UNIX Security Basics - PowerPoint PPT Presentation

1 / 11
About This Presentation
Title:

UNIX Security Basics

Description:

Portscan yourself with nmap to see what's running, check process listing with ps ... http://www.insecure.org/nmap. Tripwire. File integrity checker. http://www. ... – PowerPoint PPT presentation

Number of Views:128
Avg rating:3.0/5.0
Slides: 12
Provided by: david2074
Category:

less

Transcript and Presenter's Notes

Title: UNIX Security Basics


1
UNIX Security Basics
David LaPorte Network Security Engineer Network
Operations Center
2
Topics
  • Internal Threats
  • External Threats
  • The Countermeasures
  • Recommended Software
  • Common Mistakes
  • Additional Resources

3
External Threats
  • Open, insecure services
  • BIND (8.2.2p5 - 11/12/99)
  • Sendmail (8.9.3 - 2/4/99)
  • wuFTP (2.6.0 10/19/99)
  • Denial of service (DOS) attacks
  • SYN Flooding
  • Smurfing
  • Sniffing
  • Assume anything you send over the network is
    insecure
  • Use SSH exclusively!!!

4
Internal Threats
  • Incorrect permissions
  • Setting proper umasks
  • SUID/SGID binaries
  • Trojan Horses
  • Accessible /etc/passwd
  • Use shadow passwords
  • Outdated binaries
  • Buffer overflows
  • Incorrect programming practices

5
The Countermeasures
  • Monitor logs closely
  • Use logcheck, swatch, or other tool to monitor
    logs in real-time and set off alerts
  • Log to a central loghost via syslog
  • Use TCP Wrappers
  • Limit connectivity to only those hosts that need
    it
  • Disable unnecessary services
  • Shutdown inetd unless you really need it,
    liberally comment otherwise
  • Portscan yourself with nmap to see whats
    running, check process listing with ps or top
  • Use fuser/lsof to determine which process is
    using which port

6
The Countermeasures
  • Enforce strict permissions
  • Use a file integrity checker such as Tripwire to
    establish system baseline
  • If you ever think youre hacked, comparing your
    system state to the baseline should expose any
    trojan horses

7
Recommended Software
  • SSH
  • Drop-in replacement for telnet and r services
  • ftp//ftp.cs.hut.fi/pub/ssh
  • Port Sentry
  • Port scan detector
  • http//www.psionic.com/abacus/portsentry/
  • TCP Wrappers
  • ftp//coast.cs.purdue.edu/pub/tools/unix/tcp_wrapp
    ers

8
Recommended Software
  • Nmap
  • Port scanning utility
  • http//www.insecure.org/nmap
  • Tripwire
  • File integrity checker
  • http//www.tripwiresecurity.com
  • Harvard soon have a site license
  • Logcheck
  • Scans log files for problems or security
    violations
  • http//www.psionic.com/abacus/logcheck

9
Common Mistakes
  • Dont assume your OS is secure out of the box
  • Most are not
  • Updates needed on even the most secure
  • Dont wait to install updates
  • Pull machine off wire immediately after install
  • Make all configuration changes and install all
    current updates
  • Dont do everything as root
  • Less is more!

10
Staying Current
  • Subscribe to mailing lists
  • Bugtraq_at_securityfocus.com
  • Install latest updates as soon as available
  • Linux ftp//updates.redhat.com
  • Solaris http//sunsolve.sun.com
  • Tru64 ftp//ftp.service.digital.com

11
Additional Resources
  • Security-related websites
  • http//www.securityfocus.com
  • http//www.securityportal.com
  • http//packetstorm.securify.com
  • Practical UNIX Internet Security
  • http//www.oreilly.com/catalog/puis/
Write a Comment
User Comments (0)
About PowerShow.com