Linux
Linux Security Architecture components:
1. The user account (user account)
Advantages:
• Power in one of the root account, so easy in the administrative system.
• Carelessness one user does not affect the system as a whole.
• Each user has a strict privacy
User types:
Root: the control system files, users, resources (devices) and network access
User: Account with a regulated power by root in conducting activities in
system.
Group: a collection of users who have the right kind of sharing of a devices
certain.
2. The discretion Access Control (Discretionary Access control)
Discretionary access control (DAC) is a strict limitation of the method, which includes:
• Each account has their own username and password.
• Each file / device has attributes (read / write / execution) ownership, group, and the general user.
If we do list in detail using $ ls-l, we can see the implementation of the DAC on the linux file system:
d rw—x – – – 5 fade users 1024 Feb 8 12:30 Desktop
– Rw-r – – r – – 9 Goh hack 318 March 30 09:05 borg.dead.letter
– Rw-r – – r – – 9 Goh hack 318 March 30 09:05 borg.dead.letter
1 2 3 4 5 6 7 8 9 10 11
Description:
1 = type of file; signs dash (-) means ordinary file, d means directory, l means the file links, etc. 5 =
6 =
7 = Number of links files
Name of the owner (owner)
Group Name
2 = permit access to owner (owner), r = read / read, w = write / write, x = execute 8 =
9 =
10 = Large file in bytes
Month and date of last update
Last update time
3 = permit access to the group 11 = Name of file / device
4 = permit access to other (another user outside the previously defined group)
Important commandments in the DAC:
• Change the file permissions:
1. bu: chmod the name of the file,
example:
chmod u + x g + w or borg.dead.letter; add execution access (e) for the user (u), add also write access 
for the group (g) and reduce access permission read (r) for the other (o ) user.
2. chmod octal method, instead: chmod – – – filename, digits dash (-) first to permit the user access, the digit 2 to permit access to the group and the digit-3 for other permissions, apply conditions: r (read) = 4 , w (write) = 2, x (execute) = 1 and without permission access = 0.
Example:
Chmod 740 borg.dead.letter
Means: for file borg.dead.letter valid
digits to 7 = 1 4 +2 +1 = r permissions, w, x management for users.
digits to 2 4 = 4 +0 +0 = r access permission for group
3rd digit 0 = 0 +0 +0 = unauthorized access to other users.
• Change of ownership: chown file>
• Change the ownership group: chgrp owner>
• Using the root account for a while:
~ $ su; system will ask for password
password: ****; prompt will be turned into a fence, a sign login as root
~ #
• Enable shadow passwords, which makes the file / etc / passwd to be legible (readable) but no longer contains the password, because it has been moved to / etc / shadow
A typical example of the file / etc / passwd after active shadow:
…
root: x: 0:0:: / root: / bin / bash
fade: x: 1000:103:,,,: / home / fade: / bin / bash
…
View user fade, we can read as follows:
username: fade
Password: x
User ID (UID): 1000
Group ID (GUID): 103
Additional information: —
Home directory: / home / fade
The default shell: / bin / bash
Password can be read (readable), but a letter x only, the password is stored in the file / etc / shadow in a state encrypted:
…
root: pCfouljTBTX7o: 10995:0 :::::
fade: oiHQw6GBf4tiE: 10995:0:99999:7:::
…
The need for active Pro password
Linux uses DES method (Data Encription Standart) for the password. Users should be in training in choosing a password that will be used so as not easily guessed by crack programs passwords in gross threats force attack. And it is also necessary aids programs coupled with password security checks such as:
• Passwd +: improving user loging and warned if the filling easily guessed passwords, ftp://ftp.dartmouth.edu/pub/security
• Anlpasswd: can make the charging standard rules such as minimum password, upper joint with small letters, a combination of numbers and letters, etc., ftp://coast.rs.purdue.edu/pub/tools/unix/
3. Network access control (Network Access Control)
Firewall linux:
access control device between networks that make linux may choose the host that has the right / no right to access it.
Linux firewall functions:
• Analysis and packet filtering
Checking the TCP packet, and then treated with the prescribed conditions, for example package do action B. A
• Blocking content and protocol
Bloking contents of the package such as java applets, activeX, VBScript, Cookies
• Authentication and encryption connection
Running encryption in the user’s identity, the integrity of one session and covers the data with encryption algorithms such as DES, Triple DES, Blowfish, IPSec, SHA, MD5, IDEA, etc..
