documentsn.com

Disaster Recovery Reduced amount of time to complete full restorationEasier disaster recovery testingHardware Independent Less is neededData Moreup to date Secure

PrimarySiteXSecondarySite SANSANNative or third-partyreplicationDisaster Recovery in a VirtualizedenvironmentVMs and data are synchronizedto secondary siteWhen primary site goes down, theVMs can be turned on atsecondary siteSince VMs run on hypervisor, thehosts at second site do not need tobe identical to primary site

Virtualization In-HousePROS Physical local controlof serversComplete control ofwho has access todataInternet connectivity isnot a requirementCONS Purchase and maintainown hardwareRequired more strategicplanning andconfiguration of systemsMust have moreextensive backup anddisaster recovery plan

Virtualization in the CloudPROS Pay as you goScalabilityLess maintenanceheadacheBackup/DisasterRecovery is in CloudCONS Multi-tenancyNo direct control of whohas access to data onvendor sideRequires communicationover internetHave to rely on vendorfor support

Hybrid Cloud Solutions Evaluate what should bekept in-house vs whatcan benefit from cloudcomputingExample: Databases canbe stored in-house andfront-endwebsite/portals can behouse in cloud

Summary Administration of servers in virtualenvironment can provide isolationIncreased visibility into systemsNetwork virtualization can provide microsegmentationProvide increased availability withredundancyReduced recovery time with fasterrecovery process and more up-to-datedata

Vulnerable Programs and MinimizationToo Much Runs on systems as routinely deployed.– What do you need to run. You did this exercise for the banking system But there are still many support functions that must run. Consider differences between servers and generaluser machines– User machines – including timeshared systems – aregeneral purpose computers– Servers have one or several specific purposes. Only run those specific services And tools needed to administer those services.43

What You Don’t NeedRemotely accessible services for:– Email and other inter-user communication– Probably not an FTP or web server– Block these also with host based firewall44

Configuration ManagementConfiguration management (CM)refers to a discipline for evaluating,coordinating, approving or disapproving,and implementing changes in artifactsthat are used to construct and maintainsoftware systems. An artifact may be a piece ofhardware or software or documentation.--A Framework for Software Product Line Practice, Version 5.0, CMU Software Engineering Institute45

Configuration ManagementKnow what is running– AFICK or Tripwire Manage history from another systemKeep your system up to date– How depends on the size of your organization– Standardize configurations User machines, server machines If you select patches, your systems should be configured toautomatically follow your lead.There is an industry around all of this– Larger installations should use commercial products46

Local Network ManagementLinux Kernel Firewall and ipTablesAlso an example of minimizationNTOP –Network Monitoring– Can be run on host orguest OS– It is a major CPU hogbut a useful tool– Shows all network flows in real time Useful to find flows used by applications Which can then be restricted in ipTables47

INF526:Secure Systems AdministrationLinux Security AdministrationM.S. Candidate Jikun Li1 March 2017OHE100C

Outline Introduction about Linux administration User Security Administration Tools49

Introduction Is Linux a secure operating system?– No, secure is a goal– But, a lot of people scrutinize it50

Introduction Physical & Console Security User Security Linux Internet Security––––––FTPMailTelnetWeb serverFirewallsLogs and audit trails51

Introduction Firewall– ipfwadm Ipfwadm [rule category] [policy action] [policy][interface] [target] Ipfwadm –I –p deny Ipfwadm –O –p deny Ipfwadm –F –p deny– Dante– Ip filter– SINUS52

User security Creating and managing accountsPerforming administrative tasks with suAccess controlPermissions and ownership53

User Security Creating and managing accountsRootCreate user accountsSet groupsUserSet rightsGroupsFiles andDirectories54

User Security Creating and managing account– Account Policy Authorization to log in (Privilege) Authorization to access services– Account Structure A valid username and password A home directory Shell access– Creating and deleting ordinary user accounts– Handling special accounts55

User Security Performing administrative tasks with su– Su: the substitute user– Granting other users limited su-like access – sudo56

User Security Access control57

User Security Permissions and ownership– r – Read access– w – Write access– x – Execute access– fu g o– -rw-rw-r-– chmod58

