File System Security

1
File System Security

• Robert Bobby Roy
• And
• Chris Sparky Arnold

2
Overview

• What we are going to cover
• Brief History
• File Systems
• General Security Practices
• Specific Practices for File Systems

3
What is File System Security?

• File system security the policies and procedures
  for ensuring the protection of ones files and
  file systems.

4
History of File System Security

• Roots
• Sensitive information was originally kept in file
  cabinets and other such physical barriers.
• Effective at keeping files from those who were
  not allowed to access them.

5
History of File System Security

• Relevance
• Transition from analog to digital file systems.
• Ideas put forth in the analog age of file systems
  are still relevant in digital security.
• Barriers
• Locks (Passwords)
• Authorities (Administrators)

6
History of File System Security

• Networking
• File system security became more important to
  digital systems as they became networked
  together.
• Access to systems and also the files within the
  systems.

7
Types of File Systems

• Disk
• Database
• Network
• Transactional/Special

8
Types of File Systems

• Disk
• A system for organizing and storing files on a
  physical drive.
• Hard Drive, Removable Storage, etc.
• Does not have to be directly connected to the
  computer.
• Many Different types
• Windows NTFS, FAT32 (Primitive)
• Linux ext, ext2, ext3, ext3cow, ext4

9
Types of File Systems

• Database
• Newer concept of managing files.
• Instead of hierarchy or structure, files are
  sorted by characteristics, type, or other such
  metadata.

An example of a characteristic is Eye Color ?
10
Types of File Systems

• Network
• Protocol for remote access on a server
• Common types NFS, SMB, AFP, 9P
• Similar (Structurally) FTP, WebDAV

11
Types of File Systems

• Transactional/Special
• Transactional
• Logs events, transactions, or changes
• Groups related changes
• Used often in banking software
• Special
• Not Disk or Network
• Includes systems where files are arranged
  dynamically by software
• Used for temporary storage

12
General Security Practices

• Entity Authentication
• Properties of an entity (what it has, is, etc.)
• Usernames Passwords
• Password defenses
• Checkers, generators, aging, limiting logins
• Protecting password file
• Cryptography
• Encryption algorithms
• Securing data transactions

13
Access Control

• Access control refers to how subjects may
  manipulate objects
• Halts users from accessing restricted files
• It determines what privileges (if any) a user has
  over a particular object
• Observe
• Alter

14
Access Control Windows NT

• Types of permissions
• Read
• Write
• Execute
• Changing of ownership
• Changing permissions
• Delete

15
Access Control UNIX

• Types
• Read
• Write
• Execute
• For files and directories, respectively
• View contents, view contents
• Append, rename/create
• Run, search within

With 777 you have permission to access this bread.
16
Security Models

• Types of security models
• Bell-LaPadula (BLP)
• Clark-Wilson
• Biba
• Harrison-Ruzzo-Ullman (HRU)

17
Types of File System Security

• In
• Disk File Systems
• Database File Systems
• Network File Systems

18
Disk File System Security

• Tactics
• Encryption
• Access Control
• Passwords
• Permissions

By denying access by some users to certain files,
you can protect the files data and integrity.
19
Disk File System Security

• Workarounds
• Encryption
• Stealing secret keys
• Breaking secret keys
• Access Control
• Interception of password
• Social engineering
• Brute force attacks on passwords

20
Disk File System Security

• Prevention
• Encryption
• More powerful ciphers
• Regular changing of encryption scheme
• Access Control
• Password defenses
• checkers
• generators
• aging
• limiting logins
• Employ awareness of social engineering
  vulnerabilities

21
Database File System Security Apache

• Permissions
• Restrict access to upper level files
• SSI (Server Side Includes)
• These extra features can create weakness within a
  database
• Protect system settings within config files

22
Database File System Security Oracle

• Virtual Private Database
• customizable, policy-based access control down to
  the row level
• Data Encryption
• Protects data, even in media theft
• Enterprise User Security
• Centralized security management
• Secure Application Roles
• Powerful way of setting access control
• Enterprise Manager Grid Control
• Tools for setting configurations

23
Database File System Security MySQL

• Take the time to audit SQL logins for null or
  weak passwords
• Frequently check group and role memberships
• Physically secure the SQL Server
• Enable logging of all user login events
• Disable SQL Mail capability unless absolutely
  necessary
• Remove the Guest user from databases to keep
  unauthorized users out
• Secure the sa account with a strong password
• Choose only the network libraries you absolutely
  require

24
Network File System Security

• Entity authentication
• Firewall
• Intrusion Prevention System (IPS)
• Honeypots
• Decoy server containing fake, desirable
  information which is easily accessible used to
  lure away attackers and record their activity

25
Summary

• We covered the history of file system security,
  basic theory, types of file systems, security for
  those systems, and potential threats.
• ?
• Well science shows that general policies, such as
  access control, password protection, permissions,
  encryption, and roles can significantly improve
  security on any kind of file system.

26

QUESTIONS?!1?!1?!?!?!!!!ONE
27
Chris uses Windows XP Media Center Edition 2005
sp2
Bobby uses the Ubuntu release Edgy