COSC 316 COMPUTER HOSTS SECURITY

1
COSC 316 COMPUTER HOSTS SECURITY

• SOUNDARARAJAN EZEKIEL
• COMPUTER SCIENCE DEPARTMENT
• INDIANA UNIVERSITY OF PENNYLVANIA
• INDIANA, PA 15705

2
Part III Network and Internet Security Chapter
19 Defending Accounts

• We will talk about
• Dangerous Accounts
• Monitoring file format
• Restricting Logins
• Managing Dormant Accounts
• One-time passwords
• Administrative Techniques for conventional
  passwords
• Instructions detection system

3
Chapter 19 Defending Accounts

• Worst time to think about to protect your
  computer and data is after break-in
• Damage has already been done
• Determining where and to what extent your system
  has been hurt can be difficult
• Did the intruder modify any program
• Did the intruder create any new account or change
  the passwords of any of your users
• If you havent prepared in advance, you could
  have now any of knowing the answers

4
Dangerous Account

• Every account on your computer is a door to the
  outside, a portal through which both authorized
  and unauthorized user can enter
• Some of the ports are well defended, while others
  are not
• The system administrative should search for weak
  points and seal them up
• Accounts without passwords
• Like the lock at the front door of a building,
  the password on each one of your computers
  account in your systems first line of defense
• Account without password- door without lock
• Anybody finds that door, can enter

5
Continue

• Many so called computer crackers, succeed only
  because they are good at finding accounts
  without passwords or accounts that have passwords
  that are easy to guess
• On SRV4 version of Unix, you can scan for
  accounts without password by using the logins
  command
• Default Accounts-
• Many computer systems are delivered to end users
  with one are more default accounts
• these accounts may have standard password or no
  passwords
• Example- Red Hat
• adm general system administrator
• bin- owns executable files
• daemonnetwork daemon
• ftp anonymous ftp
• Games, gopher, halt, lp, mail, news nobody,
  operator, root, shutdown, sync, uucp

6
Continue

• Super User- many Unix computer comes with a root
  account that has no password
• Accounts that run a single command or application
  program when a user log into them often these
  accounts do not have passwords example data,
  uptime, finger, sync
• Open Accounts- Some computer centers pr ovide
  accounts on which visitors can play games while
  they are waiting for an appointment, or allow
  visitors to use a modem or network connection to
  contact their own computer systems-typically
  these accounts have names such as open, guest, or
  play---These do not require passwords

7
Open accounts

• Restricted shells- some Unix shells allwo you to
  setup a restricted mode that can be used to
  minimize the danger of an open account
• potential problem with restricted shells- many
  Unix commands allow shell escapes or means of
  executing arbitrary commands or shushells fro
  within themselves some command that have shell
  documents do not documents this feature
• Restricted file system with the chroot() jail-a
  better way to restrict some users on your system
  is to put them into a restricted file system. You
  can construct an environment where they have
  limited access to command and files but can still
  have accesss to a regular shells. The way to do
  this is with the chroot() system call- it changes
  process view of the file system such that the
  apparent root directory is not the real
  fielsystem root directory, but none of its
  descendants. Some time it is called JAIL

8
Continue

• Uses of restricted file system
• limiting specific programs, especially network
  daemons
• Limiting specific users, especially network
  daemons
• Testing new software
• Setting up the chroot() environment
• Some program will call chroot() system
• Linux and BSD derived OS have a chroot wrapper
  command d that can be used to ruin any command
  with a restricted fielsystem
• SVR4 has a feature at allows user to be
  automatically restricted when they log in
• The primary use of the chroot() system call is in
  the network server. By calling chroot() before
  accepting connections from the network, a server
  can restrict its view of the computer's fielsystem

9
Group Account

• A group account is an account that is used by
  more than one person
• It is oftern created to allow a group of people
  to work on the same project without requiring
  that an account be build for dean persons
• It is created if several people have to use the
  same computer for a short period of time
• Group accounts are always a bad idea because they
  eliminate accountability some people may release
  the password

10
Monitoring file format.

• Most programs that access the /etc/password and
  /etc/group files are very sensitive to problems
  in the formatting of those files, or to bad
  values.
• Because of the compact representation of the
  files, entries that are badly formatted could be
  be hidden.
• Check the format of both the files on a regular
  basis
• Many version of Unix uses two command for
  monitoring --they are pwck, grpck

