COSC 316 COMPUTER HOSTS SECURITY - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

COSC 316 COMPUTER HOSTS SECURITY

Description:

It will detect the local modifications and reapply them each time a new version ... Some upgrades are best performed when the system is singles user mode ... – PowerPoint PPT presentation

Number of Views:25
Avg rating:3.0/5.0
Slides: 13
Provided by: DrRo9
Category:

less

Transcript and Presenter's Notes

Title: COSC 316 COMPUTER HOSTS SECURITY


1
COSC 316 COMPUTER HOSTS SECURITY
  • SOUNDARARAJAN EZEKIEL
  • COMPUTER SCIENCE DEPARTMENT
  • INDIANA UNIVERSITY OF PENNYLVANIA
  • INDIANA, PA 15705

2
Part IV SECURE OPERATIONSChapter 17 KEEPING
UP TO DATE
  • We will talk about
  • Discusses strategies for downloading security
    patches i.e. Software Management system
  • Keeping your OS up to date i.e. updating system
    software

3
Chapter 17 Keeping up to date
  • From the moment a Unix workstation or server is
    connected to the internet, it is open to
    discovery and access by unwanted outsiders
  • Attackers find new internet host with amazing
    speed
  • Computers with DSL or cable internet connections
    are especially targeted by automated attck tools
    because they are usually operated by people with
    little or no security knowledge
  • It is necessary that any Unix system that will
    be on a network be kept up to date with security
    fixes- both before connecting it to the network
    and after

4
Software Management System
  • Software management system is a set of tools and
    procedure for keeping trck of which versions of
    which software you have installed, and whether
    any local changes have been made to the software
    or its configuration files
  • Without this, it is impossible to know whether a
    piece of software need to be updated or what
    local changes have been made and need to be
    preserved after the update
  • It is essential to keep software management
    system up to date for security purpose
  • All of the Unix system provide some form of
    software management

5
Package-Based System
  • A typical package file is a file containing a set
    of executable programs, already complied, along
    with any supporting files such as libraries,
    default configuration files, and documentation.
  • Package contains
  • Version information for the software it contains
  • Information about compatible OD version or
    hardware
  • List of other package that the package require
  • List of other packages with which the package
    conflict
  • List of which included files are configuration
    files
  • Commands to run before, during, or after the
    included files are installed

6
Continue
  • The other important component of a package-based
    system containing information about which
    versions of which packages have been installed
  • It is easy to use- a simple command
  • System administrators can update
  • Solaris 2.x provides the pkgadd, pkgrm,
    pkginfor, showrev, commands for adding, removing,
    and querying packages from the shell and
    admintool for managing software graphically

7
Continue
  • Several Linux distributions have adopted the RPM
    Package manager (RPM) what is RPM means Red
    Hat Package Manager
  • It uses a single command rpm for all of its
    package management system
  • Debian GNU/Linux uses an alternative package
    management system called dpkg
  • The BSD based Unix system focus on sources based
    updates, but also provide a collection of
    precompiled packages that are managed with the
    pkg_add, pkg_delete, and pkg_info commands

8
Source- Based System
  • Source based system focus on helping the system
    administrator maintain an up-to-date copy of the
    OS or application source code, from which new
    executable can be compiled and installed
  • Advantage- It comes with single versions
  • Source code and patches-
  • The simplest approach to source management is to
    keep application source code available on the
    system and recompile it whenever its changed
  • Most Unix system uses /usr/src/ and
    /usr/loacl/src hierarchies to store source code
    to distributed and third party software

9
CVS
  • Another approach to source management is to store
    the source code on a server using a source code
    versioning system as the Concurrent Versions
    Systems and configure the server to allow
    anonymous client connections.
  • An Advantage of CVS is that the system makes it
    easy for sites to maintain their own local
    modifications to an otherwise large and unwieldy
    system
  • It will detect the local modifications and
    reapply them each time a new version of the
    source code is downloaded

10
Updating system Software
  • Inventory your system and keep track of new
    application that you have installed.
  • Learning about patches
  • Every Unix OS and most major application, such as
    web servers, have an associated mailing list for
    announcements of new versions,
  • Several mailing lists collect and distribute
    security alerts for many products
  • Check with your software vendor cd rom comes
    with the software will not have patches
  • Automatic update system compare installed
    packages with the latest version of package
    available

11
Upgrading distributed applications
  • Under package management system, upgrading a
    package is usually a very simple procedure.
  • Sensitive Upgrades
  • Some upgrades are best performed when the system
    is singles user mode
  • Although upgrading an application doesn't
    generally affect running processes, there are
    exceptions.
  • Some programs dynamically load object code while
    running, and upgrading such programs without
    first stopping them can cause problems if the
    older version of the process loads the newer
    version for the dynamic code

12
Conclusion
  • Keeping your Unix system secure is ongoing
    responsibility
  • Different system and vendors have different
    strategies for distributing updates and bug
    fixes.
  • You must find out how this information is
    distributed for your system, and you must keep up
    to date
  • Be sure that you get your updates from reliable
    sources
  • After you have installed your updates, continue
    to monitor mailing lists and web sites to make
    sure that the updates themselves have not been
    compromised- there are growing number of cases
    in which people have installed security updates
    that actually contained vulnerabilities of
    full-blown Trojan horses
  • Vigilance is the only way to protect yourself and
    your computer
Write a Comment
User Comments (0)
About PowerShow.com