Overview. SELinux Policy. Security Services. IA Paradigm. Recent Trend. IA Paradigm
|
|
- Eugene Sharp
- 7 years ago
- Views:
Transcription
1 Overview SELinux Policy CMSC 426/626 Background Includes Some Review from last talk Motivation for MAC SELinux Policy Type Enforcement RBAC SELinux Big Picture for Access Control Security Services Describe the Inner Dependencies of The Security Mechanisms for Information Assurance I&A IA Paradigm The Ying & Yang of Information Assurance CND MAC Audit DAC Think Dependency Lines. Not a DAG. CNE CNA IA Paradigm Computer Network Attack The Big Ds Deny Degrade Disrupt Deceive Damage Destroy Recent Trend Got BotNet? Raise of the Bots Viruses are Out; Bots are In! Example presentation titles from this past summer s ARO Workshop. 1
2 Security Quotes If I own your machine and you patch it, I still own your machine. PDR Defensive Model Protect Corollary: A popped box patched is still popped Response Detect IMHO, Recovery Response Protect Defensive Model Detect Patch: today s Response to new vulnerabilities. IDS, IPS response Quarantine Recovery Response Discover Patch Prepare Publish Motivation Discretionary Access Control Not Sufficient Malicious software runs with all the privilege of the compromised application or user The classical Trojan Horse Example from last class Consider today s Active Content PDF, PS, DOC, XLS, JPEG, HTML Javascript, Java Applets, attachments Truly a Threat Motivation DAC is not sufficient Need systems with MAC Least Privilege Principle MAC limits what can be accessed Subjects Program vs. Process A process has state A program in motion Subjects Active entities that access objects. Process State includes identity of the user 2
3 Objects Entity to which access is granted Regular files, directories, file descriptors, block & char devices, FIFO pipes, links, sockets, memory Processes Can be objects too SELinux 2 Types: Transient Object (processes, data) Persistent Object Example Security Classes for Objects blk_file, dir, fd, fifo_file, file, filesystem, link_file Subject & Objects Subjects act upon objects Security Quotes Security Bake it in don t Brush it on SELinux Policy SELinux Commands SELinux Administrator commands chcon, checkpolicy, getenforce, newrole, run_init, setenforce, setfiles Modified Linux commands cp, mv,, id, ls, ps, ssh, etc. SELinux policy builder & analysis Additional tools apol SELinux Additional Tools apol analyze a SELinux policy. sediff policy semantic diff tool for SELinux. seaudit analyze audit messages from SELinux. seaudit-report generate highly-customized audit log reports. 3
4 SELinux Additional Tools SELinux Apol secmds command-line tool to analyze and search SELinux policy. sechecker A command line tool for performing modular checks on an SELinux policy. [Tresys] SELinux Apol Security Quotes There are no bugs, just un documented features. --Anonymous, Humor [Tresys] Classically, TE used A Note First Type Domain SELinux calls everything a Type Then discusses Domains and Types For clarity. E.g., snort_t <-- This is a Domain! There are also type commands to define Domains (and Types) ;-( SELinux Policy Access Control policy decision is a Hybrid Access Control Model of TE MAC and RBAC With Classical Unix DAC 4
5 Security Context Equivalency Classes for related Subjects Objects Similar Subjects can be grouped and similar objects can be grouped. [McCarty] Security Attributes Specific attributes are assigned to subjects and objects to clarify how their control and access to them. Three attributes: Type (Domain) User Role See these in the policy files Security Attributes Security Attributes Security Attribute Type (Domain) User Role Suffix (policy file token) _t (no suffix) _r Example snort_t root sysadm_r Type Most common Security Attribute Look for Allow statements In the policy files Type is from Type Enforcement (TE) Classically: Domain and Type, but SELinux uses them synonymously Contrary to the classical intent of TE Security Phrases You cannot do security through righteous indignation The process of security must blend well into the business practices of the organization. Never, force the need for security after an incident. The organization will resent your actions.» What does this say for Red Teaming? Customizable SELinux Policy File Local, and flexible security policy Binary File loaded at boot Makefile to build /etc/security/selinux/src/policy policy.conf Compiled to binary Make checkpolicy 5
