Untitled Quiz

Questions and Answers

What is the primary vulnerability in UNIX/Linux systems related to human users?

Software vulnerabilities

Social engineering (correct)

Hardware failures

Configuration errors

Which practice is considered the highest-value security chore for administrators?

Disable unnecessary services

Set up a secure host

Patch the software (correct)

Regular system backups

What should be done to minimize security risks associated with unnecessary functionalities?

Disable any services that are not necessary (correct)

Share software with trusted users

Regularly update software

Enable all services for flexibility

How can programming errors in software lead to security breaches?

By allowing hackers to manipulate software functionality

What type of threat does a Trojan horse pose to security?

It conceals harmful functionality within a seemingly harmless program.

What is a common misconception about UNIX/Linux systems regarding viruses?

UNIX is relatively immune from viruses.

Which is a consequence of improper configuration of software?

Configuration errors that weaken security

What action can be taken to protect critical data as part of a security plan?

Regular system backups

What is the primary goal of network security?

To mitigate risks to the network and devices using it

Which of the following describes eavesdropping in the context of network threats?

Listening to network traffic to capture confidential data

What type of attack causes a network service to become unresponsive?

Denial of Service

Which threat is characterized by an attacker impersonating a device?

Spoofing

What is a significant challenge related to security in a Bring Your Own Device (BYOD) environment?

Managing security without sufficient resources or knowledge

What is the risk associated with modification of network communications?

Loss of data integrity

Which of the following is NOT one of the four basic categories of threats to networks?

Data loss

What is the common consequence of an effective denial of service attack?

Loss of accessibility to network services

What is the primary reason encryption is not used as much as it should be?

Its high cost in CPU and difficulties of administration.

How does a hash function enhance security?

By producing a fixed-length representation called a message digest.

Which of the following is NOT a layer of encryption mentioned?

Internet Encryption Layer

What distinguishes symmetric algorithms from asymmetric algorithms in encryption?

Symmetric algorithms use identical keys for encryption and decryption.

Which protocol is known for using asymmetric encryption?

Secure Socket Layer (SSL)

What is the main function of digital signatures?

To authenticate a user and ensure data integrity.

Which aspect do X.509 standards specifically define?

Basic formats for certificates and certificate revocation.

What distinguishes block ciphers from stream ciphers in encryption?

Block ciphers transform fixed lengths of plaintext into blocks of ciphertext.

What is the primary purpose of implementing a Security Policy?

To codify security requirements and assign responsibility

Which of the following is NOT a method of limiting access to services on end devices?

Firewalls

What role does xinetd play in managing incoming network requests?

It listens for requests and launches services for those requests.

Which method can xinetd utilize to improve security?

Time-based access control

What is a key characteristic that distinguishes a MIB from a traditional database?

A MIB represents an active real-world system.

Why is physical security crucial for network infrastructure?

Attacks can occur if an attacker has physical access to the devices.

Which of the following MIB naming conventions is correct?

All names are globally unique and assigned numeric values.

What is one of the two major actions you can take to improve network security?

Restrict access to the network

Which of the following protocols is noted for having been designed without much consideration for security?

IP

What is a limitation of SNMP as a monitoring protocol?

It utilizes cleartext strings, compromising security.

What is one of the benefits of using TCP Wrapper ACLs with xinetd?

It allows extensive logging capabilities and access control

Which of the following is NOT an enhancement introduced with SNMP v2?

Efficient data retrieval

What primary function does nmap serve in network security?

It scans for open TCP and UDP ports.

What is the role of DNS within network management?

It serves as a distributed database for hostnames and IP addresses.

Which parameter is collected on a per-interface basis in MIB-II?

ifInOctets

Why should nmap not be run on someone else's network without permission?

It could be seen as unauthorized intrusion or reconnaissance.

What is the purpose of a default route in a router network?

To route all traffic not specifically directed to another route

Which of the following is NOT a characteristic of the RIP protocol?

It uses a link state algorithm for routing decisions

Which protocol is an example of an Inter Domain routing protocol?

BGP

How does OSPF improve upon simpler routing protocols like RIP?

By optimizing link state information for efficiency

What role does ICMP serve within network communications?

Sending error and control messages between hosts

What is a significant limitation of using RIP in large networks?

It is too simple for complex routing problems

What happens when a router fails while using RIP?

