• No results found

Unix Network Security

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Unix Network Security"

Copied!
13
0
0

Loading.... (view fulltext now)

Download now ( 13 Page )

Full text

(1)

UnixNetworkSecuirty-05-2004-CIT-ACDS

////

Unix Network Security

Mehmet Balman

////

Introduction

A machine connected to phone lines or local network has the potential for intruders. Therefore security aspect of every system must always be kept in mind. Since internet grows rapidly, network services gain more importance in terms of operational and business requirements. This makes security concept one of the key points for the quality and availability of the running service. Basic idea behind secure environments is to decrease the probability for being compromised and analyze the risk of vulnerabilities.

This paper presents a brief survey about the security concept in host and network environment according to philosophy behind Unix. Instead of working about the details, we will discuss the general concepts, guidelines to implement basic structure. We will present an implementation as the example in practice.

In the first chapter basic concepts about Information security will be explained for motivation and introduction. Next chapter is about properties of Unix systems. Third chapter will provide an architectural view of the overall concepts and introduce idea behind Unix Network Security. Fourth chapter will guide through Unix security concepts. Last chapter is a special example for Solaris implementation.

Security Essentials

Security is a very general terminology in computer science environment. Since electronic communication and electronic data has an essential importance in all aspects of business and personal process, leaking information may produce harmful damages for different situation. However, securing information will bring difficult tasks and policies which are hard to apply and most probably will affect service given. Thus, security concept must be investigated in such a policy plan which first analyze risks and then reorganize the structure and implementation to improve quality and decrease probability of unexpected conditions. Moreover, security service can not be abandoned in today’s environment in which Internet is growing and network is being the basic resource of information industry.

“Broadly speaking, security is keeping anyone from doing things you do not want them to do to, with, or from your computers or any peripherals”

(2)

Information security deals with three major concepts; confidentiality, integrity, availability.

Information Security Classification: • Confidentiality

Prevention of unauthorized disclosure of information.

• Integrity

Prevention of unauthorized modifications of information.

• Availability

Prevention of unauthorized withholding of information or resources Confidentiality is keeping your data or communication secret to others. Only authorized person should be able to access the information. Integrity is being sure that information has not been changed while processing or communicating. Availability is obtaining resources only to authorized clients.

Confidentiality, availability and integrity are the basic term and point to different types of problems technically. They should be analyzed separately for services and systems to provide a composite security mechanism. Confidentiality is the problem that someone obtained the data that must be confidential. If this data is changed or manipulated, it is about integrity.

For a secure network or secure system, security services should be applied and possible cases must be investigated in terms of confidentiality, availability and integrity

Security services can be defined as methodologies and processes which are needed to enhance system in terms of confidentiality, availability and integrity.

“A service that enhances the security of the data processing systems and the information transfers of an organization. The service counters security attacks and makes use of one or more security mechanisms to provide the service.”

-William Stallings

Security Service Classification:

Confidentiality

Restricts information access to authorized parties.

Authentication

Identification of the user/service/system/etc. • Integrity

Restricts alterations to authorized parties.

Nonrepudiation

Yes you did send it or yes you did read it.

Access Control

Restricts access to resources to authorized parties. • Availability

(3)

Security services are implemented for possible attacks which are interruption, interception, modification and fabrication. Each attack class should be prevented with a counter service implementation.

Security Attack Classification:

Interruption Attack on Availability •Interception Attack on Confidentiality •Modification Attack on Integrity •Fabrication Attack on Authentication

Unix Operating System

Unix Operating System is an environment which is widely used in different vendor products. It is an approved OS in terms of performance, utilization and also security. In Internet environment Unix machines are mostly used and it has started to be standard as an Operating System and dominant over other systems. Some derivates are Red Hat Linux, Suse Linux, SUN Solaris, IBM AIX, MAC OS X, Debian Linux, FreeBSD, OpenBSD, etc.

System has a modular structure in which resources such as memory, CPU and IO are treated in different layers. This behavior makes Unix more flexible for increasing necessities of Information Technology.

Os layers: • user programs • Input/output management • Operator-process communication • Memory management • CPU scheduling • Hardware

Unix Operating System is designed according to security concepts to provide better qualitative service. It is a multithreaded, time-sharing environment which is very portable for development and enhancements.

Some properties of basic Unix environments are the followings: •Designed to be a time-sharing system.

•Has a simple standard user interface (shell) that can be replaced. •File system with multilevel tree-structured directories.