6 Policy Build Process SELinux Policy Files Object classes TE Files RBAC Files User Declarations Security Context Constraints CAT Policy.conf file checkpolicy Binary Policy Load_policy [McCarty] % wc policy.conf ~250,000 Kernel File Context (FC) File Defines the Domain Recall principle from Type Enforcement Lists the security context for objects Files and directories By convention Name of the program or server Type Enforcement (TE) Files SELinux FC & TE Files SELinux FC File Distribute Handout # SNORT /usr/(s)?bin/snort /etc/snort(/.*)? /var/log/snort(/.*)? Flag Column -- ordinary file -- system_u:object_r:snort_exec_t system_u:object_r:snort_etc_t system_u:object_r:snort_log_t The Objects In Columns of Regex Label assigned to each object SELinux TE File Type command Like a C type statement Use this to define TE Types Allow command Default: fail closed Thus, allow quite common to grant access Can expressly prohibit E.g, auditdeny Macros M4 macro processor Any sendmail admins? SELinux TE File Type snort_etc_t, file_type, sysadmfile; Defines a Type 3rd line of FC Snort snort_t etc_t:file {getattr read }; Processes in this Domain have access to read and can get attributes To files labeled with the etc_t. { a list of access rights} 6
7 Question Assume that the Unix init process is Assigned to initrc_t domain What access does init have to snort protected files? Macro # can_network(domain define(`can_network',` allow $1 self:udp_socket create_socket_perms; allow $1 self:tcp_socket create_stream_socket_perms; allow $1 netif_type:netif { tcp_send udp_send rawip_send }; allow $1 netif_type:netif { tcp_recv udp_recv rawip_recv }; allow $1 node_type:node { tcp_send udp_send rawip_send }; allow $1 node_type:node { tcp_recv udp_recv rawip_recv }; allow $1 port_type:{ tcp_socket udp_socket } \ { send_msg recv_msg };... allow $1 net_conf_t:file r_file_perms; ')dnl end can_network definition Security Phrases Write once distribute many An adversary s response to a defenders No attacker will reverse engineering my system. RBAC Role Based Access Control Limits a user (and thus a process) to certain domains. For example, the Role sysadmin_r Is accessible to only the Administrator and not other users. RBAC Transitions 1. Users have Roles, and thus, their processes too 2. Transition to assigned roles only, and authorized Role 1 Role 2 Role 1 1 N X 1 Unassigned Role X RBAC User attribute Associates SELinux users with roles user root roles { staff_r system_r }; user admin roles sysadmin; user ordinary roles { user_r }; 7
8 RBAC Roles are associated with Domains To permit access In the.te file Example, both permitted to ping_t Domain role sysadm_r types ping_t; role system_r types ping_t; SELinux Access Control A user is assigned to roles DAC rolex_r Protection Bits Roles are associated with Domains ping_t Snort_t MAC Snort_log_t When access to an object is attempted. The access rights for the type are consulted. Security Quotes References Humans are incapable of securely storing high-quality cryptographic keys, and they have unacceptable speed and accuracy when performing cryptographic operations. (They are also large, expensive to maintain, difficult to manage, and they pollute the environment. It is astonishing that these devices continue to be manufactured and deployed. But they are sufficiently pervasive that we must design our protocols around their limitations.) --Kaufman, Perlman, and Spencer Private Communication in a Public World, [McCarty] Bill McCarty, SELinux: NSA s Open Source Security Enhanced Linux, O Reilly, [Tresys] Apol: Analyze a SELinux Policy, Fini Thanks! 8
Linux Security on HP Servers: Security Enhanced Linux. Abstract. Intended Audience. Technical introduction
Linux Security on HP Servers: Security Enhanced Linux Technical introduction This white paper -- one in a series of Linux security white papers -- discusses Security Enhanced Linux (SELinux), a mandatory
More informationSELinux course. Ing. Pavol Lupták, CISSP, CEH Lead Security Consultant, Nethemba s.r.o.