Nearby routers will discover this within 30 seconds

Which of the following correctly describes a characteristic of intra-domain routing protocols?

They are used within a single organization's network

Study Notes

CSCI322 Systems Administration

• Courseware developed with input from Daniel Saffioti and William Tibben.
• Course offered by the School of Computing and Information Technology, University of Wollongong.

Is UNIX/Linux Secure?

• No, of course not.
• UNIX is optimized for convenience and doesn't prioritize security.
• The software running on UNIX systems is developed by a large community of programmers.
• Mostly, administrative functions are implemented outside the kernel.
• Open-source distributions might have better security than closed operating systems.

How Security is Compromised?

• Social engineering
  • Human users are the weakest links in security.
  • Ensure user awareness of security threats.
• Software vulnerabilities
  • Programming errors exploited by hackers to manipulate systems.
  • Patch the software.
• Configuration errors
  • Software designed for usefulness, not always security.
  • Balance security and usability.

Security Tips

• Keep the system updated with the latest patches.
• Disable unnecessary services.
• Consider a secure host for a central logging machine.
• Regular system backups are essential.
• UNIX relatively immune to viruses, but not impossible to breach.

Trojan Horse

• A Trojan horse is a program with hidden functionality.
• An unsuspecting user executing the code.
• Functionality designed to compromise security.
• Example scenario demonstrating how a Trojan horse can potentially execute code as root.
• This can be done on non-root users as well due to insecure paths more likely.
• Example of a scenario showing various ways a Trojan horse can be used.

Rabbit

• A piece of code that rapidly reproduces itself.
• Consumes resources intended for other purposes.
• A denial-of-service attack.
• Few effective defenses, but does require an active account.

Rootkits

• Programs and patches that hide important system information.
• Examples of functions that hackers would replace.
• Tools like OSSEC and chkrootkit are available to detect rootkits.
• Thorough cleaning can take a long time.

Packet Filtering and Firewalls

• Packet filtering and firewalls are powerful tools to block external attacks.
• Passwords offer basic protection.
• Stay vigilant about security.

General Philosophy of Security

• Effective system security is based on common sense.
• Don't put files on the system that hackers would find appealing.
• Define sensitive information handling in your security policy.
• Don't let hackers build nests in your environment.
• Use security tools to monitor for intrusions and attempts.
• Educate yourself about system security.
• Actively monitor for unusual activity.

Security Policy

• System administrators are often expected to develop/assist in developing IT policy.
• Without a policy base, change the organizational perspective if possible.
• Consider changing your job if you cannot change the organizational perspective.
• Organizations need policy documents covering operational areas like security, acceptable use, and privacy.

Policy Development

• Develop formal mechanisms for handling events.
• Policies are dynamic and need revisiting.
• Policy development should consider major actors in the organization.
• Policies need to be documented and well-known amongst staff.
• Decisions should be guided by policy (especially in sensitive security matters).

Acceptable Use Policy (AUP) and Privacy Policy

• AUP defines legitimate users and acceptable behaviors (even those considered unacceptable). Organizations might have multiple AUPs for different levels of access/roles.
• Privacy policy dictates how the organization handles computer and network resources (email traffic, web logs, etc.) for privacy according to State and Commonwealth laws.

Network Connection Policy and Remote Access Policy

• Network Connection Policy defines how resources inside/outside the organization are connected, and any implications for business relationships.
• Remote Access Policy outlines the risks of remote access, and procedures to maintain security of credentials in case they are lost.

Log Retention Policy

• Log Retention Policy explains what data is logged and for how long, which may be formulated after a security policy to aid in incident resolution.

Writing Policy

• First establish a basis by asking questions to assess the needs of the policy.
• The purpose of security is to safeguard the computer and network infrastructure.
• Design the policy in a way that can be maintained, updated, and improved upon over time.

What to Protect?

• What assets need protecting (tangible and intangible)?
• What risks will arise from a failure to protect those assets? (e.g., loss of business, trust, perception)?
• How likely are attacks, and who would perform them?
• What are the cost of protecting the assets and/or cost of not protecting the assets? (Can we afford to do nothing)?
• Answers to these questions form a basis for conducting a risk analysis and developing an appropriate security policy.

Assessing and Prioritizing Risk

• Security policy prioritises issues by risk.
• All system resources (hardware, services, data) must be considered.
• Determine the likelihood and cost for every risk.
• The goal is to identify potential vulnerabilities.

