Linux and Windows Security:

Size: px
Start display at page:

Download "Linux and Windows Security:"

Transcription

1 Linux and Windows Security: Why Windows is Inherently Less Secure Than Linux by: Daniel Robert Mar 7, 2005 ECE 478 Final Project

2 Table of Contents Disclaimer Page 1 Introduction and Scope Page 2 Filesystems Page 3 Windows Linux File and Directory Security Page 4 Windows Linux Page 5 User Authentication Page 7 Linux Windows Page 9 Security Comparisons Page 12 Security Reports Intrinsic Differences Page 13 Windows Linux Page 14 Real-World Linux/Windows Page 15 Market Share Page 16 Myths Conclusions Page 17 Glossary Page 18 Bibliography Page 21

3 Disclaimer From a young age, students are taught to verify the reliability of the sources used in their reports. Especially in the age of the Internet, it has become increasingly simple to include information that turns out to be nothing bit spin or lies. Through the course of researching for this paper, the author has become increasingly aware that operating systems are almost never discussed in an unbiased manner. Even from reputable sources and publishers, authors tend to write the books on the OS they are most experienced with/prefer. When a user with a strong Windows or *IX background attempts to write about the other operating system family, there tends to be a fair amount incorrect and/or outdated statements. This page is written by a user of the Linux operating system. Throughout their computing career, the author has used every version of Windows through 2000, and is most familiar with the Mandrake and Debian distros of Linux. However, the author considers themselves to be most familiar with Linux at this point, and realizes that both operating system families are changing at a rapid rate. It is fully expected that there are means of solving particular security holes in each that an administrator could do that the author is unaware of. However, this paper is a critique of the security models themselves, and less so about how to best secure each operating system. 1

4 Introduction and Scope Although the scope of this paper appears straightforward at it's surface, Windows vs. Linux is surprisingly broad. Beginning with Windows 95, its first full operating system, Microsoft has released many different Windows versions including 98, NT, ME, 2000, XP, 2003, and many versions and variations of each, including various multimedia and server editions. Although all given the Windows family name, there are two distinct branches of windows products: the 9x line which includes 95/98/ME; and the NT line, which includes NT, 2000, XP Professional, and 2003 server. I will discuss XP Home edition towards the end of the paper, as it is different enough from XP home that it sorta falls as a hybrid between the 9x line and the NT line for security purposes. Linux is perhaps less homogeneous than Windows. Although Linus Torvalds retains the copyright to the Linux name, and ultimately controls the Linux kernel, the kernel is but a small part of the operating system itself. External modules, compilers, and programs make the rest of the OS, and are quite significant for security purposes. What comes bundled with a Linux kernel (and for that matter, which kernel is used) is determined by the distribution of Linux being used. Some of the more major Linux distributions (or distros ) include Debian GNU/Linux, Gentoo, RedHat, Fedora, Mandrake, Knoppix, Suse, and Slackware. There are many dozens of others as well; far too many to attempt to list. The author of this paper has done their best to not tie to a particular version of either operating system family. However, security models between the Windows 9x and NT families are so drastic (almost to the point of none versus some ), this paper focuses on Windows versions using the NT security model. From the Linux standpoint, no particular distribution is being analyzed. However, most the literature on the subject uses some version of Red Hat as its basis. The author has done their best to specify any particular version of either OS family by name when appropriate. Similarly, the Linux 2.6 kernel branch is assumed unless otherwise noticed. 2

5 Filesystems Arguably the most central element in an operating system's security model is its filesystem. This is responsible for user permissions, which is fundamentally what operating system security is based on. If a user's account is compromised, the filesystem is the last line of defense against what the attacker can damage. A secured Windows system will implement NTFS (NT Filesystem), while a Linux machine will use any one (or more) of several dozen internal filesystems, all of which implement the same security model. Windows Storage devices on a Windows system are given unique drive letters. Some are more or less universally set. Drives A: and B: are used for floppy diskette drives. C: is the first hard drive partition. Subsequent partitions are labeled D:, E:, etc. If additional hard drives are present, the labeling continues lexically. These may be overridden by the user, but this is the default behavior. Additionally, Z: is often reserved for login and network scripts. The significance of this structure is that devices and the filesystems that reside on these devices are abstracted to the point of indistinguishableness in the Windows environment. The most important thing to understand is that each drive letter corresponds to a particular filesystem and that Windows operates on this filesystem directly. Linux Like Windows, Linux assigns a name for each storage device. However, this name is independent of filesystem access. Linux, and other UNIX-like operating systems, utilizes one Virtual Filesystem that allows many different filesystems to be mounted beneath it. The root of the filesystem is designated /, and each partition is mounted somewhere below it. For example, there is typically a small boot partition on the hard drive mounted in /boot. External devices are typically mounted underneath the / mnt directory. As an example, for dual-booting machines, the Windows partitions are typically mounted as /mnt/win_c. What makes this possible is the utilization of a virtual filesystem. This is simply an abstraction layer for the operating system. That is, Linux natively doesn't understand any real filesystem, but it understands all the commands and specifications of this virtual filesystem, so it can mount any filesystem that complies with the same standards, or has a driver that maps the virtual filesystem commands to its own internal format. For this 3

6 reason, Linux machines use a variety of filesystems such as ext3 or reiserfs. This also is why all Linux filesystems follow the same security model: it is specified not by the underlying filesystem, but by the Linux virtual filesystem. File and Directory Security Windows NTFS provides a broad range of access control list capabilities. Users belong to groups, which makes managing permissions for multiple users more manageable. For every file or directory on a filesystem, NTFS allows a particular access control list setting to be applied for every user/group. An access control list is simply a list of which users and groups and what permissions for the resource. The ACL allows for the following permission settings: NTFS File and Directory Permissions Files Directories None: No file access No folder access Read: View file data View file/subfolder names Write: Modify file data Add files and subfolders Execute: Execute (run) program file Descend into subfolders Delete: Delete file Delete subfolders Change Permissions: Change (these) permissions on file Change (these) permissions on folder Take Ownership: Become owner of file Become owner of folder Table 1Standard NTFS permissions and their effects on files and directories. There are several higher-level settings, such as full control, but the basic settings listed above are always settable through the 'advanced' settings area. Additionally, there are many user rights settings available which disable particular actions such as setting the computer time, shutting down the computer, etc. A particularly interesting setting is the bypass traverse checking setting, which allows a user to access subdirectories he/she has permission to access, even though they cannot access a parent directory. 4

