Vlastnosti hardened kernelu pro kaz de ho paranoika

Size: px
Start display at page:

Download "Vlastnosti hardened kernelu pro kaz de ho paranoika"

Transcription

1 Vlastnosti hardened kernelu pro kaz de ho paranoika 2013/06/01

2 Kdo je Kdo je Vy voja r Gentoo od podzima 2008 C len councilu od ledna 2010 C len KDE ty mu (chvı li jim i s e foval nez se objevilo akonadi) Spra vce/vy voja r LibreOffice Dr ı ve take v Gentoo pracoval na X11, Overlays, Clustering, QA,... Pracuje v SUSE jako L3/QA Maintenance To byl na pad tu prezentaci de lat c esky. Sloz ite js ı odborne termı ny budou v anglic tine jinak bysme se z toho zbla znili.

3 Za klad Hardened Gentoo Za kladnı informace Projekt pro zvy s enı zabezpec enı poc ı tac e pomocı ru zny ch patchu (viz dals ı slide) Snahou je co nejvı ce te chto vlastnostı integrovat pr ı mo do hlavniho profilu Gentoo Z du vodu snı z enı vy konu ne ktery ch aplikacı a zamezenı fuknc nosti ne ktery ch funkcı pro desktop je to sta le odde leny projekt http//www.gentoo.org/proj/en/hardened/

4 Za klad Hardened Gentoo Dostupne funkce Nastavenı toolchainu (kompiler, linker,.. ) jako vynucenı, kontrola za sobnı ku pr i kompilaci, nebo ochrana proti stack-smashingu Rozs ı r enı ja dra PaX, poskytujı cı non-executable memory, address space layout randomization,... Rozs ı r enı ja dra grsecurity, umoz n ujı cı restrikce chrootu, dodatec ny audit, omezenı procesu,... Rozs ı r enı ja dra SELinux, MAC (Mandatory Access Control) rozs ir ujı cı be z na omezenı linuxovy ch pra v Technologie komem Integrity, jako Integrity Measurement Architecture, ktera chra nı syste m proti nevı tany m zme na m

5 Toolchain Zabezpec enı pr i kompilaci a FORTIFY SOURCE jsou i v za kladnı m profilu -DFORTIFY SOURCE=2 zabezpec enı proti jednoduchy m pr etec enı m za sobnı ku /PIC ko d neza visly na pozici v pame ti, vets ina skoku je poc ı ta na tedy relativne mı sto abs. odkazu SSP ochrana proti stack-smashing z GCC, pr ida na konec (lze i na hodne ) za sobnı ku kana rka ktery informuje o pokusu o pr etec enı at na hodne m c i cı lene m (sranda sledovat s nepomukem)

6 Toolchain Zabezpec enı pr i linkova nı -Wl,-z,relro oznac ı c a sti knihovny pouze pro c tenı a znemoz nı u pravy (GOT, PLT) -Wl,-z,now pr eloz ı vs echny symboly a vynutı nac tenı knihoven pr i spus tenı aplikace (spadne kdyz nejsou vs echny splne ny) a neznatelne zpomalı prvnı spus te nı applikace

7 grsecurity grsecurity RBAC c a st rozs ı r enı unixovy ch pr ı stupovy ch pra v o dals ı moz nosti, napr. ochrana pr ed brute-force, skrytı ptrace vybrany m procesu m,... Omezenı chroot ochrana proti priv-esc a dals ı omezenı /za brany zamezeny pr ı stup do sdı lene pame ti z chrootu, nemoz nost videt procesy mimo chroot, omezeny kill/sgid/... Audit logovanı c innostı uz ivatelu, mount, zme ny c asu, pouz itı chdir, zaznamena nı pr ı kazu Exec, nezdar ene fork...

8 grsecurity grsecurity - nastavenı grsecurity obsahuje spoustu moz nostı a vyplatı se je nastudovat s webovy ch stra nek projektu. Gentoo se snaz ı proti vy chozı m moz nostem (Nı zke /Vysoke zabezpec enı ) pr idat jes te moz nost desktop/server, kdy jsou ty nejzajı mave js ı moz nosti povoleny. Mimo ja dro uz se moc ve cı pro grsec de lat nemusı, spı s e se jedna o nastavenı pro PaX.

9 PaX PaX Technicky vzato se jedna o c a st grsecurity, ktera nenı vyvy jena upstreamem a umoz nuje na sledujı cı c innosti. ASLR na hodne rozmı ste nı adresove ho prostoru a proto u toc nı k neodhadne rozvrz enı pame ti Vynucenı stavu pame ti bud je ke c tenı nebo pouze k za pisu. VELICE zpomalı syste m, zato ho zatracene dobr e zabezpec ı (binarnı drivery pla c ou) Trampolı nky runtime rozs ı r enı pro SSP da se r ı ct, protoz e de la te me r to same. Bohuz el runtime ovla da PaX a tedy dı ra v PaX kompromituje cely syste m

10 PaX PaX - ovla da nı Doporuc uji na testova nı sta hnou soubor checksec.sh a nainstalovat paxtest. paxctl -flagy binarka / paxctl-ng -flagy binarka Paxctl zapisuje pr ı mo do elf a nefunguje napr. nefunguje na Skype Paxctl-ng pouz ı va xattr (v Gentoo myslı m to pouz ı va i stary pax) ~ # paxctl-ng -v /usr/lib64/libreoffice/program/ /usr/lib64/libreoffice/program/soffice.bin PT_PAX -em-xattr_pax not found

11 PaX PaX - vy stup checksec.sh... * Does the CPU support NX Yes COMMAND init udevd dbus-daemon rsyslogd console-kit-dae polkitd wpa_supplicant wpa_cli smartd X... PID RELRO Full RELRO Full RELRO Full RELRO Full RELRO Full RELRO Full RELRO Full RELRO Full RELRO Full RELRO Partial RELRO STACK CANARY Canary found Canary found Canary found Canary found Canary found Canary found Canary found Canary found No canary found Canary found NX/PaX NX enabled NX enabled NX enabled NX enabled NX enabled NX enabled NX enabled NX enabled NX enabled NX enabled enabled enabled enabled enabled enabled enabled enabled enabled enabled enabled