SELinux course Ing. Pavol Lupták, CISSP, CEH Lead Security Consultant, Nethemba s.r.o. SELinux history I. Originally a development project from the National Security Agency (NSA) Implementation of the
More informationSecurity Enhanced Linux and the Path Forward
Security Enhanced Linux and the Path Forward April 2006 Justin Nemmers Engineer, Red Hat Agenda System security in an insecure world Red Hat Enterprise Linux Security Features An overview of Discretionary
More informationNetworking in NSA Security-Enhanced Linux
Networking in NSA Security-Enhanced Linux James Morris Abstract Break through the complexity of SE Linux with a working example that shows how to add SE Linux protection to a simple network server. This
More informationConfining the Apache Web Server with Security-Enhanced Linux
Confining the Apache Web Server with Security-Enhanced Linux Michelle J. Gosselin, Jennifer Schommer mgoss@mitre.org, jschommer@mitre.org Keywords: Operating System Security, Web Server Security, Access
More informationObject Classes and Permissions
Object Classes and Permissions Security Policy Development Primer for Security Enhanced Linux (Module 5) 2 SE Linux Policy Structure Top-level sections of policy.conf: Flask definitions object classes,
More informationSELinux. Security Enhanced Linux
SELinux Security Enhanced Linux Introduction and brief overview. Copyright 2005 by Paweł J. Sawicki http://www.pawel-sawicki.com/ Agenda DAC Discretionary Access Control ACL Access Control Lists MAC Mandatory
More informationWindows Security. CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger. www.cse.psu.edu/~tjaeger/cse497b-s07/
Windows Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/ Windows Security 0 to full speed No protection system in early versions
More informationCMSC 421, Operating Systems. Fall 2008. Security. URL: http://www.csee.umbc.edu/~kalpakis/courses/421. Dr. Kalpakis
CMSC 421, Operating Systems. Fall 2008 Security Dr. Kalpakis URL: http://www.csee.umbc.edu/~kalpakis/courses/421 Outline The Security Problem Authentication Program Threats System Threats Securing Systems
More informationTrusted RUBIX TM. Version 6. Installation and Quick Start Guide Red Hat Enterprise Linux 6 SELinux Platform. Revision 6
Trusted RUBIX TM Version 6 Installation and Quick Start Guide Red Hat Enterprise Linux 6 SELinux Platform Revision 6 RELATIONAL DATABASE MANAGEMENT SYSTEM Infosystems Technology, Inc. 4 Professional Dr
More informationRole-Based Access Control (RBAC)
CIS/CSE 785: Computer Security (Syracuse University) RBAC: 1 1 Motivation Role-Based Access Control (RBAC) With many capabilities and privileges in a system, it is difficult to manage them, such as assigning
More informationCSE543 - Introduction to Computer and Network Security. Module: Reference Monitor
CSE543 - Introduction to Computer and Network Security Module: Reference Monitor Professor Trent Jaeger 1 Living with Vulnerabilities So, software is potentially vulnerable In a variety of ways So, how
More informationBM482E Introduction to Computer Security
BM482E Introduction to Computer Security Lecture 7 Database and Operating System Security Mehmet Demirci 1 Summary of Lecture 6 User Authentication Passwords Password storage Password selection Token-based
More informationSecure computing: SELinux
Secure computing: SELinux Michael Wikberg Helsinki University of Technology Michael.Wikberg@wikberg.fi Abstract Using mandatory access control greatly increases the security of an operating system. SELinux,
More informationRHS429 - Red Hat Enterprise SELinux Policy Administration
RHS429 - Red Hat Enterprise SELinux Policy Administration Duration/Training Format /Global 04 Days (32 Hrs.) Instructor-Led Training Course Summary RHS429 introduces advanced system administrators, security
More informationContents III: Contents II: Contents: Rule Set Based Access Control (RSBAC) 4.2 Model Specifics 5.2 AUTH
Rule Set Based Access Control (RSBAC) Linux Kernel Security Extension Tutorial Amon Ott Contents: 1 Motivation: Why We Need Better Security in the Linux Kernel 2 Overview of RSBAC 3 How
More informationCS 356 Lecture 25 and 26 Operating System Security. Spring 2013
CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control
More informationChapter 15 Operating System Security
Operating Systems: Internals and Design Principles Chapter 15 Operating System Security Eighth Edition By William Stallings System Access Threats System access threats fall into two general categories:
More informationOracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data
Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data Will Fiveash presenter, Darren Moffat author Staff Engineer Solaris Kerberos Development Safe Harbor Statement The following
More informationJ-202. IT 4823 Information Security Administration. Linux Security Model. Linux Security. In Room. Linux Security April 23
Final Exam Final exam date: May 5, 4:00 5:50 PM. IT 4823 Information Security Administration Linux Security April 23 In Room J-202 Notice: This session is being recorded. Lecture slides prepared by Dr
More informationFirewalls Overview and Best Practices. White Paper
Firewalls Overview and Best Practices White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information use only, does not
More informationLinux Operating System Security
Linux Operating System Security Kenneth Ingham and Anil Somayaji September 29, 2009 1 Course overview This class is for students who want to learn how to configure systems to be secure, test the security
More informationHow I Learned to Stop Worrying and Love Compliance Ron Gula, CEO Tenable Network Security
How I Learned to Stop Worrying and Love Compliance Ron Gula, CEO Tenable Network Security PART 1 - COMPLIANCE STANDARDS PART 2 SECURITY IMPACT THEMES BUILD A MODEL THEMES MONITOR FOR FAILURE THEMES DEMONSTRATE
More informationSELinux Policy Editor RBAC(Role Based Access Control) guide (for Ver 2.0))
SELinux Policy Editor RBAC(Role Based Access Control) guide (for Ver 2.0)) Yuichi Nakamura July 3, 2006 Contents 1 What is RBAC 2 1.1 Overview............................... 2 1.2 How RBAC works in SELinux....................
More informationWhite Paper Levels of Linux Operating System Security
White Paper Levels of Linux Operating System Security Owl Approach to the Hardening of Linux Abstract Cross Domain Solutions produced by Owl Computing Technologies, Inc., running on Security Enhanced (SE)
More informationGuidelines for Website Security and Security Counter Measures for e-e Governance Project
and Security Counter Measures for e-e Governance Project Mr. Lalthlamuana PIO, DoICT Background (1/8) Nature of Cyber Space Proliferation of Information Technology Rapid Growth in Internet Increasing Online
More informationAdobe Flash Player and Adobe AIR security
Adobe Flash Player and Adobe AIR security Both Adobe Flash Platform runtimes Flash Player and AIR include built-in security and privacy features to provide strong protection for your data and privacy,
More informationHomeland Security Red Teaming
Homeland Security Red Teaming Directs intergovernmental coordination Specifies Red Teaming Viewing systems from the perspective of a potential adversary Target hardening Looking for weakness in existing
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 24 Windows and Windows Vista Security First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Windows and Windows Vista Security
More informationIntroduction to Operating Systems
Introduction to Operating Systems It is important that you familiarize yourself with Windows and Linux in preparation for this course. The exercises in this book assume a basic knowledge of both of these
More informationSecuring Data in a RHEL SELinux Multi-Level Secure Environment
Securing Data in a RHEL SELinux Multi-Level Secure Environment 201504 MLS Overview Red Hat Enterprise Linux (RHEL) forms the foundation of the Multi-Level Security (MLS) system Security Enhanced Linux
More informationFirewalls. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49. Firewall Design Principles
Firewalls Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Firewall Design Principles Firewall Characteristics Types of Firewalls Firewall Configurations
More informationHost Hardening. OS Vulnerability test. CERT Report on systems vulnerabilities. (March 21, 2011)
Host Hardening (March 21, 2011) Abdou Illia Spring 2011 CERT Report on systems vulnerabilities Source: CERT Report @ http://www.kb.cert.org/vuls/bymetric 2 OS Vulnerability test Source: http://www.omninerd.com/articles/2006_operating_system_vulnerabilit
More informationSystem Security Policy Management: Advanced Audit Tasks
System Security Policy Management: Advanced Audit Tasks White Paper October 6, 2005 2005 Altiris Inc. All rights reserved. ABOUT ALTIRIS Altiris, Inc. is a pioneer of IT lifecycle management software that