Non-malicious Threats

• Software bugs
• Power failures
• Fire
• The threats do not always have to be hostile.

Cost/Benefit Analysis

• Calculate the likelihood of an event occurring.
• Assign a cost to the risk.
• Multiply the cost by the likelihood of the risk being realised.

Bad and Good Security Policy

• Bad policy example: overly specific and inflexible. Cannot scale or adapt to changing technology/organizational procedures.
• Good policy is flexible, well defined, and comprehensive, without being tied to specific technologies or procedures.

Policy vs. Procedure

• Policies are brief, general, and stable over time.
• Procedures are longer and more specific, updating more frequently in response to changes related to technology and operations.
• Procedure updates happen without needing higher management involvement directly.

Network Security Measures

• Implement measures at end hosts (devices like routers, switches) and on networking devices.
• Restrict network access based on who/what can access and through what methods (physical access, logins).
• Be careful about how data is sent through the network.

Measures for End Devices

• Restrict access to services, using authentication mechanisms like passwords, public-key authentication, 1-time passwords, and Kerberos.

xinetd

• xinetd manages application access through an access control list (ACL).
• It listens for incoming requests of applications over a network.
• xinetd launches relevant services for the request.
• Additional security features like access control and logging.
• Limits on the number of services that can be started at once.

Measures for Network Devices

• Physical security of hardware is important because large network infrastructure and devices can be vulnerable to attacks through physical access.
• Devices should be physically secured and authenticated.

Data Integrity

• Many network protocols were not initially designed with security as a top priority.
• Older protocols are susceptible to eavesdropping, spoofing, insertion attacks, and denial-of-service.
• Solutions include Secure DNS, Secure IP, and Secure Shell (replacing Telnet).
• Implementing rear guard actions to mitigate those threats is essential for security.

Virtual Private Networks (VPNs)

• A VPN creates a secure tunnel over an insecure network to connect two or more trusted networks.
• Site-to-site VPNs establish an encrypted tunnel between two sites using the public Internet.
• Remote Access VPNs allow host use VPN client software to connect to a destination network VPN gateway by using the public Internet.
• These are used for security.

Packet Filtering

• Access control lists are often used to control which data units (packets) enter or leave the network.
• Networking devices, like routers, frequently employ packet filtering to permit or deny access to devices and services.

Firewalls

• Firewalls are systems designed to control network traffic flow, restricting access to and from a network.
• They typically use packet filters and application proxies (bastion hosts) for this.
• Firewalls significantly limit intruder attack methods.

Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)

• Firewalls are not effective in stopping network worms, viruses, and malware.
• Intrusion Detection Systems (IDS) passively monitors network traffic to detect intrusions. Analyzes logs but is reactive.
• Intrusion Prevention Systems (IPS) actively monitors and stops malicious packets before they reach a target.

Incident Response Plan

• Be prepared for attacks.
• Consider what to do when you discover an attack in your organization.
• Decide if you should return the system to its normal state, identify the attacker, or understand what actions the attacker has performed.
• Determine if you need to involve legal authorities.
• Establish a recovery plan and communicate it to affected users/groups. (Provide details where appropriate, omit as needed).

Final Exam

• Date: Check the exam timetable.
• Venue: On campus.
• Duration: 3 hours.
• Items permitted: Calculator.
• Format:
  • Part A: Multiple Choice Questions (20 questions, 20 marks).
  • Part B: Short Answer Questions (10 questions, 20 marks).
  • Part C: Planning and Design Questions (2 questions, 10 marks).
• Answer all questions.

How Many Marks are Needed?

• Achieve as many marks as possible, ideally full marks.
• A minimum of 20 (out of 50) is required to pass (avoid TF).
• Supplementary exams may be offered on a case-by-case basis.

Q&A

• Addressing questions about exam prep, commands, formats, and any concerns you may have before the exam.

Logging

• Logging is a technique for recording events, and is not as simple as it sounds.
• Logging enhances computer security systems by allowing identification
• If you log attempts to break into the system, it enhances defenses and improves in the area of attack.
• Log messages to at least two locations: the local machine and a secure log host.

Syslog

• The most common form of logging on Unix systems is syslog.
• Syslog consists of two parts; Facility and Severity.
• Facilities identify the application; examples include: auth, kern, mail, and cron.
• Severity describes the severity of the message, some example codes include: error, warning etc.

