DOC PREVIEW
GT ECE 4112 - OS Hardening presentation

This preview shows page 1-2-19-20 out of 20 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 20 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 20 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 20 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 20 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 20 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

OS HardeningSlide 2MotivationsHowThe Best in Hardening…Hardening UtilitiesCommon Issues and Exploits/proc/proc Solutions/tmp exploitsSlide 11/tmp SolutionsSUID ExploitsSUID solutionsTCP/IP Stack randomizationWhat you will be doingBefore and AfterBase InstallGR Security PatchBastille-LinuxOS HardeningJustin WhiteheadFrancisco RoblesOS Hardening•Installing kernel/software patches and configuring a system in order to prevent attackers from exploiting and attacking your system.Motivations•Why?Add security features not present in default installs–Vendors leave default installs open for more customizability–Kernel & System level patches – work for known and unknown bugsBugs/Exploits in softwareHow•PatchesApply security patches to Linux kernelApply bug patches to software•Security toolsExtra system logs and auditing•System rules and policiesRestrict user privilegesDisabling unnecessary processesThe Best in Hardening…•GRsecurityKernel patchFeatures–Non-Executable Stack–Change root (chroot) hardening–/tmp race prevention–Extensive auditing –Additional randomness in the TCP/IP stack –/proc restrictionsHardening Utilities•Bastille Linux www.bastille-linux.orgAutomated security program, Security wizard–SUID restrictions–SecureInetd–DoS attack detection and prevention–Automated firewall scripting–User privileges–EducationCommon Issues and Exploits•Stack-based attacks•/proc•/tmp•SUID•TCP Sequence Numbers/proc•/proc is a pseudo file system used for the kernel-level modules to send and retrieve information to and from processes •Some files changeable, but primarily read-only but still allows users to gather information on specific processes./proc Solutions•grsecurity/proc rights restrictions that don't leak information about process owners Option to hide kernel processes/proc filedescriptor/memory protection/tmp exploits•/tmp directory is used by many programs to create and access files.•Do not need permissions to create files•Programs using /tmp must be carefully written in order to avoid exploits/tmp exploits•Race ConditionReplacing a file during the time a program accesses it and opens it.–Allows attacker to manipulate program with their own data, “winning the race”Performing a race attack on a symlink can allow an attacker to create a file somewhere else on the system–Attackers can also gain root access/tmp Solutions•GRsecurityPlaces restrictions on hardlinks/symlinks•BastilleEach process using /tmp gets its own safe /tmp directorySUID Exploits•SUIDSet-User ID – allows processes to be executed with the permissions of its owner, not the user running itExample: passwd•SUID programs can be exploited to gain root accessBad inputsBuffer overflowsSUID solutions•BastilleDisables many SUID programs it believes users should not run anyways–mount, umount?–Up to adminTCP/IP Stack randomization•Initial sequence numbers can be guessed or discovered by attackersAllows session hijacking IP spoofing•Security patches attempt to add more randomization to initial sequence numbersgrsecurityWhat you will be doing•Base RH 8.0 InstallRun a series of exploits and collect TCP traffic data•Applying patch to kernel, recompiling kernel•Configuring system with Bastille LinuxBefore and After•Port scan•TCP data capture•Running a stack exploit•Running /tmp and SUID exploits•Comparing User PrivilegesSUID programsAccess to gcc/procBase Install•RH 8.0•Telnet, FTP, and other insecure inetd services running•No firewall•No RH updates•Minimum security settingsGR Security Patch•Apply patch to kernel, rebuild kernelPerform stack exploitPerform port scanRecord differences in /procPerform /tmp exploitCompare results to base installBastille-Linux•Install and runConfigure SecureInetd daemonDisable problematic daemons and SUID programsConfigure firewallEnable /tmp security•Repeat previous


View Full Document

GT ECE 4112 - OS Hardening presentation

Documents in this Course
Firewalls

Firewalls

40 pages

Firewalls

Firewalls

126 pages

Load more
Download OS Hardening presentation
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view OS Hardening presentation and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view OS Hardening presentation 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?