More informationCedric Rajendran VMware, Inc. Security Hardening vsphere 5.5
Cedric Rajendran VMware, Inc. Security Hardening vsphere 5.5 Agenda Security Hardening vsphere 5.5 ESXi Architectural Review ESXi Software Packaging The ESXi Firewall ESXi Local User Security Host Logs
More informationCSE331: Introduction to Networks and Security. Lecture 32 Fall 2004
CSE331: Introduction to Networks and Security Lecture 32 Fall 2004 Hackers / Intruders External attacks Typical hacker Exploits carried out remotely Does not have an account on the remote machine Insider
More information...e SELinux fosse più sicuro?...and if Linux was more secure? (Play on words with the Italian language)
...e SELinux fosse più sicuro?...and if Linux was more secure? (Play on words with the Italian language) Marco Pizzoli IMOLUG: Imola e Faenza Linux Users Group www.imolug.org 1 About the speaker... System
More informationLinux Security Ideas and Tips
Linux Security Ideas and Tips Hugh Brown Sr. Systems Administrator ITS Enterprise Infrastructure University of Iowa October 8, 2014 Hugh Brown (University of Iowa) Linux Security Ideas and Tips October
More informationW3Perl A free logfile analyzer
W3Perl A free logfile analyzer Features Works on Unix / Windows / Mac View last entries based on Perl scripts Web / FTP / Squid / Email servers Session tracking Others log format can be added easily Detailed
More informationAddressing the United States CIO Office s Cybersecurity Sprint Directives
RFP Response Addressing the United States CIO Office s Cybersecurity Sprint Directives How BeyondTrust Helps Government Agencies Address Privileged Account Management and Improve Security July 2015 Addressing
More informationSecuring Linux Servers Best Practice Document
Securing Linux Servers Best Practice Document Miloš Kukoleča Network Security Engineer CNMS Workshop, Prague 25-26 April 2016 Motivation Majority of production servers in academic environment are run by
More informationLotus Domino Security
An X-Force White Paper Lotus Domino Security December 2002 6303 Barfield Road Atlanta, GA 30328 Tel: 404.236.2600 Fax: 404.236.2626 Introduction Lotus Domino is an Application server that provides groupware
More informationA Simple Implementation and Performance Evaluation Extended-Role Based Access Control
A Simple Implementation and Performance Evaluation Extended-Role Based Access Control Wook Shin and Hong Kook Kim Dept. of Information and Communications, Gwangju Institute of Science and Technology, 1
More information4. Getting started: Performing an audit
4. Getting started: Performing an audit Introduction Security scans enable systems administrators to identify and assess possible risks within a network. Through GFI LANguard N.S.S. this is performed automatically,
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationLectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003
Lectures 9 Advanced Operating Systems Fundamental Security Computer Systems Administration TE2003 Lecture overview At the end of lecture 9 students can identify, describe and discuss: Main factors while
More information83-10-35 A New Security Model for Networks and the Internet Dan Thomsen Payoff
83-10-35 A New Security Model for Networks and the Internet Dan Thomsen Payoff Computer security is a matter of controlling how data is shared for reading and modifying. Type enforcement is a new security
More informationWhat s New in Centrify Server Suite 2014
CENTRIFY SERVER SUITE 2014 WHAT S NEW What s New in Centrify Server Suite 2014 The new Centrify Server Suite 2014 introduces major new features that simplify risk management and make regulatory compliance
More informationHost Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1
Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A
More informationDid you know your security solution can help with PCI compliance too?
Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment
More informationArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young
ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction
More informationContents Introduction xxvi Chapter 1: Understanding the Threats: E-mail Viruses, Trojans, Mail Bombers, Worms, and Illicit Servers
Contents Introduction xxvi Chapter 1: Understanding the Threats: E-mail Viruses, Trojans, Mail Bombers, Worms, and Illicit Servers 1 Introduction 2 Essential Concepts 3 Servers, Services, and Clients 3
More informationMake a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.