7 As shown, the NTFS security model is quite powerful, providing precise access controls to the system's administrator. However, the tools provided for modifying user security are awkward for large-scale changes. There is, however, a subdirectory setting which applies the exact ACL for one directory to all directories below it. The effect of this is applying the top-level directory's ACL to all subdirectories (recursively), overwriting whatever settings were there previously. Thus, if a large directory structure contains specific settings below it, and a new user group needs to be given read access to the entire structure, there is no way to accomplish this without destroying the directory permissions structure for subdirectories or manually adding the group to each subdirectory. There is a command-line tool called cacls.exe (or the extended xcacls.exe tool), that allows propagation without overwriting all existing ACL settings for a directory. The main disadvantage of the NTFS security model is the fact that it is not taken advantage of as part of a default installation, and, as indicated earlier, is quite difficult to properly secure without a great deal of careful work. In NT, all users are part of the EVERYONE group, with no way out of it. This in an of itself is not a big deal, except that EVERYONE is given full control of a great deal of the filesystem by default. Linux Linux uses the traditional UNIX permissions model for file and directory access. Every file (directories and devices are considered files as well) belongs to a particular user and group. Therefore, the security settings on any given file are broken down into owner, owning group, and other. Permissions for a user or group consist of a read bit, a write bit, and an execute bit. Linux File and Directory Permissions Files Directories Read: View file data List directory contents Write: Modify file data Create/delete/rename files and subdirectories Execute: Run program file Descend into directory and subdirectories Table 2Standard Linux permissions and their effects on files and directories. 5

8 There are two other settings available to files and directories. One is the set bit, which can be enabled for the owner or group permissions. When set for the owner, this gives whomever is executing the file to have access to system resources as if they were the owner within the context of the running program. (This is generally considered to be a security problem, and should only be done when necessary.) Similarly, when set for the group, this gives the executor of the program access to systems resources as if they were a member of the owning group. For directories, the set bit is only allowed for group, and dictates that all newly created files will be have the directory's owning group as their owning group as well. Directories have one additional setting known as the sticky bit, which, when enabled, allows files to be deleted or modified only by the users that own or have write permission for them. *IX operating systems also allow for umask settings, which specify the permissions to be applied to newly created files within said directory. One can easily see that the Linux permission style has less potential than the NT model. Consider the example earlier where there is a large directory tree, and a new group of users needs read access to the tree. The group permissions on this directory can only be set for one group. The only real workaround would be to create a new group, and add all users from the original owning group and the group to be added into this new group, and give the new group read permissions on the tree. Note that this new group would have to be the owning group of this tree, replacing the old owning group. This means that either the old owning group will lose permissions they once had or the new group will gain permissions they shouldn't. There are many graphical Linux tools which allow for permissions settings like in Windows. However, none of these can really be considered part of the Linux core. Users have a wide variety in their choice of desktops, user interfaces, and available programs, therefore it is not fair to assume that the majority of users will have any particular graphical program installed to help them with permissions settings. In fact, secure Linux servers do not even contain a graphical subsystem, and thus have no GUI tools. Permission settings are done using the command line interface (CLI), and are fairly simple. To apply settings recursively, most commands implement the -r or -R option, which means apply to this and all subdirectories. The relevant tools are chmod (change permission settings), chown (change owner), and chgrp (change owning group). 6

9 User Authentication Arguably the most important aspect of an operating system's security is its methods for user authentication. An OS with appropriately set permissions for all of its resources is not secure if an attacker can easily gain access to a high-permission-level account (such as root in Linux, or Administrator in Windows). Both Windows and Linux provide many different ways to authenticate a user, each with certain advantages and security concerns. Linux From the man page on PAM: Linux-PAM is a system of libraries that handle the authentication tasks of applications (services) on the system. PAM is an acronym for Pluggable Authentication Module(s). It acts as an authentication abstraction layer, allowing a program to utilize any specified authentication method for access. For example, using PAM, a Linux administrator can easily restrict login capabilities to those possessing a digital authentication card. Additionally, PAM supports account and session data handling, which is uncommon for standard authentication mechanisms. Why is this significant? This allows PAM to allow situations wherein certain groups of users can only login between 8am and 5pm, and only via retinal scan. The range of supported authentication capabilities is tremendous (kernel.org lists over 80 modules currently available or under development), including the ability to authenticate users against a Windows domain controller. Linux, and all UNIX-like operating systems, have an /etc/passwd file for local user authentication. This file contains particular attributes and includes one entry per user. The format is as follows: 7

10 Name:Password:UserID:PrincipleGroup:Gecos:HomeDirectory:Shell Name: Password: UserID: PrincipleGroup: Gecos: HomeDirectory: Shell: User login name 'x' with shadow suite, salt+encoded password otherwise Unique positive integer identifying this user Unique positive integer identifying user's main group Non-system user info string, i.e. phone number, etc. Filesystem path to user's home directory Path of shell to use upon login, i.e. /bin/bash or /bin/csh Table 3A record in the Linux /etc/passwd file The /etc/passwd file is used by a large number of system utilities and applications, and thus has to remain world readable. As it stands, this allows any user in the system access to the encoded passwords, and a much greater chance of breaking other user's passwords (more on this later). To combat this, Linux distros include the shadow suite. As indicated in the table, when this suite is installed, the password entry in /etc/passwd is replaced by an x, indicating that the password is stored in the shadow suite, not in the world-readable passwd file. The shadow suite relocates the hashed passwords into a separate file, usually / etc/shadow. This is set to read-only permissions for root, and no access for group and other. Therefore nobody can view the standard account passwords, preventing the standard dictionary attack against user accounts. The shadow suite provides the following features as well: A configuration file to set login defaults (/etc/login.defs) Utilities for adding, modifying, and deleting user accounts and groups Password aging and expiration Account expiration and locking Shadowed group passwords (optional) Double length passwords (16 character passwords) NOT RECOMMENDED Better control over user's password selection Secondary authentication programs Pluggable Authentication Modules (PAM) support 8

11 Username:Password:Last:May:Must:Warn:Expire:Disable:Reserved Username: Password: Last: May: Must: Warn: Expire: Disabled: Reserved: The User Name The Encoded password Days since Jan 1, 1970 that password was last changed Days before password may be changed Days after which password must be changed Days before password is to expire that user is warned Days after password expires that account is disabled Days since Jan 1, 1970 that account is disabled Reserved field Table 4A record in the Linux /etc/shadow file For a non-shadow-suite Linux install (rare today) with no extended-length password PAM options (also rare, usually 8+ character passwords are supported), the password hashing algorithm, crypt, works as follows. The first eight characters are used as the encryption key. A 12-bit salt is generated and coerced into two characters. DES is then invoked for 25 iterations on a string of ASCII null characters. The 64-bit output is coerced into a 64-bit alphabet which is limited to [A-Za-z./]. Because the output is shrunk into a small alphabet, several different values may be represented by the same character, and thus the password hash is decidedly one-way. That is, Linux passwords are not decryptable. They are subject only to dictionary attacks, assuming the attacker is able to access the password hash list. Because these passwords are limited to eight characters, much work has been done to implement MD5-like hashing in a backwardscompatible way with crypt. The result is called MD5_crypt, Linux can recognize which method was used by examining the salt. Linux passwords are vulnerable to dictionary attacks, but not decryption. Windows User authentication in Windows NT is the responsibility of the Local Security Authority, or LSA. The LSA also manages local security and audit policies. The precise method of authentication depends on what type of user account is being created. 9