Configuring syslog server

• Each system message sent to the syslog server has two descriptive labels associated to it.
• The first label describes the function (facility), the second describes the degree of severity of the message.

Syslog facilities

• Syslog codes identify programs that can log.
• Example codes include auth, kern, mail, cron, lpr, news, uucp etc.
• The configuration file /etc/syslog.conf is consulted to configure the syslog daemon.

Syslog Facility

• Referencing a table with different facility codes and corresponding keywords.
• Each facility code and corresponding keyword.

Syslog File

• The log files are usually stored in the /var/log directory on your system.
• Some examples of common files used with syslog.conf (such as *.debug /var/log/messages). This captures messages to or from different facilities or subsystems.

What to Log

• Avoid logging too much data, as this can harm the system.
• Attempt codes for security such as; Su attempts (switch user), Network connections, Failed logins, Rejected file system mount operations, and Transactions on services (Mail, FTP).

Monitoring

• Usually, the cron job scheduler is used to monitor logs for anomalies.
• Tools like swatch and logsurfer automate the log monitoring.

Trust and IP/DNS Spoofing

• Spoofing is a technique to impersonate another user or device.
• Because trust in networks depends on a known source of packets, forging those packets is an effective way to bypass system security.
• When the level of trust granted a machine increases, as with DNS servers, they need to be more secure through DNSSec. This reduces the risk of malicious attacks against the servers.

Human Factors

• Users can cause compromise to security through their behaviors.
• Some examples include, storing sensitive information on insecure machines; allowing other people to use personal accounts; or physically compromising the computer by installing their own hardware and software into company computers.

Physical Security Concerns

• No system is secure against an intruder who has physical access.
• Intrusion methods include: booting from alternative media or removing/copying disks; or installing additional hardware.
• Be concerned about potential issues with machine rooms that may need greater security precautions and the security of the data they contain or house. Special care in environments that include contractor involvement is also required.

Backups

• Critical for securing data during system security breaches. If a compromise is detected, trusted data might be reloaded from backups.
• If root compromised or data corrupted, the system cannot be trusted, and data must not be relied upon.
• Organizational procedures should be in place to ensure proper disaster recovery policies, including procedures for ensuring that backups are regularly functional, maintained and secure.

Data Integrity Checks

• Ideally, all system components not required to be modified should be read-only.
• Implementing integrity checking for vital files is an important tool for intrusion detection.
• Some tools include tripwire or ace. These compute checksums and compare them to previously computed values to identify unauthorized changes to files on your system, thus deterring malicious intrusions or intrusions.

Encryption

• Encryption is a fundamental security tool applicable in most network systems.
• The higher cost (in CPU) and administration (PKI) are factors and can limit the widespread use of this important security measure.
• Securely safeguarding sensitive information, especially in network transmissions, is an essential goal of any security policy.

Cryptographic Hashes

• Hash functions are used to create secure digests of data.
• Functions like checksumming, authentication, digitally signed contracts, and secure website usage (using a browser).

Confidentiality through Encryption

• Multiple layers of encryption methods (e.g., Layer 2, Layer 3, Layer 4/5, Application) are used together to increase confidentiality.
• Common classes of encryption algorithms: symmetric and asymmetric
  • Symmetric algorithms use identical keys for encrypting and decrypting data shared between sender and receiver.
  • Asymmetric algorithms use separate keys for encryption and decryption; commonly used in security, particularly in network communications and between parties who have never interacted such as digital signing and other digital certificates.

Network Layer and Internet Protocol (IP)

• Basic structures that constitute a frame: Source/Destination address, time, options, checksums.
• IP defines how hosts on a network are identified using IP addresses, which are logically organized. Address structure has network and host portions.
• Classes of addressing were created before more modern CIDR (Classless Inter-Domain Routing) - classful addressing, divided addressing space in A, B, C, etc. classes limiting the usable space across networks requiring more address space.

IP Addressing

• Addresses are used to uniquely identify hosts on a network.
• Most currently utilize the IPv4 protocol, with 4 bytes per IP address yielding a maximum of 2^32 different addresses.
• An address has network and host parts, so the network part details the grouping, or larger, network the address belongs to.
• A netmask (or CIDR mask) in conjunction with the IP address defines this network portion.
• Special addresses exist, 'loopback' addresses used for self-referential communications - (e.g., 127.0.0.1)
• A network can have multiple interfaces and thus multiple bound IP addresses.

