You are on page 1of 7

IT Security - 2 Exercise 4 (Access Controls, Firewalls

)
Tanmaya Mahapatra Matriculation Number : 340959 tanmaya.mahapatra@rwth-aachen.de Bharath Rangaraj Matriculation Number : 340909 bharath.rangaraj@rwth-aachen.de

Mohibullah Kamal Matriculation Number : 341323 mohibullah.kamal@rwth-aachen.de November 7, 2013

1

Task - 1 : Access Control

You are the administrator of a new Linux file server at a small company. You have just set it up and you are now about to set up access rights (without ACL extensions) to a directory with the following files for the users Bianca, Claus, Dora and Frieda: auskunft.doc billing.xls codefile.cpp excursion.jpg index.html Question 1 Find a way to set up the following access pattern: File Frieda Claus Bianca Dora auskunft.doc rw rw billing.xls rw rw r rw codefile.cpp r r r rw excursion.jpg r rw r index.html r rw r r You have root access. You may create groups, add users to groups and do chown, chgrp, chmod. Your solution should look roughly like a ls -l output, plus a list of the groups and their members. Solution: The named files have been created in a separate directory named “work”. This directory has “sticky bit” set on it. So the different users have read or write access to the files but in general cannot delete any files. The files can be deleted or renamed only by admin of the server. 1. The Files have been created. 2. The users have been added to the System. 3. The following groups have been added : info, finance, code, photo & web 4. The owner of every file is “tanmaya” who is the admin of the server. However owner of the file “excursion.jpg” is “claus”. 1

cpp =⇒ code.1 tanmaya code 125412 Nov 7 11:46 codefile.photo emil Question 3 A new employee is hired. The Files have been placed under different groups and with different permission values like : • auskunft. Executing the following code in bash 1 2 3 4 5 6 ls −l groups groups groups groups groups frieda claus bianca dora emil yields the following output: total 640 -rw-rw---.doc =⇒ info (group name). : usermod -a -G finance.jpg -rw-rw-r-. Make “emil” member of the groups of which “Frieda” is currently a member. 664 6.doc -rw-rw-r-.xls -rw-rw-r-.cpp -rw-r----.1 tanmaya info 125414 Nov 7 11:42 auskunft.5. 664 • excursion. What changes do you have to make to the existing configuration ? Solution: The new employee has the same level of access as of Frieda. 664 • codefile. What changes do you have to make to the existing configuration ? Page 2 .html =⇒ web.1 tanmaya finance 125414 Nov 7 11:56 billing.html frieda : frieda finance photo claus : claus finance web bianca : bianca info dora : dora info finance code photo emil : emil finance photo Question 2 A new employee is hired. 660 (permission value) • billing. His name is Emil and he may access the same files as Frieda. 640 • index. Her name is Ruth and she is a new administrator in charge of the server.jpg =⇒ photo.xls =⇒ finance.1 tanmaya web 125415 Nov 7 11:40 index.1 claus photo 125414 Nov 7 11:40 excursion. So the changes that are needed in the configuration are : 1. Add the user : useradd -m emil 2. The Users members of the different groups are shown in the Shell output listing.

There is some concern that she might retaliate by deleting data on the server. 2 Task . Question 4 Frieda is to be fired. Page 3 .2 : Access Control on Android Question 1 Describe how classic Unix-like access control is used within the security concept of Android. Now she has only read only access to the files on the server. Linux has become a stable and secure kernel trusted by many corporations and security professionals. Or if “ruth” is a partial administrator i.Solution: Ruth can be made administrator in the following ways : 1. Solution: The foundation of the Android platform is the Linux kernel. The second approach is more elegant instead of creating individual entries for individual users in the sudoers file and cluttering up. Possible solution is : Move user “frieda” out of “finance” group. and is used in millions of security-sensitive environments. the Linux kernel provides Android with several key security features. By adding an entry for “ruth” user in the /etc/sudoers file : ruth ALL=(ALL) ALL 2. Or she can be made a member of group called “admin” which again has a listing in the sudoers as : %admin ALL=(ALL) ALL 3. • Process isolation.e admin for specific tasks to be carried out on the server then instead of granting access to all commands we can make use of “command alias” to specify exactly what commands she is allowed to execute. including: • A user-based permissions model. • Extensible mechanism for secure IPC. She can truncate the files. 2. What changes do you have to make to the existing configuration ? Solution: Frieda can cause data damage in 2 ways : 1. and fixed by thousands of developers. attacked. The Linux kernel itself has been in widespread use for years. He/She can delete the files : Not Possible as the parent directory “work” has sticky bit on it. Through its history of constantly being researched. As the base for a mobile computing environment.

