Host Security. Host Security: Pro



Similar documents
1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

The Self-Hack Audit Stephen James Payoff

Network Security and Firewall 1

CSE331: Introduction to Networks and Security. Lecture 17 Fall 2006

Firewalls. Ola Flygt Växjö University, Sweden Firewall Design Principles

CS 392/CS Computer Security. Module 17 Auditing

TECHNICAL NOTE 01/02 PROTECTING YOUR COMPUTER NETWORK

Security Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems

My FreeScan Vulnerabilities Report

Unix Network Security

Topics in Network Security

CMSC 421, Operating Systems. Fall Security. URL: Dr. Kalpakis

Network and Host-based Vulnerability Assessment

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Host Hardening. OS Vulnerability test. CERT Report on systems vulnerabilities. (March 21, 2011)

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

Network Incident Report

NovaTech NERC CIP Compliance Document and Product Description Updated June 2015

Nixu SNS Security White Paper May 2007 Version 1.2

Intrusion Detection. Overview. Intrusion vs. Extrusion Detection. Concepts. Raj Jain. Washington University in St. Louis

Intrusion Detection Systems

Internet Security Seminar

A43. Modern Hacking Techniques and IP Security. By Shawn Mullen. Las Vegas, NV IBM TRAINING. IBM Corporation 2006

What is Firewall? A system designed to prevent unauthorized access to or from a private network.

Linux Boot Camp. Our Lady of the Lake University Computer Information Systems & Security Department Kevin Barton Artair Burnett

SCP - Strategic Infrastructure Security

Plesk 11 Manual. Fasthosts Customer Support

Network Traffic Analysis

Cannot send Autosupport , error message: Unknown User

Track 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT

Network Security Foundations

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

How To Set Up A Network Map In Linux On A Ubuntu 2.5 (Amd64) On A Raspberry Mobi) On An Ubuntu (Amd66) On Ubuntu 4.5 On A Windows Box

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Getting Started in Red Hat Linux An Overview of Red Hat Linux p. 3 Introducing Red Hat Linux p. 4 What Is Linux? p. 5 Linux's Roots in UNIX p.

What is a Firewall? A choke point of control and monitoring Interconnects networks with differing trust Imposes restrictions on network services

Fifty Critical Alerts for Monitoring Windows Servers Best practices

Host/Platform Security. Module 11

UNISOL SysAdmin. SysAdmin helps systems administrators manage their UNIX systems and networks more effectively.

information security and its Describe what drives the need for information security.

Firewall Architectures of E-Commerce

Denial Of Service. Types of attacks

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments

Stateful Inspection Technology

Introduction of Intrusion Detection Systems

Firewalls & Intrusion Detection

Locking down a Hitachi ID Suite server

VPN Lesson 2: VPN Implementation. Summary

Network- vs. Host-based Intrusion Detection

Overview. Packet filter

SecureDoc Disk Encryption Cryptographic Engine

Sonian Getting Started Guide October 2008

Security Type of attacks Firewalls Protocols Packet filter

Intrusion Detection Systems (IDS)

Authentication Types. Password-based Authentication. Off-Line Password Guessing

CSE331: Introduction to Networks and Security. Lecture 32 Fall 2004

Global Partner Management Notice

Configuring Logging. Information About Logging CHAPTER

Firewalls and Software Updates

Firewalls, Tunnels, and Network Intrusion Detection

SY system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.

IDS / IPS. James E. Thiel S.W.A.T.

CSE331: Introduction to Networks and Security. Lecture 15 Fall 2006

Internet Firewalls and Security. A Technology Overview

Firewalls. Chapter 3

Firewalls, IDS and IPS

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

This chapter covers the following topics: Why Network Security Is Necessary Secure Network Design Defined Categorizing Network Security Threats How

INTRUSION DETECTION SYSTEMS and Network Security

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries

Windows Client/Server Local Area Network (LAN) System Security Lab 2 Time allocation 3 hours

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

Blended Security Assessments

Are Firewalls Obsolete? The Debate

USFSP Network Security Guidelines

MCSA Security + Certification Program

Determine if the expectations/goals/strategies of the firewall have been identified and are sound.

Chapter 8 Monitoring and Logging

CMPT 471 Networking II

Network Defense Tools

CS 640 Introduction to Computer Networks. Network security (continued) Key Distribution a first step. Lecture24

Open Source Security Tools

Hervey Allen. Network Startup Resource Center. PacNOG 6: Nadi, Fiji. Security Overview

Project 2: Firewall Design (Phase I)

Transcription:

Host Security 1 Host Security: Pro Maintaining strong security on host avoids the crunchy shell around soft, chewy center problem If perimeter security fails, network is often wide open to attack May rely on vendor-provided security features 2 (C)Copyright, 1997, Marcus J. Ranum, all rights reserved 1

Host Security: Con Vendors slow to respond to security holes Effort scales with number of hosts being protected Requires constant upkeep Reduces host-to-host trust or increases dependency on common security policy between peer hosts 3 Network services Historically, bugs in network servers are a major weakness in networked systems Turning off unnecessary services is desirable Turning off services may be difficult and vendor specific 4 (C)Copyright, 1997, Marcus J. Ranum, all rights reserved 2

Reducing services (most systems) Edit /etc/inetd.conf (BSD systems) Edit /etc/rc and /etc/rc.local (SYSV systems) Edit or delete entries in inittab and /etc/rc.d Check process table and output from netstat. Reboot system, make sure it boots OK, and repeat 5 Ident Attempts to get advisory information about originating user of connection Requires daemon running on remote client system Not high quality authentication Useful for backtracking attacks 6 (C)Copyright, 1997, Marcus J. Ranum, all rights reserved 3