IP Address Structure

• IP address structure has been broken into classes (groupings) since the 1970's. Originally, the class determined the size of the network (network portion) and host (host portion) parts of the address.
• This has changed in the recent time due to the inefficiency of address space due to address limitations.

Classful Addressing

• The original classful addressing methods are still relevant to understanding how IP addresses were organized and assigned in the beginning stages of the internet; however these schemes are largely outdated and inefficient for use today.

Classless Addressing

• Classless Inter-Domain Routing (CIDR) breaks apart the addressing space restrictions of classful methods and allows for greater address flexibility.
• Variable Length Subnetting (VLSM) is similar and is often used in conjunction with CIDR to allow better organization of address resources.

CIDR Notation

• CIDR offers a more efficient and flexible method of representing IP addresses, using a slash notation (e.g, 192.168.1.0/24).
• The number of hosts in a subnet can be computed using the formula 2^32 - n, where n is the mask bits.

Broadcast Addresses

• A broadcast address is used by one device to communicate to all devices within the same network subnet.
• It can also be calculated.

Calculating Specific Parameters

• Demonstrates the process of computing the network and broadcast addresses of a specific IP address with a given mask.

Subnetting and Supernetting

• Subnetting allows to further divide a network into smaller subnets.
• Supernetting allows combining networks into larger networks.
• This allows efficient allocation of IP addresses when addressing many devices across several networks.

Network Allocation

• Allocation is controlled by organizations (like ICANN and APNIC in Asia-Pacific). This is based on the hierarchical nature of networks (and the need for organizations to apply their own rules or apply regional rules that are consistent and scalable)

Private Addresses

• Specific blocks of addresses (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) are reserved for private networks or local usage and are not routable across the internet.
• This prevents conflict in public network usage.

Network Address Translation (NAT)

• Translates private IP addresses to public ones to allow communication between private networks and the public Internet.
• A Router/gateway device performs NAT by rewriting packet address information to allow the packet to get to its intended/desired destination.

Routers and Routing Protocols

• Routers determine optimal paths between networks.
• They have multiple interfaces which might communicate via their own unique protocols.
• Acting as gateways: routers move packets from one network to another.

IP Routing

• A router's role is to route IP packets. It receives packets from other networks, validates checksum integrity, and sends the packet to the appropriate location.
• Modern routers may implement cut-through switching.
• Packet pathways along different networks (such as Ethernet, Gig Ethernet, ATM etc.) may cause packets to be fragmented on some, but not all, links.

Route Table Example

• A table that manages routes based on network/host information and which gateway the packet should be forwarded to.
• Entries specify the destination network (including its mask and gateway), flags (indicating whether the gateway is a direct link, via a router, or is unreachable) and the interface to be used to reach the destination.

Dynamic Routes

• Routers can share learned routing information dynamically.
• Daemons, such as routed or gated, facilitate this sharing between routers.
• Distributed route information exchange between networks helps prevent a network from becoming congested or unreachable.

The RIP Protocol

• The simplest routing protocol.
• Routing Information Protocol (RIP) is a distance-vector routing protocol.
• Each router in a network maintains a table of distances to other routers.
• This information is periodically disseminated to neighboring routers—and, updated when a change in topology or other conditions occur.
• Each router updates its table to reflect changes in shortest path lengths.

ICMP

• Internet Control Message Protocol (ICMP) is part of the network layer.
• Used for error and control query messages (not applications). Examples of these messages include; destination unreachable, and source quench messages.
• Facilitates error and control communication between networks.

TCP/IP Overview

• Transmission Control Protocol (TCP) sits on top of IP and provides a reliable, full-duplex virtual circuit that handles packets out of order, retransmissions, and variable data rates.

TCP Session Establishment, Maintenance and Termination

• The transport protocol establishes a connection using a handshake process.
• Each machine first initiates connection attempts to the target machine.
• Connection confirmations then occur through a series of packets.

Three-Way Handshake

• Three-way handshakes initialize TCP connections between communicating hosts, involving SYN/ACK packets for synchronization.
• This makes it harder to successfully inject malicious code or data into the session, preventing unwanted session modification of data.