12 Account Location Stand-Alone Workstation: Windows NT 4.0 Domain: Windows 200 Active Directory Domain: Where Authentication Occurs Local Security Accounts Manager (SAM) Domain SAM Active Directory Table 5Where Windows authentication occurs. Active directory, in terms of user authentication, is largely an extension of the Lightweight Directory Access Protocol (LDAP). LDAP itself is available for both Windows and Linux, and thus will be ignored for purposes of authentication comparisons. The domain security accounts manager is similar, in structure, to the local SAM, with the exception that it's entries include both users and computers within the domain. Because Linux also has a wide variety of remote authentication methods through PAM or otherwise, this document will be focusing on local account authentication. Regardless where the account is authenticated, the local security authority handles all local validation. Illustration 1: The Windows Local Security Authority Windows XP provides four main types of user authentication: interactive, network, service, and batch. Interactive login is the standard user-sitting-at-a-computer login approach, using an input device to enter username and password. The credentials are passed to a process called winlogon which in turn passes the credentials to the LSA. Network logons are basically the same, although the frontend is different. In both cases, the credentials are passed to the host machine's LSA for passing off to the appropriate database. Users are not the only entities that require authentication, however; thus 10

13 service logins were born. Services are accounts that can authenticate without user interaction, say, for applications that must be started at boot time, regardless if anyone's at the console to begin the login process. Three service accounts are included by default in XP, although more can be added if needed. For batch applications, the batch login process is allowed, which allows user authentication for batch users rather than interactive users. For domain logins, Windows XP defaults to Kerberos 5 authentication, but reverts to NT LAN Manager (NTLM) as a second choice. For a non-domain machine, local SAM authentication, NTLM is used exclusively. Since Windows NT 4.0 SP 4, NTLM (now version 2) offers message integrity, 128-bit encryption, and session-level security. Session security is provided by the use of separate keys for message integrity and confidentiality. The RFC-compliant HMAC-MD5 algorithm used in NTLMv2 provides message integrity checking, and 128-bit encryption is used for message confidentiality (informit.com). The SAM database itself is, with some difficultly, accessible in the Windows Registry in the HKEY_LOCAL_MACHINE hive. Ordinarily, users can't directly access the SAM key with a Registry editor because NT limits the permissions on the key to the built-in SYSTEM account, but administrative users can trick NT into providing SAMkey access under the user context of the SYSTEM account. The trick simply involves running the registry editor (Regedt32.exe) through the NT Scheduler service, which launches its applications in the user security context of the SYSTEM account (a security problem in itself). Windows NT/2000/XP encrypts passwords using the MD4 message digest hash, although provides another hash as well for legacy LAN Manager compatibility. This additional hash is a 56-bit DES encryption. The password is split into two 7-character upper-case-only strings; each of which is used as the key in the DES encryption of the string The results are then concatenated together. The security implications of this are rather obvious, given the weakness of the DES algorithm, the conversion to all upper-case characters in the password, and the simple concatenation of the results. Because of this NTLM compatibility, Windows passwords are subject to brute force attacks on the encryption, in addition to the standard dictionary attacks. The author has recently learned, however, that since NTML can only support passwords up to 14 characters in length, longer passwords are encoded using MD4 only. 11

14 Security Comparisons Security Reports Many reports available on the Internet tend to argue in favor of one operating system or another based on the number and severity of security notices released by each organization (Microsoft and some Linux distribution or another, typically Red Hat). This is arguably a largely meaningless statistic for several reasons. For one, the severity of a patch or vulnerability is usually specified by the company itself. Typically, Microsoft and Red Hat (or Gentoo, etc.) don't lie about the severity of a vulnerability; it is critical for their users to understand the security issues facing them. However, many of these companies release patches and security notifications for settings that could cause problems, third-party applications that aren't necessarily the fault of the operating system, theoretical vulnerabilities that may or may not be feasible, etc. Additionally, the companies themselves are not comparable. Microsoft is in the market to make money and must behave ultimately to improve their business. Linux, on the other hand, is not a single company. No for-profit organization is in charge of the Linux kernel, which in turn makes it hard to define what a Linux vulnerability is vs. a vulnerability that manifests itself in software run on a Linux system. An example is Mandrake Linux' last five security vulnerabilities: Updated kdegraphics packages fix vulnerabilities Updated cyrus-imapd packages fix vulnerabilities Updated gftp packages fix vulnerability Updated gaim packages fix multiple vulnerabilities Updated curl packages fix vulnerability Kdegraphics is simply the graphics library for the KDE desktop environment. This is bundled with most distributions, and is a popular desktop for Linux, but wouldn't even be present on a server, and may not even be considered to be a Linux vulnerability although KDE runs on Linux. Similarly, Gaim is a graphical instant-messaging client; Gftp is a graphic ftp client, curl is a command-line tool for using URLs for transferring files using URL syntax. Of these, curl is the only one likely to be present on a machine in a production environment. This particular security flaw was a bug in its NTLM implementation; unlikely to be used in a largely Linux environment. Cyrus-IMAPd is an IMAP mail protocol daemon (server), but is one potential IMAP implementation out of 12

15 many available for Linux. Clearly, the number of announcements is not a real indication of the security of an operating system. Intrinsic Differences Windows NT systems are well-integrated environments that typically rely on several proprietary system services which therefore cannot be disabled without crippling the usability of the machine to an exaggerated extent. One example is disabling file sharing and NetBIOS networking. The more applications that are present on a Windows system, the more system resources that typically must be [not only installed, but] running. Linux applications tend to be isolated, requiring services quite specific to the designated application's ability to function. Due to the low initial cost of Linux, the low hardware prices of today's market, and the lack of licensing fees, Linux is often installed on machines dedicated for one purpose. It is quite possible, and common, for a machine to include nothing but what is absolutely needed to securely function. For example, a web server running Apache will include authentication methods, cryptographic algorithms, a firewall, and a logging or auditing system for security purposes. Windows (at least not through Windows XP) cannot be stripped of all but a few basic applications and services. There will always be a full, graphical user environment with some extraneous applications. Additionally, there will be built-in HTML viewers for Help pages and a web browser, all of which can cause significant security problems. Windows Windows is a monolithic system. It has been designed from its inception to be well-integrated and perform a wide variety of tasks well. Because they are in the business to make money, Microsoft has made it difficult not to use the Internet Explorer web browser and Outlook Express (which uses IE to render HTML). A fresh installation, in fact, offers users no alternatives at all. Even the help system uses IE's rendering engine. Automatically, any flaw in Internet Explorer is a security issue for the OS as a whole; it is integrated. For performance purposes, Microsoft has included a great deal of Windows into the kernel-level of the OS. The graphics system of Windows runs in kernel space, and therefore any vulnerability in the graphics libraries could allow an attacker full control of the kernel's resources. For this reason, attachment viruses are often.scr (screen saver) files. The screen saver is part of the graphics library, and runs with SYSTEM 13

