Upload
dereje-dhufera
View
225
Download
0
Embed Size (px)
Citation preview
7/28/2019 11-Operating Systems Security
1/46
Operating Systems and
Virtual Machines SecurityEng. Hector M Lugo-Cordero, MS
CIS 4361 Secure OS Admin
7/28/2019 11-Operating Systems Security
2/46
Problem
Client / Server infrastructure very commonamong most organizations Clients provide access to system
Servers run the systems Software vulnerabilities (e.g. buffer overflow)and malware need to be considered
Follow a framework detailed by NIST (National
Ins t i tute of Standards and Techno logy )toprovide a secure environment, even when weknow it is not there
7/28/2019 11-Operating Systems Security
3/46
NIST Approach Phases
Planning
Installation
Configuration Update
Maintenance
Consider the OS layered model, eachlayer needs to be properly secured, and itmay be attack from layers bellow
7/28/2019 11-Operating Systems Security
4/46
OS Layered Model
User Space
Services / Hypervisor
System Calls
Device Drivers / Hardware Abstraction Layer (HAL)
Kernel / BIOS
Instruction Set Architecture
Hardware
Physical World
7/28/2019 11-Operating Systems Security
5/46
Australian Defense SignalsDirectorate (DSD)
Publish on Top 35 Mitigation Strategies
70% of intrusion studied by 2009 could be preventedwith 4 measures
Patch operating systems and applications using auto-update Patch 3rd party applications
Restrict admin privileges to users who need them
Disable root on linux (only via sudoers groups users may gainroot privileges)
Create other accounts (other than default) in Windows with lessprivileges
White-list approved applications
7/28/2019 11-Operating Systems Security
6/46
Overall Goal
Asses risks and plan the systemdevelopment
Secure the underlying OS and then key
applications Ensure any critical content is secured
Ensure appropriate network protection
mechanisms are used Ensure appropriate process are used to
maintain security (policies)
7/28/2019 11-Operating Systems Security
7/46
System Security Planning
There is a course CIS4313 that talks aboutplanning, here we care more about the RMM(Risk Management Mitigation)
Identify risks, along with their likelihood and whatare there impact
Also identify how to prevent and mitigates theserisks
Such process will drive what you need forestablishing a secure system (personnel forinstalling, OS, hardware, apps, etc.)
7/28/2019 11-Operating Systems Security
8/46
Things to keep in mind
Purpose of the system, type of informationstored, applications and services provided
Users of the system and their privileges
How are users authenticated How information on system is managed
What other hosts / DBs are accessed by system
Who will manage system and how (remote orlocal)
Additional measures such as: firewall, anti-virus,logging
7/28/2019 11-Operating Systems Security
9/46
Hardening the OS
Default OS configurations are for ease of use
Measures have to be done at all stages
Installing and patching
Configuring Remove unnecessary applications, services and protocols
Users, groups, controls and privileges
Install additional software (anti-virus, firewall, intrusion
detection system, etc.) Test Security
7/28/2019 11-Operating Systems Security
10/46
Installing and Patching
Installation Machines should not connect to network until secured
However removable media may be infected as well
Limited network (firewall) is acceptable, ideally:
No inbound connections Only out to certain key sites
Install only required services and drivers (from trusted sources)
Set up automatic updates (only if update time is not an issue)
Booting
Protect BIOS changes with password Disable some bootable media
Cryptographic hard drives? Pros and Cons
7/28/2019 11-Operating Systems Security
11/46
Automatic Updates
7/28/2019 11-Operating Systems Security
12/46
Remove Unnecessary Support
Software have vulnerabilities, hence moresoftware = more vulnerabilities
Better to not install it at all
Uninstallers sometimes fail to clean all dependency Disabled software may be enabled by an attacker
upon control acquisition
Disabling can be done via msconfig command(Windows), yast or equivalent (Linux) or ControlPanel (Windows / Linux)
7/28/2019 11-Operating Systems Security
13/46
Configure U/G Authentication
Define user types and privileges Admin (ideally only temporary)
Normal
Limited Authentication Force default password change
Password definition
Password lifespan Remove or disable old accounts
Allow for remote connections?