12 PaX PaX - vy stup paxtest # paxtest Executable anonymous mapping Executable bss Executable data Executable heap Executable stack Executable anonymous mapping (mprotect) Executable bss (mprotect) Executable data (mprotect) Executable heap (mprotect) Executable stack (mprotect) Executable shared library bss (mprotect) Executable shared library data (mprotect) Writable text segments Anonymous mapping randomisation test Heap randomisation test (ET_EXEC) Heap randomisation test (ET_DYN) Main executable randomisation (ET_EXEC) Main executable randomisation (ET_DYN) Shared library randomisation test Stack randomisation test (SEGMEXEC) Stack randomisation test (PAGEEXEC) Return to function (strcpy) Return to function (memcpy) Return to function (strcpy, RANDEXEC) Return to function (memcpy, RANDEXEC) Executable shared pro library bssparanoika Vlastnosti hardened kernelu kaz de ho 16 bits (guessed) 13 bits (guessed) 25 bits (guessed) 16 bits (guessed) 17 bits (guessed) 16 bits (guessed) 23 bits (guessed) No randomisation Vulnerable Vulnerable

13 SELinux SELinux O SELinuxu nevı m te me r nı c a zvla dl jsem to nastavit pouze jednou Doporuc uji pr ec ı st si dokumentaci a Svenu v blog http//www.gentoo.org/proj/en/hardened/selinux/selinuxhandbook.xml http//blog.siphos.be/category/gentoo/hardened/

14 Integrity Advanced Intrusion Detection Environment Jedna se o metodu detekce pru niku (AIDE). V Gentoo je balı c ek dostupny jako app-forensics/aide. Je du lez ite si spra vne nastavit co vs e sledovat (ani ma lo ani moc) Nastavenı musı by t read-only pokudmoz no externe (nfs?) Skenova nı by se me lo prova de t offline z livecd/memory-sticku

15 Integrity AID - uka zkovy vy stup AIDE found differences between database and filesystem!! Start timestamp Summary Total number of files Added files Removed files Changed files Changed files changed /etc/pam.d/ changed /etc/pam.d/sudo

16 Integrity AID - uka zkovy vy stup - page Detailed information about changes Directory /etc/pam.d Mtime Ctime , , File /etc/pam.d/sudo Size 135 Mtime Ctime Inode MD5 239be3ac285c0860e5e81a== SHA1 e7d7393f0768ed2dbebdbne5v6e=,,,,,, elurp2bkw43eexazx+dlba== KwQ42poukMiqEjKQ7e9xkBNZB8=

17 Nejpravde podobne js ı moz nosti u toku Nejpravde podobne js ı moz nosti u toku na desktop v dnes nı dobe Zneuz itı s patne nastaveny ch pravidel consolekit/dbus Zneuz itı s patne nastavene ho d-bus syste mu SUID bina rka liknovana s kreativnı ma knihovnama (Xlib,...), pr ecijen suid da va kernel pomocı podvrz enı balı c ku (distro od distra podle toho jak majı r es ene podpisy)

18 Obrana Obrana Pr inucenı distribucı vracet upstreamu patche s vy chozı m chova nı m, ktere je bezpec ne Dı ky pr edchozı mu zabezpec enı vets iny distribucı Odebı ra nı suid bitu kde jen to jde Vı ce paranoiku kter ı poma hajı s poloz kou c ı slo 1

19 Dotazy Ota zky a odpove di.

20 Pode kova nı De kuji za pozornost

Safety measures in Linux

Safety measures in Linux S a f e t y m e a s u r e s i n L i n u x Safety measures in Linux Krzysztof Lichota lichota@mimuw.edu.pl A g e n d a Standard Unix security measures: permissions, capabilities, ACLs, chroot Linux kernel

More information

1.- L a m e j o r o p c ió n e s c l o na r e l d i s co ( s e e x p li c a r á d es p u é s ).

1.- L a m e j o r o p c ió n e s c l o na r e l d i s co ( s e e x p li c a r á d es p u é s ). PROCEDIMIENTO DE RECUPERACION Y COPIAS DE SEGURIDAD DEL CORTAFUEGOS LINUX P ar a p od e r re c u p e ra r nu e s t r o c o rt a f u e go s an t e un d es a s t r e ( r ot u r a d e l di s c o o d e l a

More information

Hardening Linux. and introducing Securix GNU/Linux

Hardening Linux. and introducing Securix GNU/Linux Hardening Linux and introducing Securix GNU/Linux Hardening basics From lowest to highest level Tune every part of system and applications Follow standards and security policies Regularly check system

More information

Upozorňujeme,že můžete formáty pro čtečky převádět ON-LINE na internetu do formátu PDF apod.

Upozorňujeme,že můžete formáty pro čtečky převádět ON-LINE na internetu do formátu PDF apod. Dobrý den, děkujeme za Nákup,níže máte odkazy pro bezplatné stažení.knihy jsou v archivech PDF(nepotřebujete čtečku e-knih),txt(nepotřebujete čtečku e-knih), a dále pro čtečky : soubory typu: PDB,MOBI,APNX

More information

1. Oblast rozvoj spolků a SU UK 1.1. Zvyšování kvalifikace Školení Zapojení do projektů Poradenství 1.2. Financování 1.2.1.

1. Oblast rozvoj spolků a SU UK 1.1. Zvyšování kvalifikace Školení Zapojení do projektů Poradenství 1.2. Financování 1.2.1. 1. O b l a s t r o z v o j s p o l k a S U U K 1. 1. Z v y š o v á n í k v a l i f i k a c e Š k o l e n í o S t u d e n t s k á u n i e U n i v e r z i t y K a r l o v y ( d á l e j e n S U U K ) z í

More information

E-puck knihovna pro Python

E-puck knihovna pro Python E-puck knihovna pro Python David Marek Univerzita Karlova v Praze 5. 4. 2011 David Marek (MFF UK) E-puck knihovna pro Python 5. 4. 2011 1 / 36 Osnova 1 Představení e-puck robota 2 Připojení 3 Komunikace

More information

Unix Security Technologies: Host Security Tools. Peter Markowsky

Unix Security Technologies: Host Security Tools. Peter Markowsky <peterm[at]ccs.neu.edu> Unix Security Technologies: Host Security Tools Peter Markowsky Syllabus An Answer to last week s assignment Four tools SSP W^X PaX Systrace Last time You were assigned to get a