Administration Tools Local tools WWW based tools Other network based tools59

Administration Tools Local tools– YaST (Yet Another Setup Tool)interface of the YaST Control Center under KDE in openSUSE 13.160

Administration Tools Local tools– YaST (Yet Another Setup Tool)– Sudo61

Administration Tools Local tools– YaST (Yet Another Setup Tool)– Sudo– Super62

Administration Tools WWW based tools– Webmin– Linuxconf63

Administration Tools Other network based tools– Pikt– VNC– cfengine64

Review for Mid-Term 2 In Class – 90 minutes– More of a Quiz than mid-term– Closed Book Focus will be on materials and discussions since thefirst mid-term:––––Adversarial Security PlanningRed teaming and pen-testingResponse PlanningSecure host and server administration Format similar to first quiz65

Plan Your Attacks It is important to think like an attacker to bestassess your defenses.– Look for the overlooked Attackers seek out the weakest links,the forgotten window– Consider environmental assumptions Incorrect assumptions create vulnerabilities– Weak systems may be used as stepping stones That forgotten system that is unpatched is compromised,then the attacker pivots and attacks from within.– Check the integrity of your defenses Attackers may disable defensive measures66

Attack-Defense Tree Example67

Single Exploits vs. Sequence Single exploit– Short term goal– May or may not violate some part of the securitypolicy– E.g., a port scan Sequence of single exploits (scenario)– Has an end goal in mind– Explicitly violates security policy– E.g., port scan followed by buffer overflow followed byinstallation of back door – Very dangerous68

STRIDE Acronym for categories of ion disclosureDenial of serviceElevation of privilegeSecurity Property at tialityAvailabilityAuthorization69

Meaning of Each Threat Class Spoofing : Impersonating something orsomeone else Tampering : Modifying data or code Repudiation : Claiming to have not performedan action Information Disclosure : Exposing informationto someone not authorized to see it Denial of Service : Deny or degrade service tousers Elevation of Privilege : Gain capabilitieswithout proper authorization70

STRIDE Steps Decompose system into components– May need to recurse down to necessary level of detail Analyze each component for susceptibility toeach relevant type of threat Develop countermeasures until no componenthas susceptibility Is system secure?– Maybe, but probably not– Due to emergent properties of composition Does this give higher assurance?– Yes, because flaw in one component affects entiresystem71

Data Flow Diagram (DFD) Used to graphically represent a system and itscomponents Standard set of elements:––––Data flowsData storesProcessesInteractors One more for threat modeling:– Trust boundaries72

Relevant Threats for ElementsSpoofingInteractors Process Data DataStore FlowxxTamperingxxx*Information disclosurexxxDenial of ServicexxxElevation of PrivilegexRepudiationxx* Logs held in data stores are usually the mitigation against a repudiation threat.Data stores often come under attack to allow for a repudiation attack to work.73

STRIDE Process Create DFD of system– Represent all key components– Represent all data flows– Identify trust boundaries Repeat, adding more details to the diagram ifrequired Recurse on each component as required74

Mitigation Choices in Reality Redesign– Change the design to eliminate threats– E.g., reduce elements that touch a trust boundary Use standard mitigations– Firewalls, validated authentication systems, Use custom mitigations– If you are a gambling sort of person Accept risk– If you think risk is low, or too expensive to mitigate75

What is an Adversarial Security Plan? An adversarial security plan enables an entity to developan awareness of their networks and systems in order toprotect data, safeguard their operations, and guard theirinfrastructure. Purposes:– Predicting intentions and future actions of malicious entities– Limit attack surface– Assist in developing a containment architecture in case ofbreach76

Goals of Attackers: Methodology Attackers generally implement the followingmethodology:1. Reconnaissance Information gathering, What/ Who is the target?2. Scanning/ Enumerating What is the attack surface? Ex: Access points/ open ports, livehosts, accounts, policies, etc.3. Gaining Access Breaching systems, executing malicious software4. Maintaining Access Establishing backdoors, unpatched systems5. Clearing Evidence Decoy traffic, log manipulation, obfuscation of identity77