CMSC 355 Lab 3 : Penetration Testing Tools Due: September 31, 2010 In the previous lab, we used some basic system administration tools to figure out which programs where running on a system and which files
More informationOS with Enhanced Security Functions for Protecting Information Systems against Unauthorized Access, Viruses, and Worms
OS with Enhanced Security Functions for Protecting Information Systems against Unauthorized Access, Viruses, and Worms Jumpei Watase, Yoichi Hirose, and Mitsutaka Itoh Abstract As information-network technology
More informationCAPSICUM. Practical capabilities for UNIX. 19 th USENIX Security Symposium 11 August 2010 - Washington, DC. Robert N. M. Watson
CAPSICUM Practical capabilities for UNIX 19 th USENIX Security Symposium 11 August 2010 - Washington, DC Robert N. M. Watson Jonathan Anderson Ben Laurie Kris Kennaway Google UK Ltd FreeBSD Project University
More informationApplication Firewalls
Application Moving Up the Stack Advantages Disadvantages Example: Protecting Email Email Threats Inbound Email Different Sublayers Combining Firewall Types Firewalling Email Enforcement Application Distributed
More informationSecure to the Core: The Next Generation Secure Operating System from CyberGuard
Secure to the Core: The Next Generation Secure Operating System from CyberGuard Paul A. Henry MCP+I, MCSE, CCSA, CCSE, CFSA, CFSO, CISSP, CISM, CISA Senior Vice President CyberGuard Corp A CyberGuard Corporation
More informationProject 2: Firewall Design (Phase I)
Project 2: Firewall Design (Phase I) CS 161 - Joseph/Tygar November 12, 2006 1 Edits If we need to make clarifications or corrections to this document after distributing it, we will post a new version
More informationRapid AIX Security Hardening with Trusted Execution (TE) AIX schnell absichern mit Trusted Execution Andreas Leibl, RSTC Ltd
IBM Power Systems und Systems Management Symposium 30.05. - 01.06.2011 Rapid AIX Security Hardening with Trusted Execution (TE) AIX schnell absichern mit Trusted Execution Andreas Leibl, RSTC Ltd Andreas
More informationINFOBrief. Red Hat Enterprise Linux 4. Key Points
INFOBrief Red Hat Enterprise Linux 4 Key Points Red Hat Enterprise Linux 4 (RHEL 4) is the first release from Red Hat to support the 2.6 operating system kernel. This is a significant release as it contains
More informationCheck Point and Security Best Practices. December 2013 Presented by David Rawle
Check Point and Security Best Practices December 2013 Presented by David Rawle Housekeeping o Mobiles on Silent o No File Alarms planned o Fire exits are in front and behind and down the stairs o Downstairs
More informationLinux OS-Level Security Nikitas Angelinas MSST 2015
Linux OS-Level Security Nikitas Angelinas MSST 2015 Agenda SELinux SELinux issues Audit subsystem Audit issues Further OS hardening 2 SELinux Security-Enhanced Linux Is NOT a Linux distribution A kernel
More informationUniversal Web Server for Web Service Components
Universal Web Server for Web Service Components Proposal Submitted to the Department of Computer Science University of Cape Town By Reinhardt van Rooyen and Andrew Maunder August 2004 1. Introduction and
More informationAdministrative Role-Based Access Control on Top of Security Enhanced Linux
Administrative Role-Based Access Control on Top of Security Enhanced Linux Ayla Solomon Submitted in Partial Fulfillment of the Prerequisite for Honors in Computer Science June 2009 Copyright Ayla Solomon,
More informationUniversity of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template
University of California, Riverside Computing and Communications IS3 Local Campus Overview Departmental Planning Template Last Updated April 21 st, 2011 Table of Contents: Introduction Security Plan Administrative
More informationNetwork and Host-based Vulnerability Assessment
Network and Host-based Vulnerability Assessment A guide for information systems and network security professionals 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free:
More informationNuclear Regulatory Commission Computer Security Office Computer Security Standard