(4)

•High priority given to making system interactive and providing facilities for program development

Most of the security attacks are initiated from forgotten simple administrative or implementation defects. Main intuition while administrating a Unix system is to start from a higher level strong design and not to skip any case. Most of the security attacks are formed due to simple unimportant defects that seem insignificant; even there exists strong security services.

Architectural Overview

Unix Network security model is based on Internet connectivity and firewall model. Layers of firewalls also determine the layers of vulnerability. In order to understand the concept and start with healthy and working strategy, architectural overview of Unix Network system in terms of security will be introduced.

General statements which apply to all network systems are risk, vulnerability, and threat. Analyzes of those statements should be done completely according to the necessities of the network and system.

• Risk

• Vulnerability • Treat

Risk

Risk is possibility of successful attack. An intruder may gain access in your local network and work on your system to read confidential data, manipulate or destroy information, or deny your running services.

• Read Access. Read or copy information from your network.

• Write Access. Write to or destroy data on your network (including planting trojan horses, viruses, and back-doors).

• Denial of Service. Deny normal use of your network resources by consuming all of your bandwidth, CPU, or memory.

Vulnerability

(5)

Treat

Treat is the intruder who attempt to gain unauthorized access. However, value of your data and training of your trusted users will affect the vulnerability to treats. Motivation and Trust are two common factors.

• Motivation • Trust

Motivation is the usability of your data or how useful if your network is destroyed. Trust factor depends on how well you can trust to your users. Moreover, understanding and training of trusted users about feasible or approvable actions influences vulnerability. Therefore, while preparing a security implementation both motivation of intruders and effect of trusted users must be kept in mind.

Unix Network Security Architecture can be organized within seven different layers:

Security Layers:

Layer Name Functional Description

LAYER 7 POLICY POLICY DEFINITION AND DIRECTIVES LAYER 6 PERSONNEL PEOPLE WHO USE EQUIPMENT AND DATA

LAYER 5 LAN COMPUTER EQUIPMENT AND DATA ASSETS

LAYER 4 INTERNAL-DEMARK CONCENTRATOR - INTERNAL CONNECT LAYER 3 GATEWAY FUNCTIONS FOR OSI 7, 6, 5, 4

LAYER 2 PACKET-FILTER FUNCTIONS FOR OSI 3, 2, 1

LAYER 1 EXTERNAL-DEMARK PUBLIC ACCESS - EXTERNAL CONNECT

Policy

Policy is the high level definition of acceptable risk down to the low level directives of what and how to implement equipment and procedures at the lower layers. It is the most important part of the concept. Without a complete and effective policy, security services can not be accomplished.

After analyzing risk, vulnerability and treat, policy which is usually a living and updating documentation is produced according to the service requirements of the organization. It is not a detailed implementation plan; a well defined policy only captures overall structure which will be utilized in the lower layers.

Personal

(6)

LAN

LAN in security layer defines equipments, data assets and some of the monitors and control procedures. It is the local network which is maintained automatically with electronically equipments.

Internal Demark

It is the connection between local LAN and firewall to provide a buffer zone between LAN and WAN. It is the second protection level in the local area after the external firewall. DMZ can be given as an example for this layer.

Gateway

Gateway defines transparent firewall service to all WAN services. It monitors and controls OSI Network layer functions. It is basically transparent to users and applications. Firewall services, proxies and NAT are in this layer. Properties of the packets are examined and controlled for the security policy.

Filter

It is the connection between firewall and WAN to separate LAN from WAN connectivity. Basic Firewall filtering for network protocol is applied.

External Demark

Lowest layer is the connection to an external device, that we do not have direct control such as telephone circuit, external data line, etc.

(7)

Unix Security Basics

Security policy is the base stone of such security programs. It is the living documentation about events and guidelines. Since all other implementation depends on this upper layer, preparing a policy document and updating security plan is the most crucial point.

Policy should not cover all lower layer details. Simple and general plan is preferable for better quality.

Security Policy

• living documentation indicating events and guiding actions • higher level view of authorized response

Unix Network security plan can be categorized in five concepts. First one is preventing security holes or closing possible services in terms of vulnerability and risk analyzes. Other aspects include detecting, testing, logging and recovering which are the actions in case of an attack event.

Categories:

Locking Down - prevent intruders from being able to get into your

systems.