7/28/2019 11-Operating Systems Security
14/46
Additional Security and Testing
Anti-virus
Firewalls, IDS, IPS
White list If attackers manage to install a program what
will happen?
Run some test cases which attempt tobreak security (stress testing), goodhackers make a lot of money here
7/28/2019 11-Operating Systems Security
15/46
Security Testing
7/28/2019 11-Operating Systems Security
16/46
Application Security
Configure applications properly
Use encryption when possible as seen earlier
For storing
For transmit (SSH connections)
Limit privileges as with users
Remember what we have said about security inAndroid, Blackberry, and iPhone
Applications may provide backdoors if notconfigured properly
7/28/2019 11-Operating Systems Security
17/46
Maintenance
Now that system is set, keep it secure
This involves
Monitoring and analyzing logging information
Performing regular backups
Recovering from security compromises
Regular testing of security
Patch, update, and revise critical software
7/28/2019 11-Operating Systems Security
18/46
Logging
Keep a record of important events in thecomputer
Problems
Need to make sure to have enough space
Manual analysis is hard, so these logs shouldcontain a format such that a program (e.g. in
Perl) can parse messages
7/28/2019 11-Operating Systems Security
19/46
Data Backup
Backup is the act of creating copies ofinformation such that it may be recovered
Archive is to keep these backups for a longperiod of time in order to meet some legal
aspects Should the backup be kept online or offline?
Online makes easier access, faster recover Offline is more secure, harder to recover
Why not both?: Users should keep their own offlinebackups, in case online backup gets removed
Data may be lost accidentally (hardware failures,human mistake) or intentionally
7/28/2019 11-Operating Systems Security
20/46
Backups
7/28/2019 11-Operating Systems Security
21/46
Linux / Unix Security Periodic Runs
Patch Management Configure packet manager (cmd) on cron with crontab
e (can be used for updates)
Debian, Ubuntu: apt-get
Red Hat, Fedora, CentOS: up2date
SuSE: yast
Mac OS X: ports
Crontab usage-e Edit or create crontab file
-l Display your crontab file
-r Remove your crontab file
7/28/2019 11-Operating Systems Security
22/46
Linux / Unix Security Configuration
Applications and Services configuration
Global configuration may be found at /etc or inprogram tree
Local configurations inside of ~/. ~ is an alias for $HOME, which is user home directory,
equivalent to C:\Users\
Typically located in /home//.
Advantage Can have a program (e.g. Perl) that calculateshashes for configuration files and verify its integritylater
7/28/2019 11-Operating Systems Security
23/46
Linux / Unix Security Permissions
Users/Groups permissions Permissions are not only to files but to process (/proc), memory (/dev), boot (/boot), etc.
Commands chmod: change file mode
chmod +x jpegconv or chmod a+x jpegconv chmod g+w jpegconv chmod o-x jpegconv chmod u+rwx jpegconv chmodc 777 jpegcong
rwx rwx rwx (groups of tree bits) Each octal represents a group, bit 1 means grant right, bit 0 means remove/reject right
getfacl/setfacl: get/set file access control list chown: changes file owner chgrp: changes file group groups : shows a list of groups to which username or current belong to,
equivalent to cat /etc/groups | grep
There are other commands which start with ch and help with other things, use auto-completefeature (tab) for a complete list
Access Control List (more on man setfacl) setfacl -m u:lisa:r file
7/28/2019 11-Operating Systems Security
24/46
Linux / Unix Access Control Lists
[d[efault]:] [u[ser]:]uid [:perms] Permissions of a named user. Permissions of the
file owner if uid is empty.
[d[efault]:] g[roup]:gid [:perms] Permissions of a named group. Permissions of the
owning group if gid is empty.
[d[efault]:] m[ask][:] [:perms] Effective rights mask
[d[efault]:] o[ther][:] [:perms] Permissions of others.