Nuclear Regulatory Commission Computer Security Office Computer Security Standard Office Instruction: Office Instruction Title: CSO-STD-1423 Microsoft Internet Explorer 11 Configuration Standard Revision
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationFORBIDDEN - Ethical Hacking Workshop Duration
Workshop Course Module FORBIDDEN - Ethical Hacking Workshop Duration Lecture and Demonstration : 15 Hours Security Challenge : 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once
More informationCyberspace Security Issues and Challenges
Cyberspace Security Issues and Challenges Manu Malek, Ph.D. Department of Computer Science Stevens Institute of Technology mmalek@stevens.edu MSU Seminar, 10/06/03 M. Malek 1 Outline Security status Security
More informationFigure 9-1: General Application Security Issues. Application Security: Electronic Commerce and E-Mail. Chapter 9
Figure 9-1: General Application Application Security: Electronic Commerce and E-Mail Chapter 9 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Executing Commands with the Privileges
More informationComputer Security DD2395
Computer Security DD2395 http://www.csc.kth.se/utbildning/kth/kurser/dd2395/dasakh11/ Fall 2011 Sonja Buchegger buc@kth.se Lecture 7 Malicious Software DD2395 Sonja Buchegger 1 Course Admin Lab 2: - prepare
More informationTop Ten Cyber Threats
Top Ten Cyber Threats Margaret M. McMahon, Ph.D. ICCRTS 2014 Introduction 2 Motivation Outline How malware affects a system Top Ten (Simple to complex) Brief description Explain impacts Main takeaways
More informationData on Kernel Failures and Security Incidents
Data on Kernel Failures and Security Incidents Ravishankar K. Iyer (W. Gu, Z. Kalbarczyk, G. Lyle, A. Sharma, L. Wang ) Center for Reliable and High-Performance Computing Coordinated Science Laboratory
More informationCommon Cyber Threats. Common cyber threats include:
Common Cyber Threats: and Common Cyber Threats... 2 Phishing and Spear Phishing... 3... 3... 4 Malicious Code... 5... 5... 5 Weak and Default Passwords... 6... 6... 6 Unpatched or Outdated Software Vulnerabilities...
More informationSafety measures in Linux
S a f e t y m e a s u r e s i n L i n u x Safety measures in Linux Krzysztof Lichota lichota@mimuw.edu.pl A g e n d a Standard Unix security measures: permissions, capabilities, ACLs, chroot Linux kernel
More informationLinux System Administration on Red Hat
Linux System Administration on Red Hat Kenneth Ingham September 29, 2009 1 Course overview This class is for people who are familiar with Linux or Unix systems as a user (i.e., they know file manipulation,
More informationLocking down a Hitachi ID Suite server
Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime
More informationA REVIEW OF METHODS FOR SECURING LINUX OPERATING SYSTEM
A REVIEW OF METHODS FOR SECURING LINUX OPERATING SYSTEM 1 V.A.Injamuri Govt. College of Engineering,Aurangabad, India 1 Shri.injamuri@gmail.com Abstract This paper is focused on practical securing Linux
More informationCisco Advanced Malware Protection. Ross Shehov Security Virtual Systems Engineer March 2016
Cisco Advanced Malware Protection Ross Shehov Security Virtual Systems Engineer March 2016 The Reality Organizations Are Under Attack and Malware Is Getting in 95% of large companies targeted by malicious
More informationWhat IT Auditors Need to Know About Secure Shell. SSH Communications Security
What IT Auditors Need to Know About Secure Shell SSH Communications Security Agenda Secure Shell Basics Security Risks Compliance Requirements Methods, Tools, Resources What is Secure Shell? A cryptographic
More informationWeb Plus Security Features and Recommendations
Web Plus Security Features and Recommendations (Based on Web Plus Version 3.x) Centers for Disease Control and Prevention National Center for Chronic Disease Prevention and Health Promotion Division of
More informationOverview Commitment to Energy and Utilities Robert Held Sr. Systems Engineer Strategic Energy August 2015
Overview Commitment to Energy and Utilities Robert Held Sr. Systems Engineer Strategic Energy August 2015 Tripwire Evolution 18+ Years of Innovation 1997 Tripwire File System Monitoring from open source
