006.itsecurity bcp v1
Download as PPT, PDF•0 likes•211 views
This document provides an overview of operating system and server security. It discusses key functions of an operating system including resource management, user interface, running programs, and security enforcement. It then covers possible attacks like password cracking, unauthorized access to resources, and placement of rootkits. The document gives examples of hardening techniques for user management, password policies, limiting services and access, and setting permissions on Linux and Windows systems. It stresses the importance of both OS and physical security, and provides hardware security best practices like firmware updates, unique credentials, and secure SNMP configuration.
006.itsecurity bcp v1
- 1. Operating System & Server Security Presented by Mohammad Ashfaqur Rahman Compliance Professional www.linkedin.com/in/ashfaqsaphal [email protected]
- 2. Objective ● Concept of OS security ● Possible attack on Operating System ● Hardening Example ● HW security
- 3. OS Security ● Key functions of an operating system: – Computer resource management – Provides a user interface – Runs software utilities and programs – Enforce security measures – Schedules jobs
- 4. OS Security
- 5. OS Security ● In-build features – Authorization and Authentication – Resource Management – Response to remote process
- 6. Attack ! ● Possible attack and known vulnerability – Authentication over the network • Password crack • Anonymous / Guest login – Restart / Shutdown machine – Rootkit placement – Access to resource • Activate / deactivate HW component • Identity theft
- 7. Example : User Management ● 80%++ incident are due to insufficient control on user ● Best practice for user management – Password policy • Complexity • Trivial password management • Aging – Account / login locking • Too many authentication failure • Rename administrator account (windows) • Disable guest / nobody etc account – User group policy – Minimal file permission
- 8. Example : Window Control Panel → Administrative Tools → Local Security Setting → Local Policies → Security Options ● Allow CD-ROM / Floppy Access to → localy autheticated user only ● Allow to format and Eject Removable Media to → Administrator only ● Require strong (windows 2000 or later) session key ● Restrict anonymous access to Named Pipes and shares ● Disable automatic execution of the system debugger ● Disable autoplay for new users by default ● Disable Dial-in access to other Server
- 9. Example : Window Control Panel → Administrative Tools → Services ● FTP publishing service → Disable ● Telnet Service → Disable ● TFTP Service → Disable ● SMTP → Disable ● SNMP → Disable ● SNMP → Disable // In short disable the services which are not required
- 10. Example : Linux ● Disable USB ● rm /lib/modules/2.6.18- 308.24.1.el5/kernel/drivers/usb/sto rage/usb-storage.ko ● Password / User data file permission ● chown root:root passwd shadow group gshadow ● chmod 644 passwd group ● chown root:root passwd shadow group gshadow
- 11. Example : Linux ● Set Permission to file system file ● chown root:root /etc/fstab ● chmod 0644 /etc/fstab ● Set Umask ● /etc/sysconfig/init ● /etc/profile ● /etc/csh.login ● /etc/csh.cshrc ● /etc/bashrc
- 12. Example : Linux ● Set permission of Log files ● for file in `cat /etc/syslog.conf | grep -v # | grep var | awk {'print $2'}`; do chmod 600 $file*;chown root:root $file*; done ● Restrict remote login of root user ● /etc/ssh/sshd_config
- 13. Example : Linux ● Disable services that are not required ● for FILE in chargen chargenudp cups-lpd cups daytime daytime-udp echo echo-udp eklogin finger gssftp imap imaps ipop2 ipop3 krb5-telnet telnet klogin kshell ktalk ntalk pop3s rexec rlogin rsh rsync servers services sgi_fam shell talk telnet tftp time time-udp vsftpd wuftpd ● do ● chkconfig ${FILE} off ● done
- 14. Example : Linux ● Enforce password policy ● /etc/login.def ● PASS_MAX_DAYS 45 ● PASS_MIN_LEN 8 ● PASS_MIN_DAYS 1 ● Enable password for boot loader (using /sbin/grub-md5-crypt) ● /etc/grub.conf ● password --md5 ● Implement SUDO ● /etc/sudoers
- 15. Example : Linux ● Set authentication for single user mode ● /etc/inittab ● ~~:S:wait:/sbin/sulogin ● Restrict root access by “su” ● grep ^wheel /etc/group ● No member should be in “wheel” group
- 16. Hardware Security ● OS and Physical Security both are required – OS should prevent malicious code execution – Physical environment should ensure • Managing temperature • Physical Access Control • Humidity Control
- 17. Hardware Security ● Secure Deployment of hypervisor – Patching – Updated Software ● Updated Firmware ● Remove default username password ● Create personal user for administration ● Enable secure SNMP ● Disable SNMP Trap
- 18. Let's Discuss