copyright © 2002 prosofttraining. all rights reserved. operating system security
TRANSCRIPT
Copyright © 2002 ProsoftTraining. All rights reserved.
Operating SystemSecurity
Copyright © 2002 ProsoftTraining. All rights reserved.
Lesson 1:Security Principles
Objectives
• Explain the need for security in Linux and Windows 2000 environments
• Describe industry evaluation criteria used for security
• Identify the guidelines for determining the three general security levels
• Discuss the security mechanisms used to implement security systems
Objectives (cont’d)
• Identify the different areas of security management
• Describe Windows 2000 and Linux “out-of-the-box” security measures
• Implement tools to evaluate key security parameters in Windows 2000 and Linux
• Describe security components in the Windows 2000 security architecture
Security Services
• Authentication• Access control• Data confidentiality• Data integrity• Nonrepudiation
Evaluation Criteria
• European Information Technology Security Evaluation Criteria document BS 7799
• Trusted Computer Systems Evaluation Criteria• Common Criteria
Security Levels
• Low• Medium• High
Security Mechanisms
• Specific– Encipherment– Digital signature– Access control– Data integrity– Authentication– Traffic padding
• Wide– Trusted
functionality– Security labels– Audit trails– Security recovery
Windows 2000 Security
• Exploits• Windows 2000 registry
Windows 2000Security Architecture
• Windows 2000 security components– C2 certification
• Windows 2000 objects• Security components
– SIDs– Access tokens– Security descriptors– Access control lists and entities
• Security subsystem
Linux Security
• Configuration problems– Misconfigured authentication settings– Unnecessary services– Default account policies– Non-root user access to sensitive
commands
PluggableAuthentication Modules
• Editing PAM files• PAM directories• PAM entry format• Telnet access and the root account
Summary
Explain the need for security in Linux and Windows 2000 environments
Describe industry evaluation criteria used for security
Identify the guidelines for determining the three general security levels
Discuss the security mechanisms used to implement security systems
Summary (cont’d)
Identify the different areas of security management
Describe Windows 2000 and Linux “out-of-the-box” security measures
Implement tools to evaluate key security parameters in Windows 2000 and Linux
Describe security components in the Windows 2000 security architecture
Copyright © 2002 ProsoftTraining. All rights reserved.
Lesson 2:Account Security
Objectives
• Describe the relationship between account security and passwords
• Explain techniques for securing accounts in Windows 2000 and Linux
• Prune users, detect account changes, rename default accounts, and implement password policies in Windows 2000 and Linux
Objectives (cont’d)
• Identify Linux commands for password aging and explain how to log unsuccessful logon attempts
• Explain Linux security threats, restrict account access, and monitor accounts
Passwords
• Windows 2000 and strong passwords– Enforcing strong passwords– Dictionary attacks
• Linux and strong passwords– Shadow passwords– The root account
VerifyingSystem State
• Cross-referencing information on non-domain controllers
• Built-in and external tools• Renaming default accounts• Windows 2000 account policies• Password lockout
PasswordAging in Linux
• Linux command options• Timing out users• Monitoring accounts• System-wide event logging facility
Summary
Describe the relationship between account security and passwords
Explain techniques for securing accounts in Windows 2000 and Linux
Prune users, detect account changes, rename default accounts, and implement password policies in Windows 2000 and Linux
Summary (cont’d)
Identify Linux commands for password aging and explain how to log unsuccessful logon attempts
Explain Linux security threats, restrict account access, and monitor accounts
Copyright © 2002 ProsoftTraining. All rights reserved.
Lesson 3:File System
Security
Objectives
• Identify the Windows 2000 file-level permissions
• Assign NTFS permissions• Explain the importance of drive partitioning
and how it relates to security• Describe how copying and moving a file affect
file security• Identify remote file access control
permissions
Objectives (cont’d)
• Describe Linux file system security concepts• Explain the function of the umask command• Discuss the purpose of setuid, setgid, and
sticky bits
Windows 2000File System Security
• File-level permissions• Standard 2000 permissions• Drive partitioning• Copying and moving files
Remote File Access Control
• Remote access permissions– Full Control– Modify– Read & Execute– No Access
• Share permissions
Linux File System Security
• Files• File information• Permissions• The umask command• The chmod command• UIDs and GIDs• The set bits: setuid, setgid and sticky bits
Summary
Identify the Windows 2000 file-level permissions
Assign NTFS permissions Explain the importance of drive partitioning
and how it relates to security Describe how copying and moving a file affect
file security Identify remote file access control
permissions
Summary (cont’d)
Describe Linux file system security concepts Explain the function of the umask command Discuss the purpose of setuid, setgid, and
sticky bits
Copyright © 2002 ProsoftTraining. All rights reserved.
Lesson 4:Assessing Risk
Objectives
• Identify general and specific operating system attacks
• Describe a keylogger program’s function• Change Windows 2000 system defaults• Scan a system to determine security risks• Explain Linux security concerns
Security Threats
• Accidental threats• Intentional threats
– Passive threats– Active threats
Types of Attacks
• Spoofing/masquerade• Replay• Denial of service• Insider• Trapdoor• Trojan horses
Windows 2000Security Risks
• Default directories• Default accounts• Default shares and services
General UNIX Security Vulnerabilities
• Viruses• Buffer overflows
Keyloggers
• Invisible KeyLogger Stealth and Windows 2000
• Keylogging and securing the Linux search path
• Protecting yourself against keyloggers
SystemPort Scanning
• Advanced security scanners– WebTrends Security Analyzer
UNIXSecurity Risks
• The rlogin command– Interactive sessions: Telnet vs. rlogin
• Network Information System (NIS)• Network File System (NFS)
NISSecurity Concerns
• NIS security problems– No authentication requirements– Contacting server by broadcast– Plain-text distribution– Encryption and authentication– Portmapper processes and TCPWrappers– The securenets file
• NIS+
NFSSecurity Concerns
• Users, groups and NFS• Secure RPC• NFS security summary
Summary
Identify general and specific operating system attacks
Describe a keylogger program’s function Change Windows 2000 system defaults Scan a system to determine security risks Explain Linux security concerns
Copyright © 2002 ProsoftTraining. All rights reserved.
Lesson 5:Reducing Risk
Objectives
• Explain the purpose and importance of system patches and fixes, and apply system patches
• Modify the Windows 2000 Registry for security• Lock down and remove services for effective
security in Windows 2000 and Linux
Patches and Fixes
• Microsoft service packs• Red Hat Linux errata
Windows 2000Registry Security
• Registry structure– Subtrees and their uses
• Auditing the registry• Setting registry permissions
Disabling and Removing Services in Windows 2000
• Securing network connectivity• Server Message Block• Miscellaneous configuration changes
Disabling and Removing Services in UNIX
• Bastille– The tarball format– Downloading and installing Bastille– Running Bastille in text mode
Summary
Explain the purpose and importance of system patches and fixes, and apply system patches
Modify the Windows 2000 Registry for security Lock down and remove services for effective
security in Windows 2000 and Linux
Operating System Security
Security Principles Account Security File System Security Assessing Risk Reducing Risk