Chapter 12 - Security_b43a9c06273a93e1bd4f480d4ebca309.pdf

Full Transcript

Computer Security: Principles and Practice
Fifth Edition

Chapter 12
Operating System Security

Copyright © 2024, 2018, 2015 Pearson Education, Inc. All Rights Reserved
Operating System Security Layers

Figure 12.1
Strategies (1 of 2)

The 2010 Australian Signals Directorate (ASD) lists the “Strategies to Mitigate
Cyber Security Incidents”
At least 85% of the targeted cyber intrusions investigated by ASD would have
been prevented
The four strategies for prevention are:
Allow-list approved applications
Patch third-party applications and operating system vulnerabilities
Restrict administrative privileges
Strategies (2 of 2)
Configure Microsoft
In 2017, the updated
Office macro settings
list “Essential Eight”
was published
User application
hardening
It adds the following
items:
Multifactor
authentication
Collectively these
assist in creating a
defense-in-depth Regular backups
system
Operating System Security
Possible for a system to be compromised during the installation process before it
can install the latest patches

Building and deploying a system should be a planned process designed to counter
this threat

Process must:

Assess risks and plan the system deployment
Secure the underlying operating system and then the key applications
Ensure any critical content is secured
Ensure appropriate network protection mechanisms are used
Ensure appropriate processes are used to maintain security
 System Security Planning
The first step in deploying a
new system is planning

Plan needs to identify
appropriate Planning should include
personnel and a wide security
training to install and assessment of the
manage the system organization

Aim is to maximize
Planning process needs
security while
to determine security
minimizing costs
requirements for the
system, applications,
data, and users
 System Security Planning
Process

The purpose of the system, the type of information stored,
the applications and services provided, and their security
requirements
The categories of users of the system, the privileges they
have, and the types of information they can access
How the users are authenticated
How access to the information stored on the system is
managed
What access the system has to information stored on other
hosts, such as file or database servers, and how this is
managed
Who will administer the system and how they will manage
the system (via local or remote access)
 Operating Systems Hardening

First critical step in securing Basic steps
a system is to secure the
Install and patch the operating system
base operating system
Harden and configure the operating system to
adequately address the identified security needs
of the system by:
Removing unnecessary services, applications,
and protocols
Install and configure additional security controls,
such as anti-virus, host-based firewalls, and
intrusion detection system (I D S)
Test the security of the basic operating system to
ensure that the steps taken adequately address
its security needs
Initial Setup and Patching

System security begins with the installation of the operating system
Ideally, new systems should be constructed on a protected network
Full installation and hardening process should occur before the system is deployed to its
intended location
Initial installation should install the minimum necessary for the desired system
Overall boot process must also be secured
The integrity and source of any additional device driver code must be carefully validated
Critical that a system be kept up to date, with all critical security related patches installed
Should stage and validate all patches on test systems before deploying them in production
Remove Unnecessary Services, Applications,
and Protocols

If fewer software packages are available to run, the risk is reduced
System planning process should identify what is actually required for a given
system
When performing the initial installation the supplied defaults should not be
used
Default configuration is set to maximize ease of use and functionality
rather than security
If additional packages are needed later they can be installed when they
are required
Configure Users, Groups, and Authentication
Not all users with access to a system will have the same access to all data and
resources on that system

Elevated privileges should be restricted to only those users who require them,
and then only when they are needed to perform a task

Categories of users on the system
System planning process should Privileges they have
consider: Types of information they can access
How and where they are defined and authenticated

Those which are not required should be either removed or
Default accounts included as part of the disabled
system installation should be secured Policies that apply to authentication credentials configured
 Configure Resource Controls and Install
Additional Security Controls

Further security possible by installing
Once the users and groups are and configuring additional security
defined, appropriate permissions tools:
can be set on data and resources Anti-virus software
Many of the security hardening guides Host-based firewalls
provide lists of recommended IDS or IPS software
changes to the default access Allow-list applications
configuration
Test the System Security

Final step in the process of initially securing the base operating system is security testing
Goal:
Ensure the previous security configuration steps are correctly implemented
Identify any possible vulnerabilities
Checklists are included in security hardening guides
There are programs specifically designed to:
Review a system to ensure that it meets the basic security requirements
Scan for known vulnerabilities and poor configuration practices
Should be done following the initial hardening of the system
Repeated periodically as part of the security maintenance process
Application Configuration
Creating and specifying appropriate data
storage areas for application
May include: Making appropriate changes to the
application or service default
configuration details

Default data
Some applications or services may
Scripts
include:
User accounts

Of particular concern with remotely Risk from this form of attack is reduced
accessed services such as Web and by ensuring that most of the files can be
file transfer services read, but not written, by the server
Encryption Technology
Is a key enabling technology that may be
used to secure data both in transit and when
stored
Must be configured and appropriate
cryptographic keys created, signed, and
secured
If secure network services are provided using
TLS or IP sec suitable public and private keys
must be generated for each of them
If secure network services are provided using
SSH, an appropriate server and client keys
must be created
Cryptographic file systems are another use of
encryption
Security Maintenance