16 level permissions. Interestingly, SYSTEM has higher permission than even the Administrator account, which means a particularly well-designed exploit may not be fixable (and perhaps exist undetectable) by the administrator. Windows relies heavily on the Remote Procedure Call (RPC) protocol. RPC allows a machine to access (or be accessed by) another machine on the network. In a great deal of situations, this would seem undesirable and insecure, as it clearly has the potential to allow remote machines to execute harmful programs. Why not disable it? Windows has been designed to rely on it, even for internal inter-process communication. Most of the critical Windows 2003 security vulnerabilities have been due to the RPC subsystem itself, not the overlying applications. There are many legitimate uses of RPC, an example being a web server communicating with a database server elsewhere on the network. But assume, for a moment, that the database is on the same machine as the web server. RPC is both unwise and unnecessary. Since it cannot be disabled, this allows worms such as the Slammer worm to attack systems using their SQL server engine, which many applications utilize. In fact, the upcoming Windows Filesystem (WinFS) will have SQL Server included as part of the filesystem. Linux Linux was designed from its inception to be a multi-user system. That is, Linux isolates its users from system-wide files, directories, and applications. Users are restricted to their home directory tree, and typically can only run applications from a few standard places. When an application is run, it is run entirely within the user's context: it can only write where the user can write, access what the user can access, etc. Applications themselves rely on modular libraries. If a program needs a particular feature, such as image rendering, it will call a library to perform this which runs using the same permissions as the calling application and, in turn, the user. Extending this concept further, consider the widespread incidents of Windows users opening attachments that affect the whole system. An client in Linux would not be able to do this, unless some administrator went out of their way to set the SUID bit for the root user (this would never happen unless the machine were already compromised). Additionally, downloaded files do not have their execute bits set by default. This means the user would have to change the file's permissions to even be able to run the attachment! Similarly, a browser could not allow malicious code such as ActiveX objects (if they were implemented) to install applications to run at boot-time, etc. This makes Linux inherently less vulnerable to spyware and adware than Windows. 14

17 The recent (in the past two or three years) Linux kernel development mantra has been if it can be done outside the kernel, do it outside the kernel 1. With the inclusion of udev in the 2.6 kernel tree, even devices are loaded in user space. This implies that permissions/accessibility to devices are in user-space. The developers have clung to this belief so firmly that almost nothing a user can run anymore will enter kernel space. In contrast to the RPC dependencies present in Windows, Linux at the kernel level does not require it. This makes the operating systems difficult to compare, and in fact, the comparisons will have to be application-specific on the Linux side. Most major Linux applications such as the MySQL database, have RPC support built-in, but disabled by default. These applications are fully capable of listening to the network but are configured by the user as to how and from where. For a single server, network support can be disabled without affecting performance of any aspect of the application. Linux and Windows in the Real-World The important question to ask is not how many security holes are there, but is this operating system inherently less secure than this other? Given enough time and training, a good system administrator will be able to do a comparatively good job in securing his/her system. Windows has a very granular permissions system; Linux has a long history of security behind it by largely following the traditional UNIX security model. Both operating systems, when tweaked properly, can be sufficiently secure for most purposes. But most machines are not set up in this environment. Many system administrators are not that good. Many of the ones that are have been given time constraints that prevent adequate setup and testing of the system's security. Recent studies by organizations such as the Honeynet Project (http://project.honeynet.org/), have attempted to determine how long an unprotected machine can remain connected to the Internet before it has become infected or compromised. Using standard installations of various flavors of Windows and Linux, their most recent findings indicate a Linux machine can survive an average of three months, whereas a Win32 machine cannot be expected to continue past three hours. In fact, other recent surveys have found this number to be closer to one hour or less. Honeynet's fastest recorded time from startup to infection is sixty seconds! on a Windows machine for a worm. The simple fact is, Windows users are faced with one default installation. For a home user to take their machine and update it, they need to not only be online, but 1 The term for context external to the kernel is user space. 15

18 logged-in as Administrator. This means that on average, while they are downloading their updates, they are likely being infected by other viruses or worms, able to execute code as Administrator. Linux users are allowed quite a bit more time for their updates, and additionally, often do not have to be root to download all necessary updates. Obviously, to install the updates, administrative permissions are required, but the act of downloading new updates does not usually require special permissions. Market Share Windows dominates the desktop market, claiming over 90% of the market. Linux' most liberal estimate falls somewhere in the two percent range. Many Windows users use the operating system because a) it's all they know; and b) it came shipped with their system. Linux users use it because they have made the effort to install it on their own machines, with at least rudimentary knowledge of what it is, how to install it, and how it's different. Naturally, this implies that the average Linux user is more technically competent than the average Windows user. (Many argue this applies to system administrators as well, but there is no factual evidence to support this.) If true, this would indicate that statistics about infected/hijacked machines would perhaps unfairly favor Linux because the standard user would have taken more precautionary measures. Myths Many Windows users and Linux critics argue that open source software is inherently less secure due to crackers' ability to obtain the source. There are many examples that if not disprove then debase this statement. The most popular web server on the Internet today is Apache. It runs on a wide variety of operating systems including various flavors of UNIX, Linux, Windows, and Mac. According to Netcraft.com, which specializes in web server statistics, Apache has a fraction of a percent under 70% of the web server market, and is the only web server increasing in market share this year. Also according to Netcraft, of the top 20 web sites with the longest uptimes, 16 are running Apache, versus one running Microsoft's IIS. The rise in popularity without increase in vulnerabilities or worms not only debunks the it is more susceptible because it's more popular rumor, but also the attackers can hack it more easily because the source code is readily available rumor. 16

19 Conclusions Both Linux and Windows are fully capable of providing secure environments. Both environments allow for a high degree of file and directory permissions and several options for user authentication. In a direct comparison, Windows' NTFS allows for more granular file and directory permissions, while Linux provides a much wider array of authentication options. A quality system administrator with enough time will be able to have a tightly secure system to the best of the operating system's ability with either. By default, fresh Linux installations are typically more secure than their Windows counterparts for a combination of reasons. For one, default settings are a lot of what makes one Linux distribution more appealing than another. Additionally, the Linux security model is inherently more secure than that of Windows and allows users more time, on average, to configure and patch their system before infection. Linux is more modular; security vulnerabilities in one user application will not infect the entire operating system. Windows is more integrated, which offers a much friendlier user environment, but opens it up to more widespread security vulnerabilities when one is discovered. For the above reasons, the author of this paper would choose a Linux environment for both desktop and server use over Windows where security is of primary concern. 17

20 Glossary and Acronym Guide ACL Term Definition Access control list. A means of determining particular access rights based on an identity. Adware Software in which advertisements are displayed while the program is running. Apache An open source, and currently most popular, web server on the Internet. CLI Command-line interface. In contrast to a GUI or graphical user interface, the command-line allows only the keyboard and text. Dæmon Distro GUI IE Disk and Execution Monitor. A class of computer processes that run in the background, that is, without user interaction. These are referred to as services in Windows. A particular company or organization's version of Linux. Examples include Red Hat, Mandrake, Gentoo, Debian, and dozens of others. Graphical user interface. In contrast to the CLI or commandline interface, the GUI is a visual aid for the end user. GUIs typically utilize both a keyboard and pointing device such as a mouse. Internet Explorer. This is Microsoft's web browser and currently, the most popular web browser. IIS Internet Information Services/Server. This is Microsoft's web server. 18

Penetration Testing Report Client: Business Solutions June 15 th 2015

Penetration Testing Report Client: Business Solutions June 15 th 2015 Penetration Testing Report Client: Business Solutions June 15 th 2015 Acumen Innovations 80 S.W 8 th St Suite 2000 Miami, FL 33130 United States of America Tel: 1-888-995-7803 Email: info@acumen-innovations.com

More information

Linux Overview. Amir Hossein Payberah

Linux Overview. Amir Hossein Payberah Linux Overview Amir Hossein Payberah payberah@gmail.com 1 Agenda Linux Overview Linux Distributions Linux vs Windows Linux Architecture Linux Security 2 What is Linux? Similar Operating System To Microsoft

More information

HP ProtectTools Embedded Security Guide

HP ProtectTools Embedded Security Guide HP ProtectTools Embedded Security Guide Document Part Number: 364876-001 May 2004 This guide provides instructions for using the software that allows you to configure settings for the HP ProtectTools Embedded

More information

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security

More information

Network operating systems typically are used to run computers that act as servers. They provide the capabilities required for network operation.

