File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.
-
Upload
george-bryant -
Category
Documents
-
view
228 -
download
2
Transcript of File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.
![Page 1: File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.](https://reader035.fdocuments.net/reader035/viewer/2022062721/56649f265503460f94c3d3f9/html5/thumbnails/1.jpg)
File System SecurityRobert “Bobby” Roy
And Chris “Sparky” Arnold
![Page 2: File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.](https://reader035.fdocuments.net/reader035/viewer/2022062721/56649f265503460f94c3d3f9/html5/thumbnails/2.jpg)
Overview
• What we are going to cover• Brief History• File Systems• General Security Practices• Specific Practices for File Systems
![Page 3: File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.](https://reader035.fdocuments.net/reader035/viewer/2022062721/56649f265503460f94c3d3f9/html5/thumbnails/3.jpg)
What is File System Security?
File system security: the policies and procedures for ensuring the protection of one’s files and file systems.
![Page 4: File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.](https://reader035.fdocuments.net/reader035/viewer/2022062721/56649f265503460f94c3d3f9/html5/thumbnails/4.jpg)
History of File System Security
• Roots• Sensitive information was originally kept in
file cabinets and other such physical barriers.
• Effective at keeping files from those who were not allowed to access them.
![Page 5: File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.](https://reader035.fdocuments.net/reader035/viewer/2022062721/56649f265503460f94c3d3f9/html5/thumbnails/5.jpg)
History of File System Security
• Relevance• Transition from analog to digital file
systems.• Ideas put forth in the analog age of file
systems are still relevant in digital security.• Barriers• Locks (Passwords)• Authorities (Administrators)
![Page 6: File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.](https://reader035.fdocuments.net/reader035/viewer/2022062721/56649f265503460f94c3d3f9/html5/thumbnails/6.jpg)
History of File System Security
• Networking• File system security became more
important to digital systems as they became networked together.
• Access to systems and also the files within the systems.
![Page 7: File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.](https://reader035.fdocuments.net/reader035/viewer/2022062721/56649f265503460f94c3d3f9/html5/thumbnails/7.jpg)
Types of File Systems
• Disk• Database• Network• Transactional/Special
![Page 8: File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.](https://reader035.fdocuments.net/reader035/viewer/2022062721/56649f265503460f94c3d3f9/html5/thumbnails/8.jpg)
Types of File Systems
• Disk• A system for organizing and storing files
on a physical drive.• Hard Drive, Removable Storage, etc.
• Does not have to be directly connected to the computer.
• Many Different types• Windows: NTFS, FAT32 (Primitive)• Linux: ext, ext2, ext3, ext3cow, ext4
![Page 9: File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.](https://reader035.fdocuments.net/reader035/viewer/2022062721/56649f265503460f94c3d3f9/html5/thumbnails/9.jpg)
Types of File Systems
• Database• Newer concept of managing files.• Instead of hierarchy or structure, files are
sorted by characteristics, type, or other such metadata.
An example of a characteristic is Eye Color
![Page 10: File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.](https://reader035.fdocuments.net/reader035/viewer/2022062721/56649f265503460f94c3d3f9/html5/thumbnails/10.jpg)
Types of File Systems
• Network• Protocol for remote access on a server
• Common types: NFS, SMB, AFP, 9P• Similar (Structurally): FTP, WebDAV
![Page 11: File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.](https://reader035.fdocuments.net/reader035/viewer/2022062721/56649f265503460f94c3d3f9/html5/thumbnails/11.jpg)
Types of File Systems
• Transactional/Special• Transactional
• Logs events, transactions, or changes• Groups related changes
• Used often in banking software
• Special• Not Disk or Network• Includes systems where files are arranged
dynamically by software• Used for temporary storage
![Page 12: File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.](https://reader035.fdocuments.net/reader035/viewer/2022062721/56649f265503460f94c3d3f9/html5/thumbnails/12.jpg)
General Security Practices
• Entity Authentication• Properties of an entity (what it has, is, etc.)
• Usernames & Passwords• Password defenses
• Checkers, generators, aging, limiting logins
• Protecting password file• Cryptography
• Encryption algorithms• Securing data transactions
![Page 13: File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.](https://reader035.fdocuments.net/reader035/viewer/2022062721/56649f265503460f94c3d3f9/html5/thumbnails/13.jpg)
Access Control
• Access control refers to how subjects may manipulate objects• Halts users from accessing restricted files
• It determines what privileges (if any) a user has over a particular object• Observe• Alter
![Page 14: File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.](https://reader035.fdocuments.net/reader035/viewer/2022062721/56649f265503460f94c3d3f9/html5/thumbnails/14.jpg)
Access Control: Windows NT
• Types of permissions:• Read• Write• Execute• Changing of ownership• Changing permissions• Delete
![Page 15: File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.](https://reader035.fdocuments.net/reader035/viewer/2022062721/56649f265503460f94c3d3f9/html5/thumbnails/15.jpg)
Access Control: UNIX
• Types:• Read• Write• Execute
• For files and directories, respectively:• View contents, view contents• Append, rename/create• Run, search within
With 777 you have permission to access this bread.
