11-Operating Systems Security

7/28/2019 11-Operating Systems Security

1/46

Operating Systems and

Virtual Machines SecurityEng. Hector M Lugo-Cordero, MS

CIS 4361 Secure OS Admin


2/46

Problem

Client / Server infrastructure very commonamong most organizations Clients provide access to system

Servers run the systems Software vulnerabilities (e.g. buffer overflow)and malware need to be considered

Follow a framework detailed by NIST (National

Ins t i tute of Standards and Techno logy )toprovide a secure environment, even when weknow it is not there


3/46

NIST Approach Phases

Planning

Installation

Configuration Update

Maintenance

Consider the OS layered model, eachlayer needs to be properly secured, and itmay be attack from layers bellow


4/46

OS Layered Model

User Space

Services / Hypervisor

System Calls

Device Drivers / Hardware Abstraction Layer (HAL)

Kernel / BIOS

Instruction Set Architecture

Hardware

Physical World


5/46

Australian Defense SignalsDirectorate (DSD)

Publish on Top 35 Mitigation Strategies

70% of intrusion studied by 2009 could be preventedwith 4 measures

Patch operating systems and applications using auto-update Patch 3rd party applications

Restrict admin privileges to users who need them

Disable root on linux (only via sudoers groups users may gainroot privileges)

Create other accounts (other than default) in Windows with lessprivileges

White-list approved applications


6/46

Overall Goal

Asses risks and plan the systemdevelopment

Secure the underlying OS and then key

applications Ensure any critical content is secured

Ensure appropriate network protection

mechanisms are used Ensure appropriate process are used to

maintain security (policies)


7/46

System Security Planning

There is a course CIS4313 that talks aboutplanning, here we care more about the RMM(Risk Management Mitigation)

Identify risks, along with their likelihood and whatare there impact

Also identify how to prevent and mitigates theserisks

Such process will drive what you need forestablishing a secure system (personnel forinstalling, OS, hardware, apps, etc.)


8/46

Things to keep in mind

Purpose of the system, type of informationstored, applications and services provided

Users of the system and their privileges

How are users authenticated How information on system is managed

What other hosts / DBs are accessed by system

Who will manage system and how (remote orlocal)

Additional measures such as: firewall, anti-virus,logging


9/46

Hardening the OS

Default OS configurations are for ease of use

Measures have to be done at all stages

Installing and patching

Configuring Remove unnecessary applications, services and protocols

Users, groups, controls and privileges

Install additional software (anti-virus, firewall, intrusion

detection system, etc.) Test Security


10/46

Installing and Patching

Installation Machines should not connect to network until secured

However removable media may be infected as well

Limited network (firewall) is acceptable, ideally:

No inbound connections Only out to certain key sites

Install only required services and drivers (from trusted sources)

Set up automatic updates (only if update time is not an issue)

Booting

Protect BIOS changes with password Disable some bootable media

Cryptographic hard drives? Pros and Cons


11/46

Automatic Updates


12/46

Remove Unnecessary Support

Software have vulnerabilities, hence moresoftware = more vulnerabilities

Better to not install it at all

Uninstallers sometimes fail to clean all dependency Disabled software may be enabled by an attacker

upon control acquisition

Disabling can be done via msconfig command(Windows), yast or equivalent (Linux) or ControlPanel (Windows / Linux)


13/46

Configure U/G Authentication

Define user types and privileges Admin (ideally only temporary)

Normal

Limited Authentication Force default password change

Password definition

Password lifespan Remove or disable old accounts

Allow for remote connections?


14/46

Additional Security and Testing

Anti-virus

Firewalls, IDS, IPS

White list If attackers manage to install a program what

will happen?

Run some test cases which attempt tobreak security (stress testing), goodhackers make a lot of money here


15/46

Security Testing


16/46

Application Security

Configure applications properly

Use encryption when possible as seen earlier

For storing

For transmit (SSH connections)

Limit privileges as with users

Remember what we have said about security inAndroid, Blackberry, and iPhone

Applications may provide backdoors if notconfigured properly


17/46

Maintenance

Now that system is set, keep it secure

This involves

Monitoring and analyzing logging information

Performing regular backups

Recovering from security compromises

Regular testing of security

Patch, update, and revise critical software


18/46

Logging

Keep a record of important events in thecomputer

Problems

Need to make sure to have enough space

Manual analysis is hard, so these logs shouldcontain a format such that a program (e.g. in

Perl) can parse messages


19/46

Data Backup

Backup is the act of creating copies ofinformation such that it may be recovered

Archive is to keep these backups for a longperiod of time in order to meet some legal

aspects Should the backup be kept online or offline?

