lesson 15-unix security issues
DESCRIPTION
Lesson 15-Unix Security Issues. Overview. Set up the system. Perform user management. Perform system management. Set up the System. Applying patches and disabling unused default services by modifying the system’s configuration files can help avoid common vulnerabilities. Set up the System. - PowerPoint PPT PresentationTRANSCRIPT
Lesson 15-Unix Security Issues
Overview
Set up the system.
Perform user management.
Perform system management.
Set up the System
Applying patches and disabling unused default services by
modifying the system’s configuration files can help avoid
common vulnerabilities.
Set up the System
Startup files.
Services to allow.
System configuration files.
Patches.
Startup Files
Unix systems configure themselves when they boot using
the appropriate startup files.
Unix systems start services by utilizing /etc/r2.d (Red Hat)
and /etc/rc.d/rc2.d (Solaris).
Services generally started by these startup files include
inetd, NFS, NTP, routed, RPC, Sendmail, and Web servers.
Services to Allow
The inetd.conf file controls startup of services such as FTP,
telnet, and some RPC services.
Administrators should go through startup files and disable
any service that is not needed for operations.
The default services in inetd.conf that should be turned off
are chargen, discard, echo, finger, netstat, rexd, routed,
rquotad, rusersd, sprayd, systat, tftp, uucp, and walld.
Services to Allow
SSH (Secure Shell) is a more secure connection method
than telnet because SSH uses encryption while telnet
operates in plaintext.
The NFS is used to allow mounting of file systems by other
systems. However, if NFS is not required, it should be
disabled.
Services to Allow
Systems in a DMZ are not protected by perimeter defenses
such as firewalls and should be configured more securely at
the host level.
TCP Wrappers can provide additional access controls and
logging for services like telnet or FTP.
TCP Wrappers can be used on other services such as POP
and IMAP.
System Configuration Files
There are a number of changes that can be made to a Unix
system’s configuration files to increase the overall security
of the system.
Login banners can be used to display legal statements
before a user is allowed to log in.
System Configuration Files
On Linux systems, two files are used for telnet banners:
/etc/issue
/etc/issue.net
The issue file is used for directly connected terminals, while
issue.net is used when someone telnets into the system across
the network.
System Configuration Files
There are actually three steps to proper password
management on a Unix system:
Setting up proper password requirements.
Preventing logins without passwords.
Establishing appropriate password content requirements.
System Configuration Files
File access is controlled by file permissions on Unix systems
and can be changed by using the chmod command.
The permissions used on Unix are read, write, and execute.
Solaris and Linux allow you to limit root login to the console.
System Configuration Files
It is a good practice to restrict root logins to the console
even for administrators.
Administrators should log in as themselves first and then
use the su command to obtain root access or the sudo
command to execute root commands.
Patches
UNIX is no different from any of the Windows operating
systems in patches to correct bugs and security issues with
software.
Patches should be applied on a regular basis to remove
these vulnerabilities.
The various UNIX vendors have been adding tools to assist
in patch management.
Perform User Management
Adding users to the system.
Removing users from the system.
Adding Users to the system
Most Unix versions provide tools for adding users to the
system. The key tasks are as follows:
Adding the user name to the password file.
Assigning an appropriate user ID number.
Assigning an appropriate group ID number.
Defining an appropriate shell for login.
Adding Users to the system
Other key tasks are as follows:
Adding the user name to the shadow file.
Assigning an appropriate initial password.
Defining an appropriate electronic mail alias.
Creating a home directory for the user.
Removing Users from the System
On a UNIX system, all user files are owned by the user’s UID
(user ID number).
If the user’s UID is reused for a new account, that new
account will hold ownership of all the old user’s files.
Initially, when the user no longer needs the account, it should
be locked.
After an appropriate amount of time (usually 30 days), the
user’s files can be removed.
Perform System Management
Managing Unix systems consists of establishing appropriate
logging and watching for suspicious activities.
Syslog, an extensive logging tool is provided by most UNIX
systems.
Solaris allows you to capture failed login attempts.
Hidden files can pose a problem in a UNIX system by
allowing hackers to hide their files and activities.
Perform System Management
If a system is put into promiscuous mode, it is capturing all
packets on the wire.
The netstat command can be used to identify ports that are
listening and active on the system.
Perform System Management
One disadvantage of the netstat tool is that it cannot tell
you which process is holding a port open.
Another disadvantage is that when an intruder successfully
accesses a system, they may change files to allow
continued access to the system.
Perform System Management
Rootkits may install sniffers and commonly include binary
replacements for the following programs: ftpd, inetd, login,
netstat, passwd, ps, ssh, and telnetd.
To determine if a system file has been replaced, compare the
checksum of a known good file to the current file.
If a system is suspected to have been compromised,
recalculate the checksums and compare them to the originals.
Summary
Unix systems configure themselves when they boot using
the appropriate startup files.
The inetd.conf file controls startup of several services such
as FTP, telnet, and some RPC services.
Login banners can be used to display legal statements
before a user is allowed to log in.
Summary
Most Unix versions provide tools for adding users to the
system.
Managing Unix systems consists of establishing appropriate
logging and watching for suspicious activities.
Syslog an extensive logging tool is provided by most UNIX
systems.