At install time. to prevent an application from executing certain functions. permissions requested by the application are granted to it by the package installer. Applications statically declare the permissions they require. Android gives each package a distinct Linux user ID.xml one or more ¡uses-permission¿ tags declaring the permissions that the application needs. A basic Android application has no permissions associated with it by default. effective uid. and the Android system prompts the user for consent at the time the application is installed. 2. No checks with the user are done while an application is running: it either was granted a particular permission when installed. When starting an activity. Both sending and receiving broadcasts. All android applications are run in sand-boxes.3 : Process and user IDs Question 1 Describe in your own words what real uid. Any data stored by an application will be assigned that application’s user ID. 3 Task . 3. Because security enforcement happens at the process level. based on checks against the signatures of the applications declaring those permissions and/or interaction with the user. or the permission was not granted and any attempt to use the feature will fail without prompting the user. A particular permission may be enforced at a number of places during the program’s operation: 1. Android has no mechanism for granting permissions dynamically (at run-time) because it complicates the user experience to the detriment of security. meaning it can not do anything that would adversely impact the user experience or any data on the device. Binding to or starting a service. to control who can receive the broadcast or who can send a broadcast to the application. At application install time. When accessing and operating on a content provider. the code of any two packages can not normally run in the same process. At the time of a call into the system.• The ability to remove unnecessary and potentially insecure parts of the kernel. They do not have any permission to affect the user data or OS. Page 4 . the developer must include in the AndroidManifest. Only two applications signed with the same signature (and requesting the same sharedUserId) will be given the same user ID. 5. The identity remains constant for the duration of the package’s life on that device. To make use of protected features of the device. since they need to run as different Linux users. to prevent applications from launching activities of other applications. 4. and not normally accessible to other packages. and can use that feature as desired. If they need to perform some specialised task then the applications declare the permissions they need for additional capabilities not provided by the basic sandbox. and saved uid are best used for.

the file belongs to root and has the setuid bit set. Page 5 . depending on the semantics of the specific kernel implementation being used and possibly also by the mount options used. The Saved User ID The saved user ID (suid) is used when a program running with elevated privileges needs to temporarily do some unprivileged work: it changes its effective user ID from a privileged value (typically root) to some unprivileged one. / ∗ Drop p r i v i l e g e s permanantly . The Effective UID The effective UID (euid) of a process is the ownership assigned to files created by that process. getuid ( ) ) < 0) { /∗ h a n d l e e r r o r ∗/ } /∗ c o n t i n u e w i t h g e n e r a l p r o c e s s i n g ∗/ some other loop ( ) . Example program for doing so is given below : / ∗ perform a r e s t r i c t e d o p e r a t i o n ∗ / setup secret (). what is the saved uid set to ? Solution: The saved uid is set to the real user id to drop the privileges permanently. Assumes RUID i s u n p r i v i l e g e d ∗ / i f ( s e t r e s u i d ( getuid ( ) .Solution: The Real UID The real UID (ruid) and real GID (rgid) identify the real owner of the process and affect the permissions for sending signals. A process without superuser privilege can signal another process only if the senders real or effective UID matches the real or saved UID of the receiver. they can signal each other. and write it.g. Question 3 You have found the following file on a remote Linux system where you have a non-privileged account: -rwsrwxrwx 1 root root 39 2006-12-05 03:44 test1 Obviously. and this triggers a copy of the privileged user ID to the saved user ID slot Question 2 When a process drops privileges permanently to reduce the impact of e. a buffer overflow vulnerability.Since child processes inherit the credentials from the parent. read. You (and everybody else) are allowed to execute. getuid ( ) . What is the security threat associated with this file ? Solution: Since the setuid bit for the file is set( it is denoted by s in place of x in the first part of user permission) the effective uid and the saved uid of the incoming process will be set to the root since root is the owner of the file and as the set user id bit is set for the file. The effective GID (egid) of a process may also affect file creation.

