Sie sind auf Seite 1von 35

Chapter 12

Operating System Security

The 2010 Australian Signals Directorate (ASD) lists
the Top 35 Mitigation Strategies
Over 85% of the targeted cyber intrusions
investigated by ASD in 2009 could have been
The top four strategies for prevention are:
o White-list approved applications
o Patch third-party applications and operating system vulnerabilities
o Restrict administrative privileges
o Create a defense-in-depth system
These strategies largely align with those in the 20
Critical Controls developed by DHS, NSA, the
Department of Energy, SANS, and others in the
United States
Operating System Security
Possible for a system to be compromised during
the installation process before it can install the
latest patches
Building and deploying a system should be a
planned process designed to counter this threat
Process must:
o Assess risks and plan the system deployment
o Secure the underlying operating system and then the key applications
o Ensure any critical content is secured
o Ensure appropriate network protection mechanisms are used
o Ensure appropriate processes are used to maintain security
System Security Planning
The first step in
Plan needs to deploying a new
identify system is planning
personnel and Planning should
training to include a wide
install and security
manage the assessment of
system the organization

Planning process
needs to determine
security Aim is to
requirements for the maximize
system, applications, security while
data, and users minimizing costs
System Security Planning Process
The purpose of the Any additional
Who will administer
system, the type of security measures
the system, and
information stored, required on the
how they will
the applications and system, including
manage the system
services provided, the use of host
(via local or remote
and their security firewalls, anti-virus
requirements or other malware
mechanisms, and
What access the logging
The categories of
system has to
users of the system,
information stored
the privileges they
on other hosts, such
have, and the types
as file or database
of information they
servers, and how
can access
this is managed

How access to the

How the users are information stored
authenticated on the system is
Operating Systems
First critical step in securing a system is to secure
the base operating system
Basic steps
o Install and patch the operating system
o Harden and configure the operating system to adequately
address the indentified security needs of the system by:
Removing unnecessary services, applications, and protocols
Configuring users, groups, and permissions
Configuring resource controls
o Install and configure additional security controls, such as
anti-virus, host-based firewalls, and intrusion detection
system (IDS)
o Test the security of the basic operating system to ensure
that the steps taken adequately address its security needs
Initial Setup and Patching
Overall The integrity
boot and source of
process any
must also additional
be device driver
secured code must be

security Initial Should stage
begins with installation
and validate
the should Critical that all patches
install the
installation minimum the system be on the test
kept up to
of the necessary date, with all systems
operating for the critical before
desired security
system system deploying
patches them in
installed production

Ideally new installation
systems and hardening
should be process should
occur before
the system is
d on a deployed to its
protected intended
network location
When performing the
Applications, initial installation the
Protocols supplied defaults
should not be used
o Default configuration is
set to maximize ease of
use and functionality
If fewer software rather than security
packages are available o If additional packages are
to run the risk is needed later they can be
reduced installed when they are
System planning
process should identify
what is actually required
for a given system
System planning process
should consider:
Configure o Categories of users on the
Users, Groups, system
and o Privileges they have
Authentication o Types of information they can
o How and where they are
defined and authenticated

Default accounts included

Not all users with access to as part of the system
a system will have the installation should be
same access to all data and secured
resources on that system
o Those that are not required
Elevated privileges should should be either removed or
be restricted to only those disabled
users that require them, o Policies that apply to
and then only when they authentication credentials
are needed to perform a configured

Once the users and groups Further security possible

by installing and
are defined, appropriate
configuring additional
permissions can be set on
security tools:
data and resources
o Anti-virus software
Many of the security o Host-based firewalls
hardening guides provide o IDS or IPS software
lists of recommended o Application white-listing
changes to the default
access configuration
Checklists are included
in security hardening
Test the guides
System There are programs
Security specifically designed to:
o Review a system to ensure
that a system meets the
basic security requirements
o Scan for known
vulnerabilities and poor
Final step in the process configuration practices
of initially securing the Should be done
base operating system is following the initial
security testing
hardening of the system
o Ensure the previous security Repeated periodically as
configuration steps are correctly part of the security
o Identify any possible
maintenance process
Application Configuration
May include:
o Creating and specifying appropriate data storage areas for application
o Making appropriate changes to the application or service default
configuration details

Some applications or services may include:

o Default data
o Scripts
o User accounts

Of particular concern with remotely accessed

services such as Web and file transfer services
o Risk from this form of attack is reduced by ensuring that most of the
files can only be read, but not written, by the server
Encryption Technology

Is a key
that may be If secure network Cryptographic
file systems are
used to secure services are provided another use of
data both in Must be using TLS or IPsec If secure network
transit and suitable public and services are
configured and provided using
when stored appropriate private keys must be SSH, appropriate
cryptographic generated for each of server and client
keys created, them keys must be
signed, and
Security Maintenance
Process of maintaining security is
Security maintenance includes:
o Monitoring and analyzing logging information
o Performing regular backups
o Recovering from security compromises
o Regularly testing system security
o Using appropriate software maintenance processes to
patch and update all critical software, and to monitor
and revise configuration as needed
In the event of a system
Key is to ensure you
Can only inform you about breach or failure, system
capture the correct data and
bad things that have administrators can more
then appropriately monitor
already happened quickly identify what
and analyze this data

Generates significant
Range of data acquired
Information can be volumes of information
should be determined
generated by the system, and it is important that
during the system planning
network and applications sufficient space is allocated
for them