Goals of Attackers: Targets As stated in the previous lecture, adversaries will target:– The weakest link within a target system or network Example: Unpatched systems– Weaknesses within the system environment Example: Open ports, weak security mechanism policies– Subversion of defenses Example: IDS evasion, disabling firewalls78

Goals of Attackers: Tools Gaining Access– Metasploit, oclHashcat Maintaining Access– Establishing backdoor through creating user accounts or takingover unused accounts.– Metasploit Meterperter Clearing Evidence––––VPN service/ Other Encrypted CommunicationProxiesBotnetLog Manipulation (Not Always Plausible)79

Virtualization Management– You can running many more “machines” and createnew ones in an automated manner.– This is useful for server farms. Separation– “Separate” machines provide a fairly strong, thoughcoarse grained level of protection.– Because the isolation can be configured to be almosttotal, there are fewer special cases or managementinterfaces to get wrong.

Virtualization and Administration Issues affecting administration of e ChannelsThrowaway mentalityStateless machinesPrivileged remote accessLess physical or siloed specializationRelationship to cloud computing81

Virtualization Running multiple operating systemssimultaneously.– OS protects its own objects from within– Hypervisor provides partitioning ofresources between guest OS’s.

What is the benefit of virtualization Management– You can run many more “machines” and create newones in an automated manner.– This is useful for server farms. Separation– “Separate” machines provide a fairly strong, thoughcoarse grained level of protection.– Because the isolation can be configured to be almosttotal, there are fewer special cases or managementinterfaces to get wrong.

Virtualization and Side Channels– Multi-Tenant architecture (cloud)– Ability to monitor performance and power to monitorand spy on activities in other virtual machines.84

Virtualization and Throwaway––––VM’s can be recreated easily and automatically.This allows administrators to be carelessIt allows fast recoveryBut new instance of machine has same vulnerabilitiesof compromised machine.85

Stateless Virtualizaton Tendency to store persistent data on separateservices such as NAS. Those external services must be considered partof attack surface. Local state such as logs might be lost, usenetwork based monitoring.86

Privileges and Virtualizaton Inherent privleges used to be based on accessto console and the physical machine. Console access is “remote” when using virtualmachines, and thus such access may beavailable without true physical access.87

Virtualizaton and the Cloud What happens when you “outsource”administration of your VMs.– Policy on assignment to providers– Accreditation of providers– Need visibility through “information points” in policyevaluation.– Side channels an issue for multi-tenancy.88

Ethical Hacking– Primary motive: To identify the weaknesses of thecyber infrastructure of an organization before anunethical hacker does.– It is legal given testers have taken permission from therelevant stakeholders of the assets on which testing isperformed (depending on jurisdication this may requieapproval from the developers of the software beingtested)– It is a subset of an Organization’s security program.– It does not just protect the information but helpsorganizations to succeed.89

Ethical Hacking MethodologyScopeCleanup sultAnalysisAttacks90

Information Gathering (cont.) Passive Methods– To gain information about targeted organization’scyber infrastructure without actively engaging with thesystems. WHOIS– Anyone can use the this service to search fordatabases and identify the registrant of a domainname and other information.– It also provides the information regarding: IP address,name servers, admin contact etc.– Link: http://whois.domaintools.com/91

Information Gathering (cont.) Google Dork– It uses Google search engine to find security holes onthe web applications over the internet.– To locate specific strings of text within search results.– Link: – Some of the Operators inurl .php?id intitle textsite textfiletype pdf92

Information Gathering (cont.) DNS Information Gathering– dnsenum: Tool in the backtrack Kali OS. It startsquerying DNS servers and gather information: Host addressName serversMX recordsGathering SOA recordsCommand: perl dnsnum.pl [host]– dnsrecon: to gather network infrastructureinformation.– Dig: DNS information groper dig example.com MX @ns0.example.com93

Information Gathering (cont.) Active Methods– Interact directly with a system of interest. Ping––––It is used to test the reachability of a system.It works at the network layer.It measures RTT, report errors and packet losses.One can also fix the size of the parameters using -land number of request using –n.– Command: ping -c 5 www.example.com– Result: 64 bytes from xx.xxx.xxx.xxx: icmp seq 0ttl 100 time 23.82 ms94

