dr. igor santos. what is physical security? attacks and protection techniques at startup file...
TRANSCRIPT
Dr. Igor Santos
Security of Information Systems
Physical Security
2
Contents
What is physical security? Attacks and protection techniques at
startup File System encryption Safe Data Removal Electromagnetic leakages
3
PORTADA
What is physical security?
4
Physical Security
DefinitionApply physical barriers and control procedures as preventive measures and countermeasures against threats to resources and sensitive information
5
Physical Security
Physical security includes measures to: Deny access to unauthorized personnel
(attackers or accidental intruders) to buildings, places, resources, or stored information
Assist in the design of structures able to resist potentially hostile acts (natural or deliberate)
6
Physical Security
A good physical security combines the following measures: Passive: designed to stop or delay
intrusions Active: to detect and respond against
intrusions
7
Physical Security- Infrastructures
Infrastructure Protection1. Physical access
Prevention: Security guards, smart cards, biometrics, etc..
Basic rules: close doors, disable networks ...
Detection: alarms, surveillance cameras, CCTV, identification of co-workers, etc..
8
Physical Security- Infrastructures
2. Natural disasters / Environment Disturbances
Fires, floods, storms, earthquakes, etc.. Short circuits, extreme temperatures,
electrical noise, moisture, etc.
Eg: Risk -> Fire; Measurements: Sensors Alarms Automatic extinguishing systems ...
9
Physical Security- Infrastructures
3. Hostile action / human factors Conflicts, deliberate internal and external
sabotage, etc.. 60-80% of a company attacks caused by
insiders
Shoulder surfing, suplantación de identidad, ingeniería social, etc. People are the weakest link
10
Physical Security - Data
Data protection Data theft/leakage▪ Data Loss
Prevention (DLP)
11
Physical Security - Data
Backups▪ Storing off site (eg safety case)
Non-electronic media▪ Located in restricted places▪ Paper shredders to destroy them if necessary
12
Physical Security
Certifications ISO 27000: http://www.iso27000.es/ BS 7799:
http://www.induction.to/bs7799/
13
PORTADA
Attacks and protection at startup
14
Attacks and protection at startup
Multiple levels of authentication BIOS > MBR > FS > OS
http://www.karmany.net/index.php/sistema-operativo/31-windows/12-arranque-boot-ordenador
15
Attacks and protection at startup
BIOS Firmware▪ Locates and prepares the electronic components or
peripherals from one machine to communicate with any OS that govern them
BIOS protection Set boot sequence (Legitimate OS on 1)▪ Avoid OS overload through removable media
(LiveCD) Protect with password▪ Boot Password (Uncomfortable)▪ Password Setup (Essential)
16
Attacks and protection at startup
Attacks against BIOS There are master passwords▪ Depending on the manufacturer▪ Based on the server ID
Read the default passwords stored in the BIOS▪ CmosPwd
Reset default values▪ Write on the Flash-ROM▪ Jumper on the motherboard▪ Remove battery power
17
Attacks and protection at startup
Bootloader A program that manages OS startup▪ Allows to choose between different OS
installed Installed in the MBR (Master Boot
Record) Disk sector zero (512 bytes) Stores:▪ PC boot information▪ Partition Table
18
Attacks and protection at startup
LILO (LInux LOader)▪ Leave only read and write permissions to
the owner (root) of lilo.confchmod 600 /etc/lilo.conf
▪ Add options in lilo.conf to prevent parameters to the charger
time-out=00 restricted
password=WHATEVER
▪ Set file as read-onlychattr +i /etc/lilo.conf
19
Attacks and protection at startup
GRUB (GRand Unified Bootloader)▪ Password protection (version <= 2.0)▪ A password will be asked when editing an entry▪ Generate md5 from the password
grub-md5-crypt▪ Edit /boot/grub/menu.lst
password --md5$1$qbVqI/$0bD/vLQxVzqEiOev2fFw0
20
Attacks and protection at startup
Access to single-user-mode Start a multiuser OS in superuser mode Used for maintenance http://orvtech.com/howto/iniciar-modo-sin
gleuse/
Limit access to single-user-mode (Authentication) Edit /etc/inittab~~:S:wait:/sbin/sulogin
Edit /etc/init/rcS.conf:exec /sbin/sulogin
21
Attacks and protection at startup
Booting from alternate devices Typically, the OS is responsible that the access
control is installed in a device, which is started by default