7/28/2019 11-Operating Systems Security
25/46
Linux / Unix SecurityRemote Access
Configure firewalls to prevent remote access Commands:
/etc/hosts.allow and /etc/hosts.deny files iptables
Filter by protocol Filter by source/destination
Filter by rule (i.e. in, out, forward) For consistency should log into /dev/log openlog() syslog() closelog() logger command lsof: list open files
lsof | egrep log ps -efawww | egrep syslog
chroot jail: set temporary a new root directory such that services if they gethijacked do not give access to all the system (system call: chroot)
7/28/2019 11-Operating Systems Security
26/46
Linux / Unix Security Testing
Nessus: security scanning andvulnerability testing (like a fuzzer)
Tripwire: builds and check integrity of files(md5 compares)
Nmap: can check for surrounding networkservices
7/28/2019 11-Operating Systems Security
27/46
Windows Security
Use automatic updates specially for Windows Adobe Acrobat Reader and Flash Plugin Java
Users are defined with a Security ID (SID) andinformation such as passwords may be stored atSecurity Account Manager (SAM)
System restore
User Account Control to treat users with adminonly as admin when required, otherwise asnormal (Vista and later)
7/28/2019 11-Operating Systems Security
28/46
Windows Registry
Hard to maintain
Easy to access
May use a specific application hidingcomplex information from administrator
May use regedit to see everything
Useful to have an application that queues andmonitors registry changes, such that theyneed to get approved before proceeding
7/28/2019 11-Operating Systems Security
29/46
Other Windows Security
Anti-virus
Anti-spyware
Personal firewall
Encrypting File Systems Local Security Policy
BitLocker: full disk encryption with AES
More on Control Panel System Security
Microsoft Baseline Security Analyzer
Checks for minimal recommended requirements in a system Its free
Shavlik NetChk Limited for legacy
7/28/2019 11-Operating Systems Security
30/46
Virtualization
Virtualization: defines an isomorphism that mapsa virtual guest system to a physical host
Adds another degree of freedom by enablingmultiple resource managers and controlled
sharing. Adds a level of indirection
Can virtualize a single resource (DRAM, Disks)or an entire system (machine). may create one or more virtual objects.
Virtual Machine: Add virtualization layer whichtransforms the physical machine into the desiredvirtual architecture.
7/28/2019 11-Operating Systems Security
31/46
Virtualization (Some Terms)
Hypervisor/Virtual Machine Monitor: managesphysical resource allocation among VMs
Application Virtualization: allow an applicationwritten for one environment, to run at others Java
.NET
Full Virtualization: allows to run a full OS on a
machine Native Virtualization: runs without a host OS Hosted Virtualization: requires to have an OS running
below it
7/28/2019 11-Operating Systems Security
32/46
Some Virtual Machines
Oracle VirtualBox
Microsoft Virtual PC (formerly Virtual PC)
VMware Xen Hypervisor
Parallel Desktop (popular on MAC)
7/28/2019 11-Operating Systems Security
33/46
History of Virtualization
1960s
1964 - Birth of virtualization with the IBM CPseries which was a test bed for the IBM S/360
system. Provided full hardware virtualizationwith the ability to run 14 OS instances.
1965 IBM begins shipping S/360 systems,the first mass production multi-purposemainframe. First machine to use virtualmemory for infinite storage capacity.
7/28/2019 11-Operating Systems Security
34/46
History of Virtualization
1970s
IBM S/370, more of the same
1980s
1987 - Merge/386 becomes available allowingemulation of Intel 8086 instructions on Intel80286 & 80386 CPUs. Could run any 8086
coded OS but was typical found runningMicrosoft MS-DOS.