Linux firewall types:
• Application-proxy firewall / Application Gateways
Performed at the application level in the OSI layers, this proxy system to continue / divide packets into the internal network. Example: TIS software FWTK (Tursted Information System Firewall Toolkit)
• Network-level firewalls, filters and bloking functions performed in the router packet. Example: TCPWrappers, its application is in / usr / sbin / tcpd. How it works:
View the contents of the file / etc / inetd.conf:
…
telnet stream tcp nowait root / usr / sbin / telnetd
shell stream tcp nowait root / usr / sbin / rshd
pop3 stream tcp nowait root / usr/sbin/pop3d
…
with activated TCPwrappers the contents of / etc / inetd.conf:
…
telnet stream tcp nowait root / usr / sbin / tcpd in.telnetd
shell stream tcp nowait root / usr / sbin / tcpd in.rshd-L
pop3 stream tcp nowait root / usr / sbin / tcpd in.pop3d
…
every remote service requests, cut it with the matching rule set has been arranged by the tcp in, if it continues to be eligible to file diekseskusi, but if you do not qualify foiled.
TCPWrapper settings done by configuring the 2 files, namely:
• / etc / hosts host.allow allowed access.
• / etc / hosts host.deny not allowed access.
4. Encryption (encryption)
Implementation of encryption on linux:
• password encryption using DES (Data Encryption Standard)
• Encryption of data communications:
1. Secure Shell (SSH) Programs that do loging on other computers in the network, execute commands via a remote machine and move files from one machine to another. In the form of Blowfish encryption, IDEA, RSA, Triple DES. Contents SSH Suite:
• scp (secure shell copy) secure data duplication
• ssh (secure shell client) models like telnet client ssh encrypted.
• ssh-agent authentication via the network with RSA model.
• sshd (secure shell server) on port 22
• ssh-keygen key maker (key generator) for ssh
Configuration is in:
• / etc / sshd_config (server configuration file)
• / etc / ssh_config (client configuration file)
2. Layer secure socket (SSL) to encrypt data transmitted through http port.
Configuration is in: Apache web server with added SSL patch.
5. Logging
Def: Procedure of Operating System or application record each event and save the recording to be analyzed.
All the linux log files are stored in directory / var / log, among others:
• Lastlog: recording user last login time
• last: recording a user has ever logged by looking at the file / var / log / wtmp
• xferlog: recording the ftp login information in the form of data wktu daemon access, file transfer duration, ip and dns host access, number / name of the file, transfer type (binary / ASCII), the transfer (incoming / outgoing), access mode (anonymous / guest / authorized user), name / en / service user and the authentication method.
• access_log: recording services http / webserver.
• error_log: recording error messages on the service http / server is a data clock and time, type / reason errors
• Messages: recording events in the kernel is handled by two daemons:
o Syslog record all the programs, configure the syslog.conf
o Klog receive and record all the kernel messages
6. Infiltration Detection (Intrusion Detection)
Def: activity quickly detect intrusions by using a special program is automatically called Intrusion Detection System
Basic types of IDS:
• Ruled-based system: the data traffic records that match the database of signs that have been known intrusion, then immediately categorized infiltration. Ruled approach based system:
o Preemptory (prevention); IDS will watch all network traffic, and direct action if there is suspicion of intrusion.
Reactionary o (reaction); IDS log files only observe it.
• Adaptive systems: the application of expert system in observing network traffic.
IDS Program:
• Chkwtmp: the program checks for an empty entry
• Tcplogd: stealth-detection program scan (scan done without making session tcp)
• Host entry: login anomaly detection program (strange behavior) bizarre behavior (strange behavior), time anomalies (anomalies of time), local anomalies.
Windows NT
NT Security Architecture components:
1. User and Group Adminisrasi
User Account Type:
• Administrator
• Guest
• User
Gorup Account Type:
• Administrator
• Guest
• User
• Operator back-up
• Power users
• Server Operators
• Operator account
• Printer Operator
Rights User / Group:
• Basic Rights: acces computer from network, back-up files / directory, change the system time, log on locally, manage auditing and security, log (event viewer), restore files and directories, system shutdown, take ownership or other object files, etc. .
• Rights advance: access service and the kernel for system development needs.
2. Security for File system
A. NTFS:
• Fast in standard operating file (read – write – search)
• There is a file system recovery, access control and permissions.
• Looking at the object as a collection of attributes, including access permissions.
B. Protection for data integrity
Transaction logging: a file system that can be in-recovery to be able to record all final changes to the directory and files automatically.
• If the transaction successfully NT system will update the files.
• If the transaction fails, NT will be through:
• Stage analysis: measuring the damage and determine the location of the cluster that must be updated as information in the log file.
• Stage redo: do all phases of transactions recorded on the last check point
• Stage undo: restore to its original state for all transactions that have not been completed.