Process of maintaining security is continuous
Security maintenance includes:
Monitoring and analyzing logging information
Performing regular backups
Recovering from security compromises
Regularly testing system security
Using appropriate software maintenance processes to patch and update
all critical software and to monitor and revise configuration as needed
Logging
In the event of a system Key is to ensure that you
Can only inform you breach or failure, system capture the correct data
about bad things that administrators can more and then appropriately
have already happened quickly identify what monitor and analyze
happened these data

Generates significant
Information can be Range of data acquired
volumes of information
generated by the should be determined
and it is important that
system, network and during the system
sufficient space is
applications planning stage
allocated for it

Automated analysis is
preferred
Data Backup and Archive (1 of 2)

Performing regular backups of data is a critical control that assists with
maintaining the integrity of the system and user data
May be legal or operational requirements for the retention of data
Backup
The process of making copies of data at regular intervals
Archive
The process of retaining copies of data over extended periods of time in
order to meet legal and operational requirements to access past data
Data Backup and Archive (2 of 2)

Needs and policy relating to backup and archive should be determined during
the system planning stage
Kept online or offline
Stored locally or transported to a remote site
Trade-offs include ease of implementation and cost versus greater
security and robustness against different threats
Linux/Unix Security (2 of 4)

Users, groups, and permissions
Access is specified as granting read, write, and execute permissions to each of owner,
group, and others for each resource
Guides recommend changing the access permissions for critical directories and files
Local exploit
Software vulnerability that can be exploited by an attacker to gain elevated
privileges
Remote exploit
Software vulnerability in a network server that could be triggered by a remote
attacker
Linux/Unix Security (4 of 4)

chroot jail
Restricts the server’s view of the file system to just a specified portion
Uses chroot system call to confine a process by mapping the root of the
filesystem to some other directory
File directories outside the chroot jail aren’t visible or reachable
Main disadvantage is added complexity
 Windows Security (1 of 3)

Users administration and
Patch management
access controls

“Windows Update” and Systems implement
“Windows Server Update discretionary access controls
Service” assist with regular resources
maintenance and should be Vista and later systems include
used mandatory integrity controls
Third party applications also Objects are labeled as being of
provide automatic update low, medium, high, or system
support integrity level
System ensures the subject’s
integrity is equal to or higher
than the object’s level
Implements a form of the Biba
Integrity model
Windows Security: Users Administration and Access
Controls
Windows Combination of
share and N T F User Low
systems S permissions Account Privilege
also define may be used to

privileges
provide
additional
Control Service
security and (U A C) Accounts
granularity when
accessing files
on a shared
resource Provided in Vista and Used for long-
System
later systems lived service
wide and Assists with ensuring processes such
granted to users with as file, print,
user administrative rights and D N S
accounts only use them when services
required, otherwise
access the system as
normal users
Windows Security (2 of 3)

Application and service configuration
Much of the configuration
information is centralized in the
Registry
Forms a database of keys and
values that may be queried and
interpreted by applications
Registry keys can be directly
modified using the “Registry
Editor”
More useful for making bulk
changes
 Windows Security (3 of 3)

Other security controls Windows systems also support a
range of cryptographic functions:
Essential that anti-virus, anti-spyware, Encrypting files and directories using the
personal firewall, and other malware and Encrypting File System (E F S)
attack detection and handling software Full-disk encryption with A E S using BitLocker
packages are installed and configured
Current generation Windows systems include
basic firewall and malware countermeasure
capabilities
Important to ensure the set of products in use
are compatible
Virtualization

A technology that provides Provides support for
an abstraction of the Benefits include multiple distinct Raises
resources used by some
software which runs in a
better efficiency in operating systems and additional
simulated environment the use of the physical associated security
called a virtual machine (V system resources applications on one
M) physical system concerns
Hypervisor

Software that sits between the hardware and the VMs
Acts as a resource broker
It allows multiple VMs to safely coexist on a single physical server host and
share that host’s resources
Virtualizing software provides abstraction of all physical resources and thus
enables multiple computing stacks, called virtual machines, to be run on a
single physical host
Each VM includes an OS, called the guest OS
This OS may be the same as the host OS, if present, or a different one
Hypervisor Functions
The principal functions performed by a hypervisor are:
Execution management of VMs
Devices emulation and access control
Execution of privileged operations by hypervisor for guest VMs
Management of VMs (also called VM lifecycle management)
Administration of hypervisor platform and hypervisor software
Comparison of Virtual Machines and
Containers