Depending on how you configured the BIOS, you can boot another OS (from floppy, cdrom)▪ Live CD
22
Attacks and protection at startup
LiveCD – KonBOOT Allows to skip the OS authentication
phase Countermeasures▪ Protection in the BIOS (avoidable)
http://www.piotrbania.com/all/kon-boot/
23
PORTADA
File System encryption
24
File System encryption
Several approaches Encrypt files and folders Encrypt a whole partition
Real Partition Use a file to contain a large file system
Encrypt a shared resource by NFS (Network File System) on localhost (CFS Cryptographic File System to TCFS - Transparent Crypto. File System)
25
File System encryption
Encryption mechanisms MS Windows▪ EFS (Encrypting File System -> NTFS
cifrado)▪ Truecrypt
GNU/Linux▪ cryptoloop▪ loop-AES▪ dm-crypt▪ ecryptfs
26
EFS (Encrypting File System)
Transparent Encryption for NTFS 3.0 (or higher)
It can be enabled for files, directories or whole file systems
Encrypt files with symmetric algorithms (DES), but it protects the key (FEK) with RSA
The RSA key is protected by the user password
27
EFS (Encrypting File System)
28
EFS (Encrypting File System) Vulnerabilities
The symmetric key with which the data is encrypted (FEK) is protected by RSA▪ The RSA key is protected by the Windows user
password (logon)▪ If this key (LM / NTLM) is guesses, access is achieved to the RSA key and password and it is possible to access the FEK key, decrypting EFS
EFS uses temporary files with known names to encrypt that are deleted insecurely
DES is used by default, although Windows XP uses AES
29
TrueCrypt
Third-party application to encrypt File containers File systems All the hard disk
Open source: http://www.truecrypt.org
Multi-plataform: Windows, Linux, Mac
30
TrueCrypt
31
cryptoloop
Loop device with encryption for GNU / Linux1. Load the Modules # modprobe cryptoloop loop
2. Encrypt a volume using AES 1. Create a volume# dd if=/dev/zero of=SecureVolume.img
count=1 bs=1MB2. Associate the volume with a loop device and
encryption module# losetup -e aes /dev/loop0
VolumenSeguro.img
32
cryptoloop
3. Create the filesystem# mkfs.ext4 /dev/loop0
4. Mount the filesystem# mount VolumenSeguro.img -o
loop=/dev/loop0,encryption=AES /mnt/seguro -t ext4
33
loop-aes
Replacement for cryptoloop We need support in the kernel
# apt-get install module-assistant loop-aes-source
# m-a prepare# m-a build loop-aes# apt-get install loop-aes-utils# m-a install loop-aes
34
loop-aes
We create the large container file
# dd if=/dev/urandom of=file bs=1k count=100000
To treat the file as a device, we use the "loop device"# losetup –e AES128 /dev/loop0 file# mkfs.ext2 /dev/loop0# mount –t ext2 /dev/loop0 /mnt# losetup –d /dev/loop0
35
Portada borrado seguro de datos
Safe Data Removal
36
Safe Data Removal
Goal Ensuring that a file in a running system
has been erased and its recovery is (nearly) impossible
¿Nearly? “Secure Deletion of Data from Magnetic
and Solid-State Memory”, by Peter Gutmann from the University of Auckland
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
37
Safe Data Removal
Programs based in these idead Wipe Sterilize BCWipe THC removal tools▪ srm▪ sswap▪ sfill▪ smem
38
Safe Data Removal
Common Features They make several remove iterations
over the disk sectors Different Random Number Generators
(RNGs) → / dev / urandom, RC4 ...
39
Safe Data Removal
Wipe & BCWipe Rewrite repeatedly used the blocks
forcing the writing (fsync ()) They use 35 patterns recommended for
that (8 trials) by Peter Gutmann They can delete "file slacks"
40
Safe Data Removal
THC removal toolshttp
://www.thc.org/releases.php?q=delete srm (secure rm): safe removal of files sfill (secure fill): fills the free space in the
disk with random data smem (secure fill): securely overwrites
the RAM sswap (secure swap): securely overwrites
aswap partition
41
PORTADA
Electromagnetic leakages
42
Electromagnetic leakages
EMSEC (Emanations Security) Electromagnetic emanations related
with security Codename TEMPEST▪ Cold War (50, 60) ▪ Study and use of unintentional
electromagnetic emissions from electronic equipment to obtain information
43
References
ImagesRTVEMicrosoftTrueCrypthttp://www.flickr.com/photos/andycastro/835453399http://www.flickr.com/photos/ilike/3707503212http://www.flickr.com/photos/roadsidepictures/329603188
http://www.flickr.com/photos/dnax/2176225044http://www.flickr.com/photos/shaylor/13945880