![Page 16: File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.](https://reader035.fdocuments.net/reader035/viewer/2022062721/56649f265503460f94c3d3f9/html5/thumbnails/16.jpg)
Security Models
• Types of security models:• Bell-LaPadula (BLP)• Clark-Wilson• Biba• Harrison-Ruzzo-Ullman (HRU)
![Page 17: File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.](https://reader035.fdocuments.net/reader035/viewer/2022062721/56649f265503460f94c3d3f9/html5/thumbnails/17.jpg)
Types of File System Security
• In:• Disk File Systems• Database File Systems• Network File Systems
![Page 18: File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.](https://reader035.fdocuments.net/reader035/viewer/2022062721/56649f265503460f94c3d3f9/html5/thumbnails/18.jpg)
Disk File System Security
• Tactics:• Encryption• Access Control
• Passwords• Permissions
By denying access by some users to certain files, you can protect the files data and integrity.
![Page 19: File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.](https://reader035.fdocuments.net/reader035/viewer/2022062721/56649f265503460f94c3d3f9/html5/thumbnails/19.jpg)
Disk File System Security
• Workarounds:• Encryption:
• Stealing secret keys• Breaking secret keys
• Access Control:• Interception of password• Social engineering• Brute force attacks on passwords
![Page 20: File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.](https://reader035.fdocuments.net/reader035/viewer/2022062721/56649f265503460f94c3d3f9/html5/thumbnails/20.jpg)
Disk File System Security
• Prevention:• Encryption:
• More powerful ciphers• Regular changing of encryption scheme
• Access Control:• Password defenses
• checkers• generators• aging • limiting logins
• Employ awareness of social engineering vulnerabilities
![Page 21: File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.](https://reader035.fdocuments.net/reader035/viewer/2022062721/56649f265503460f94c3d3f9/html5/thumbnails/21.jpg)
Database File System Security: Apache
• Permissions• Restrict access to upper level files
• SSI (Server Side Includes)• These extra features can create weakness
within a database
• Protect system settings within config files
![Page 22: File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.](https://reader035.fdocuments.net/reader035/viewer/2022062721/56649f265503460f94c3d3f9/html5/thumbnails/22.jpg)
Database File System Security: Oracle
• Virtual Private Database• customizable, policy-based access control down
to the row level
• Data Encryption• Protects data, even in media theft
• Enterprise User Security• Centralized security management
• Secure Application Roles• Powerful way of setting access control
• Enterprise Manager Grid Control• Tools for setting configurations
![Page 23: File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.](https://reader035.fdocuments.net/reader035/viewer/2022062721/56649f265503460f94c3d3f9/html5/thumbnails/23.jpg)
Database File System Security: MySQL
• Take the time to audit SQL logins for null or weak passwords
• Frequently check group and role memberships • Physically secure the SQL Server • Enable logging of all user login events • Disable SQL Mail capability unless absolutely
necessary • Remove the Guest user from databases to keep
unauthorized users out • Secure the “sa” account with a strong password • Choose only the network libraries you absolutely
require
![Page 24: File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.](https://reader035.fdocuments.net/reader035/viewer/2022062721/56649f265503460f94c3d3f9/html5/thumbnails/24.jpg)
Network File System Security
• Entity authentication• Firewall• Intrusion Prevention System (IPS)• Honeypots
• Decoy server containing fake, desirable information which is easily accessible used to lure away attackers and record their activity
![Page 25: File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.](https://reader035.fdocuments.net/reader035/viewer/2022062721/56649f265503460f94c3d3f9/html5/thumbnails/25.jpg)
Summary
We covered the history of file system security, basic theory, types of file systems, security for those systems, and potential threats.
?Well science shows that general policies, such as
access control, password protection, permissions, encryption, and roles can significantly improve security on any kind of file system.
![Page 26: File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.](https://reader035.fdocuments.net/reader035/viewer/2022062721/56649f265503460f94c3d3f9/html5/thumbnails/26.jpg)
QUESTIONS?!1?!1?!?!?!!!!ONE
![Page 27: File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.](https://reader035.fdocuments.net/reader035/viewer/2022062721/56649f265503460f94c3d3f9/html5/thumbnails/27.jpg)
Chris uses Windows XP Media Center Edition 2005 sp2
Bobby uses the Ubuntu release Edgy