilege
• Give apps and people the least level of system
  privileges possible
• Similarly, restrict use of root as much as
  possible
• Provide layers of protection
• More than one firewall, the DMZ concept, these
  help

16
Security principles

• Avoid security by obscurity
• Its nice to use nontraditional port numbers, for
  example, but that only slows an attacker
• Keep current with security patches
• Sounds obvious, but whens the last time you
  updated your spyware filter?

17
Sudo
Partly from (Rankin, 2009)
18
Sudo

• Weve been using sudo to execute root privilege
  commands
• Ubuntu has disabled the root account so you cant
  log into it directly
• Root login is a key brute force login target
• Sudo helps prevent mistakes from overusing root

19
Sudo

• Key features of sudo include
• Your user password applies to using sudo, not the
  root password
• This allows you to execute root commands without
  knowing the root password
• Sudo can limit which commands youre allowed to
  use, e.g. if you only need to use apachectl
• Sudo allows privileges by group membership

20
Sudo

• Once you use sudo, your login to it will
  automatically expire, providing protection if
  you leave the computer alone
• All sudo access is logged, in /var/log/auth.log
• Great for forensics!
• Some scripts (e.g. cron) might need to use sudo
  without a password, and that can be authorized

21
Sudo configuration

• The sudo configuration file (yes, everything in
  UNIX has a config file!) is at
• /etc/sudoers
• Members of the admin group can use all root
  privileges
• The default account when installing Ubuntu allows
  this automatically

22
Sudo configuration

• Somewhat recursively, you need to use sudo to
  edit its config file
• sudo visudo
• The use of visudo checks for errors automatically
• We wont try to cover changing rules in sudoers,
  defining aliases for users and hosts, and
  commands they can use

23
User and file security
24
User and file security

• As weve covered, UNIX systems associate users
  with groups as a key security structure
• File and directory permissions are defined by
  read, write, and execute privileges (rwx) for the
  user, group, and others (ugo)
• The commands chgrp, chown and chmod change group
  and permissions

25
Application security
From (Rankin, 2009) and (Petersen, 2009), which
have very different perspectives!
26
Application security

• We wont try to cover every possible security
  threat (!), but well hint at some of the
  categories of threats for common server
  applications

27
Mail server security

• A major mail server app is Postfix, derived from
  the earlier sendmail application
• Postfix is started and stopped like many other
  services
• sudo postfix start
• sudo postfix stop

28
Mail server security

• A major threat for mail servers is spam
• A key configuration option is the mynetworks
  setting
• It defines for which networks this mail server
  will relay mail
• If defined too broadly, spammers can use your
  mail server!

29
Mail server security

• Another configuration option of interest is
  relayhost
• This sets a different mail server to act as the
  relay point for your network
• Multiple internal mail servers could share a
  central outgoing mail server
• This gives a central point for monitoring
  outgoing email

30
Mail server security

• Another mail server concept is greylisting, also
  focused on reducing spam
• Spammers are often lazy they wont repeat
  sending spam
• Greylisting responds to new mail servers with a
  delay message, specifically
• SMTP response 450, Requested mail action not
  taken mailbox unavailable

31
Mail server security

• Legit servers will respond, but spammers often
  wont and are added to a greylist
• Known good mail servers can be added to a
  whitelist
• Look for the application postgrey to apply
  greylisting
• sudo apt-get install postgrey

32
SE-Linux

• Some apps need root privileges to run
• If those apps have security weaknesses, attackers
  can get root through them
• One option for applying access controls is
  SE-Linux (Security-Enhanced Linux)
• SE-Linux labels every object and allows access
  controls to be defined for them

33
AppArmor

• AppArmor is used in Ubuntu to add access control
  to specific services
• Its designed to be simpler and easier to use
  than SE-Linux
• Focuses on web apps (Apache, etc.)
• Profiles are defined for each service, in
  /etc/apparmor.d/ under filenames for each
  service, e.g. /usr.sbin.nscd/ (name server
  caching daemon)

34
AppArmor

• AppArmor works on two modes enforce and
  complain modes
• Enforce mode it will block any attempts to
  violate a programs profile
• Complain mode will log the attempt but still
  allow it to happen (!)

35
ufw

• The ufw command is a key tool for managing
  firewall settings in Ubuntu
• It helps manage the obsolete ipchains and complex
  iptables commands
• A chain refers to a checklist of rules to
  decide how to handle packets with certain header
  contents
• Netfilter is a separate tool for managing iptables

36
ufw

• Like any good firewall, ufw will deny anything
  going into or out of a network
• To override that default you could use sudo ufw
  default allow
• To enable the ufw application
• sudo ufw enable

37
ufw

• To find the status of ufw
• sudo ufw status
• To log anything blocked by ufw
• sudo ufw logging on
• More often will use allow and deny commands to
  establish settings

38
ufw

• The allow and deny commands take port numbers or
  services as arguments
• sudo ufw allow 53 (DNS)
• sudo ufw deny 21 (FTP)
• Why is this command redundant?
• sudo ufw allow smtp
• There are a lot more possible rules for
  configuring ufw, but these are the basics

39
Threat detection and response
Partly from (Rankin, 2009)
40
Tripwire

• Once security measures are in place, how do you
  detect an attack?
• One way is to monitor key configuration files,
  and look for changes to them
• Thats the idea behind Tripwire
• It isnt a trivial program to configure its
  policies are in /etc/tripwire/twpol.txt which
  lists what files it monitors

41
Incident response

• Good security planning includes planning what to
  do in the event of an attack
• Do you prosecute an attacker?
• When an attack is detected, often best to power
  down affected servers
• If running a virtual machine, capture an image
  first
• Prevents loss of critical forensic data

42
Incident response

• Then image the servers current state, e.g. from
  running a rescue disk
• Make copies of the image for later analysis
• Then determine when its best to redeploy the
  affected servers
• Some systems can be rebuilt easily (e.g.
  clusters) but database or file servers might need
  to revert to a previous backup

43
Incident response

• Later could hand off the system image for
  forensic analysis
• How did they get in?
• What did they install or modify?
• Ubuntu even includes the forensic app autopsy
  front end for sleuthkit
• Another tool is chkrootkit, which looks for root
  kits (programs for hacking root)

44
Summary

• Weve given an overview of
• The types of security threats
• General guidelines for security
• How we use sudo to protect the root user
• Reviewed permissions for files and directories
• Examined security concepts and tools for a UNIX
  environment