More information

The Case for SE Android. Stephen Smalley sds@tycho.nsa.gov Trust Mechanisms (R2X) National Security Agency

The Case for SE Android. Stephen Smalley sds@tycho.nsa.gov Trust Mechanisms (R2X) National Security Agency The Case for SE Android Stephen Smalley sds@tycho.nsa.gov Trust Mechanisms (R2X) National Security Agency 1 Android: What is it? Linux-based software stack for mobile devices. Very divergent from typical

More information

C o a t i a n P u b l i c D e b tm a n a g e m e n t a n d C h a l l e n g e s o f M a k e t D e v e l o p m e n t Z a g e bo 8 t h A p i l 2 0 1 1 h t t pdd w w wp i j fp h D p u b l i c2 d e b td S t

More information

Defense in Depth: Protecting Against Zero-Day Attacks

Defense in Depth: Protecting Against Zero-Day Attacks Defense in Depth: Protecting Against Zero-Day Attacks Chris McNab FIRST 16, Budapest 2004 Agenda Exploits through the ages Discussion of stack and heap overflows Common attack behavior Defense in depth

More information

Cisco Security Agent (CSA) CSA je v í c eúčelo v ý s o f t w a r o v ý ná s t r o j, k t er ý lze p o už í t k v ynuc ení r ů zný c h b ezp ečno s t ní c h p o li t i k. CSA a na lyzuje c h o v á ní a

More information

AppSecUSA New York City 2013

AppSecUSA New York City 2013 AppSecUSA New York City 2013 ME? Simón Roses Femerling Founder & CEO, VULNEX www.vulnex.com Blog: www.simonroses.com Twitter: @simonroses Former Microsoft, PwC, @Stake DARPA Cyber Fast Track award on software

More information

Modern Binary Exploitation Course Syllabus

Modern Binary Exploitation Course Syllabus Modern Binary Exploitation Course Syllabus Course Information Course Title: Modern Binary Exploitation Course Number: CSCI 4968 Credit Hours: 4 Semester / Year: Spring 2015 Meeting Days: Tuesday/Friday

More information

BIRD Internet Routing Daemon

BIRD Internet Routing Daemon BIRD Internet Routing Daemon Ondřej Zajíček CZ.NIC z.s.p.o. IT 13 Úvod I Úvod do dynamického routování I Představení démona BIRD I OSPF a BIRD I BGP a BIRD Dynamické routování I Sestavení routovacích tabulek

More information

Operating Systems. Design and Implementation. Andrew S. Tanenbaum Melanie Rieback Arno Bakker. Vrije Universiteit Amsterdam

Operating Systems. Design and Implementation. Andrew S. Tanenbaum Melanie Rieback Arno Bakker. Vrije Universiteit Amsterdam Operating Systems Design and Implementation Andrew S. Tanenbaum Melanie Rieback Arno Bakker Vrije Universiteit Amsterdam Operating Systems - Winter 2012 Outline Introduction What is an OS? Concepts Processes

More information

Outline. Operating Systems Design and Implementation. Chap 1 - Overview. What is an OS? 28/10/2014. Introduction

Outline. Operating Systems Design and Implementation. Chap 1 - Overview. What is an OS? 28/10/2014. Introduction Operating Systems Design and Implementation Andrew S. Tanenbaum Melanie Rieback Arno Bakker Outline Introduction What is an OS? Concepts Processes and Threads Memory Management File Systems Vrije Universiteit

More information

Put the human back in Human Resources.

Put the human back in Human Resources. Put the human back in Human Resources A Co m p l et e Hu m a n Ca p i t a l Ma n a g em en t So l u t i o n t h a t em p o w er s HR p r o f essi o n a l s t o m eet t h ei r co r p o r a t e o b j ect

More information

Campus Sustainability Assessment and Related Literature

Campus Sustainability Assessment and Related Literature Campus Sustainability Assessment and Related Literature An Annotated Bibliography and Resource Guide Andrew Nixon February 2002 Campus Sustainability Assessment Review Project Telephone: (616) 387-5626

More information

JCUT-3030/6090/1212/1218/1325/1530

JCUT-3030/6090/1212/1218/1325/1530 JCUT CNC ROUTER/CNC WOODWORKING MACHINE JCUT-3030/6090/1212/1218/1325/1530 RZNC-0501 Users Guide Chapter I Characteristic 1. Totally independent from PC platform; 2. Directly read files from U Disk; 3.

More information

Linux Exploit Mitigation

Linux Exploit Mitigation Linux Exploit Mitigation Dobin Rutishauser V1.3, March 2016 Compass Security Schweiz AG Werkstrasse 20 Postfach 2038 CH-8645 Jona Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch www.csnc.ch About

More information

aneb Perfekt perfektně.

aneb Perfekt perfektně. aneb Perfekt perfektně. 2013 se v angličtině nazývá Present Perfect, tedy Přítomný perfekt. Patří k časům přítomným, ačkoliv se jistě nejedná o klasický přítomný čas tak, jak jsme zvykĺı z češtiny. jistým

More information

Luk aˇ s R uˇ ziˇ cka Pomocn a slovesa

Luk aˇ s R uˇ ziˇ cka Pomocn a slovesa Pomocná slovesa Přehled funkcí Leden 2013 Přehled funkcí 1 děje probíhající právě ted 2 děje probíhající, ale ne nutně právě ted 3 děje probíhající dočasně 4 budoucí použití (pevná dohoda) Děje probíhající

More information

With Rejoicing Hearts/ Con Amor Jovial. A Fm7 B sus 4 B Cm Cm7/B

With Rejoicing Hearts/ Con Amor Jovial. A Fm7 B sus 4 B Cm Cm7/B for uli With Rejoic Herts/ on mor ol dition # 10745-Z1 ime ortez Keyord ccompniment y effy Honoré INTRO With energy ( = c 88) Keyord * m7 B sus 4 B 7/B mj 9 /B SMPL B 7 *Without percussion, egin he 1995,

More information

I n la n d N a v ig a t io n a co n t r ib u t io n t o eco n o m y su st a i n a b i l i t y