Password files On many UNIX systems password files are world readable Easy to attempt dictionary attacks If at all possible use shadowed password files Not a solution but it s better than nothing Securely distributing password files is a hard problem 7 Yellow pages/nis Minimal security Within network it is easy to download a system s password file If using NIS for passwords make sure that NIS access is blocked from Internet 8 (C)Copyright, 1997, Marcus J. Ranum, all rights reserved 4

Npasswd prohibits users from choosing easily guessed passwords Many O/S require minimum password lengths or use of at least one special character 9 S/key One-time authentication system based on multiple invocations of hash algorithm May be used with hardcopy password lists May be computed on laptop Available: ftp://thumper.bellcore.com/pub/nmh/ 10 (C)Copyright, 1997, Marcus J. Ranum, all rights reserved 5

Host Security Tools Expert Tools know about and look for problems Based on past experience Won t recognize magic security holes Audit and Monitoring Good for damage control Useful for identifying well-known attacks in progress 11 Host Security Tools (cont) Reactive Maintain information about proper state of system and identify deviations from the norm Information Security Deny an attacker useful information This is NOT the same as security by obscurity 12 (C)Copyright, 1997, Marcus J. Ranum, all rights reserved 6

Expert Tools: COPS COPS contains heuristics of common system weaknesses Analyzes: File ownership, Directory ownership, Device ownership, User s.rhosts files, etc, etc, etc... Does a good job of finding well-known holes 13 Expert Tools: ISS ISS: Internet Security Scanner - scans for known host networking software weaknesses Domain names Common login names RPC portmapper reachability NFS reachability Sendmail debug hole, etc, etc, etc... 14 (C)Copyright, 1997, Marcus J. Ranum, all rights reserved 7

Expert Tools: STROBE Super-Optimised TCP Port Surveyor locates and describes all listening (open) TCP ports on one or more remote hosts approximates parallel finite state machine can port scan entire subdomains Can be used in tandem with ISS 15 Expert Tools: SATAN System Administrators Tool for Analyzing Networks Easy to use graphical interface searches widening circles of subnets uses DNS information three scan modes: light, medium, heavy heavy generates serious ICMP traffic, can crash some systems 16 (C)Copyright, 1997, Marcus J. Ranum, all rights reserved 8

Commercial Tools Netprobe Runs up to 85 tests per host 2 modes, noisy and quiet New offering from Infostructure Services & Technologies Pingware Analysis tool similar to SATAN Delivered as consulting service by Bellcore 17 Expert Tools: Crack Expert tool used for identifying weak passwords Attempts to find matching encryptions using a large dictionary Typically approximately 5% of any given password file is guessable Used by systems administrators to scan for weak passwords and warn users 18 (C)Copyright, 1997, Marcus J. Ranum, all rights reserved 9

Audit Tools: Gabriel & Courtney Anti-SATAN early warning systems Courtney developed by CIAC at Lawrence Livermore Labs uses tcpdump to count number of new services a machine originates within a certain time window Gabriel distributed free by Los Altos Technologies 19 Expert & Audit Tools: TAMU Toolkit Developed in response to campus-wide breakins in August of 1992 Suite of tools for packet filtering, network monitoring and system cleanup 20 (C)Copyright, 1997, Marcus J. Ranum, all rights reserved 10

Drawbridge Part of TAMU Toolkit Packet filtering firewall package controls access on a host-by-host and port-byport basis at T1 speeds Use of compiled tables allows very complex filters with little penalty Compromise between security and flexibility 21 Tiger Files Part of TAMU Toolkit Designed for ease of use - can be run by end users on own machines Includes checks for mail aliases and cron jobs password file discrepancies file permissions (maintains database) 22 (C)Copyright, 1997, Marcus J. Ranum, all rights reserved 11

Netlog Part of TAMU Toolkit Advanced sniffer system for network monitoring tcplogger udplogger netwatch TCP & UDP loggers for SunOs 4.x only 23 SPAR Part of TAMU Toolkit Show Process Accounting Records An offspring of the extract utility Much faster than lastcomm 24 (C)Copyright, 1997, Marcus J. Ranum, all rights reserved 12

Audit Tools: Swatch System Watcher scans for known patterns in system logs Invokes specified filter when pattern is detected Warns about multiple failed logins Warns about bad SU attempts Can send alarms via email or pager 25 Audit Tools: Watcher Maintains saved state of system files or output Notifies administrator when boundaries are exceeded Examples Disks filling up Processes running wild Defunct processes 26 (C)Copyright, 1997, Marcus J. Ranum, all rights reserved 13

Audit Tools: UNIX Accounting UNIX accounting tools maintain timestamped records of program execution May be extremely useful for tracking intruders Process accounting enabled for chargeback purposes may finger bad guys 27 Audit Tools: TCP_Wrappers Log connections to TCP and UDP services May selectively permit or deny based on originating host Useful for restricting service as well as audit May help detect port sniffers May help detect NFS probers 28 (C)Copyright, 1997, Marcus J. Ranum, all rights reserved 14

Audit Tools: ARPWATCH Monitors ethernet activity Keeps database of ethernet/ip address pairings Uses tcpdump, and libcap, an LBL interface for user level packet capture Developed at Lawrence Berkeley Labs 29 Reactive Tools: Tripwire Builds cryptographic checksums of system May be stored on write-protected media Re-running checksums will list all files that have changed since last scan Effective at finding trojan horses or trapdoored programs after breakins 30 (C)Copyright, 1997, Marcus J. Ranum, all rights reserved 15

Reactive Tools: Archives Checksumming will only tell you that a file has changed Archival media let you determine exactly how it changed Backups are useful for security as well as crash recovery Some sites save copies of important files and compare them nightly 31 (C)Copyright, 1997, Marcus J. Ranum, all rights reserved 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information