Network operating systems typically are used to run computers that act as servers. They provide the capabilities required for network operation. NETWORK OPERATING SYSTEM Introduction Network operating systems typically are used to run computers that act as servers. They provide the capabilities required for network operation. Network operating

More information

Windows Operating Systems. Basic Security

Windows Operating Systems. Basic Security Windows Operating Systems Basic Security Objectives Explain Windows Operating System (OS) common configurations Recognize OS related threats Apply major steps in securing the OS Windows Operating System

More information

Computer Security: Principles and Practice

Computer Security: Principles and Practice Computer Security: Principles and Practice Chapter 24 Windows and Windows Vista Security First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Windows and Windows Vista Security

More information

Remote Administration

Remote Administration Windows Remote Desktop, page 1 pcanywhere, page 3 VNC, page 7 Windows Remote Desktop Remote Desktop permits users to remotely execute applications on Windows Server 2008 R2 from a range of devices over

More information

Host Hardening. OS Vulnerability test. CERT Report on systems vulnerabilities. (March 21, 2011)

Host Hardening. OS Vulnerability test. CERT Report on systems vulnerabilities. (March 21, 2011) Host Hardening (March 21, 2011) Abdou Illia Spring 2011 CERT Report on systems vulnerabilities Source: CERT Report @ http://www.kb.cert.org/vuls/bymetric 2 OS Vulnerability test Source: http://www.omninerd.com/articles/2006_operating_system_vulnerabilit

More information

Functions of NOS Overview of NOS Characteristics Differences Between PC and a NOS Multiuser, Multitasking, and Multiprocessor Systems NOS Server

Functions of NOS Overview of NOS Characteristics Differences Between PC and a NOS Multiuser, Multitasking, and Multiprocessor Systems NOS Server Functions of NOS Overview of NOS Characteristics Differences Between PC and a NOS Multiuser, Multitasking, and Multiprocessor Systems NOS Server Hardware Windows Windows NT 4.0 Linux Server Software and

More information

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features Objectives Describe Windows 7 Security Improvements Use the local security policy to secure Windows 7 Enable auditing to record security

More information

Introduction to Operating Systems

Introduction to Operating Systems Introduction to Operating Systems It is important that you familiarize yourself with Windows and Linux in preparation for this course. The exercises in this book assume a basic knowledge of both of these

More information

Web. Security Options Comparison

Web. Security Options Comparison Web 3 Security Options Comparison Windows Server 2003 provides a number of Security Options that can be applied within the scope of managing a GPO. Most are the same as those available in Windows 2000.

More information

Getting Started in Red Hat Linux An Overview of Red Hat Linux p. 3 Introducing Red Hat Linux p. 4 What Is Linux? p. 5 Linux's Roots in UNIX p.

Getting Started in Red Hat Linux An Overview of Red Hat Linux p. 3 Introducing Red Hat Linux p. 4 What Is Linux? p. 5 Linux's Roots in UNIX p. Preface p. ix Getting Started in Red Hat Linux An Overview of Red Hat Linux p. 3 Introducing Red Hat Linux p. 4 What Is Linux? p. 5 Linux's Roots in UNIX p. 6 Common Linux Features p. 8 Primary Advantages

More information

4.1 Introduction 4.2 Explain the purpose of an operating system 4.2.1 Describe characteristics of modern operating systems Control Hardware Access

4.1 Introduction 4.2 Explain the purpose of an operating system 4.2.1 Describe characteristics of modern operating systems Control Hardware Access 4.1 Introduction The operating system (OS) controls almost all functions on a computer. In this lecture, you will learn about the components, functions, and terminology related to the Windows 2000, Windows

More information

Xerox DocuShare Security Features. Security White Paper

Xerox DocuShare Security Features. Security White Paper Xerox DocuShare Security Features Security White Paper Xerox DocuShare Security Features Businesses are increasingly concerned with protecting the security of their networks. Any application added to a

More information

Security Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems

Security Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems IT 4823 Information Security Administration Securing Operating Systems June 18 Security Maintenance Practices Basic proactive security can prevent many problems Maintenance involves creating a strategy

More information

System Security Policy Management: Advanced Audit Tasks

System Security Policy Management: Advanced Audit Tasks System Security Policy Management: Advanced Audit Tasks White Paper October 6, 2005 2005 Altiris Inc. All rights reserved. ABOUT ALTIRIS Altiris, Inc. is a pioneer of IT lifecycle management software that

More information

Sophos Anti-Virus for Linux user manual

Sophos Anti-Virus for Linux user manual Sophos Anti-Virus for Linux user manual Product version: 7 Document date: January 2011 Contents 1 About this manual...3 2 About Sophos Anti-Virus for Linux...4 3 On-access scanning...7 4 On-demand scanning...10

More information

RecoveryVault Express Client User Manual

RecoveryVault Express Client User Manual For Linux distributions Software version 4.1.7 Version 2.0 Disclaimer This document is compiled with the greatest possible care. However, errors might have been introduced caused by human mistakes or by

More information

Cisco Networking Academy Program Curriculum Scope & Sequence. Fundamentals of UNIX version 2.0 (July, 2002)

Cisco Networking Academy Program Curriculum Scope & Sequence. Fundamentals of UNIX version 2.0 (July, 2002) Cisco Networking Academy Program Curriculum Scope & Sequence Fundamentals of UNIX version 2.0 (July, 2002) Course Description: Fundamentals of UNIX teaches you how to use the UNIX operating system and

More information

Lectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003

Lectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003 Lectures 9 Advanced Operating Systems Fundamental Security Computer Systems Administration TE2003 Lecture overview At the end of lecture 9 students can identify, describe and discuss: Main factors while

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

Spyware Doctor Enterprise Technical Data Sheet

Spyware Doctor Enterprise Technical Data Sheet Spyware Doctor Enterprise Technical Data Sheet The Best of Breed Anti-Spyware Solution for Businesses Spyware Doctor Enterprise builds on the strength of the industry-leading and multi award-winning Spyware

More information

Online Backup Client User Manual

Online Backup Client User Manual For Linux distributions Software version 4.1.7 Version 2.0 Disclaimer This document is compiled with the greatest possible care. However, errors might have been introduced caused by human mistakes or by