Congestion

• Congestion occurs when the rate of data transmission is high and the system experiences overwhelming traffic amounts or other obstacles.
• Transmission Control Protocol (TCP) implements mechanisms to handle congestion, including flags to signal whether or not data should be sent and a sliding window concept to ensure that data is efficiently managed.

Windowing in TCP

• The window size determines how many packets can be transmitted without acknowledgement.
• This optimization ensures efficient data transfer even in highly congested conditions, maximizing throughput to improve performance.

User Datagram Protocol (UDP)

• UDP avoids a connection-oriented handshake.
• When no reliability, guaranteed, nor managed throughput are required, UDP is better; it transmits data in stand-alone packets without relying on persistent connection verification.
• Widely used in many networking applications, it provides faster transaction times, but may lead to data loss if the messages are not re-sent.

Services

• Services are implemented by protocols and operate on designated network ports which are used with either UDP or TCP.
• Unique ports are assigned different services (for example, 67 and 68 are common port usages for DHCP).

Address Resolution Processes

• Address resolution occurs when a sender needs to determine the hardware (Ethernet) address of a destination to send packets on a network.
• The sender sends a broadcast address (ARP) query to learn the hardware address which is then used for the packet's transmission.

RARP

• Reverse Address Resolution Protocol.
• Helps resolve Hardware addresses into IP addresses. This is typically used by devices that require a mechanism to connect to a network but don't know their own IP addresses.

DHCP

• Dynamic Host Configuration Protocol (DHCP) dynamically assigns IP configuration information (address, netmask, gateway, DNS servers).
• Facilitates the communication between devices to gain the necessary configuration for network connections

DHCP Software

• Many open source implementations of DHCP exist and are maintained (version 2, 3, 4, and IPv6 support). In most Linux distributions, dhcpd manages this process on the system.

Disk

• Disk performance is largely dependent on speed of transfers, seek time for accessing data, and rotational latency.
• Physical disks, with rotating platters, are divided into tracks which are again divided into sectors—and these sectors and tracks form larger units, cylinders.

Disk Drive Interconnect Protocols

• Integrated Drive Electronics (IDE) refers to a common (older) method of connecting devices like discs or scanners to a computer.
• ATA (Advanced Technology Attachment), SATA, eSATA, and SCSI are more modern methods of establishing drive interconnections.
• Protocols often define commands for moving data.

SCSI

• SCSI is an interface—and a protocol—that can connect several different devices (disks, scanners) through a system.
• This interface is more expensive than other alternatives, and supports a maximum of 7 devices to a single chain.

Fibre Channel (FC)

• Fiber Channel (FC) is a method for connecting disk devices using fibre optic cables or copper.
• It allows greater bandwidth than similar solutions (e.g., 100 Mb/s to 8 Gb/s).

USB

• Universal Serial Bus (USB) is a commonly used interface for connecting peripheral devices like keyboards, and mice to a system.
• It offers three common flavors of connection (USB 1, USB 2, or USB 3).

Solid State Drives (SSD)

• SSDs are storage devices that utilize integrated circuits for storage rather than rotating platters.
• They're resistant to damages associated with physical movement and have quicker access times overall compared to HDDs, but are often more expensive to purchase or upgrade within a system.

Tape Drives

• Tape drives are often used for data backups or similar functions where storage costs or access are factored into security.
• Cloud storage is often chosen as an alternative to tape drives.

Operating Systems

• An operating system is a group of programs which manage and orchestrate the hardware and software components of a computer to allow functionality.

Memory Manager

• Validates requests from applications for memory usage.
• Allocates memory space for programs/ processes.
• Manages the process of using and releasing/returning memory at any time.
• Preserves operating system memory space in primary memory.

Processor Manager

• Allocates CPU time to processes.
• Tracks process status.
• Sets up registers/tables to initialize processes.
• Reclaims for the CPU when a process is finished or when the job allocated process is over.

Device Manager

• Manages and allocates resources for every device connected to the computer, including devices such as hard drives, USB ports, printers etc.

File Manager

• Tracks and manages files and data within a system.
• Enforces restrictions to access those files by other devices, programs, or users based on access-related policies.
• Allocates files and releases them.

A Simplified Example of Operation

• The actions of a user that types in a command to execute a program and the actions required to run it on a UNIX operating system.