11
Restricting Logins

• Some systems have the ability to restrict the
  circumstances under which each user may log in,
  you could specify times of day and days of the
  week for each account during which a user may not
  log in.
• These feature are also available through the
  Pluggable Authentication Modules (PAM) module
  pam_time.
• It help prohibit access to accounts that are used
  only in a limited environments, thus narrowing
  the window of opportunity an attacker might
  have to exploit the system

12
Managing Dormant Accounts

• If a user is going to be gone for an extended
  period of time, you may wish to consider
  preventing direct logins to the users account
  until her return.
• This assures that an intruder wont use the
  persons account in her absence.
• You may also wish to disable accounts that are
  seldom used, enabling them only as needed.
• there are 2 simple ways to prevent logins to an
  account
• Change the accounts password or modify it so it
  cant be used
• Change the accounts login shell
• Finding dormant accounts- Accounts that havent
  been used for an extended period of time are
  potential security problem

13
Protecting the root account

• Some UNIX systems offers additional methods of
  protecting the root account
• Secure terminals - login root only physically
  secured terminals
• The wheel group-the user who is not in the wheel
  group cannot use the su command to become the
  super user
• The sudo program- it is included in many Linux
  distribution and MacOS X and can be installed on
  any Unix system, takes another approach to the
  problem of the root account that is particularly
  suitable when several people are responsible for
  system administration
• A few system provide an additional set of
  features known as the trusted path and a trusted
  computing base (TCB)
• Trusted Path- provide trusted path for login
  program from your terminal
• Trusted computing Base- protect root commands

14
One time Password

• If you manage computers that people will access
  over the Internet or other computer networks.
  Then you should seriously consider implementing
  some form of one-time password system
• There are many different one-time passowrd system
  available
• Token Cards- one time password system must have
  a method for generating a series of matching
  passwords for the user and for the host
• Codebooks- generate a codebook of some kind

15
Administrative Techniques for Conventional
Password

• If you are a system administrator stuck using
  conventional Unix passwords, there are number of
  techniques that you can use to limit the danger
• Assigning password to users- pick good password
  can be very difficult- you can tell lots of
  stories always pick easy guess passwords set
  rules for passwords
• Constraining password-
• Password generators- generate passwords
• Shadow password files
• Password aging and expiration
• Cracking your own passwords

16
Algorithm and Library changes

• If you have the source code to your system, you
  can alter the crypt() library function to
  dramatically improve the resistance of your
  computer to password cracking
• Here are some techniques you might employ
• Change the number of encryption rounds from 25 to
  something over 200
• Add a counter to the crypt() library call that
  keeps track of how many times it has been called
  within a single process
• Stop using crypt() at all.

17
continue

• If you decide to modify crypt() itslef, there are
  some issues to be aware of
• If your system uses shared libraries, be sure to
  update the crypt() in the shared library,
  otherwise, some commands may not work properly
• If your system does not use shared libraries, be
  sure to update the crypt() functions
• Be sure to re link every statically linked
  program that uses crypt() so that they all get
  the new version of the routine
• Some programs legitimately need to call the
  crypt() routine more than 10 times in a single
  process example apache web server

18
Continue

• Changing crypt() has some serious drawbacks
• The password no longer compatibles
• Need to modify crypt() every machines
• If you use NIS, NIS, LDAP need to use same
  cyprt() algorithm
• Need to install changes for every software update
• If the attacker knows the number of rounds you
  use for encryption, they can easily crack the
  password
• If the insider knows his clear text and encrypted
  version, they can crack the method

19
Account Names Revisited Using Aliases for
Increased Security

• You can achieve slightly better security by
  having non-obvious usernames
• If an attacker does not know a valid username at
  your site, she will have greater difficulty
  breaking in
• They has to guess username and passwords
• It adds some additional complexity to the task of
  breaking in, especially if some of your users
  have weak passwords

20
Intrusion Detection System (IDS)

• Another proactive approach to defending a Unix
  host is to monitor it for suspicious activity and
  take action when any is detected
• An intrusion detection system is a program
  designed to monitor the system and report or
  respond to untoward activity
• Host Based IDS- typically monitor system log
  files and other unusual activity
• Network Based IDS- monitor network packets
  rather than system logs, and look for unusual
  network activity, such as scan to unused TCP
  ports or packets that resemble known network
  based attacks