More information

Online Backup Linux Client User Manual

Online Backup Linux Client User Manual Online Backup Linux Client User Manual Software version 4.0.x For Linux distributions August 2011 Version 1.0 Disclaimer This document is compiled with the greatest possible care. However, errors might

More information

Windows servers. NT networks

Windows servers. NT networks Windows servers The NT security model NT networks Networked NT machines can be: Primary Domain controller Centralizes user database/authentication Backup Domain controller Domain member Non-domain member

More information

Thick Client Application Security

Thick Client Application Security Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two

More information

Online Backup Client User Manual Linux

Online Backup Client User Manual Linux Online Backup Client User Manual Linux 1. Product Information Product: Online Backup Client for Linux Version: 4.1.7 1.1 System Requirements Operating System Linux (RedHat, SuSE, Debian and Debian based

More information

About Microsoft Windows Server 2003

About Microsoft Windows Server 2003 About Microsoft Windows Server 003 Windows Server 003 (WinK3) requires extensive provisioning to meet both industry best practices and regulatory compliance. By default the Windows Server operating system

More information

Windows Server 2008/2012 Server Hardening

Windows Server 2008/2012 Server Hardening Account Policies Enforce password history 24 Maximum Password Age - 42 days Minimum Password Age 2 days Minimum password length - 8 characters Password Complexity - Enable Store Password using Reversible

More information

HTTP connections can use transport-layer security (SSL or its successor, TLS) to provide data integrity

HTTP connections can use transport-layer security (SSL or its successor, TLS) to provide data integrity Improving File Sharing Security: A Standards Based Approach A Xythos Software White Paper January 2, 2003 Abstract Increasing threats to enterprise networks coupled with an ever-growing dependence upon

More information

CS197U: A Hands on Introduction to Unix

CS197U: A Hands on Introduction to Unix CS197U: A Hands on Introduction to Unix Lecture 4: My First Linux System J.D. DeVaughn-Brown University of Massachusetts Amherst Department of Computer Science jddevaughn@cs.umass.edu 1 Reminders After

More information

Attix5 Pro Server Edition

Attix5 Pro Server Edition Attix5 Pro Server Edition V7.0.3 User Manual for Linux and Unix operating systems Your guide to protecting data with Attix5 Pro Server Edition. Copyright notice and proprietary information All rights reserved.

More information

Objectives. Windows 7 Security. Desktop OS Market Share. Windows Background. CS140M Fall 2014. Lake

Objectives. Windows 7 Security. Desktop OS Market Share. Windows Background. CS140M Fall 2014. Lake Objectives Windows 7 Security By Al Fall 2014 CS 140M LBCC Background Windows Security Architecture Windows Vulnerabilities Means of Evaluating Metrics System Hardening Windows Defenses OS Security Capabilities

More information

Example of Standard API

Example of Standard API 16 Example of Standard API System Call Implementation Typically, a number associated with each system call System call interface maintains a table indexed according to these numbers The system call interface

More information

PARALLELS SERVER 4 BARE METAL README

PARALLELS SERVER 4 BARE METAL README PARALLELS SERVER 4 BARE METAL README This document provides the first-priority information on Parallels Server 4 Bare Metal and supplements the included documentation. TABLE OF CONTENTS 1 About Parallels

More information

Windows Client/Server Local Area Network (LAN) System Security Lab 2 Time allocation 3 hours

Windows Client/Server Local Area Network (LAN) System Security Lab 2 Time allocation 3 hours Windows Client/Server Local Area Network (LAN) System Security Lab 2 Time allocation 3 hours Introduction The following lab allows the trainee to obtain a more in depth knowledge of network security and

More information

Security Correlation Server Quick Installation Guide

Security Correlation Server Quick Installation Guide orrelogtm Security Correlation Server Quick Installation Guide This guide provides brief information on how to install the CorreLog Server system on a Microsoft Windows platform. This information can also

More information

Acronis Backup & Recovery 10 Server for Windows. Installation Guide

Acronis Backup & Recovery 10 Server for Windows. Installation Guide Acronis Backup & Recovery 10 Server for Windows Installation Guide Table of Contents 1. Installation of Acronis Backup & Recovery 10... 3 1.1. Acronis Backup & Recovery 10 components... 3 1.1.1. Agent

More information

Operating Systems. Notice that, before you can run programs that you write in JavaScript, you need to jump through a few hoops first

Operating Systems. Notice that, before you can run programs that you write in JavaScript, you need to jump through a few hoops first Operating Systems Notice that, before you can run programs that you write in JavaScript, you need to jump through a few hoops first JavaScript interpreter Web browser menu / icon / dock??? login??? CPU,

More information

Reflection X Advantage Help. Date

Reflection X Advantage Help. Date Reflection X Advantage Help Date Copyrights and Notices Attachmate Reflection 2015 Copyright 2015 Attachmate Corporation. All rights reserved. No part of the documentation materials accompanying this Attachmate

More information

RemotelyAnywhere Getting Started Guide

RemotelyAnywhere Getting Started Guide April 2007 About RemotelyAnywhere... 2 About RemotelyAnywhere... 2 About this Guide... 2 Installation of RemotelyAnywhere... 2 Software Activation...3 Accessing RemotelyAnywhere... 4 About Dynamic IP Addresses...

More information

1. Product Information

1. Product Information ORIXCLOUD BACKUP CLIENT USER MANUAL LINUX 1. Product Information Product: Orixcloud Backup Client for Linux Version: 4.1.7 1.1 System Requirements Linux (RedHat, SuSE, Debian and Debian based systems such

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

Administration Quick Start

Administration Quick Start www.novell.com/documentation Administration Quick Start ZENworks 11 Support Pack 3 February 2014 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of

More information

Advanced Event Viewer Manual

Advanced Event Viewer Manual Advanced Event Viewer Manual Document version: 2.2944.01 Download Advanced Event Viewer at: http://www.advancedeventviewer.com Page 1 Introduction Advanced Event Viewer is an award winning application

More information

PARALLELS SERVER BARE METAL 5.0 README

PARALLELS SERVER BARE METAL 5.0 README PARALLELS SERVER BARE METAL 5.0 README 1999-2011 Parallels Holdings, Ltd. and its affiliates. All rights reserved. This document provides the first-priority information on the Parallels Server Bare Metal

More information

StoreGrid Linux Server Installation Guide

StoreGrid Linux Server Installation Guide StoreGrid Linux Server Installation Guide Before installing StoreGrid as Backup Server (or) Replication Server in your machine, you should install MySQL Server in your machine (or) in any other dedicated

More information

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities Objectives After reading this chapter and completing the exercises, you will be able to: Describe vulnerabilities of Windows and Linux operating systems Identify specific vulnerabilities and explain ways

More information

Objectives. At the end of this chapter students should be able to:

Objectives. At the end of this chapter students should be able to: NTFS PERMISSIONS AND SECURITY SETTING.1 Introduction to NTFS Permissions.1.1 File Permissions and Folder Permission.2 Assigning NTFS Permissions and Special Permission.2.1 Planning NTFS Permissions.2.2

