Scribd
Upload
27 views

Cs04computer Security

The document discusses several methods for securing Linux systems, including reducing the attack surface by removing unnecessary software and daemons, using tools like OpenSSL, TCP Wrappers, and firewalls, and configuring secure settings such as restricting root privileges and backups. It also covers securing web servers specifically by hardening the server configuration, applications, and infrastructure services.

Uploaded by

smita bajaj
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
27 views

Cs04computer Security

The document discusses several methods for securing Linux systems, including reducing the attack surface by removing unnecessary software and daemons, using tools like OpenSSL, TCP Wrappers, and firewalls, and configuring secure settings such as restricting root privileges and backups. It also covers securing web servers specifically by hardening the server configuration, applications, and infrastructure services.

Uploaded by

smita bajaj
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 20

Computer security

Operating system models


●The operating system security model (also known as
the trusted computing base, or TCB) is simply the set
of rules, or protocols, for security functionality.
●An effective security model protects the entire host
and all of the software and hardware that operate off it.
The Underlying Protocols Are Insecure
●If the underlying protocols are insecure, then the
operating system is at risk.
●Language of the Internet is TCP/IP,effective security
functionality was not added to TCP/IP until version 6
in the late 1990s.
●Given that the vast majority of the Internet is still
running an insecure version of TCP/IP, version 4.
The TCP/IP protocol’s main problems are as
follows:

● Vulnerable to spoofing-
●Spoofing is the term for establishing a connection with
a fake sender address.
●The ability to spoof the source IP address assists those
carrying out DoS attacks by making it difficult for
victims to block the DoS traffic, and the predictability
of the initial sequence number (ISN), which is a
unique number that is supposed to guarantee the
authenticity of the sender.
Access Control Lists
●An effective security model recognizes and is built
around the fact that because security is such an
important design goal for the operating system, every
resource that the operating system interfaces with
(memory, files, hardware, device drivers, and so on)
must interact from a security perspective.
●By giving each of these objects an access control list
(ACL), the operating system can detail what that object
can and can’t do by limiting its privileges.
Access Control Lists
●Access control enables you to protect a server or parts
of the server (directories, files, file types, and so on).
●When the server receives a request, it determines
access by consulting a hierarchy of rules in the ACL.
●An access control list is defined as a table that tells a
computer operating system which access rights each
user has to a particular system object, such as a file
directory or an individual file.
●When the server receives a request, it determines
access by consulting a hierarchy of rules in the ACL.
Access Control Lists
●The most common privileges include the ability to
read a file (or all the files in a directory), to write to the
file or files,and to execute the file (if it is an executable
file or program).
● There are different kind of system implement ACL
● 1)Filesystem ACL
● 2)Network ACL
The principles of securing a Linux system
-

●By following some procedures we can make Unix much more resistant to
attack.

● 1)Start with a Fresh Install


Reducing the Attack Surface
●The attack surface of a computer system is the combination of software services
that an attacker could exploit, through either vulnerabilities or unsecure
configurations.
●In the case of Unix systems, the attack surface takes the form of installed
software packages and running processes.
●You should follow the general principle of “turn off what you don’t need,” since
if you don’t need it,there’s really no cost to you.
●For example, many Unix systems default to run level 5, which provides a nice
graphical interface. But if you’re building a web server that you’ll never log into
from the console, you don’t need the GUI. In that case, you should default the
system to run level 3, which provides a command-line login capability without
all the overhead and vulnerabilities associated with the GUI.
Remove Unneeded Daemons
●The first thing you should do to secure any computer is to disable
or delete software components that aren’t going to be used.
●Most modern operating systems are written with the expectation
that they will be utilized in a networked environment. To that end,
many network protocols, applications, and daemons are included
with the systems. Whereas some systems are good about disabling
the included services, others activate all of them and leave it to you
to disable the ones you do not want. This setup is inherently
insecure, but it is becoming less common.
● Audit Your Applications-
●Modern operating systems come with a myriad of applications and
utilities you can install onto your system, in addition to the core
operating system itself.
● More applications also mean more things you need to keep track of
Install Secure Software
●Unix systems do not usually ship with the most secure
software installed. Depending on how you plan to use
the system, you will probably want to download and
install software packages that either are more secure
than the default, preloaded packages, or that provide
security functions in addition to those already on the
system.
Install OpenSSL
●If your operating system did not ship with any SSL
libraries, install OpenSSL.
● The OpenSSL suite is a set of encryption libraries and
applications to make limited use of them. The main
power of OpenSSL comes from the ability of many
networking applications and daemons to link the
libraries and provide network encryption of your data.
●For example, Apache uses OpenSSL to serve https
web pages, and OpenSSH uses OpenSSL as the
foundation to build on.
Use Tcp wrappers
●TCP Wrappers is a utility that allows you to specify
who is allowed to connect to a service over the network
and who is not.
●It is a host based networking ACL system,used to filter
network access to Internet protocol servers on
operating system like linux.
Tcp wrapper is a simple but effective tool for

monitoring and controlling network activity.


●TCP Wrappers is only useful for daemons that are
invoked by inetd, unless the application or daemon was
Use a Software Firewall
●Filtering incoming and outbound traffic can be useful
in blocking some types of network-borne attacks.
Configure Secure Settings
● Do Not Run Processes Using root Privilege
●Many services running on your server do not need root
access to perform their functions.
●Often, they do not need any special privileges other
than the ability to read from—and possibly write to—
the data directory. But owing to the Unix security
measure that states only processes run by root can open
a TCP/IP port below 1024, coupled with the fact that
most of the well-known ports are below 1024, means
that your daemons must be started as root to open their
ports.
Strengthen Authentication processes
You can do three things to increase the security of
authentication in the Unix world.
●First, improve security on the network by developing a
strong password policy and a strong training program
that teaches users their responsibility to create, use, and
protect strong passwords.
●Second, and better yet, use some other form of
authentication.
●Third, use additional technology and physical security
to protect password databases and authentication
Limit the Number of Administrators and Limit the

Privileges of Administrators
● Back Up Your System
Securing infrastructure services
WEB SERVER -

Web security falls into two categories:


●• Web server security (the security and


software configuration of the web server itself)
●• Web application security (the security of
the Java, ActiveX, PHP, and ASP code that runs
on the web server)
Types of Attacks
●Web server attacks are made possible by
vulnerabilities that are commonly found in web server
software and configurations. These vulnerabilities
include:
● • Buffer overflow
● • Directory traversal
● • Script permissions
● • Directory browsing

● Sample web code that is installed by default by
web server software
--END--

You might also like