More informationCIS 551 / TCOM 401 Computer and Network Security. Spring 2005 Lecture 4
CIS 551 / TCOM 401 Computer and Network Security Spring 2005 Lecture 4 Access Control: The Big Picture Objects - resources being protected E.g. files, devices, etc. Subjects - active entities E.g. processes,
More informationNetwork Security: From Firewalls to Internet Critters Some Issues for Discussion
Network Security: From Firewalls to Internet Critters Some Issues for Discussion Slide 1 Presentation Contents!Firewalls!Viruses!Worms and Trojan Horses!Securing Information Servers Slide 2 Section 1:
More informationTrends in Malware DRAFT OUTLINE. Wednesday, October 10, 12
Trends in Malware DRAFT OUTLINE Presentation Synopsis Security is often a game of cat and mouse as security professionals and attackers each vie to stay one step ahead of the other. In this race for dominance,
More informationCS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access
More informationWhat s New in Centrify Server Suite 2013 Update 2
CENTRIFY SERVER SUITE 2013.2 DATA SHEET What s New in Centrify Server Suite 2013 Update 2 The new Centrify Server Suite 2013 Update 2 (2013.2) builds on the core enhancements Centrify introduced in Server
More informationSecure Shell User Keys and Access Control in PCI-DSS Compliance Environments
A Secure Shell Key Management White Paper Secure Shell User Keys and Access Control in PCI-DSS Compliance Environments Emerging trends impacting PCI-DSS compliance requirements in secure shell deployments
More informationNetDefend Firewall UTM Services
NetDefend Firewall UTM Services Unified Threat Management D-Link NetDefend UTM firewalls integrate an Intrusion Prevention System (IPS), gateway AntiVirus (AV), and Web Content Filtering (WCF) for superior
More informationEUCIP - IT Administrator. Module 5 IT Security. Version 2.0
EUCIP - IT Administrator Module 5 IT Security Version 2.0 Module 5 Goals Module 5 Module 5, IT Security, requires the candidate to be familiar with the various ways of protecting data both in a single
More informationFINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
More informationIntroduction to UNIX and SFTP
Introduction to UNIX and SFTP Introduction to UNIX 1. What is it? 2. Philosophy and issues 3. Using UNIX 4. Files & folder structure 1. What is UNIX? UNIX is an Operating System (OS) All computers require
More informationOperating Systems. Notice that, before you can run programs that you write in JavaScript, you need to jump through a few hoops first
Operating Systems Notice that, before you can run programs that you write in JavaScript, you need to jump through a few hoops first JavaScript interpreter Web browser menu / icon / dock??? login??? CPU,
More informationLecture 15 - Web Security
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Lecture 15 - Web Security CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/
More informationAchieving PCI Compliance: How Red Hat Can Help. Akash Chandrashekar, RHCE. Red Hat Daniel Kinon, RHCE. Choice Hotels Intl.
Achieving PCI Compliance: How Red Hat Can Help Akash Chandrashekar, RHCE. Red Hat Daniel Kinon, RHCE. Choice Hotels Intl. Agenda Understanding Compliance Security Features within Red Hat Backporting Choice
More informationWeighted Total Mark. Weighted Exam Mark
CMP4103 Computer Systems and Network Security Period per Week Contact Hour per Semester Weighted Total Mark Weighted Exam Mark Weighted Continuous Assessment Mark Credit Units LH PH TH CH WTM WEM WCM CU
More informationA Comparative Study of Security Features in FreeBSD and OpenBSD
Department of Computer Science Magnus Persson A Comparative Study of Security Features in FreeBSD and OpenBSD Master s Thesis 2006:02 A Comparative Study of Security Features in FreeBSD and OpenBSD Magnus
More informationXerox Mobile Print Cloud
September 2012 702P00860 Xerox Mobile Print Cloud Information Assurance Disclosure 2012 Xerox Corporation. All rights reserved. Xerox and Xerox and Design are trademarks of Xerox Corporation in the United
More information