Automated analysis is
Data Backup and Archive
Performing Needs and
regular backups Backup Archive policy relating
of data is a to backup and
critical control archive should
that assists with The process of be determined
The process of
maintaining the making copies
retaining copies
of data over during the
integrity of the of data at extended system
system and user intervals
periods of time
planning stage
in order to meet
data legal and
May be legal or requirements to
operational access past data
Kept online or
for the
retention of

Stored locally
or transported
to a remote
include ease of
and cost versus
greater security
and robustness
against different
Linux/Unix Security
Patch management
Keeping security patches up to date is a widely recognized and critical
control for maintaining security
Application and service configuration
Most commonly implemented using separate text files for each
application and service
Generally located either in the /etc directory or in the installation tree
for a specific application
Individual user configurations that can override the system defaults are
located in hidden dot files in each users home directory
Most important changes needed to improve system security are to
disable services and applications that are not required
Linux/Unix Security
Users, groups, and permissions
Access is specified as granting read, write, and execute
permissions to each of owner, group, and others for
each resource
Guides recommend changing the access permissions for
critical directories and files
Local exploit
Software vulnerability that can be exploited by an attacker to gain
elevated privileges
Remote exploit
Software vulnerability in a network server that could be triggered
by a remote attacker
Linux/Unix Security

Remote access controls Logging and log rotation

Several host firewall programs Should not assume that the
may be used default setting is necessarily
Most systems provide an appropriate
administrative utility to select
which services will be
permitted to access the system
Linux/Unix Security
chroot jail
Restricts the servers view of the file system to just a
specified portion
Uses chroot system call to confine a process by mapping
the root of the filesystem to some other directory
File directories outside the chroot jail arent visible or
Main disadvantage is added complexity
Windows Security

Patch administration
management and access
Windows Update and
Windows Server Update
Service assist with Systems implement
regular maintenance and discretionary access
should be used controls resources
Third party applications Vista and later systems
also provide automatic include mandatory integrity
update support controls
Objects are labeled as
being of low, medium, high,
or system integrity level
System ensures the
subjects integrity is equal
or higher than the objects
Implements a form of the
Windows systems also Combination of share
define privileges and NTFS permissions
System wide and granted to may be used to provide
user accounts additional security and
granularity when
accessing files on a
shared resource

User Account Control Low Privilege Service

(UAC) Accounts
Provided in Vista and later Used for long-lived service
systems processes such as file, print,
Assists with ensuring users and DNS services
with administrative rights
only use them when
required, otherwise accesses
the system as a normal user
Windows Security
Application and service

Much of the configuration

information is centralized in the
Forms a database of keys and values that may
be queried and interpreted by applications
Registry keys can be directly
modified using the Registry
More useful for making bulk changes
Windows Security
Other security controls
Essential that anti-virus, anti-spyware, personal firewall, and other
malware and attack detection and handling software packages are
installed and configured
Current generation Windows systems include basic firewall and
malware countermeasure capabilities
Important to ensure the set of products in use are compatible

Windows systems also support a range of cryptographic

Encrypting files and directories using the Encrypting File System
Full-disk encryption with AES using BitLocker
Microsoft Baseline Security Analyzer

Free, easy to use tool that checks for compliance with Microsofts
security recommendations
A technology that provides an abstraction of the
resources used by some software which runs in a
simulated environment called a virtual machine
Benefits include better efficiency in the use of the
physical system resources
Provides support for multiple distinct operating
systems and associated applications on one
physical system
Raises additional security concerns
Virtualization Alternatives
Application virtualization

Full virtualization
written for
Multiple full
Virtual machine monitor
t to execute
on some operating
operating instances Coordinates access
system execute in between each of the
parallel Hypervisor guests and the actual
physical hardware
Virtualization Security
Security concerns include:
o Guest OS isolation
Ensuring that programs executing within a guest OS
may only access and use the resources allocated to it
o Guest OS monitoring by the hypervisor
Which has privileged access to the programs and
data in each guest OS
o Virtualized environment security
Particularly image and snapshot management which
attackers may attempt to view or modify
Securing Virtualization
should: Carefully plan the security of
the virtualized system
Secure all elements of a full
virtualization solution and
maintain their security
Ensure that the hypervisor is
properly secured
Restrict and protect
administrator access to the
virtualization solution
Hypervisor Security
Should be
o Secured using a process similar to securing an operating system
o Installed in an isolated environment
o Configured so that it is updated automatically
o Monitored for any signs of compromise
o Accessed only by authorized administration

May support both local and remote administration so must be

configured appropriately
Remote administration access should be considered and
secured in the design of any network firewall and IDS
capability in use
Ideally administration traffic should use a separate network
with very limited access provided from outside the

Access must
be limited
to just the
manage access
to hardware
Introduction to operating
system security
Linux/Unix security
System security planning
o Patch management
Operating systems o Application and service
hardening configuration
o Operating system installation: o Users, groups, and
initial setup and patching permissions
o Remove unnecessary services,
o Remote access controls
applications and protocols
o Configure users, groups, and o Logging and log rotation
authentications o Application security using a
o Configure resource controls chroot jail
o Install additional security controls o Security testing
o Test the system security

Application security
Windows security
o Application configuration
o Patch management
o Encryption technology o Users administration and
access controls
Security maintenance o Application and service
o Logging
o Data backup and archive
o Other security controls
o Security testing