Figure 12.2
Virtualized Systems
In virtualized systems, the available hardware resources must be appropriately shared
among the various guest OSs
These include CPU, memory, disk, network, and other attached devices
CPU and memory are generally partitioned between these, and scheduled as required
Disk storage may be partitioned, with each guest having exclusive use of some disk
resources
Alternatively, a “virtual disk” may be created for each guest, which appears to it as a
physical disk with a full file-system but is viewed externally as a single ”disk image” file
on the underlying file-system
Attached devices such as optical disks or USB devices are generally allocated to a single
guest OS at a time
Containers
In this approach, software
A recent approach to known as a virtualization
virtualization is known as container, runs on top of the
container virtualization or host O S kernel and provides
application virtualization an isolated execution
environment for applications

Unlike hypervisor-based V M s, All containerized applications
containers do not aim to emulate on a host share a common O
physical servers S kernel

Containerization sits between
For containers, only a small the O S and applications and
container engine is required incurs lower overhead but
as support potentially introduces greater
security vulnerabilities
Virtualization Security Issues

Security concerns include:
Guest OS isolation
Ensuring that programs executing within a guest OS may access and use only
the resources allocated to it
Guest OS monitoring by the hypervisor
Which has privileged access to the programs and data in each guest OS
Virtualized environment security
Particularly image and snapshot management which attackers may attempt
to view or modify
Securing Virtualization Systems

Organizations using virtualization should:
Carefully plan the security of the virtualized system
Secure all elements of a full virtualization solution and maintain their
security
Ensure that the hypervisor is properly secured
Restrict and protect administrator access to the virtualization solution
Hypervisor Security

Should be
Secured using a process similar to securing an operating system
Installed in an isolated environment
Configured so that it is updated automatically
Monitored for any signs of compromise
Accessed only by authorized administration
May support both local and remote administration so must be configured appropriately
Remote administration access should be considered and secured in the design of any network firewall and IDS
capability in use
Ideally administration traffic should use a separate network with very limited access provided from outside
the organization
Virtualized Infrastructure
Security
Systems manage access to
hardware resources
Access must be limited to
just the appropriate guest
OS s
Access to VM image and
snapshots must be
carefully controlled
 Virtual Firewall
Provides firewall capabilities for the network traffic flowing
between systems hosted in a virtualized or cloud environment
that does not require this traffic to be routed out to a physically
separate network supporting traditional firewall services
VM Bastion Host
Where a separate VM is used as a bastion host
supporting the same firewall systems and services that
could be configured to run on a physically separate
bastion, including possibly IDS and IPS services
VM Host-Based Firewall
Where host-based firewall capabilities provided by the
guest OS running on the VM are configured to secure
that host in the same manner as used in physically
separate systems
Hypervisor Firewall
Where firewall capabilities are provided directly by the
hypervisor
Hosted Virtualization Security
Hosted virtualized systems pose additional security
concerns that result from the host O S under the
hypervisor and its guest Oss

Users have access to configure the hypervisor and to
any V M images and snapshots

Possible to design a host system and virtualization
solution that is more protected from access and
modification by the users

There will be security concerns from possible
compromise unless it is adequately secured and
managed
Figure 12.3
Reference Monitor Concept
Trusted Platform Module (1 of 4)

A concept being standardized by the Trusted
Computing Group

A hardware module that is used in
hardware/software approach to trusted computing

Trusted computing (T C) approach employs a T P M
chip on a computer

Generates keys that is shared with vulnerable
components
Trusted Platform Module (2 of 4)

Authenticated Boot Service
Boots the entire operating system in stages
Assures that each portion of the OS is an approved version
A tamper-evident log of the loading process is kept to detect tampering
The tamper-resistant log contains a record that establishes which version
of the OS is running.
Trusted Platform Module (3 of 4)

Certification Service
The TPM produces a digital certificate by signing a formatted description
of the configuration information using the TPM’s private key.
Another user can have confidence because
The TPM is considered trustworthy
Only the TPM possesses this TPM’s private key
Trusted Platform Module
(4 of 4)
Encryption Service
Enables data encryption in such a way
that the data can be decrypted only by a
certain machine
TPM maintains a master secret key unique
to this machine and generates a secret
encryption key for every possible
configuration of that machine
This scheme can be extended upward
Figure 12.4
TPM Component Architecture
Summary (1 of 4)

Introduction to operating system security
System security planning
Operating systems hardening
Operating system installation: initial setup and
patching
Remove unnecessary services, applications and
protocols
Configure users, groups, and authentications
Configure resource controls
Install additional security controls
Test the system security
Application security
Application configuration
Encryption technology
Summary (2 of 4)
Security maintenance
Logging
Data backup and archive
Linux/Unix security
Patch management
Application and service configuration
Users, groups, and permissions
Remote access controls
Logging and log rotation
Application security using a chroot jail
Security testing
Summary (3 of 4)

Windows security
Patch management
Users administration and access controls
Application and service configuration
Other security controls
Security testing
Virtualization security
Virtualization alternatives
Virtualization security issues
Securing virtualization systems
Virtualized infrastructure security
Virtual firewall
Summary (4 of 4)

Trusted computer systems
Reference monitors
TCSEC and common criteria
Trusted platform module
Authenticated boot service
Certification service
Encryption service
TPM functions
Protected storage