Sector sparing: dynamic data recovery technique that is only found in SCSI disks by using fault-tolerant technology to create a duplicate volume of data from the sector that experienced the error. Method is to merekalkulasi of the stripe set with parity, or by reading the sector from the mirror drive and write data to the new sector.
Cluster remapping: If there is failure in the transactions I / O on the disk, will automatically look for a new cluster that is not broken, then mark the address of the cluster that contains bad sectors it.
C. Fault tolerance: The ability to provide realtime data redundancies that will provide rescue actions in case of hardware failure, software corruption and other potential problems.
Technology called RAID (Redudant Arrays of inexpensive Disks): a disk array, where in a storage medium is redudan information about the data stored in the rest of the media.
RAID Pros:
• Improve performance of I / O
• increase the reliability of storage media
There are 2 forms of fault tolerance:
1. Disk mirroring (RAID 1): includes writing a second simultaneous data storage media is physically separate.
2. Disk stripping with Parity (RAID 5): data written in strips via an array disk in these strips there is parity information that can be used to regenerate the data if one disk set of devices in strip failure.
3. Windows NT Security Model
Made of several components that work together to provide logon security and access control list (ACL) in the NT:
• LSA (Local Security Authority): ensure users have the right to access the system. Core that creates a security token access, mengadministrasi local security policies and provide user authentication services.
• Logon Process: receiving a request from the user logon (interactive logon and remote logon), waiting for input username and password are correct. Aided by the netlogon service.
• Security Accounts Manager (SAM): also known as the directory service database, which maintains a database for user accounts and provide validation for counter LSA process.
• Security Reference Monitor (SRM): check the status of the user permission access and user rights to manipulate objects and create audit messages.
4. Security of local resources
Objects in the NT [file, folder (directory), process, thread, share and devices], each will be equipped with the Security Descriptor object consisting of:
• Security ID Owner: show user / group that has the object, which has the power to change the access permissions to the object.
• Security ID group: used by the POSIX subsystem alone.
• Discretionary ACL (Access Control List): identification of users and groups who are allowed / denied access, controlled by the owner of the object.
• System ACL: control auditing messages generated by the system, controlled by the network security administrator.
5. Network Security
Types of Windows NT Network Security:
• user-level security model: the user account will have access to use in conjunction with creating a directory or share the printer.
o Advantages: the ability to give certain users access to resources shared and determine what type of access is given.
o Cons: Setup process is complex because the administrator must notify each user and maintain the security system policy can still be well under control.
• Share-level security model: associated with peer to peer networks, where users share resources anywhere and decided apakaha password required for a particular access.
o Advantages: simplicity that makes share-level security does not require user accounts to gain access.
o Weaknesses: it permits access / password is given, there is no control over the menakses ready resources.
The way NT handles network security:
1. Give permission:
• local NTFS Permission
• Permission shere
2. Security RAS (Remote Access Server)
Doing remote user access via dial-up:
• Authentication user name and password are valid with the dial-in permissions.
• Callback security: check valid phone number.
• Auditing: using audit trails to track to / from whom, when the user has access to the server and what resources are accessed.
3. Internet Security Services:
• Firewall limited to Internet Information Server (IIS).
• Install additional proxies such as Microsoft Proxy Server.
4. Share administrative: enables administrators to gain access to Windows NT servers or workstations over a network
6. Security at the printer
Done with setting up the printer properties:
1. Defining permissions: full control, Manage document, print
2. Usually the order defaulut NT permissions on:
• administrator – full control
• Owner – Manage document
• All users – print
3. Controlling print jobs, comprising:
• Setting the print time
• Priority
• Notification (who should be given a warning)
4. Set auditing information
7. Security Registry
Tools are provided in accessing the registry:
• System policy editor: controlling access to the registry editor, allows administrators to edit and modify certain values in the registry with graphics-based.
• Registry editor (regedit32.exe): tools for editing and modification of values in the registry.
• Windows NT Diagnostics (winmsd.exe): enables users to view the contents of the registry settings and valuenya without having to go into the registry editor itself.
Tools for the registry backup that is:
• Regback.exe use the command line or remote session to membackupr registry.
• ntbackup.exe: automated backup on tape drive ONLY, including a copy of the local registry backup file.
• Emergency Repair Disk (rdisk.exe): memback-up system and software hive in the registry.
8. Audit and Recording Log
• logon and logoff records, including records in the multi log entry
• Object access (object access records and files)
• Privilege Use (paencatatan use of user rights)
• Account Management (user and group management)
• Policy change (Registry change security policy)
• System event (recording process restart, shutdown and system messages)
• Detailed tracking (recording process in the system in detail)
Free Computer Science 
Leave a comment