Information Gathering (cont.) Traceroute– It is used to gather information about networkinfrastructure and IP ranges of a given host.– Tool for displaying the overall path hop by hop fromsource to the destination.– By default it sends the UDP packets.– We can modify the command to send TCP/SYN andICMP requests.– traceroute -w 3 -q 1 -m 16 example.com– traceroute –I -w 3 -q 1 -m 16 example.com– traceroute –T -w 3 -q 1 -m 16 example.com95

Scanning (cont.) Network Scanning– Tool to find out active host on the network– You select the range of IP addresses and startscanning over the network.– It provides the information Network devices includingFTP servers and workstations. Tools:– Advance IP scanner (Windows, Mac and Linux)– Network Mapper (Nmap, ZenMap)– Nessus96

Scanning (cont.)Source: http://angryip.org/screenshots/97

Scanning (cont.) Port Scanning– Tool to find out which number of ports are accessibleon a server or a host.– Port scanning identifies open doors to a hosts.– Nmap classifies port in these States: Open Closed Filtered Unfiltered98

Scanning (cont.) Vulnerability Scanning– Once we have identified the accessible ports andservices running on them, now we need to find thevulnerabilities associated with those applications.– Tools: Web Application Acunetix, BurpSuite etc. Network Security Nessus Mobile Security Veracode, Tenable Security etc.– Web Goat Insecure web application maintained by OWASPdesigned to teach web application security lessons.99

Scanning (cont.) OWASP Top 10––––––––––InjectionBroken Authentication and Session ManagementCross Site Scripting (XSS)Insecure Direct Object ReferencesSecurity MisconfigurationSensitive Data ExposureMissing Function Level Access ControlCross Site Request Forgery (CSRF)Using Components with Known VulnerabilitiesUnvalidated Redirects and Forwards100

Scanning (cont.) CMS (Content Management Servers)– Popular ones are: Drupal WordPress Joomla– Platforms rich in features and vulnerabilities– Open source– Some of the vulnerabilities are: SQL InjectionDefault and weak passwordsErrors reveal sensitive informationBy default Directory listing101

Attack Suppose these are the vulnerabilities we foundin the system:– SQL Injection - SQLMap, SQLNinja etc.– Buffer Overflow Now we will see how we hack into the system byexploiting these weaknesses.102

Attack (cont.)How to plan step-by-step to hack a server?Exploit SQLInjectionGetUsernameandpasswordUpload ShellBackConnect toyourmachineFindVulnerabilityon the serversuch ng

Attack (cont.) Exploiting SQL Injection– Idea of exploiting SQL injection is to get access to thedata and find out what is the admin username andpassword on the website.– Once we know this, we can login and upload our shellon the server through which we can escalate ourprivileges.– In vulnerability scanning phase, we have identifiedSQL injection vulnerability in a server. Now we exploitthat vulnerability manually and using a automated toolSQL Map.104

Attack (cont.) Back connect– Once shell is uploaded, we need to back connect theserver so that we can access all the functionality ofthe uploaded shell and perform privilege escalationattacks.– For back connect you need to specify the IP addressof your computer and Port on which you want toconnect on the shell.– You have to shutdown your firewall and router shouldbe configured for the port forwarding feature.– Command for listening: nc -v ipaddress port– Start listening for the connection on the port specified.105

Attack (cont.) Buffer Overflow (BO)– It is a vulnerability where a software, while writingdata to a buffer, overruns the buffer's boundary andoverwrites adjacent memory locations.– Overwriting values of the IP (Instruction Pointer), BP(Base Pointer) and other registers causes exceptions,segmentation faults etc.– Consists of overflowing the heap or stack dependingon the code that developer has written.106

Attack (cont.) Understanding Stack Source: Slide of CSCI 402 Operating System: Basic Concepts (Prof. Cheng)107

Attack (cont.) DDOS Attacks– Network bandwidth by flooding DNS Amplification– Server resources TCP SYN flooding HTTP GET

Read a guide on the topic: . – Access to console and hardware allows installation of new OS – But keep in mind that many virtualized systems provide access to the console remotely. 5. . – AFICK or Tripwire Manage