More information

CA Performance Center

CA Performance Center CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is

More information

A Roadmap for Securing IIS 5.0

A Roadmap for Securing IIS 5.0 This document was grafted together from various Web and other sources by Thomas Jerry Scott for use in his Web and other Security courses. Jerry hopes you find this information helpful in your quest to

More information

Data Stored on a Windows Server Connected to a Network

Data Stored on a Windows Server Connected to a Network Attachment A Form to Describe Sensitive Data Security Plan For the Use of Sensitive Data from The National Longitudinal Study of Adolescent to Adult Health Data Stored on a Windows Server Connected to

More information

Table of Contents. Part I Document Overview 2. Part II Document Details 3. Part III Setup 4. Part IV Setting up a Database, Table and Users 15

Table of Contents. Part I Document Overview 2. Part II Document Details 3. Part III Setup 4. Part IV Setting up a Database, Table and Users 15 Contents I Table of Contents Part I Document Overview 2 Part II Document Details 3 Part III Setup 4 1 Download & Installation... 4 2 Configure MySQL... Server 6 Windows XP... Firewall Settings 13 3 Additional

More information

Windows Remote Access

Windows Remote Access Windows Remote Access A newsletter for IT Professionals Education Sector Updates Issue 1 I. Background of Remote Desktop for Windows Remote Desktop Protocol (RDP) is a proprietary protocol developed by

More information

WINDOWS 7 & HOMEGROUP

WINDOWS 7 & HOMEGROUP WINDOWS 7 & HOMEGROUP SHARING WITH WINDOWS XP, WINDOWS VISTA & OTHER OPERATING SYSTEMS Abstract The purpose of this white paper is to explain how your computers that are running previous versions of Windows

More information

RingStor User Manual. Version 2.1 Last Update on September 17th, 2015. RingStor, Inc. 197 Route 18 South, Ste 3000 East Brunswick, NJ 08816.

RingStor User Manual. Version 2.1 Last Update on September 17th, 2015. RingStor, Inc. 197 Route 18 South, Ste 3000 East Brunswick, NJ 08816. RingStor User Manual Version 2.1 Last Update on September 17th, 2015 RingStor, Inc. 197 Route 18 South, Ste 3000 East Brunswick, NJ 08816 Page 1 Table of Contents 1 Overview... 5 1.1 RingStor Data Protection...

More information

IBM Client Security Solutions. Client Security User's Guide

IBM Client Security Solutions. Client Security User's Guide IBM Client Security Solutions Client Security User's Guide December 1999 1 Before using this information and the product it supports, be sure to read Appendix B - Notices and Trademarks, on page 22. First

More information

Security Architecture Whitepaper

Security Architecture Whitepaper Security Architecture Whitepaper 2015 by Network2Share Pty Ltd. All rights reserved. 1 Table of Contents CloudFileSync Security 1 Introduction 1 Data Security 2 Local Encryption - Data on the local computer

More information

Web Security School Entrance Exam

Web Security School Entrance Exam Web Security School Entrance Exam By Michael Cobb 1) What is SSL used for? a. Encrypt data as it travels over a network b. Encrypt files located on a Web server c. Encrypt passwords for storage in a database

More information

Jetico Central Manager. Administrator Guide

Jetico Central Manager. Administrator Guide Jetico Central Manager Administrator Guide Introduction Deployment, updating and control of client software can be a time consuming and expensive task for companies and organizations because of the number

More information

Nixu SNS Security White Paper May 2007 Version 1.2

Nixu SNS Security White Paper May 2007 Version 1.2 1 Nixu SNS Security White Paper May 2007 Version 1.2 Nixu Software Limited Nixu Group 2 Contents 1 Security Design Principles... 3 1.1 Defense in Depth... 4 1.2 Principle of Least Privilege... 4 1.3 Principle

More information

Parallels. for your Linux or Windows Server. Small Business Panel. Getting Started Guide. Parallels Small Business Panel // Linux & Windows Server

Parallels. for your Linux or Windows Server. Small Business Panel. Getting Started Guide. Parallels Small Business Panel // Linux & Windows Server Getting Started Guide Parallels Small Business Panel for your Linux or Windows Server Getting Started Guide Page 1 Getting Started Guide: Parallels Small Business Panel, Linux & Windows Server Version

More information

Likewise Security Benefits

Likewise Security Benefits Likewise Enterprise Likewise Security Benefits AUTHOR: Manny Vellon Chief Technology Officer Likewise Software Abstract This document describes how Likewise improves the security of Linux and UNIX computers

More information

Kaspersky Security Center Web-Console

Kaspersky Security Center Web-Console Kaspersky Security Center Web-Console User Guide CONTENTS ABOUT THIS GUIDE... 5 In this document... 5 Document conventions... 7 KASPERSKY SECURITY CENTER WEB-CONSOLE... 8 SOFTWARE REQUIREMENTS... 10 APPLICATION

More information

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management What is an? s Ten Most Critical Web Application Security Vulnerabilities Anthony LAI, CISSP, CISA Chapter Leader (Hong Kong) anthonylai@owasp.org Open Web Application Security Project http://www.owasp.org

More information

Introduction to Linux (Authentication Systems, User Accounts, LDAP and NIS) Süha TUNA Res. Assist.

Introduction to Linux (Authentication Systems, User Accounts, LDAP and NIS) Süha TUNA Res. Assist. Introduction to Linux (Authentication Systems, User Accounts, LDAP and NIS) Süha TUNA Res. Assist. Outline 1. What is authentication? a. General Informations 2. Authentication Systems in Linux a. Local

More information

Web Plus Security Features and Recommendations

Web Plus Security Features and Recommendations Web Plus Security Features and Recommendations (Based on Web Plus Version 3.x) Centers for Disease Control and Prevention National Center for Chronic Disease Prevention and Health Promotion Division of

More information

6WRUP:DWFK. Policies for Dedicated SQL Servers Group

6WRUP:DWFK. Policies for Dedicated SQL Servers Group OKENA 71 Second Ave., 3 rd Floor Waltham, MA 02451 Phone 781 209 3200 Fax 781 209 3199 6WRUP:DWFK Policies for Dedicated SQL Servers Group The sample policies shipped with StormWatch address both application-specific

More information

EVault for Data Protection Manager. Course 361 Protecting Linux and UNIX with EVault

EVault for Data Protection Manager. Course 361 Protecting Linux and UNIX with EVault EVault for Data Protection Manager Course 361 Protecting Linux and UNIX with EVault Table of Contents Objectives... 3 Scenario... 3 Estimated Time to Complete This Lab... 3 Requirements for This Lab...

