Scribd Logo
Upload

Welcome to Scribd!

  • Security: Risk Assessment

    Uploaded by

    kapal61
    2 views23 pages

    Original Title

    Basic

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    ODP, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as ODP, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    2 views23 pages

    Security: Risk Assessment

    Uploaded by

    kapal61

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as ODP, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 23

    Security

    RiskAssessment
    Determinehowimportantyour computeristoyourgroup

    Missioncritical? Sensitiveinformation? Expensivehardware? Serviceeasilyreplacedin24hours? Howmanyusersdependonit?

    Security
    PhysicalSecurity

    Security
    PhysicalSecurity

    Shoulditbelockeddown? Doesitneedtobeinaprotectedroom? Shouldthecasebelocked? Arethereanyremoveabledevices? Doyouleaveyourofficedooropen?

    Security
    PhysicalSecurity
    Story:ChristmasHolidayinBritain

    Security
    BIOS
    YourBIOSdeterminesfromwhich deviceyourcomputerboots Theorderofwhichdevicefromwhich tobootcanbesetinmostBIOSes

    Security
    BIOS
    ReformattingyourdriveisonlyaCD orfloppyaway MostCDdrivesarebootableand severaldistributionscannowexistona CD So,whatisstoppingsomeonefrom insertingadiskinyourcomputer, bootingfromit,andstartinganattack?

    BIOSPASSWORD

    Security
    Booting
    Nowyou'veblockedaccesstothe devicesandtheBIOS.Soyouaresafe...

    WRONG!
    Anyonecanstillaccessyoursystem asROOT! Howdotheydothis?!?!?

    Security
    Booting
    Simple: Whengrubstarts,justeditthe configurationfileandaddtheword singleattheendofthekernelline andboot Thesystemwillbootintosingleuser modeandnowyourareroot!

    Security
    Booting
    Exercise:SingleUserMode
    AtGRUBscreen,selectkernel Typeetoedit Selectlinewithwordkernelinit Typeetoedit Addthewordsingleattheend PressENTER AtGRUBscreentypeb

    Security
    Booting
    HowcanIpreventthis?!?!?! Addabootpasswordtothegrubconfig file: (1)Createtheencryptedpassword: /sbin/grubmd5crypt Thiswillreturnanpasswordencrypted inanMD5hash

    Security
    Booting
    (2)Editthegrubconfigfile /boot/grub/grub.confandaddthe passworddirectiveandthepassword: passwordmd5<passwordhash> Where<passwordhash>isthe encryptedpasswordyouweregiven fromgrubmd5crypt. Thenexttimeyouboot,youmustuse thepcommandandenterapasswordin ordertoaccessthegrubenvironment

    Security
    Booting Exercise
    #/sbin/grubmd5crypt #nano/boot/grub/grub.conf Add passwordmd5<passwordhash> tothetopofthefile Rebootandtrytoeditthegrubconfig file RemembertouseptogetGrubto promptyouforthepassword

    Security
    Passwords
    Thenextlayerofsecurityisgood passwords. Simplepasswordsareeasytocrack withpackagessuchascrackandJohn theRipper Exercise:JohntheRipper #cd/opt/exercises/Security #john1.6/run/john/etc/passwd #john1.6/run/john/etc/shadow

    Security
    Passwords
    Theseprogramsneedaccesstothe actualpasswords Thisisagoodreasonforusingshadow passwordsonlyroothasaccess

    Security
    Passwords
    Neveruseawordfoundinadictionary asapassword.Crackingprogramsare evensmartenoughtotrychanged characterclassesthatstillspellwords Neveruseyouraccountnameasyour password.

    Security
    Passwords
    Goodpasswordsshouldhavemixed casesandmixedcharactersets. Pickaphrasethatiseasytoremember andusethefirstletterofeachword: IowaStateRulesButUofISucks ISR3UoIS orbetteryet,withmixedcharactersets I$R3UoI$

    Security
    RootAccess
    Whoneedstoberoot? Asfewpeopleaspossible Howshouldrootaccessthecomputer? Themostsecurewayspossiblewith theleastchanceofinterceptingthe password Howdoweaccomplishthis? /etc/securetty su sudo

    Security
    RootAccess /etc/securetty
    rootshouldNEVERloginremotely Forcerootuserstoaccessthesystem viasecureterminals:

    Console virtualterminals serialterminals

    Whichterminalsareallowedis specifiedinthefile/etc/securetty

    RootAccess /etc/securetty
    console vc/1 vc/2... tty1 tty2... actualdisplay virtualconsoles

    Security

    connectedterminals (nowmostlyassociated withvirtualconsoles) serialconsole

    ttyS0 ttyS1...

    Security
    RootAccess suandsudo
    Ifyoumust,loginoverasecure connection Usesutoaccessroot YouMUSTuseasecureconnectionto avoidpasswordsniffing Abetterwayistoimplementsudo sudoisapackagewhichpermitssetsof userstoexecutecommandsasroot withouttherootpassword

    Security
    RootAccess sudo
    sudohasmanypossibleconfiguration options. Modifythesudoconfigfile /etc/sudoerstocontrolwhohasaccess andwhattheymayaccess Accessmustbedonebyrootwiththe commandvisudo See!youDONEEDtolearnvi :+D

    Security
    RootAccess sudo
    #Userprivilegespecification rootALL=(ALL)ALL linuxedALL=(ALL)ALL #Uncommenttoallowpeopleingroupwheeltorun allcommands #%wheelALL=(ALL)ALL #Samethingwithoutapassword #%wheelALL=(ALL)NOPASSWD:ALL #Samples #%userslocalhost=/sbin/shutdownhnow

    Security
    RootAccess sudo
    sudoisinvokedwiththesudo commandandthecommandtoberun sudo<command> TheuseristhenpromptedforTHEIR password:
    [linuxed@counter]$sudocat/etc/sudoers Password: #sudoersfile. # #ThisfileMUSTbeeditedwiththe'visudo' commandasroot. ...

    You might also like