I n la n d N a v ig a t io n a co n t r ib u t io n t o eco n o m y su st a i n a b i l i t y I n la n d N a v ig a t io n a co n t r ib u t io n t o eco n o m y su st a i n a b i l i t y and KB rl iak s iol mi a, hme t a ro cp hm a5 a 2k p0r0o 9f i,e ls hv oa nr t ds eu rmv oedye l o nf dae cr

More information

OWASP Spain Barcelona 2014

OWASP Spain Barcelona 2014 OWASP Spain Barcelona 2014 ME & VULNEX Simon Roses Femerling Founder & CEO, VULNEX www.vulnex.com @simonroses @vulnexsl Former Microsoft, PwC, @Stake Black Hat, RSA, OWASP, SOURCE, AppSec, DeepSec, TECHNET,

More information

B I N G O B I N G O. Hf Cd Na Nb Lr. I Fl Fr Mo Si. Ho Bi Ce Eu Ac. Md Co P Pa Tc. Uut Rh K N. Sb At Md H. Bh Cm H Bi Es. Mo Uus Lu P F.

B I N G O B I N G O. Hf Cd Na Nb Lr. I Fl Fr Mo Si. Ho Bi Ce Eu Ac. Md Co P Pa Tc. Uut Rh K N. Sb At Md H. Bh Cm H Bi Es. Mo Uus Lu P F. Hf Cd Na Nb Lr Ho Bi Ce u Ac I Fl Fr Mo i Md Co P Pa Tc Uut Rh K N Dy Cl N Am b At Md H Y Bh Cm H Bi s Mo Uus Lu P F Cu Ar Ag Mg K Thomas Jefferson National Accelerator Facility - Office of cience ducation

More information

SCO TT G LEA SO N D EM O Z G EB R E-

SCO TT G LEA SO N D EM O Z G EB R E- SCO TT G LEA SO N D EM O Z G EB R E- EG Z IA B H ER e d it o r s N ) LICA TIO N S A N D M ETH O D S t DVD N CLUDED C o n t e n Ls Pr e fa c e x v G l o b a l N a v i g a t i o n Sa t e llit e S y s t e

More information

G ri d m on i tori n g w i th N A G I O S (*) (*) Work in collaboration with P. Lo Re, G. S av a and G. T ortone WP3-I CHEP 2000, N F N 10.02.2000 M e e t i n g, N a p l e s, 29.1 1.20 0 2 R o b e r 1

More information

pavlix@pavlix.net pavlix@pavlix.net

pavlix@pavlix.net pavlix@pavlix.net Evolution of Linux network management InstallFest 2013, Praha http://data.pavlix.net/installfest/2013/ 1/12 From: Dan Williams To: networkmanager-list gnome org Subject: ANN: released

More information

Federation of State Boards of Physical Therapy Jurisdiction Licensure Reference Guide Topic: Continuing Competence

Federation of State Boards of Physical Therapy Jurisdiction Licensure Reference Guide Topic: Continuing Competence This document reports CEU (continuing education units) and CCU (continuing competence units) requirements for renewal. It describes: Number of CEUs/CCUs required for renewal Who approves continuing education

More information

FORT WAYNE COMMUNITY SCHOOLS 12 00 SOUTH CLINTON STREET FORT WAYNE, IN 468 02 6:02 p.m. Ma r c h 2 3, 2 015 OFFICIAL P ROCEED ING S Ro l l Ca l l e a r d o f h o o l u e e o f t h e r t y m m u t y h o

More information

He Will Hold Me Fast (When I Fear My Faith Will Fail)

He Will Hold Me Fast (When I Fear My Faith Will Fail) ? 9? 1? Full Hope (h = 66) (v:fm7) 1. When. Those. (v:fm7) Till When Pre ust? I ll I cious ice could not Raed ith Bought by / love Him faith fear saves life tempt / nev let Him at are /C faith H bled /C

More information

H ig h L e v e l O v e r v iew. S te p h a n M a rt in. S e n io r S y s te m A rc h i te ct

H ig h L e v e l O v e r v iew. S te p h a n M a rt in. S e n io r S y s te m A rc h i te ct H ig h L e v e l O v e r v iew S te p h a n M a rt in S e n io r S y s te m A rc h i te ct OPEN XCHANGE Architecture Overview A ge nda D es ig n G o als A rc h i te ct u re O ve rv i ew S c a l a b ili

More information

Application Note: Cisco A S A - Ce r t if ica t e T o S S L V P N Con n e ct ion P r of il e Overview: T h i s a p p l i ca ti o n n o te e x p l a i n s h o w to co n f i g u r e th e A S A to a cco m

More information

Online Department Stores. What are we searching for?

Online Department Stores. What are we searching for? Online Department Stores What are we searching for? 2 3 CONTENTS Table of contents 02 Table of contents 03 Search 06 Fashion vs. footwear 04 A few key pieces 08 About SimilarWeb Stepping up the Competition

More information

UNIK4250 Security in Distributed Systems University of Oslo Spring 2012. Part 7 Wireless Network Security

UNIK4250 Security in Distributed Systems University of Oslo Spring 2012. Part 7 Wireless Network Security UNIK4250 Security in Distributed Systems University of Oslo Spring 2012 Part 7 Wireless Network Security IEEE 802.11 IEEE 802 committee for LAN standards IEEE 802.11 formed in 1990 s charter to develop

More information

Martin Gregor. 7. června 2016

Martin Gregor. 7. června 2016 Co (nového) Vás čeká na IES? Malá ochutnávka z naší kuchyně nejen pro přijaté studenty Institut ekonomických studíı FSV UK 7. června 2016 Šance na přijetí Hlavním kritériem přijetí je kombinovaný NSZ percentil:

More information

Federation of State Boards of Physical Therapy Jurisdiction Licensure Reference Guide Topic: Continuing Competence

Federation of State Boards of Physical Therapy Jurisdiction Licensure Reference Guide Topic: Continuing Competence This document reports CEU requirements for renewal. It describes: Number of required for renewal Who approves continuing education Required courses for renewal Which jurisdictions require active practice