Common UNIX shells

• Bourne shell (sh)
• POSIX shell (sh)
• Korn shell (ksh)
• C shell (csh)
• Bash shell (bash)

Basic Shell Commands

• Shell prompts.
• Standard commands to execute and use.
• Commands and options.
• - indicates options to the command.
• Parameters that define/alter command behavior.

Additional Common UNIX Commands

• ls, more, emacs, vi, mv, cp, rm, diff, wc, chmod, gzip, gunzip, gzcat, cat, print, mkdir, cd, pwd, grep, who, whoami, finger, last, date, cal, and exit, mail, ssh, ftp, !!

Obtaining Command Help

• The man command and help options within an operating system. The man command or any associated help functions are used.

Manual Page Section Number

• Section Numbers for various man sections covering different commands and tools. A reference table or guide is used to list the different man section numbers.

Shell Metacharacters

• Some symbols used in shells for special operations regarding commands, programs, and files.

Command Input and Output

• Standard input (stdin) and output (stdout/stderr).
• Commands can manipulate input/output, and these inputs/outputs are represented through file descriptors.
• 0 for stdin, 1 for stdout 2 for stderr.

Redirection

• Redirection allows to change standard output and error from the terminal to an external file.
  • > redirects standard output to a file.
  • 2> redirects standard error.

Pipes

• Pipes connect the standard output (stdout) of a command to the standard input (stdin) of another command through the pipe symbol |.

Filter

• A filter is often associated with commands that can operate as an action from input to output. Some important actions from input to output include commands like sort, cut, uniq, sed, awk, tr and grep filters.

cut

• The cut command extracts delimited portions from input lines. The default delimiter is the tab character (\t), and you can change it with the -d option.

Sort

• sort command, with possible options, to perform various forms of sorting on input. For example, those options can include options for case insensitivity, including whitespace.

Exercises

• Exercises to practice and improve command line usage in UNIX or LINUX.

Users

• Account structure.
• System user naming. An account is identified by a login name (username) and internally, by a user ID (integer).
• User accounts are associated with a password, group, or similar methods of authentication and/or authorization.

The Password File

• Information from the passwd file.
• The etc/passwd file contains the following fields, and they are vital to identifying and executing user commands/files; User name, Encrypted password, User ID, Group ID, Additional information (e.g., GECOS Information), Home directory, Login shell.
• etc/shadow is used with etc/passwd to provide additional password security. It adds additional elements like last, min, max, warn, expire, disable, rsvd which further limit password guesses and mitigate against cracking.

UNIX Password Encryption

• UNIX uses one way encryption; once encrypted, it is impossible to decipher.
• This helps keep security strong. The one way encryption algorithm is commonly implemented by the crypt() routine.

The Utility “Crack”

• Programs like crack were previously used to guess plain text passwords based on password hashes in the file etc/shadow, but the process is time consuming and difficult if you do not already know the password format.
• Exhaustive search is not feasible; however crack utilities can use heuristics or other strategies that enhance the chances of guessing passwords.

Other Hashing Options

• Some systems (e.g., Linux/BSD) utilize MD5 or SHA1 hashing algorithms. This makes them slower to compute, thus reducing the likelihood of guessing.

Modification to the Password File

• /etc/login.defs file regulates password policies on Linux systems (and other relevant operating systems). It controls details such as minimum length of passwords, minimum and maximum time allowed for password changes etc.

Directory service

• Some systems (LDAP, NIS, NIS+) handle and process passwords and other account information.
• Often, these types of directory services can have security enhancements over merely storing password information in files such as /etc/passwd and /etc/shadow.

PAM

• Pluggable Authentication Modules (PAM) is a mechanism that enables shared libraries for authentication. It dynamically loads modules for authentication processes.
• Example modules are pam_unix.so, which handles user authentication.

LDAP and Kerberos

• In conjunction, a method of managing credentials, and authorization can be built and administered.
• For enhanced security, organizations use LDAP and Kerberos in unison.

Password Security and Recommendations

• Users should receive clear instructions and training in choosing strong and secure passwords with password policies.
• It is essential to understand the password/account policy.

User Organization

• A user is likely to belong to several groups within your OS or network
• Groups allow you to manage privileges for file/folder access or similar organizational tasks.
• The etc/group file (along with other associated files) stores details associated with the user account grouping and access permissions.

Groups

• Groups are used to manage users and their permissions.
• Individual users might be placed in several groups (primary and secondary).
• This allows the use of file/directory access control policies for easier management.