Logging - clues as to what's going on in your system

Detecting – automatically alert you about changes in the system

Testing - check the external security of the machines

Recovering - recover in-place a compromised system.

Preventing intruders from being able to get into the system includes securing network, turning of unnecessary services, securing running services, providing a secure access, securing Unix network and filesystem.

Overall network structure should be designed according to the risk of the system. Firewall definitions and secure network zones must be provided for critical system. Moreover, a separate network from others where treats are possible is always suitable for monitoring and administrative tasks.

Secure network

• Separation of private and public network

• Filtering and controlling protocols between network

(8)

Turn off unnecessary services • inittab

• inetd • rc.*

Application in the system must be secure; they must also be configured within the overall security and network architecture. Securing the communication, applying password policies, and checking for vulnerability updates are some tasks as a checklist.

Secure running services

• Add cryptographic capabilities to needed services (i.e. SSL to web servers, encryption to databases).

• Use latest versions (especially for larger services like sendmail, bind, or apache)

•Change any default passwords used to manage services (databases, etc) • Make services are running with the least authority (non-root user)

Communication must be encrypted for confidentiality and integrity. Managing internet services and restricting, controlling remote access is required. Also there must be a password policy for pushing users to apply policy and programs.

Secure access

• SSH (OpenSSH)

• tcpwrapper (/etc/hosts.allow /etc/hosts.deny) • use shadow passwords

• user password management, policy for passwords • limit superuser access

• limit physical access

Network services specific to Unix system such as NIS and NFS may lead to security holes, they need special importance.

Secure Unix network

•verify NFS access

• verify NIS maps are only root writable • restrict r commands (rsh, rexec, etc.)

(9)

Secure UNIX filesystem

• verify all programs and shells scripts with SUID and SGID • verify appropriate filesystem permissions

• verify system backups and restore procedures

Logging

System logs provide invaluable information about services and overall system. Centralizing log management also enhances the system security. Some issues about logging are cited related to processing and managing log files.

•syslogd

increase log level, log to separate filesystem •tcpwrappers

inetd registered services to allow, deny and log each connection • smtp, httpd, ftp logs

• automated analysis of logs • automated log rotation • process accounting

Moreover, critical systems utilize some software packages to log incoming TCP packages, detect port scans and action according to the behavior of possible intruders.

Software tool:

PortSentry: detect port scan and update /etc/hosts.deny Perro : logging incoming IP/TCP, IP/UDP, IP/ICMP packets

Detecting

Automatically alert changes in the system will enable administrative people to control and protect system. An attacker is able to change all system commands and hide processes and connection in which administrator will be unable to understand that system is broken. There are rootshell toolkits to detect such kind of manipulations. Preferred option is to checksum all critical applications and packages and watch for changes in the files to understand about any kind of hacking probability with root-kits.

• rootshell detects root-kits

(10)

• ifstatus : check NIC’s for promiscuous mode • lsof : list open files for running processes • tcpdump: network packet analysis

• Tripwire : detect file replacement

• lpchk, rpm: detect changes in installed packages

Testing

Testing resistance of your system must be done before any intruders makes successfully and get into the systems. Security concept is getting importance and new and intelligent testing and checking applications are being utilized in the market. Some known programs are listed for testing basic problems that may be forgotten by mistake.

• secure-sun-check - checks for common SunOS security configuration problems

• SecureScan - checks for IRIX security problems

• pmap_tools - tool suite to check for portmap, rpc, rpcbind vulnerabilities • nmap - multi-level security scanner

• ISS - multi-level security scanner • Fremont - a network discovery tool

Case Study: Hardening Solaris

SUN Solaris is one of known Operating System which has a wide range of service implementation in industry. First of all installation of the new machine must be done within the care of security constraints. Installing the minimal software is always a better since most of the development and desktop tools have defects. Since every package has a potential for a treat, installing only required packages and discarding unnecessary applications is the advised strategy.

Partition structure is defined in the installation and it is important to have a separate /var partition where log files will reside. In order to eliminate a denial of service attack in which too many log messages fill up the partition space, especially root partition should not be designed to contain any increasing log files.

(11)

Installation:

• Load the minimum installation

• The less software that resides on the box, the fewer potential security exploits or holes (Core installation)

• Separate /var partition (denial of service if fill up; logging, email) • Install recommended patches

After the installation, unnecessary services should be closed and init level must be reconfigured to activate only required programs. NFS, autofs, print service, sendmail, snmp, and dtlogin are possible applications which must be used carefully not to have an attack disaster.