More information

i n g S e c u r it y 3 1B# ; u r w e b a p p li c a tio n s f r o m ha c ke r s w ith t his å ] í d : L : g u id e Scanned by CamScanner

i n g S e c u r it y 3 1B# ; u r w e b a p p li c a tio n s f r o m ha c ke r s w ith t his å ] í d : L : g u id e Scanned by CamScanner í d : r ' " B o m m 1 E x p e r i e n c e L : i i n g S e c u r it y. 1-1B# ; u r w e b a p p li c a tio n s f r o m ha c ke r s w ith t his g u id e å ] - ew i c h P e t e r M u la e n PACKT ' TAÞ$Æo

More information

ni - do_in che la mia fe - ni - ce

ni - do_in che la mia fe - ni - ce anto = h É questo l ni in che la mia fenice Oratio igrini 792, no. 8 É que - sto_ l ni - _in che la mia fe - ni - ce Mi - se l au - ra - te_et Sesto lto Quinto In che la mia fe - ni - ce Mi - se l au -

More information

Prezentaci ukončíte stiskem klávesy ESC. GNU Emacs. Pavel Janík, CZLUG

Prezentaci ukončíte stiskem klávesy ESC. GNU Emacs. Pavel Janík, CZLUG Prezentaci ukončíte stiskem klávesy ESC. GNU Emacs Pavel Janík, CZLUG Editor nebo operační systém? Eight (eighty) megabytes and constantly swapping rozsáhlé možnosti jednoduché rozšiřování skvělá dokumentace

More information

Eugene Tsyrklevich. Ozone HIPS: Unbreakable Windows

Eugene Tsyrklevich. Ozone HIPS: Unbreakable Windows Eugene Tsyrklevich Eugene Tsyrklevich has an extensive security background ranging from designing and implementing Host Intrusion Prevention Systems to training people in research, corporate, and military

More information

Exploiting nginx chunked overflow bug, the undisclosed attack vector

Exploiting nginx chunked overflow bug, the undisclosed attack vector Exploiting nginx chunked overflow bug, the undisclosed attack vector Long Le longld@vnsecurity.net About VNSECURITY.NET CLGT CTF team 2 VNSECURITY.NET In this talk Nginx brief introduction Nginx chunked

More information

Chem 115 POGIL Worksheet - Week 4 Moles & Stoichiometry Answers

Chem 115 POGIL Worksheet - Week 4 Moles & Stoichiometry Answers Key Questions & Exercises Chem 115 POGIL Worksheet - Week 4 Moles & Stoichiometry Answers 1. The atomic weight of carbon is 12.0107 u, so a mole of carbon has a mass of 12.0107 g. Why doesn t a mole of

More information

Red Hat. www.redhat.com. By Karl Wirth

Red Hat. www.redhat.com. By Karl Wirth Red Hat Enterprise Linux 5 Security By Karl Wirth Abstract Red Hat Enterprise Linux has been designed by, and for, the most security-conscious organizations in the world. Accordingly, security has always

More information

C + + a G iriş 2. K o n tro l y a p ıla rı if/e ls e b re a k co n tin u e g o to sw itc h D ö n g ü le r w h ile d o -w h ile fo r

C + + a G iriş 2. K o n tro l y a p ıla rı if/e ls e b re a k co n tin u e g o to sw itc h D ö n g ü le r w h ile d o -w h ile fo r C + + a G iriş 2 K o n tro l y a p ıla rı if/e ls e b re a k co n tin u e g o to sw itc h D ö n g ü le r w h ile d o -w h ile fo r F o n k s iy o n la r N e d ir? N a s ıl k u lla n ılır? P ro to tip v

More information

Unit 16 : Software Development Standards O b jec t ive T o p r o v id e a gu ide on ho w t o ac h iev e so f t wa r e p r o cess improvement through the use of software and systems engineering standards.

More information

Gerd Behrmann CISS & Institut for Datalogi Aalborg Universitet. behrmann@cs.aau.dk

Gerd Behrmann CISS & Institut for Datalogi Aalborg Universitet. behrmann@cs.aau.dk Vaccine til mobilen Gerd Behrmann CISS & Institut for Datalogi Aalborg Universitet behrmann@cs.aau.dk Motivations Security Threats over Internet Complexity of Internet, Protocols and Applications are all

More information

Opis przedmiotu zamówienia - zakres czynności Usługi sprzątania obiektów Gdyńskiego Centrum Sportu

Opis przedmiotu zamówienia - zakres czynności Usługi sprzątania obiektów Gdyńskiego Centrum Sportu O p i s p r z e d m i o t u z a m ó w i e n i a - z a k r e s c z y n n o c i f U s ł u i s p r z» t a n i a o b i e k t ó w G d y s k i e C eo n t r u m S p o r t us I S t a d i o n p i ł k a r s k i

More information

G d y n i a U s ł u g a r e j e s t r a c j i i p o m i a r u c z a s u u c z e s t n i k ó w i m p r e z s p o r t o w y c h G d y s k i e g o O r o d k a S p o r t u i R e k r e a c j i w r o k u 2 0

More information

Red Hat Enterprise Linux for zseries, S/390: Extending Linux throughout the Datacenter

Red Hat Enterprise Linux for zseries, S/390: Extending Linux throughout the Datacenter Red Hat Enterprise Linux for zseries, S/390: Extending Linux throughout the Datacenter SHARE August 2004 Session 9283 Mike Ferris Enterprise OS Product Manager What Does Red Hat Do? From an engineering

More information

A Comparison of Buffer Overflow Prevention Implementations and Weaknesses

A Comparison of Buffer Overflow Prevention Implementations and Weaknesses A Comparison of Buffer Overflow Prevention Implementations and Weaknesses Written by: Peter Silberman and Richard Johnson 1875 Campus Commons Dr. Suite 210 Reston, VA 20191 Toll Free: 877.516.2974 Main:

More information

static void insecure (localhost *unix)

static void insecure (localhost *unix) static void insecure (localhost *unix) Eric Pancer epancer@infosec.depaul.edu Information Security Team DePaul University http://infosec.depaul.edu Securing UNIX Hosts from Local Attack p.1/32 Overview

More information

Computer Security CS 426. CS426 Fall 2010/Lecture 40 1

Computer Security CS 426. CS426 Fall 2010/Lecture 40 1 Computer Security CS 426 Review for Final Exam CS426 Fall 2010/Lecture 40 1 Basic Concepts Confidentiality Integrity Availability Authenticity Integrity (in communications) Non-repudiation Privacy (general

