dr. igor santos. what is physical security? attacks and protection techniques at startup file...

Dr. Igor Santos

Security of Information Systems

Physical Security

2

Contents

What is physical security? Attacks and protection techniques at

startup File System encryption Safe Data Removal Electromagnetic leakages

3

PORTADA

What is physical security?

4

Physical Security

DefinitionApply physical barriers and control procedures as preventive measures and countermeasures against threats to resources and sensitive information

5

Physical Security

Physical security includes measures to: Deny access to unauthorized personnel

(attackers or accidental intruders) to buildings, places, resources, or stored information

Assist in the design of structures able to resist potentially hostile acts (natural or deliberate)

6

Physical Security

A good physical security combines the following measures: Passive: designed to stop or delay

intrusions Active: to detect and respond against

intrusions

7

Physical Security- Infrastructures

Infrastructure Protection1. Physical access

Prevention: Security guards, smart cards, biometrics, etc..

Basic rules: close doors, disable networks ...

Detection: alarms, surveillance cameras, CCTV, identification of co-workers, etc..

8


2. Natural disasters / Environment Disturbances

Fires, floods, storms, earthquakes, etc.. Short circuits, extreme temperatures,

electrical noise, moisture, etc.

Eg: Risk -> Fire; Measurements: Sensors Alarms Automatic extinguishing systems ...

9


3. Hostile action / human factors Conflicts, deliberate internal and external

sabotage, etc.. 60-80% of a company attacks caused by

insiders

Shoulder surfing, suplantación de identidad, ingeniería social, etc. People are the weakest link

10

Physical Security - Data

Data protection Data theft/leakage▪ Data Loss

Prevention (DLP)

11

Physical Security - Data

Backups▪ Storing off site (eg safety case)

Non-electronic media▪ Located in restricted places▪ Paper shredders to destroy them if necessary

12

Physical Security

Certifications ISO 27000: http://www.iso27000.es/ BS 7799:

http://www.induction.to/bs7799/

http://www.iso27000.es/

http://www.induction.to/bs7799/

13

PORTADA

Attacks and protection at startup

14


Multiple levels of authentication BIOS > MBR > FS > OS

http://www.karmany.net/index.php/sistema-operativo/31-windows/12-arranque-boot-ordenador



15


BIOS Firmware▪ Locates and prepares the electronic components or

peripherals from one machine to communicate with any OS that govern them

BIOS protection Set boot sequence (Legitimate OS on 1)▪ Avoid OS overload through removable media

(LiveCD) Protect with password▪ Boot Password (Uncomfortable)▪ Password Setup (Essential)

16


Attacks against BIOS There are master passwords▪ Depending on the manufacturer▪ Based on the server ID

Read the default passwords stored in the BIOS▪ CmosPwd

Reset default values▪ Write on the Flash-ROM▪ Jumper on the motherboard▪ Remove battery power

17


Bootloader A program that manages OS startup▪ Allows to choose between different OS

installed Installed in the MBR (Master Boot

Record) Disk sector zero (512 bytes) Stores:▪ PC boot information▪ Partition Table

18


LILO (LInux LOader)▪ Leave only read and write permissions to

the owner (root) of lilo.confchmod 600 /etc/lilo.conf

▪ Add options in lilo.conf to prevent parameters to the charger

time-out=00 restricted

password=WHATEVER

▪ Set file as read-onlychattr +i /etc/lilo.conf

19


GRUB (GRand Unified Bootloader)▪ Password protection (version <= 2.0)▪ A password will be asked when editing an entry▪ Generate md5 from the password

grub-md5-crypt▪ Edit /boot/grub/menu.lst

password --md5$1$qbVqI/$0bD/vLQxVzqEiOev2fFw0

20


Access to single-user-mode Start a multiuser OS in superuser mode Used for maintenance http://orvtech.com/howto/iniciar-modo-sin

gleuse/

Limit access to single-user-mode (Authentication) Edit /etc/inittab~~:S:wait:/sbin/sulogin

Edit /etc/init/rcS.conf:exec /sbin/sulogin

http://orvtech.com/howto/iniciar-modo-singleuse/

http://orvtech.com/howto/iniciar-modo-singleuse/

21


Booting from alternate devices Typically, the OS is responsible that the access

control is installed in a device, which is started by default

Depending on how you configured the BIOS, you can boot another OS (from floppy, cdrom)▪ Live CD

22


LiveCD – KonBOOT Allows to skip the OS authentication

phase Countermeasures▪ Protection in the BIOS (avoidable)

http://www.piotrbania.com/all/kon-boot/

http://www.piotrbania.com/all/kon-boot/

23

PORTADA

File System encryption

24


Several approaches Encrypt files and folders Encrypt a whole partition

Real Partition Use a file to contain a large file system

Encrypt a shared resource by NFS (Network File System) on localhost (CFS Cryptographic File System to TCFS - Transparent Crypto. File System)

