Download - 01 Introduction to Linux Host Security
-
7/29/2019 01 Introduction to Linux Host Security
1/23
IntroductiontoLinuxHostSecurity
-
7/29/2019 01 Introduction to Linux Host Security
2/23
ObjectivesAftercompletingthispresentation,you
shouldbeableto:
DefinetheimportanceofITsecurity
DescribesomecommonthreatstoITsecurity
Defineabasicsecurityarchitecturemodel
Listcommonsecurityservices
ListLinuxmechanismsforhostsecurity Listgeneralguidelinesforsecuritypolicies
-
7/29/2019 01 Introduction to Linux Host Security
3/23
WhyProtectSystems?"Ourlossesfromterrorismcouldbeashigh
as$50million.Ourbiggestriskislosingourcustomers'trust;we'dhavetobeborn
againwithanewnametorecover."
Acommercialbankexecutive
-
7/29/2019 01 Introduction to Linux Host Security
4/23
DefiningSecurityReductionofrisk
Protectionagainstthreats
-
7/29/2019 01 Introduction to Linux Host Security
5/23
IntroductiontoSecurity
Architecture
-
7/29/2019 01 Introduction to Linux Host Security
6/23
SecurityModel
-
7/29/2019 01 Introduction to Linux Host Security
7/23
ISO7498-02SecurityServices Identificationandauthentication
Accesscontrol
Confidentiality
Dataintegrity
Non-repudiation
Securitymanagementincludingaudit
-
7/29/2019 01 Introduction to Linux Host Security
8/23
SecurityManagementCycle
-
7/29/2019 01 Introduction to Linux Host Security
9/23
ImplementingaSecurityPolicy Asasystemsecurityadministratororimplementer
you:
Mustunderstandhowtoevaluateastatementofsecurityrequirements
Haveaprimaryresponsibilityinmanagingtheorganization
Arerequiredto:
Translateinformationusedincreatingthesecuritypolicy
Implementthepolicytoensurefairtreatmenttoeveryuser
Understandgeneralguidelinesforgoalsandpolicies
-
7/29/2019 01 Introduction to Linux Host Security
10/23
SecurityThreatsandBusiness
Risks
-
7/29/2019 01 Introduction to Linux Host Security
11/23
OtherSecurityThreats
-
7/29/2019 01 Introduction to Linux Host Security
12/23
SystemMechanisms(1of2) Hardware
User
Group
Password
Systemresourcemanagement
-
7/29/2019 01 Introduction to Linux Host Security
13/23
SystemMechanisms(2of2) Filemanagement
Logmanagement
Printing
Backupandrestore
Auditing
Systemmonitoring
Problemreporting Intrusiondetection
-
7/29/2019 01 Introduction to Linux Host Security
14/23
LinuxMechanismsServicesandmechanismscoveredinthis
courseinclude:
Useradministration
Configuringaccesscontrol
Monitoringaccesscontrol Systemfileintegrity(includingdevicesand
keymanagementfiles)
Delegationofauthority(sudo) Accountability(auditingmechanisms)
-
7/29/2019 01 Introduction to Linux Host Security
15/23
LinuxSecurityDetails Userauthentication
Loginprocess
Logintracking
Administrativeroleswithsudo
Groups Accesscontrollists
Fileanddirectorypermissions
Security-relatedfiles
Auditing
-
7/29/2019 01 Introduction to Linux Host Security
16/23
StayingCurrentwithSecurity Newsecurityissuesarediscovereddaily.
Ifyoudonotstayup-to-datewithsecurityyouwillbevulnerable.
Whatyoudon'tknowcanhurtyouandyourorganization.
Therearemanysecuritycommunitiesforbothdiscussionand
informationontopicsrangingfromLinux-specificsecuritytomore
generalUNIXsecuritytoOSindependentsecuritytopics.
Mailingliststendtobebestforactivediscussion. Websitesarebetterfordocumentationandinformation.
Knowyourvulnerabilities;thosewhowouldwanttocompromise
yoursystemcertainlywill.
Constanteducationissimplypartofthejobofmaintainingan
effectivesecuritypolicy.
-
7/29/2019 01 Introduction to Linux Host Security
17/23
LinuxSecurityWebSites http://www.cert.org/
http://www.securityfocus.com/
http://www.linuxsecurity.com/
http://lsap.org/
http://www.faqs.org/faqs/computer-security/
-
7/29/2019 01 Introduction to Linux Host Security
18/23
LinuxSecurityMailingLists http://online.securityfocus.com/archive
http://www.redhat.com/mailing-lists/linux-security/
http://www.suse.com/us/support/mailinglists/
http://lists.insecure.org/ http://www.linuxsecurity.com/general/mailing
lists.html
-
7/29/2019 01 Introduction to Linux Host Security
19/23
OtherSourcesofInformation USENETnewsgroups:
comp.os.linux.security
comp.os.unix.security
LocalLinuxusergroupdirectories
http://www.linux.org/groups/ http://www.redhat.com/apps/community/LUG/
http://lugww.counter.li.org/
-
7/29/2019 01 Introduction to Linux Host Security
20/23
WhatYouWillLearnAmongthevariousmechanismsandfacilitiesprovidedby
Linux,wewillcoverthefollowingtopics:
InstallingLinux IdentificationandAuthentication
AccessControlandAuthorization
Availability SystemIntegrity
Auditing
IntrusionManagement
ApplicationSecurity
-
7/29/2019 01 Introduction to Linux Host Security
21/23
WhatComesNext? TCP/IPnetworksecurity
Networkservices:
Secureshellandsecurecopy
Socksproxy
Standardproxies
DNS
E-mail
VPN
Firewalls
Networkaddresstranslation
-
7/29/2019 01 Introduction to Linux Host Security
22/23
Checkpoint1. Whataresomeofthepossiblelossesduetoa
compromisedsystem?
2. Whatarethefivemainstepsinthesecuritymanagementcycle?
3. Whatwouldyouusetoallowatrustedusertoperformsomespecificsystemmaintenanceonaregularbasis,insteadofgivingouttheroot
password?4. Whataresomeofthepossiblethreatstosystem
security?
5. Onceintrudershaveinfiltratedasystem,theymay
installaprogramthatallowsthemtogainrootprivilegesinasystem.What isthistypeofprogramcalled?
-
7/29/2019 01 Introduction to Linux Host Security
23/23
UnitSummaryHavingcompletedthisunit,youshould
understand:
Theimportanceofsecuritytoyourorganization
Thetypesofthreatstolookoutfor Somebasicsecurityconceptsandideas
ThemajorsecurityfeaturesofLinux