Online makes easier access, faster recover Offline is more secure, harder to recover

Why not both?: Users should keep their own offlinebackups, in case online backup gets removed

Data may be lost accidentally (hardware failures,human mistake) or intentionally


20/46

Backups


21/46

Linux / Unix Security Periodic Runs

Patch Management Configure packet manager (cmd) on cron with crontab

e (can be used for updates)

Debian, Ubuntu: apt-get

Red Hat, Fedora, CentOS: up2date

SuSE: yast

Mac OS X: ports

Crontab usage-e Edit or create crontab file

-l Display your crontab file

-r Remove your crontab file


22/46

Linux / Unix Security Configuration

Applications and Services configuration

Global configuration may be found at /etc or inprogram tree

Local configurations inside of ~/. ~ is an alias for $HOME, which is user home directory,

equivalent to C:\Users\

Typically located in /home//.

Advantage Can have a program (e.g. Perl) that calculateshashes for configuration files and verify its integritylater


23/46

Linux / Unix Security Permissions

Users/Groups permissions Permissions are not only to files but to process (/proc), memory (/dev), boot (/boot), etc.

Commands chmod: change file mode

chmod +x jpegconv or chmod a+x jpegconv chmod g+w jpegconv chmod o-x jpegconv chmod u+rwx jpegconv chmodc 777 jpegcong

rwx rwx rwx (groups of tree bits) Each octal represents a group, bit 1 means grant right, bit 0 means remove/reject right

getfacl/setfacl: get/set file access control list chown: changes file owner chgrp: changes file group groups : shows a list of groups to which username or current belong to,

equivalent to cat /etc/groups | grep

There are other commands which start with ch and help with other things, use auto-completefeature (tab) for a complete list

Access Control List (more on man setfacl) setfacl -m u:lisa:r file


24/46

Linux / Unix Access Control Lists

[d[efault]:] [u[ser]:]uid [:perms] Permissions of a named user. Permissions of the

file owner if uid is empty.

[d[efault]:] g[roup]:gid [:perms] Permissions of a named group. Permissions of the

owning group if gid is empty.

[d[efault]:] m[ask][:] [:perms] Effective rights mask

[d[efault]:] o[ther][:] [:perms] Permissions of others.


25/46

Linux / Unix SecurityRemote Access

Configure firewalls to prevent remote access Commands:

/etc/hosts.allow and /etc/hosts.deny files iptables

Filter by protocol Filter by source/destination

Filter by rule (i.e. in, out, forward) For consistency should log into /dev/log openlog() syslog() closelog() logger command lsof: list open files

lsof | egrep log ps -efawww | egrep syslog

chroot jail: set temporary a new root directory such that services if they gethijacked do not give access to all the system (system call: chroot)


26/46

Linux / Unix Security Testing

Nessus: security scanning andvulnerability testing (like a fuzzer)

Tripwire: builds and check integrity of files(md5 compares)

Nmap: can check for surrounding networkservices


27/46

Windows Security

Use automatic updates specially for Windows Adobe Acrobat Reader and Flash Plugin Java

Users are defined with a Security ID (SID) andinformation such as passwords may be stored atSecurity Account Manager (SAM)

System restore

User Account Control to treat users with adminonly as admin when required, otherwise asnormal (Vista and later)


28/46

Windows Registry

Hard to maintain

Easy to access

May use a specific application hidingcomplex information from administrator

May use regedit to see everything

Useful to have an application that queues andmonitors registry changes, such that theyneed to get approved before proceeding


29/46

Other Windows Security

Anti-virus

Anti-spyware

Personal firewall

Encrypting File Systems Local Security Policy

BitLocker: full disk encryption with AES

More on Control Panel System Security

Microsoft Baseline Security Analyzer

Checks for minimal recommended requirements in a system Its free

Shavlik NetChk Limited for legacy


30/46

Virtualization

Virtualization: defines an isomorphism that mapsa virtual guest system to a physical host

Adds another degree of freedom by enablingmultiple resource managers and controlled

sharing. Adds a level of indirection

Can virtualize a single resource (DRAM, Disks)or an entire system (machine). may create one or more virtual objects.

Virtual Machine: Add virtualization layer whichtransforms the physical machine into the desiredvirtual architecture.


31/46

Virtualization (Some Terms)

Hypervisor/Virtual Machine Monitor: managesphysical resource allocation among VMs

Application Virtualization: allow an applicationwritten for one environment, to run at others Java

.NET

Full Virtualization: allows to run a full OS on a

machine Native Virtualization: runs without a host OS Hosted Virtualization: requires to have an OS running

below it


32/46

Some Virtual Machines

Oracle VirtualBox

Microsoft Virtual PC (formerly Virtual PC)

VMware Xen Hypervisor

Parallel Desktop (popular on MAC)


33/46

History of Virtualization

1960s

1964 - Birth of virtualization with the IBM CPseries which was a test bed for the IBM S/360

system. Provided full hardware virtualizationwith the ability to run 14 OS instances.