25


Encryption mechanisms MS Windows▪ EFS (Encrypting File System -> NTFS

cifrado)▪ Truecrypt

GNU/Linux▪ cryptoloop▪ loop-AES▪ dm-crypt▪ ecryptfs

26

EFS (Encrypting File System)

Transparent Encryption for NTFS 3.0 (or higher)

It can be enabled for files, directories or whole file systems

Encrypt files with symmetric algorithms (DES), but it protects the key (FEK) with RSA

The RSA key is protected by the user password

27

EFS (Encrypting File System)

28

EFS (Encrypting File System) Vulnerabilities

The symmetric key with which the data is encrypted (FEK) is protected by RSA▪ The RSA key is protected by the Windows user

password (logon)▪ If this key (LM / NTLM) is guesses, access is achieved to the RSA key and password and it is possible to access the FEK key, decrypting EFS

EFS uses temporary files with known names to encrypt that are deleted insecurely

DES is used by default, although Windows XP uses AES

29

TrueCrypt

Third-party application to encrypt File containers File systems All the hard disk

Open source: http://www.truecrypt.org

Multi-plataform: Windows, Linux, Mac

http://www.truecrypt.org/

30

TrueCrypt

31

cryptoloop

Loop device with encryption for GNU / Linux1. Load the Modules # modprobe cryptoloop loop

2. Encrypt a volume using AES 1. Create a volume# dd if=/dev/zero of=SecureVolume.img

count=1 bs=1MB2. Associate the volume with a loop device and

encryption module# losetup -e aes /dev/loop0

VolumenSeguro.img

32

cryptoloop

3. Create the filesystem# mkfs.ext4 /dev/loop0

4. Mount the filesystem# mount VolumenSeguro.img -o

loop=/dev/loop0,encryption=AES /mnt/seguro -t ext4

33

loop-aes

Replacement for cryptoloop We need support in the kernel

# apt-get install module-assistant loop-aes-source

# m-a prepare# m-a build loop-aes# apt-get install loop-aes-utils# m-a install loop-aes

34

loop-aes

We create the large container file

# dd if=/dev/urandom of=file bs=1k count=100000

To treat the file as a device, we use the "loop device"# losetup –e AES128 /dev/loop0 file# mkfs.ext2 /dev/loop0# mount –t ext2 /dev/loop0 /mnt# losetup –d /dev/loop0

35

Portada borrado seguro de datos

Safe Data Removal

36

Safe Data Removal

Goal Ensuring that a file in a running system

has been erased and its recovery is (nearly) impossible

¿Nearly? “Secure Deletion of Data from Magnetic

and Solid-State Memory”, by Peter Gutmann from the University of Auckland

http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html



37

Safe Data Removal

Programs based in these idead Wipe Sterilize BCWipe THC removal tools▪ srm▪ sswap▪ sfill▪ smem

38

Safe Data Removal

Common Features They make several remove iterations

over the disk sectors Different Random Number Generators

(RNGs) → / dev / urandom, RC4 ...

39

Safe Data Removal

Wipe & BCWipe Rewrite repeatedly used the blocks

forcing the writing (fsync ()) They use 35 patterns recommended for

that (8 trials) by Peter Gutmann They can delete "file slacks"

40

Safe Data Removal

THC removal toolshttp

://www.thc.org/releases.php?q=delete srm (secure rm): safe removal of files sfill (secure fill): fills the free space in the

disk with random data smem (secure fill): securely overwrites

the RAM sswap (secure swap): securely overwrites

aswap partition

http://www.thc.org/releases.php?q=delete

http://www.thc.org/releases.php?q=delete

41

PORTADA

Electromagnetic leakages

42

Electromagnetic leakages

EMSEC (Emanations Security) Electromagnetic emanations related

with security Codename TEMPEST▪ Cold War (50, 60) ▪ Study and use of unintentional

electromagnetic emissions from electronic equipment to obtain information

43

References

ImagesRTVEMicrosoftTrueCrypthttp://www.flickr.com/photos/andycastro/835453399http://www.flickr.com/photos/ilike/3707503212http://www.flickr.com/photos/roadsidepictures/329603188

http://www.flickr.com/photos/dnax/2176225044http://www.flickr.com/photos/shaylor/13945880

http://www.flickr.com/photos/andycastro/835453399

http://www.flickr.com/photos/ilike/3707503212

http://www.flickr.com/photos/roadsidepictures/329603188

http://www.flickr.com/photos/roadsidepictures/329603188

http://www.flickr.com/photos/dnax/2176225044

http://www.flickr.com/photos/dnax/2176225044

dr. igor santos. what is physical security? attacks and protection techniques at startup file...

Documents

igor santos slide

bios protection

os startup

good physical security

os overload

different os

physical barriers

physical access prevention