More information

Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda

Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda 1. Introductions for new members (5 minutes) 2. Name of group 3. Current

More information

SuSE File and Print Services with

SuSE File and Print Services with SuSE File and with SuSE Linux Enterprise Server 8 SuSE Linux AG Whitepaper SuSE File and with SuSE Linux Enterprise Server 8 Overview. 3 File Services The User View 3 The Administrator View 3 Samba Web

More information

CA Unified Infrastructure Management Server

CA Unified Infrastructure Management Server CA Unified Infrastructure Management Server CA UIM Server Configuration Guide 8.0 Document Revision History Version Date Changes 8.0 September 2014 Rebranded for UIM 8.0. 7.6 June 2014 No revisions for

More information

CSE 265: System and Network Administration. CSE 265: System and Network Administration

CSE 265: System and Network Administration. CSE 265: System and Network Administration CSE 265: System and Network Administration MW 9:10-10:00am Packard 258 F 9:10-11:00am Packard 112 http://www.cse.lehigh.edu/~brian/course/sysadmin/ Find syllabus, lecture notes, readings, etc. Instructor:

More information

Univention Corporate Server. Operation of a Samba domain based on Windows NT domain services

Univention Corporate Server. Operation of a Samba domain based on Windows NT domain services Univention Corporate Server Operation of a Samba domain based on Windows NT domain services 2 Table of Contents 1. Components of a Samba domain... 4 2. Installation... 5 3. Services of a Samba domain...

More information

Active Directory and Linux Identity Management

Active Directory and Linux Identity Management Active Directory and Linux Identity Management Published by the Open Source Software Lab at Microsoft. December 2007. Special thanks to Chris Travers, Contributing Author to the Open Source Software Lab.

More information

Windows 7. Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org

Windows 7. Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org Windows 7 Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org 1 Overview 1. Financial Institution s Preliminary Steps 2. User Interface 3. Data Protection 4. User and Group Changes

More information

Web Security School Final Exam

Web Security School Final Exam Web Security School Final Exam By Michael Cobb 1.) Which of the following services is not required to run a Windows server solely configured to run IIS and publish a Web site on the Internet? a. IIS Admin

More information

Hacking Database for Owning your Data

Hacking Database for Owning your Data Hacking Database for Owning your Data 1 Introduction By Abdulaziz Alrasheed & Xiuwei Yi Stealing data is becoming a major threat. In 2012 alone, 500 fortune companies were compromised causing lots of money

More information

Installing Management Applications on VNX for File

Installing Management Applications on VNX for File EMC VNX Series Release 8.1 Installing Management Applications on VNX for File P/N 300-015-111 Rev 01 EMC Corporation Corporate Headquarters: Hopkinton, MA 01748-9103 1-508-435-1000 www.emc.com Copyright

More information

Five Steps to Improve Internal Network Security. Chattanooga ISSA

Five Steps to Improve Internal Network Security. Chattanooga ISSA Five Steps to Improve Internal Network Security Chattanooga ISSA 1 Find Me AverageSecurityGuy.info @averagesecguy stephen@averagesecurityguy.info github.com/averagesecurityguy ChattSec.org 2 Why? The methodical

More information

Online Backup Client User Manual

Online Backup Client User Manual For Mac OS X Software version 4.1.7 Version 2.2 Disclaimer This document is compiled with the greatest possible care. However, errors might have been introduced caused by human mistakes or by other means.

More information

SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X)

SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X) WHITE PAPER SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X) INTRODUCTION This document covers the recommended best practices for hardening a Cisco Personal Assistant 1.4(x) server. The term

More information

Why is security important? Practical applications of secure operating systems in E-business. Web site defacement activity (May 2000 April 2001)

Why is security important? Practical applications of secure operating systems in E-business. Web site defacement activity (May 2000 April 2001) Why is security important? Practical applications of secure operating systems in E-business Nigel Edwards Hewlett-Packard Internet Security Solutions Division nigel_edwards@hp.com 1 2 Web site defacement

More information

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013 CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control

More information

AXIGEN Mail Server. Quick Installation and Configuration Guide. Product version: 6.1 Document version: 1.0

AXIGEN Mail Server. Quick Installation and Configuration Guide. Product version: 6.1 Document version: 1.0 AXIGEN Mail Server Quick Installation and Configuration Guide Product version: 6.1 Document version: 1.0 Last Updated on: May 28, 2008 Chapter 1: Introduction... 3 Welcome... 3 Purpose of this document...

More information

Novell Sentinel Log Manager 1.2 Release Notes. 1 What s New. 1.1 Enhancements to Licenses. Novell. February 2011

Novell Sentinel Log Manager 1.2 Release Notes. 1 What s New. 1.1 Enhancements to Licenses. Novell. February 2011 Novell Sentinel Log Manager 1.2 Release Notes February 2011 Novell Novell Sentinel Log Manager collects data from a wide variety of devices and applications, including intrusion detection systems, firewalls,

More information

QuickDNS 4.6 Installation Instructions

QuickDNS 4.6 Installation Instructions QuickDNS 4.6 Installation Instructions for Windows, Solaris, Linux, FreeBSD and Mac OS Table of Contents INTRODUCTION 3 QuickDNS system requirements 3 INSTALLING QUICKDNS MANAGER 4 Windows installation

More information

HW 07: Ch 12 Investigating Windows

HW 07: Ch 12 Investigating Windows 1 of 7 5/15/2015 2:40 AM HW 07: Ch 12 Investigating Windows Click 'check' on each question or your score will not be recorded. resources: windows special folders ntfs.com Windows cmdline ref how ntfs works

More information

The Desktop Sharing Handbook. Brad Hards

The Desktop Sharing Handbook. Brad Hards Brad Hards 2 Contents 1 Introduction 5 2 The Remote Frame Buffer protocol 6 3 Using Desktop Sharing 7 3.1 Managing Desktop Sharing invitations.......................... 9 3.2 Quit Desktop Sharing....................................

More information

Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data

Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data Will Fiveash presenter, Darren Moffat author Staff Engineer Solaris Kerberos Development Safe Harbor Statement The following

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

Administrator Manual

Administrator Manual . Self-evaluation Platform (SEP) on Information Technology in Education (ITEd) for School Administrator Manual Mar 2006 [Version 3.0] Copyright 2005 Education and Manpower Bureau Page 1 Table of Contents

More information

Open Directory. Contents. Before You Start 2. Configuring Rumpus 3. Testing Accessible Directory Service Access 4. Specifying Home Folders 4

Open Directory. Contents. Before You Start 2. Configuring Rumpus 3. Testing Accessible Directory Service Access 4. Specifying Home Folders 4 Contents Before You Start 2 Configuring Rumpus 3 Testing Accessible Directory Service Access 4 Specifying Home Folders 4 Open Directory Groups 6 Maxum Development Corp. Before You Start Open Directory

More information

Upon completion of this chapter, you will able to answer the following questions:

Upon completion of this chapter, you will able to answer the following questions: CHAPTER 2 Operating Systems Objectives Upon completion of this chapter, you will able to answer the following questions: What is the purpose of an OS? What role do the shell and kernel play? What is the

More information

Activity 1: Scanning with Windows Defender

Activity 1: Scanning with Windows Defender Activity 1: Scanning with Windows Defender 1. Click on Start > All Programs > Windows Defender 2. Click on the arrow next to Scan 3. Choose Custom Scan Page 1 4. Choose Scan selected drives and folders

More information

Unit 10 : An Introduction to Linux OS

Unit 10 : An Introduction to Linux OS Unit 10 : An Introduction to Linux OS Linux is a true 32/64-bit operating system that run on different platforms. It is a multi-user, multi-tasking and time sharing operating system. Linux is a very stable

More information