cscd 303 essential computer security fall 2010 lecture 4 - desktop security reading:
Post on 19-Dec-2015
218 views
TRANSCRIPT
CSCD 303Essential Computer SecurityFall 2010
Lecture 4 - Desktop SecurityReading:
Overview
• Learning Objectives– Understand the OS security functions– Learn about the different levels of
privilege– Learn about Vista and Linux protection
OS Design Decisions
• Turns out there are design decisions that affect the security of the OS
• Affects ultimate security of the OS and the user experience using the OS• One of the most important decisions is
that the OS is designed as a monolithic program vs. a highly modular design
OS Design Decisions
• Monolithic Design– Integrate a great deal of functionality into
the OS core– Services are interdependent – Core system is larger– Every flaw in a piece of that system is
exposed through all the services that depend on that system
Example
• Windows design - Monolithic– Decided to integrate IE into OS, – Did this in an attempt to put Netscape
out of business, wanted to take over Browser market– Every flaw in IE then exposes desktop to
risks that go beyond the browser– Different if browser was separate
OS Design Decisions
• In contrast, what are the benefits of modular design?– Restricted damage if module has defect– Smaller kernel – Easier to upgrade or repair if flaw• Does not affect so much code
Example
• Linux - All flavors– Modular design from the beginning– Much smaller kernel than Windows– Device drivers and other applications are
not part of the kernel – More restricted as to what needs
administrative privileges
OS Security Overview
• Security within OS's–What services should an OS offer for
security?
OS Security Overview
• Security within OS's–What services should an OS offer for
security?• Secure logon facility
– Authenticate users
• Discretionary Access Control– Allows owner of resource to determine who can
access the resource
• Security Auditing– Record security related events– Keep logs of events
• Object reuse protection– Deleted items or reused memory should be protected
between users
OS Security Overview
• Security within OS's–What services should an OS offer for
security?• Facility Management
– Support for separate account roles for administrative functions
– Users, administrators have different accounts
OS Security functions
• Discuss two of previous functions 1. User authentication2. Access to authorized resources
• User authenticationa. Positively ID the user• Compare to stored identity
b. Authenticate the user• User must provide additional information• Password, biometric attribute, keycard
OS Security functions
• Access to authorized resources– Decision based on access rules– Typically authorization based on user or
group individual membership and– Labels attached to objects
• Example: Windows users with admin privilege – Allowed to both view and change user
accounts
OS's Manage Privilege Level
• Two levels of privilege in modern CPU's• This is offered by the CPU itself, Intel,
AMD– User mode – unprivileged– Kernel mode – privileged
• The OS runs in Kernel mode• User programs – User mode• User programs make calls to the OS– To use the hardware resources– Use the OS API to access hardware
User Powers
• Seems to be a need to have a user with greater powers– Root, superuser or administrator
• Yet, this comes with added risk– If user makes a mistake, can possibly
damage the system– Or, if they get their identity stolen,
attacker has full power to OS
User Powers• Because of this problem of risk from
elevated power, concept of – “Least Privilege”– Only want to operate with the minimum of
needed power to get a job done– So, while I could always log in as administrator,
if I get my account hijacked or I get infected by malware while I am administrator• Attackers then have full access to the machine's
resources
– Example: In Linux Ubuntu, have sudo command
File System Access• In OS's– Data and programs stored as files in
directories– Concept of ownership of files either by
users or the OS itself– Then files have permissions set for reading,
writing or executing them
• Windows– Access control is done by an Access Control
List (ACL)– Ea. object in system – Files, network
shares, directories have an ACL
File System Access• Windows– ACL has users or groups, operations like
read or write, and a permission – allow or deny– How it works• When user, Carol, tries to open a file, the kernel
checks ACL for the file to see if she is allowed or denied access• If not, action fails else Carol is allowed access to
resource
• Linux– Permissions are set for each object• Looks at group, user or everyone for read, write
and execute privileges
Kernel Level Privilege for Outside Code
• Kernel mode programs – Usually come with OS and are developed
by company creating the OS– Need to support other people's programs
– third party programs– Most typical is allowing third party
developers to write programs that support a wide range of peripherals• Printers, video cards, network cards
– Programs, Device Drivers
Windows Privilege Levels• In XP and other pre-Vista versions– Had 2 choices of privilege– 1. Administrator or 2. Normal user• Administrator – access to everything• Normal user – many system level tasks you
needed to do, you couldn't do
– Consequently, most people ran as Administrator most of the time– Most users not even aware of the need
NOT to run as admin
Windows Privilege Levels
• Vista– Have more choices– Can operate as a restricted normal user and
still be able to do almost everything in OS– And when necessary, you can be elevated
to an administrator for a short time to accomplish some task– Known at User Account Control (UAC)– Basically, copied sudo in Linux• Except it seemed to ask far more often !!!
Security Identifiers (SIDs)
Each user account has a SID that uniquely identifies it
Tokens
When you log on, you get a security access token Includes your User Name,
SID, and groups you belong to
Each program you launch gets a copy of your security access token
Token
• Windows Vista splits the access tokens for users with administrative privileges– Vista included only two types of users.
• Administrators• Tokens provided are a “filtered” standard user
token and an “full administrator access” token• Standard Users• Only provided a “standard user” token
– Benefits of the User Account Control (UAC)• Installation of software now requires conscious
action on the part of the user• Malicious code cannot be installed without the
knowledge of the user
Tokens
Account Types
Account Types are a convenience to describe memberships in the most frequently-user groups
Administrator accounts are in the Administrators group
Standard accounts are in the Users group
Guest accounts are in the Guests group
Tasks Only Administrators Can Perform
Create, change, and delete user accounts and groups Install and uninstall programs Configure automatic updating or install Windows updates
manually Install an ActiveX control Install or remove hardware device drivers Share folders Set permissions Access all files, including those in another user’s folder Take ownership of files Copy or move files into the %ProgramFiles% or
%SystemRoot% folders Restore backed-up system files Grant rights to other user accounts and to themselves Configure Parental Controls Configure Windows Firewall
Tasks Available to Standard Users
Change the password and picture for their own user account
Use programs that have been installed on the computer
Install approved ActiveX controls Configure a secure Wi-Fi connection View permissions Create, change, and delete files in their document
folders and in shared document folders Restore their own backed-up files View the system clock and calendar, and change
the time zone Configure power options Log on in Safe Mode
Guests
Guests have privileges similar to Standard accounts
Guests cannot create a password
OS Services• Services are– Processes that run when the OS starts– Not necessarily started by you, but run
by the OS to perform tasks
Windows Vista Services
• Prior to Vista, many Services received LocalSystem privileges
• Problem was LocalSystem account had virtually unlimited access to local machine and network resources• Vista, one big security measures was to protect
running Services by providing them with security token of either LocalService or NetworkService– Are severely limited compared with LocalSystem
• Vista also included tighter security restrictions to ensure that none of the three system accounts has access to sensitive files, folders or processes
The End
• Next Time: See miniAssignment 3
• Next: Lab today, meet in CEB 342