More information

CLASS TEST GRADE 11. PHYSICAL SCIENCES: CHEMISTRY Test 6: Chemical change

CLASS TEST GRADE 11. PHYSICAL SCIENCES: CHEMISTRY Test 6: Chemical change CLASS TEST GRADE PHYSICAL SCIENCES: CHEMISTRY Test 6: Chemical change MARKS: 45 TIME: hour INSTRUCTIONS AND INFORMATION. Answer ALL the questions. 2. You may use non-programmable calculators. 3. You may

More information

«С e n tra l- A s ia n E le c tric - P o w e r C o rp o ra tio n», JS C

«С e n tra l- A s ia n E le c tric - P o w e r C o rp o ra tio n», JS C J o in t - s t o c k c o m p C E N T R A L - A S IA N E L E C T R IC P O W a n y E R C O R P O R A T IO N I n t e r n a l A u d i t P O L IC Y o f J o in t - S t o c k C o m p a n y C E N T R A L - A S

More information

SELinux and grsecurity: A Side-by-Side Comparison of Mandatory Access Control and Access Control List Implementations

SELinux and grsecurity: A Side-by-Side Comparison of Mandatory Access Control and Access Control List Implementations SELinux and grsecurity: A Side-by-Side Comparison of Mandatory Access Control and Access Control List Implementations Michael Fox, John Giordano, Lori Stotler, Arun Thomas {mrf4u, jcg8f, les7j, at4a}@cs.virginia.edu

More information

Software Vulnerabilities

Software Vulnerabilities Software Vulnerabilities -- stack overflow Code based security Code based security discusses typical vulnerabilities made by programmers that can be exploited by miscreants Implementing safe software in

More information

NAAUSA Security Survey

NAAUSA Security Survey NAAUSA Security Survey 1. How would you rate the importance of each of the following AUSA security improvements. Very important Somewhat important Not too important Not at all important Secure parking

More information

Table 12: Availability Of Workers Compensation Insurance Through Homeowner s Insurance By Jurisdiction

Table 12: Availability Of Workers Compensation Insurance Through Homeowner s Insurance By Jurisdiction AL No 2 Yes No See footnote 2. AK No Yes No N/A AZ Yes Yes Yes No specific coverage or rate information available. AR No Yes No N/A CA Yes No No Section 11590 of the CA State Insurance Code mandates the

More information

Betriebssysteme KU Security

Betriebssysteme KU Security Betriebssysteme KU Security IAIK Graz University of Technology 1 1. Drivers 2. Security - The simple stuff 3. Code injection attacks 4. Side-channel attacks 2 1. Drivers 2. Security - The simple stuff

More information

U.S. Department of Housing and Urban Development: Weekly Progress Report on Recovery Act Spending

U.S. Department of Housing and Urban Development: Weekly Progress Report on Recovery Act Spending U.S. Department of Housing and Urban Development: Weekly Progress Report on Recovery Act Spending by State and Program Report as of 3/7/2011 5:40:51 PM HUD's Weekly Recovery Act Progress Report: AK Grants

More information

Light-Weight and Resource Efficient OS-Level Virtualization Herbert Pötzl

Light-Weight and Resource Efficient OS-Level Virtualization Herbert Pötzl Light-Weight and Resource Efficient OS-Level Virtualization 1 Introduction Computers have become sufficiently powerful to use virtualization to create the illusion of many smaller virtual machines, each

More information

Embedded Linux development with Buildroot training 3-day session

Embedded Linux development with Buildroot training 3-day session Embedded Linux development with training 3-day session Title Overview Duration Trainer Language Audience Embedded Linux development with training Introduction to Managing and building the configuration

More information

The Lincoln National Life Insurance Company Variable Life Portfolio

The Lincoln National Life Insurance Company Variable Life Portfolio The Lincoln National Life Insurance Company Variable Life Portfolio State Availability as of 12/14/2015 PRODUCTS AL AK AZ AR CA CO CT DE DC FL GA GU HI ID IL IN IA KS KY LA ME MP MD MA MI MN MS MO MT NE

More information

All answers must use the correct number of significant figures, and must show units!

All answers must use the correct number of significant figures, and must show units! CHEM 10113, Quiz 2 September 7, 2011 Name (please print) All answers must use the correct number of significant figures, and must show units! IA Periodic Table of the Elements VIIIA (1) (18) 1 2 1 H IIA

More information

...e SELinux fosse più sicuro?...and if Linux was more secure? (Play on words with the Italian language)

...e SELinux fosse più sicuro?...and if Linux was more secure? (Play on words with the Italian language) ...e SELinux fosse più sicuro?...and if Linux was more secure? (Play on words with the Italian language) Marco Pizzoli IMOLUG: Imola e Faenza Linux Users Group www.imolug.org 1 About the speaker... System

More information

Přednášející... Kamil Juřík. kamil.jurik@prosharepoint.cz. Lead Consultant & Platform Architect

Přednášející... Kamil Juřík. kamil.jurik@prosharepoint.cz. Lead Consultant & Platform Architect Přednášející... Kamil Juřík Lead Consultant & Platform Architect kamil.jurik@prosharepoint.cz Microsoft Most Valuable Professional: SharePoint Server Microsoft Certified Trainer Microsoft Certified IT

More information

U S B Pay m e n t P r o c e s s i n g TM

U S B Pay m e n t P r o c e s s i n g TM U S B Pay m e n t P r o c e s s i n g T h a t s S m a r t P r o c e s s i n g TM USB was simple to enroll in. They had competitive rates and all the fees were listed clearly with no surprises. Everyone

More information

Laboratorio di Sistemi Operativi Anno Accademico 2009-2010

Laboratorio di Sistemi Operativi Anno Accademico 2009-2010 Laboratorio di Sistemi Operativi Anno Accademico 2009-2010 Software Development with umps Part 2 Mauro Morsiani Copyright Permission is granted to copy, distribute and/or modify this document under the

More information

umps software development

umps software development Laboratorio di Sistemi Operativi Anno Accademico 2006-2007 Software Development with umps Part 2 Mauro Morsiani Software development with umps architecture: Assembly language development is cumbersome:

More information

Odhad - Outlook 7800 KB/den/uživatele, tedy: (100 už. x 7800 KB x 8 b) / (8 h x 3600 s) = 216 Kbps Odhad Ve špičce - OWA 432 Kbps 36 330

Odhad - Outlook 7800 KB/den/uživatele, tedy: (100 už. x 7800 KB x 8 b) / (8 h x 3600 s) = 216 Kbps Odhad Ve špičce - OWA 432 Kbps 36 330 Odhad - Outlook 7800 KB/den/uživatele, tedy: (100 už. x 7800 KB x 8 b) / (8 h x 3600 s) = 216 Kbps Odhad Ve špičce - OWA 432 Kbps 36 330 KB/den/uživatele, tedy: (100 už. x 36 330 KB x 8 b) / (8 h x 3600

More information

S e w i n g m a c h i n e s for but t - seams. - c o m p l e t e b r o c h u r e -

S e w i n g m a c h i n e s for but t - seams. - c o m p l e t e b r o c h u r e - S e w i n g m a c h i n e s for but t - seams - c o m p l e t e b r o c h u r e - D o h l e s e w i n g m a c h i n e s f o r b u t t - s e a m s Head Office D o h l e m a n u f a c t u re b u t t s e

More information

online magazine first edition 2009 berkeley club of france - online magazine - first edition 2009 berkeley club of france

online magazine first edition 2009 berkeley club of france - online magazine - first edition 2009 berkeley club of france berkeley club of france - online magazine - first edition 2009 online magazine first edition 2009 berkeley club of france in this issue... The BCF Online Magazine Published by the Berkeley Club of France

More information

Use Cases for Docker in Enterprise Linux Environment CloudOpen North America, 2014 Linda Wang Sr. Software Engineering Manager Red Hat, Inc.

Use Cases for Docker in Enterprise Linux Environment CloudOpen North America, 2014 Linda Wang Sr. Software Engineering Manager Red Hat, Inc. Use Cases for Docker in Enterprise Linux Environment CloudOpen North America, 2014 Linda Wang Sr. Software Engineering Manager Red Hat, Inc. 1 2 Containerize! 3 Use Cases for Docker in the Enterprise Linux

More information

WLA-5000AP. Quick Setup Guide. English. Slovensky. Česky. 802.11a/b/g Multi-function Wireless Access Point

WLA-5000AP. Quick Setup Guide. English. Slovensky. Česky. 802.11a/b/g Multi-function Wireless Access Point 802.11a/b/g Multi-function Wireless Access Point Quick Setup Guide 1 5 Česky 9 Important Information The AP+WDS mode s default IP address is 192.168.1.1 The Client mode s default IP is 192.168.1.2 The

More information

Như ng kiê n thư c câ n biê t vê giâ y phe p cư tru điê n tư (eat)

Như ng kiê n thư c câ n biê t vê giâ y phe p cư tru điê n tư (eat) Như ng kiê n thư c câ n biê t vê giâ y phe p cư tru điê n tư (eat) www.bamf.de/eaufenthaltstitel Mu c lu c Mu c lu c 1 Giâ y phe p cư tru điê n tư 5 2 Tâ m a nh va ca c dâ u ngo n tay 7 3 Ca c qui đi

More information

G S e r v i c i o C i s c o S m a r t C a r e u ي a d e l L a b o r a t o r i o d e D e m o s t r a c i n R ل p i d a V e r s i n d e l S e r v i c i o C i s c o S m a r t C a r e : 1 4 ع l t i m a A c

More information

Netradiční informační zdroje ve vzdělávání: vliv Personal Learning Environments (PLEs) na informační zdroje a hodnocení přenosu znalostí

Netradiční informační zdroje ve vzdělávání: vliv Personal Learning Environments (PLEs) na informační zdroje a hodnocení přenosu znalostí Netradiční informační zdroje ve vzdělávání: vliv Personal Learning Environments (PLEs) na informační zdroje a hodnocení přenosu znalostí Jakub Štogr ~ Univerzita Karlova v Praze INFORUM ~ Praha ~ 2010

More information

TL 3x TL 3xP. RozmÏry (mm) Dimensions Obr zek Drawing Typ ñ Type D max. RozmÏry (mm) Dimensions Obr zek Drawing TL 35P TL 36P 15 40 43,2 43 22,3 24,8

TL 3x TL 3xP. RozmÏry (mm) Dimensions Obr zek Drawing Typ ñ Type D max. RozmÏry (mm) Dimensions Obr zek Drawing TL 35P TL 36P 15 40 43,2 43 22,3 24,8 TOROIDNÕ TLUMIVKY PROUDOVÃ KOMPENZOVAN TL 3x TL 3xP CURRENT COMPENSATED TOROID CHOKES Typ ñ Type D max h max TL 32 TL 33 TL 34 TL 35 TL 36 19,2 25 3 39,5 8 9,7 13,4,7 21 Typ ñ Type TL 32P TL 33P TL 34P

More information

Secure computing: SELinux

Secure computing: SELinux Secure computing: SELinux Michael Wikberg Helsinki University of Technology Michael.Wikberg@wikberg.fi Abstract Using mandatory access control greatly increases the security of an operating system. SELinux,

More information

Overview April 13, 2007 Copyright 2007 Tenable Network Security, Inc.

