Unix Server Security and Auditing - PowerPoint PPT Presentation

1 / 7
About This Presentation
Title:

Unix Server Security and Auditing

Description:

Unix Server Security and Auditing. Security Targets. The key security priciples are ... Runs on several UNIX derivates (AIX, HPUX, IRIX, Linux, NeXT, SunOS, Tru64) ... – PowerPoint PPT presentation

Number of Views:79
Avg rating:3.0/5.0
Slides: 8
Provided by: dirkh5
Category:

less

Transcript and Presenter's Notes

Title: Unix Server Security and Auditing


1
Unix Server Security and Auditing
by linux-doks.de
2
Unix Server Security and Auditing
Security Targets The key security priciples are
  • Freedom from risk or danger, safety.
  • Freedom from doubt, anxiety, or fear confidence.
  • Something that gives or assures safety, as
  • A group or department of private guards Call
    building security if a visitor acts suspicious.
  • Measures adopted by a government to prevent
    espionage, sabotage, or attack.
  • Measures adopted, as by a business or homeowner,
    to prevent a crime such as burglary or assault
    Security was lax at the firm's smaller plant.
  • Measures adopted to prevent escape Security in
    the prison is very tight.
  • Something deposited or given as assurance of the
    fulfillment of an obligation a pledge.
  • One who undertakes to fulfill the obligation of
    another a surety.
  • A document indicating ownership or creditorship
    a stock certificate or bond.

by linux-doks.de
3
Unix Server Security and Auditing
Unix Server Security and Auditing
Definition of Security Se-cu-ri-ty
  • Installed software should not have any known
    high- or medium-risk vulnerabilities
  • Applicable security patches should be applied to
    the software
  • Configuration should not have any known high- or
    medium-risk vulnerabilities
  • Minimise risk of as-yet unknown vulnerabilities,
    only necessary network services should be enabled
  • New vulnerabilities are discovered over time
    therefore this standard must be sufficiently
    dynamic to cover future problems
  • All items in this software standard should be
    verifiable
  • Sometimes it is necessary to deviate from this
    standard. A list of dispensations is included,
    covering items which have been reviewed and
    granted a temporary risk acceptance. Any other
    deviations require an individual risk acceptance
    to be raised.

by linux-doks.de
4
Unix Server Security and Auditing
Security Checks Following possible security
problems are known
  • Running unsecure inet / xinetd services like
    echo, chargen, telnet, rlogin
  • Running not generally provided services like
    vold, cupsd, lpd
  • Portmap including NFS shares (except autofs)?
  • Executable and FS Protection (Limit SUID
    executables, not owned files, world writable
    directories except sticky bit)?
  • Accounts (Password expiring (except batch user),
    not accessed accounts, no passwd)
  • SSH (Disabled root login (except golden host),
    using SSH version2 only)?
  • Network (IP forwarding, Ignoring Broadcast ICMP
    Echo requests, disabled source routing)?
  • Central logging hosts (just implemented with
    Syslog-ng Server)?
  • Up2date of all systems
  • Existing core files
  • Boot loader passwords (grub)?

by linux-doks.de
5
Unix Server Security and Auditing
Host based Security and Auditing Tools Host base
Security and Auditing Tools to be considered
  • Client only system
  • Tripwire (Data integrity checker)?
  • Aide (Data integrity checker)?
  • Logsurfer (Real-time protocol checker)?
  • Logwatch (Protocol analysis tool)?
  • Tiger (Security audit and intrusion detection
    system)?
  • Snare (Process and kernel monitoring)?
  • Server/Client system
  • Samhain/Yule (Security audit and intrusion
    detection system)?

by linux-doks.de
6
Unix Server Security and Auditing
Security and Auditing Tools Requirements
Contemplable Tool TIGER
by linux-doks.de
7
Unix Server Security and Auditing
Overview Tiger
  • Start on every client once per hand (security
    audit) or via cron in calculated time intervals
    (intrusion detection system)?
  • Client only system
  • Runs on several UNIX derivates (AIX, HPUX, IRIX,
    Linux, NeXT, SunOS, Tru64)?
  • Check of diskless clients possible (via check of
    manager system)?
  • About 40 different checks (user, files, services,
    network)?
  • Output optional as text or html
  • Build of own modules possible
  • Separately call of Tripwire and/or Aide

by linux-doks.de
Write a Comment
User Comments (0)
About PowerShow.com