Eliminating Services:

• /etc/inetd.conf (eliminate unnecessary services) • /etc/rc2.d /etc/rc3.d

S73nfs.client S74autofs S80lp S88sendmail S71rpc S99dtlogin S15nfs.server S76snmpdx

System log mechanism should be initiated. It is advised to keep log files of as much detail as possible. Log messages are inevitable because they are usually the only way of gathering information about a suspicious case. An intruder may change or delete log messages. Thus, centralized log mechanism will enhance the security model of the system. There are useful tools for obtaining and generating alert messages such as syslog-ng (syslog next generation), swatch, rtail, php-syslog-ng and logcheck. Logging: • /var/adm/loginlog • /var/adm/sulog • /etc/ftpusers

Network is the must crucial resource for security aspects of the computes. Inet daemon must be configured to filter connections and log of authenticated and unauthenticated access. TCP wrapper is a tool which is capable of managing network connections.

(12)

/etc/hosts.allow, /etc/hosts.deny defines the access list for the overall system. /etc/hosts.equiv is the configuration of r-commands for all users expects the superuser.

Connection:

• TCP wrapper, configure inetd.conf for services logs: /var/adm/tcpdlog

/etc/hosts.deny /etc/hosts.allow • SSH connection

• configure access of r commands .rhosts, .netrc, and /etc/hosts.equiv.

Solaris has a flexible network stack; according to the characteristics of the service that will run, IP module should be configured. Another important point is the buffer overflow attacks. System administrator should be aware of such vulnerabilities and recover potential detected programs.

Binaries which have suid bit are able to access with the rights of superuser. Thus, search and check all such programs to be sure about open gates for the access. Solaris has a security toolkit, JASS; in order to enhance the quality of security mechanism JASS can be used.

•Configure IP module, ndd

•configure /etc/system for user stack (buffer overflow) •Check suid root binaries

•Utilize Solaris Security toolkit (JASS)

Reference

S. Garfinkel, A. Schwartz, G. Spafford. Practical Unix and Internet Security. O’Reilly, Feb 2003 http://securityfocus.org

http://www.cert.org

http://www.sun.com/documentation/

(13)

Grampp, F. T., and R. H. Morris. "UNIX Operating System Security," AT&T Bell Laboratories Technical Journal, October 1984.

Bellovin, Steve and Bill Cheswick. Firewalls and Internet Security. Addison-Wesley, 1994

R. Reinhardt. An Architectural Overview of UNIX Network Security, ARINC Research Corporation, 1993

References

Download now ( PDF - 13 Page - 54.71 KB )

Related documents

I: Personal Protection Equipment

Column and Surface Wraps; Breakage/Shatter Resistant Glass; Window Wraps Robotic Disarm/Disable Systems (***Limited to FBI accredited, recognized Bomb squads) Support Equipment

a new solution Discover Key Features IDService offers you flexible, personable software solutions for your field service needs Ease of use

IDSuite provides a field service management solution which enhances your current service desk operation, improving communication and information flow between field

ENSO-related variation of equatorial MRG and Rossby waves and forcing from higher latitudes

The observed larger activity in WMRG-E for the stronger westerly phase of ENSO in the E Pacific and Atlantic could be the response to eastward-moving forcing as indicated by the

The following organizations contributed to the development of this workforce strategy:

However, due to the signifi cant number and size of planned energy-related construction projects over the next several years, the energy sector workforce strategy takes into

Multiple Choice Questions

PFRS 3 (Revised) provides that all the acquisition date; the acquirer should recognized goodwill acquired in a business combination as an asset, and initially measure that goodwill

Members of the Legal Nurse Consultant Association of Canada SAVE 15% OFF the cost of registration. JUNE 16, 2016 METROPOLITAN HOTEL VANCOUVER, BC

C5 Group, comprising The Canadian Institute, American Conference Institute and C5 in Europe, will unite under one central brand image, appropriately a globe.. See how

National Interest and European Law in the Legislation and Juridical Practice on Health Care Services – In the Light of the Reforms of the Hungarian Health Care System

on the cross-border health care were harmonized by this norm which is practically a paradigm shift after the coordinative approach basing on the rules on European social policy,

Essays on education, discrmination and development

The older and younger Amhara cohorts had access to mother tongue instruction both before and after 1994, are not directly affected by the policy change, and form our control group