1965 IBM begins shipping S/360 systems,the first mass production multi-purposemainframe. First machine to use virtualmemory for infinite storage capacity.


34/46


1970s

IBM S/370, more of the same

1980s

1987 - Merge/386 becomes available allowingemulation of Intel 8086 instructions on Intel80286 & 80386 CPUs. Could run any 8086

coded OS but was typical found runningMicrosoft MS-DOS.


35/46


1990s

1997 Virtual PC released for Macintosh

1998 VMware released for Windows

1999 Citrix Presentation Server released forWindows

2001

Virtual PC released for Windows

VMware Server released (first x86 server VM)


36/46


2003 Xen Hypervisor released (Open Source x86)

MS buys Virtual PC & releases MS Virtual PC 2004

2005 MS releases Virtual Server 2005 (guest machines

limited to 32bit, 4GB of RAM, & 1 CPU)

Intels VT and AMDs AMD-V hardware virtualizationadded to Server and Desktop CPUs


37/46


2006 VMware Server 1.0 released for free

MS Virtual Server 2005 R2 released for free

MS Virtual PC 2007 released for free

MS buys and releases SoftGrid (now called MS App-V)

Amazon begins developing the first true Cloud

2007 VMware Server 2.0 released VirtualBox Open Source released

Citrix acquires Xen


38/46


2008

VMware buys Thinstall and releases ThinApp

VMware 6.5 released, first DX9 hardware

virtualization

MS releases Hyper-V for Windows 2008(guest machines gain 64bit support, 64 GB of

RAM, & 4 CPUs) First public Cloud systems come online

38


39/46


2009

MS releases Hyper-V R2 for Windows 2008R2 (guest machines gain CPU pooling)

2010 MS releases Hyper-V R2 SP1 (guest

machines gain RAM pooling and DX9

hardware support)ARM announces A15 with hardware

virtualization


40/46

Processor Performance

CPU Speeds 1965 - IBM S/360 0.1 MIPS (133,300 IPS)

1972 - IBM S/370 1.0 MIPS (1,000,000 IPS)

2000 - 1 GHz Intel P3 3,000 MIPS (3,000,000,000IPS)

2009 - Qualcomm Snapdragon A8 2,000 MIPS

2010 - Intel Core i7 4 x 147,600 MIPS

2010 - Qualcomm Snapdragon MP 2 x 2,500 MIPS 2011 - Qualcomm/Samsung/nVidia A9 MP 2 x

5,000 MIPS

2012 ARM Cortex A15 MP 4 x 25,000 MIPS


41/46

Uses Implement multiprogramming: multiple single-user virtual

machine instances. IBM System/370 used this approach toprovide time-sharing behavior with each VM running a simplesingle-user OS (Conversational Monitor System or CMS)

Multiple single-application VMs: Dedicates a VM for eachapplication program, uses a general purpose OS.

Multiple secure environments: VM creates sandbox to isolate

environments and security domains. Manage application environment: Install core applications in

one VM then create per user VMs for them to load their ownapps.

Mixed-OS environments: Single hardware platform can

support multiple Operating System environments. Legacy applications: Dedicate VMs for legacy applications.

Multiplatform applications development: One hardwareplatform with VMs providing emulation of alternative hardware.


42/46

Uses New system transition: Staged or gradual migration (opposite

of legacy support). System software development: For testing or developing new

system software in a protected environment.

Operating system training: Run OS instance in a VM soparameter or configuration adjustments do not affect rest of

system Help desk support: Use VM to replicate user environment

Operating system instrumentation: Can monitor hardwareaccess or low level software abstractions

Event monitoring: execution traces, machine state dumps and

replaying of traces System encapsulation: Check pointing system state and

restarting on same or different machine.


43/46

Virtualization Security Issues

Guest OS isolation: to have no connectionamong running OS and the Hypervisor

Keep the integrity of the hypervisor

Adds layers to the OS security


44/46

Virtualization Security Guidelines

Plan the security

Secure all elements of full virtualization

OS

Hypervisor

Virtualized infrastructure

Restrict and protect administrator access


45/46

Hypervisor Security

Like OS security

Install from private network, or clean media

Configure for automatic updates

Disable unused services and hardware

Restrict access to hypervisor

If there is remote access do it on a separate

network (e.g. VLAN, VPN, etc.)


46/46

Virtualized Infrastructure Security

Consider monitoring hardware activity

Search for VMM which allow to allocatehardware properly, such these activities onthe guess OS may be monitored

11-Operating Systems Security

Documents

Transcript of 11-Operating Systems Security