Home Directories

• Individual users often have their own home directories which reflect user groups/names in order to aid in user management and security.
• For example, the home directory for a staff user might be /home/staff.
• This method helps limit exposure to files and directories within a file system for security reasons, as well as for easier maintenance.

Adding Users

• Adding new users in a consistent way that respects account policies, and organizational structure.
• In Linux systems this can be done through useradd or the Perl wrapper adduser.
• Specific options are available for adding -c description, -d homedir -e expirydate, and so on
• Following the processes/steps of adding users in a standardized, consistent way ensures better management and security of account creation.

Creating User Accounts

• Adding a new user through the command line rather than some GUI graphic interface, with examples for passwd, mkidr, and chown commands to adjust ownership and permissions for the newly created user.

Startup Files

• Many files and directories are used to handle the login processes, especially when the system's intialized or operating system is starting up.
• Basic configuration files are typically stored in /etc/skel or /etc, and if you modify any of them, you should back them up before making changes. A user's home directory may also have custom configuration changes.

Final Steps

• Verification that the user account has been created/initialized correctly (checking directories, and owner permissions for example.)
• Notify new users of their login credentials. Remind new users to change passwords after logging in (to improve security).

The useradd Command

• useradd is a common command in Linux systems for adding users.
• It manages user accounts, passwords, home directories, the shell, and other attributes.

Modifying User Accounts

• usermod is the most generally applicable approach to modify an existing user account.
• Various options can be used such as -c, -d, -e, -f, -g, group, -i, -k, -m, -s, -u to change details about the account or user.

Disabling Logins

• Procedures that disable a user's login account through changing/setting properties of the passwords or settings for the given user.

Removing User Accounts

• Removing user accounts/accounts from the system, including processes, files, directories and accounts from log databases.

userdel Command

• userdel command is a part of the operating system that is used to remove an existing user account.
• Options to this commend include the use of the -r flag (to delete home directory in association), and can delete all associate attributes and data from the system.

Managing Groups

• Group management.
• Use grpck to check for and fix formatting errors in the /etc/group file.
• Commands such as groupadd, groupmod, and groupdel perform tasks for adding/modifying/removing groups.

Managing Accounts

• User and group management varies slightly dependent on the OS.
• Multiple utilities/command-line commands may be available to help you manage these accounts.

Traditional UNIX Access Control

• An object (a file or directory) usually has an owner and a group which defines permissions for various users.
• Owners (often denoted by UID or user ID) have the most power to set or manage these permissions. The special account "root" may also manage the permissions of the object.

Filesystem Access Control

• File permissions are determined by the owner and the group, and then the others.
• Permissions are commonly categorized as read, write, and execute. The owner, group, and others each have their individual read, write, and execute permissions (denoted as 4, 2, and 1 respectively).
• The kernel and the Filesystem perform their respective tracking on different levels for this type of data.

The Root Account

• Root account is the superuser account in Linux/UNIX systems (and similar systems).
• It has a special UID (user ID) of 0. Root permissions allow for changing/modifying files or account settings, installing/uninstalling programs, updating systems etc. and performing other similarly important actions.
• The root account must be treated with great caution, as it carries more privileges than other user accounts.

su

• su command allows to temporarily substitute user identity, allowing changing of the current user account to another one (often elevated).

sudo

• sudo command allows users other than the root user to perform specific tasks that require root access, improving accountability and safety.

The Filesystem

• The file system is an organized hierarchical tree of files and directories that are associated with storage resources on various partitions or volumes.
• These components make up the overall file system structure, and are important to accessing and operating on files and directories found or contained within your system

A Typical Filesystem Structure

• Illustration showing a typical filesystem structure where various file types and directories are located, for example; /dev/, /home/, etc/, /var//usr etc.

Filesystem Type

• A filesystem can utilize various formats to store information or data.
• The most common types include BFS, CDFS, DOSFS, HFS, NFS, and VxFS and others.

Checking Filesystem Type

• df, fdisk, lsblk, mount, blkid, file, and fstab are commonly used commands on UNIX to check filesystem type and properties.

Mounting Filesystem

• Filesystems are attached (mounted) onto an already established file tree.
• The use of the mount command attaches a file system in a certain place in the directory tree (e.g. mount /dev/sdb1 /mnt/backup).
• fstab is a config file