Overview April 13, 2007 Copyright 2007 Tenable Network Security, Inc. Overview Introductions Linux Usage at Tenable Linux Usage in our Products Linux Usage at our Customers Horror Stories!!!! Discussion Linux Appliances Discussion VMWARE and Linux Discussion Linux/RedHat/SuSE

More information

Effects of Memory Randomization, Sanitization and Page Cache on Memory Deduplication

Effects of Memory Randomization, Sanitization and Page Cache on Memory Deduplication Effects of Memory Randomization, Sanitization and Page Cache on Memory Deduplication Kuniyasu Suzaki, Kengo Iijima, Toshiki Yagi, Cyrille Artho Research Institute for Secure Systems EuroSec 2012 at Bern,

More information

SCHOOL PESTICIDE SAFETY AN D IN TEG R ATED PEST M AN AG EM EN T Statutes put into law by the Louisiana Department of Agriculture & Forestry to ensure the safety and well-being of children and school personnel

More information

The Periodic Table and Periodic Law

The Periodic Table and Periodic Law The Periodic Table and Periodic Law Section 6.1 Development of the Modern Periodic Table In your textbook, reads about the history of the periodic table s development. Use each of the terms below just

More information

YOUTUBE 4.0. Postup upgrade Youtube z Youtube 3.1 na Youtube 4.0 pro produkty EAGET X5R, M6, M7 a M9:

YOUTUBE 4.0. Postup upgrade Youtube z Youtube 3.1 na Youtube 4.0 pro produkty EAGET X5R, M6, M7 a M9: YOUTUBE 4.0 Postup upgrade Youtube z Youtube 3.1 na Youtube 4.0 pro produkty EAGET X5R, M6, M7 a M9: 1) V puštěném přehrávači EAGET zjistěte IP adresu vašeho zařízení (Nastavení - Systém - Síť - "IP adresa

More information

E-learning and Student Mobility in Higher Education. BEST Symposium on Education, Gothenburg 2 nd June 10 th June; 2007

E-learning and Student Mobility in Higher Education. BEST Symposium on Education, Gothenburg 2 nd June 10 th June; 2007 E-learning and Student Mobility in Higher Education BEST Symposium on Education, Gothenburg 2 nd June 10 th June; 2007 Ta b l e of Contents Board of European Students of Technology TABLE OF CONTENTS...2

More information

Der Bologna- P roz es s u nd d i e S t aat s ex am Stefan Bienefeld i na Service-St el l e B o l o g n a d er H R K Sem in a r D er B o l o g n a P ro z es s U m s et z u n g u n d M it g es t a l t u

More information

Survey of Filesystems for Embedded Linux. Presented by Gene Sally CELF

Survey of Filesystems for Embedded Linux. Presented by Gene Sally CELF Survey of Filesystems for Embedded Linux Presented by Gene Sally CELF Presentation Filesystems In Summary What is a filesystem Kernel and User space filesystems Picking a root filesystem Filesystem Round-up

More information

System Management. Leif Nixon. a security perspective 1/37

System Management. Leif Nixon. a security perspective 1/37 1/37 System Management a security perspective Leif Nixon 2/37 System updates Should we ever update the system? Some common update strategies: 1. If it works, don t touch it! 2. We pick and choose the most

More information

Linux OS-Level Security Nikitas Angelinas MSST 2015

Linux OS-Level Security Nikitas Angelinas MSST 2015 Linux OS-Level Security Nikitas Angelinas MSST 2015 Agenda SELinux SELinux issues Audit subsystem Audit issues Further OS hardening 2 SELinux Security-Enhanced Linux Is NOT a Linux distribution A kernel

More information

R e t r o f i t o f t C i r u n i s g e C o n t r o l

R e t r o f i t o f t C i r u n i s g e C o n t r o l R e t r o f i t o f t C i r u n i s g e C o n t r o l VB Sprinter D e s c r i p t i o n T h i s r e t r o f i t c o n s i s t s o f i n s t a l l i n g a c r u i s e c o n t r o l s wi t c h k i t i n

More information

Installation manual Wireless Keypad

Installation manual Wireless Keypad Advanced Operations Please know exactly what you are doing when processing the operations below. It could cause errors or erase settings which make keypad stop working. Please disarm from keypad before

More information

Come stà. Domenico Maria Ferrabosco (Bologna 1513-1574) Cantus. - ta, _e vo - lon - tie - ri M'al -le-gro _e can -to _en. Io mi son gio vi.

Come stà. Domenico Maria Ferrabosco (Bologna 1513-1574) Cantus. - ta, _e vo - lon - tie - ri M'al -le-gro _e can -to _en. Io mi son gio vi. Cantus Altus Io mi son giovinetta Come stà Domenico Maria Ferrabosco (Bologna 1513-1574) Io mi son gio - vi -net - ta, _e vo - lon - tie - ri M'al -le-gro _e can -to _en Io mi son gio - vi - net - ta,

More information

Using Predictive Modeling to Reduce Claims Losses in Auto Physical Damage

Using Predictive Modeling to Reduce Claims Losses in Auto Physical Damage Using Predictive Modeling to Reduce Claims Losses in Auto Physical Damage CAS Loss Reserve Seminar 23 Session 3 Private Passenger Automobile Insurance Frank Cacchione Carlos Ariza September 8, 23 Today

More information

LINUX NETWORK SECURITY

LINUX NETWORK SECURITY LINUX NETWORK SECURITY PETER G. SMITH CHARLES CHARLES RIVER MEDIA, INC. Hingham, Massachusetts Contents Preface xvii 1 Introduction: The Need For Security 1 1.1 Introducing the Enemy 1 The Hacker Myth

More information

I Control Your Code Attack Vectors Through the Eyes of Software-based Fault Isolation. Mathias Payer, ETH Zurich

I Control Your Code Attack Vectors Through the Eyes of Software-based Fault Isolation. Mathias Payer, ETH Zurich I Control Your Code Attack Vectors Through the Eyes of Software-based Fault Isolation Mathias Payer, ETH Zurich Motivation Applications often vulnerable to security exploits Solution: restrict application

More information

Inform e-commerce Reference Guide

Inform e-commerce Reference Guide Inform e-commerce Reference Guide Logging...2 In Placing an...2 Order Searching for...2 Products Using the Order...3 Pad Reviewing your...4 Shopping Cart Using Saved Shopping...4 Carts Checking Out...5

More information

Video conferencing in Teaching Cross-cultural Competences

Video conferencing in Teaching Cross-cultural Competences Video conferencing in Teaching Cross-cultural Competences Marke ta Denksteinova and Stellan Sundh Abstract: International communication in business requires adequate skills in English. For this purpose,

More information

WHITEPAPER INTRODUCTION TO CONTAINER SECURITY. Introduction to Container Security

WHITEPAPER INTRODUCTION TO CONTAINER SECURITY. Introduction to Container Security Introduction to Container Security Table of Contents Executive Summary 3 The Docker Platform 3 Linux Best Practices and Default Docker Security 3 Process Restrictions 4 File & Device Restrictions 4 Application

More information