7/28/2019 11-Operating Systems Security
35/46
History of Virtualization
1990s
1997 Virtual PC released for Macintosh
1998 VMware released for Windows
1999 Citrix Presentation Server released forWindows
2001
Virtual PC released for Windows
VMware Server released (first x86 server VM)
7/28/2019 11-Operating Systems Security
36/46
History of Virtualization
2003 Xen Hypervisor released (Open Source x86)
MS buys Virtual PC & releases MS Virtual PC 2004
2005 MS releases Virtual Server 2005 (guest machines
limited to 32bit, 4GB of RAM, & 1 CPU)
Intels VT and AMDs AMD-V hardware virtualizationadded to Server and Desktop CPUs
7/28/2019 11-Operating Systems Security
37/46
History of Virtualization
2006 VMware Server 1.0 released for free
MS Virtual Server 2005 R2 released for free
MS Virtual PC 2007 released for free
MS buys and releases SoftGrid (now called MS App-V)
Amazon begins developing the first true Cloud
2007 VMware Server 2.0 released VirtualBox Open Source released
Citrix acquires Xen
7/28/2019 11-Operating Systems Security
38/46
History of Virtualization
2008
VMware buys Thinstall and releases ThinApp
VMware 6.5 released, first DX9 hardware
virtualization
MS releases Hyper-V for Windows 2008(guest machines gain 64bit support, 64 GB of
RAM, & 4 CPUs) First public Cloud systems come online
38
7/28/2019 11-Operating Systems Security
39/46
History of Virtualization
2009
MS releases Hyper-V R2 for Windows 2008R2 (guest machines gain CPU pooling)
2010 MS releases Hyper-V R2 SP1 (guest
machines gain RAM pooling and DX9
hardware support)ARM announces A15 with hardware
virtualization
7/28/2019 11-Operating Systems Security
40/46
Processor Performance
CPU Speeds 1965 - IBM S/360 0.1 MIPS (133,300 IPS)
1972 - IBM S/370 1.0 MIPS (1,000,000 IPS)
2000 - 1 GHz Intel P3 3,000 MIPS (3,000,000,000IPS)
2009 - Qualcomm Snapdragon A8 2,000 MIPS
2010 - Intel Core i7 4 x 147,600 MIPS
2010 - Qualcomm Snapdragon MP 2 x 2,500 MIPS 2011 - Qualcomm/Samsung/nVidia A9 MP 2 x
5,000 MIPS
2012 ARM Cortex A15 MP 4 x 25,000 MIPS
7/28/2019 11-Operating Systems Security
41/46
Uses Implement multiprogramming: multiple single-user virtual
machine instances. IBM System/370 used this approach toprovide time-sharing behavior with each VM running a simplesingle-user OS (Conversational Monitor System or CMS)
Multiple single-application VMs: Dedicates a VM for eachapplication program, uses a general purpose OS.
Multiple secure environments: VM creates sandbox to isolate
environments and security domains. Manage application environment: Install core applications in
one VM then create per user VMs for them to load their ownapps.
Mixed-OS environments: Single hardware platform can
support multiple Operating System environments. Legacy applications: Dedicate VMs for legacy applications.
Multiplatform applications development: One hardwareplatform with VMs providing emulation of alternative hardware.
7/28/2019 11-Operating Systems Security
42/46
Uses New system transition: Staged or gradual migration (opposite
of legacy support). System software development: For testing or developing new
system software in a protected environment.
Operating system training: Run OS instance in a VM soparameter or configuration adjustments do not affect rest of
system Help desk support: Use VM to replicate user environment
Operating system instrumentation: Can monitor hardwareaccess or low level software abstractions
Event monitoring: execution traces, machine state dumps and
replaying of traces System encapsulation: Check pointing system state and
restarting on same or different machine.
7/28/2019 11-Operating Systems Security
43/46
Virtualization Security Issues
Guest OS isolation: to have no connectionamong running OS and the Hypervisor
Keep the integrity of the hypervisor
Adds layers to the OS security
7/28/2019 11-Operating Systems Security
44/46
Virtualization Security Guidelines
Plan the security
Secure all elements of full virtualization
OS
Hypervisor
Virtualized infrastructure
Restrict and protect administrator access
7/28/2019 11-Operating Systems Security
45/46
Hypervisor Security
Like OS security
Install from private network, or clean media
Configure for automatic updates
Disable unused services and hardware
Restrict access to hypervisor
If there is remote access do it on a separate
network (e.g. VLAN, VPN, etc.)
7/28/2019 11-Operating Systems Security
46/46
Virtualized Infrastructure Security
Consider monitoring hardware activity
Search for VMM which allow to allocatehardware properly, such these activities onthe guess OS may be monitored