Solution: 1. 5. Data connections. as well as originating from the client to the server. Additional TCP/IP connections are used for data transfers. Question 2 Which measures is Skype taking to avoid being blocked by firewalls? Name the evasion techniques and the firewall techniques they bypass. and to continue to access files with the privilege of the invoking user. destination addresses are negotiated on the fly between the client and server over the channel used for the control connection. a common technique favoured by Internet Engineering Task Force (IETF) standards. Data connections may originate from the server to the client. Data connections may be sent to random port numbers. Skype can use both UDP and TCP. a firewall can screen incoming content and disable Java applets.This allows the process to learn the identity of the user who invoked it(which is root in this case). Solution: 1. 4. 3. 2. 4 Task . etc. The preferred protocol for best performance is UDP. Just as a user can disable your Web browser’s Java and JavaScript support. Skype automatically traverses most firewalls and NATs using UDP hole punching. JavaScript code. such as RFC 5389 (Session Traversal Utilities for NAT (STUN)).4 : Firewalls Question 1 Why does FTP often causes issues in conjunction with firewalls and NATs ? Solution: 1. 2. Skype “probes” the firewall for open ports and can auto detect a local web proxy. 3. It can try first with UDP. Page 6 . if it fails it can switch to TCP and use the common web access TCP ports 80(HTTP) and 443(HTTPS) for connectivity. cookies. The control connection is idle while the data transfer takes place on the data connection. 4. They can disable certain protocols and content type. Question 3 Give some examples for which tasks modern firewalls are used besides protecting against threats from the public Internet.

107.226.63 on the eth0 interface. Solution: iptables -A INPUT -p tcp -s 0/0 –syn -m limit –limit 1/s –limit-burst 3 -j RETURN Page 7 .0/24 -m –state NEW.168.RELATED -j ACCEPT Allow the system to send ping response in OUTPUT chain : iptables -A OUTPUT -p icmp –icmp-type 0 -s 192.0/24 . They are used for web caching.63 -i eth0 -j DROP Question 2 Allow all incoming SSH connections on the eth0 interface.63 to our system it would be like iptables -A INPUT -p TCP -s 137. Solution: Allow to accept ping request in INPUT chain : iptables -A INPUT -p icmp –icmp-type 8 -s 0/0 -d 192.107.RELATED -j ACCEPT where 192.226. 4.1.168. They allow us to define rules to thwart attacks by specifying their signatures.168. 5 Task .2.226.107.107. Solution: I did not understand the above question.0/24 -d 0/0 -m state –state ESTABLISHED. If we are blocking all TCP traffic from our system to foreign host 137.226.Range of Local Host IPs. Centralised management and reporting.5 : Linux Firewalling with iptables Question 1 Block all TCP traffic for the IP address 137.107.63 it would be iptables -A OUTPUT -p TCP -d 137.1.226. 3.1. Solution: iptables -A INPUT -i eth0 -p TCP –dport 22 -j ACCEPT Question 3 Allow outside users to be able to ping your local hosts.63 -o eth0 -j DROP If we are blocking all TCP traffic from 137. Question 4 A rule that provides basic protection from SYN floods.ESTABLISHED.