Scribd
Upload
7 views

Linuxsec3e PPT ch01

Uploaded by

Pham Hung Thinh (K17 DN)
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
7 views

Linuxsec3e PPT ch01

Uploaded by

Pham Hung Thinh (K17 DN)
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 19

CHAPTER 1

Security Threats
to Linux

Copyright © 2024 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com.
Learning Objective(s) and Key Concepts

Learning Objective(s) Key Concepts

Copyright © 2024 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
 Identify threats to the Linux  The origins of Linux
operating system and other open-
 Open-source software security
source applications.
considerations
 The confidentiality, integrity, and
availability (C-I-A) triad
 Linux distributions
 Linux security and security threats
The Origins of Linux

 1960s
 1964: MIT joins with GE and Bell Labs to create a multiuser, time-sharing operating

Copyright © 2024 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
system
 1980s
 Multiple Unix versions available from AT&T, University of California at Berkeley,
Microsoft, and others
 1987: Unix-like operating system called MINIX released

 1990s
 1991: Torvalds releases Linux in October
 Numerous open-source projects contributed to Linux over past 20 years, including
GNU (GNU’s Not Unix)
Security in an Open-Source World (1 of 3)

 Open source

Copyright © 2024 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
 Software developed by teams that provide access to the source code and all the
programming language text from which the final executable is generated
 Source code is open for anyone to see

 Closed source
 Commercial software developed by companies that ask you to pay for the program
Security in an Open-Source World (2 of 3)

 Most open-source code is free and can be used without restriction.

Copyright © 2024 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
 Access to open source enables users to learn from source code, see what it
does, and understand how a program operates.
 Open source provides the ability for anyone to pick up source code and fix it.
 Enables speedy resolutions

 Most open-source software is licensed in a way that requires changes to remain


open as well.
Security in an Open-Source World (3 of 3)

 Open-source code may not be written securely.

Copyright © 2024 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
 Testing standards vary, and source code may not have had sufficient security or
regression testing.
 Open-source projects are typically not process heavy.
 If open-source code is modified by a user and then shared, there’s no guarantee of
a quality fix.
Linux Distributions (1 of 2)

 RedHat
 Red Hat Enterprise Linux (RHEL)

Copyright © 2024 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
 Fedora Core

 CentOS was based on released versions of RHEL, now developed as CentOS


Stream (non-Red Hat)
 Debian
 Created by Ian Murdock years ago
 Debian is a merging of the name Ian with the name Debra (Ian’s girlfriend at the
time)
 Mint and Ubuntu are derivatives
Linux Distributions (2 of 2)

 Advantages
 Stable

Copyright © 2024 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
 Distributions have pre-compiled packages
 Can avoid unnecessary packages by building your own Linux

 Disadvantages
 Distribution determines dependencies; may get packages you don’t want or need
 Source-based distributions must be compiled from source each time, can be time-
consuming
The C-I-A Triad

 Confidentiality

Copyright © 2024 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
 Keeping secrets
 Integrity
 Ensuring that the data that are sent are the data that are received
 Availability
 Ensuring use of a service, such as a networked application
 Software that is buggy and crashes a lot affects availability
 A denial of service (DoS) attack is a specific and malicious form of a denial of
service condition
The Parkerian Hexad

 In the late 1990s, Donn Parker, a security professional, proposed an expansion


of the C-I-A triad to cover additional concepts he felt were critical to the realm of

Copyright © 2024 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
information security:
 Confidentiality
 Possession or control
 Integrity
 Authenticity
 Availability
 Utility
Linux as a Security Device (1 of 3)

 Operating system hardening:


 Limit the number of software packages installed.

Copyright © 2024 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
 Remove all but the most critical users from the system.
 Restrict permissions on files and directories.
 Remove all but necessary system services.
 Can deploy a completely hardened operating system as a bastion host
 A bastion host is a system that is presented to the outside world that can
be used to protect other systems that are more sensitive.
Linux as a Security Device (2 of 3)

 Intrusion-detection service
 Example: Snort

Copyright © 2024 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
 Host-based intrusion-detection systems (IDSs)
 Examples: Tripwire, AIDE, LIDS, Wazuh, and Samhain

 Syslog facilities
 Examples: rsyslog and syslog-ng
 Act as a centralized syslog server

 Log-monitoring program that looks for anomalies that should trigger an alert
 Example: Logwatch

 Security information and event manager (SIEM) for logging and log
management
Linux as a Security Device (3 of 3)

 Firewall
 Hardware or software capable of blocking networking communications based on

Copyright © 2024 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
established criteria, or rules
 Common firewalls available for Linux are iptables and firewalld

 You can set up firewall rules to allow, drop, or log specific packets from the
network.
 If there are multiple network interfaces and a network behind a Linux firewall,
you can have it perform network address translation (NAT), effectively hiding all
the systems behind your Linux firewall.
 On top of the firewall, you can deploy encryption services using Transport Layer
Security (TLS).
Linux in the Enterprise (1 of 2)

 Web server
 The way customers get access to information, products, and services

Copyright © 2024 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
 Application server
 Software that provides a framework inside which applications can be written
 Security systems
 Firewalls and intrusion-detection systems
 Operating systems
 Linux is operating system for many security-based appliances
 Specialty / other server
 Proxy server or gateway, jump host, or bastion server
Linux in the Enterprise (2 of 2)

 Filtering
 Between network segments

Copyright © 2024 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
 Remote Desktop Protocol (RDP) system
 Many packages support functions commonly found on Windows systems
 File server / file sharing
 Makes use of Server Message Block (SMB) or Common Internet File
System (CIFS) systems, or Network File System (NFS)
 Vulnerabilities
 Addition of more functions to a system increases complexity
 Increased complexity results in more potential for unforeseen problems
 Testing is essential but cannot account for all user behaviors
Recent Security Issues (1 of 3)

 Increased prevalence of notification laws


 Businesses must notify customers of a breach

Copyright © 2024 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
 Customers have the right to know when their personal information is at risk
 Hacker
 Someone who shows great technical skills and creativity in completing
specific tasks
 May or may not be a criminal
Recent Security Issues (2 of 3)

 Black-hat hacker
 Someone who performs attacks against victims for malicious purposes

Copyright © 2024 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
 White-hat hacker
 May use some of the same techniques as a black-hat hacker but is a good
guy
 Gray-hat hacker
 Performs a range of actions that a white-hat hacker will not undertake;
somewhere in between a white-hat hacker and a black-hat hacker
Recent Security Issues (3 of 3)

 The Internet is filled with professional organizations and their skilled employees,
running businesses that exist to steal information, extort money, or perform

Copyright © 2024 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
other illegal actions.
 They may be related to the military for different countries, sometimes called
nation-states.
 Some attackers look for information, such as intellectual property, that could be
sold. They also might engage in corporate espionage or inter-country
espionage.
 A malware attack may be launched to get more zombie hosts for a botnet.
 This is also an attack for financial gain because the zombies may be running web
server software as a front to an illegal storefront for, say, pharmaceuticals.
 The botnet may also be rented to an attacker for political or financial gain.
Summary

 The origins of Linux

Copyright © 2024 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
 Open-source software security considerations
 The confidentiality, integrity, and availability (C-I-A) triad
 Linux distributions
 Linux security and security threats

You might also like