云嘉区网中心研习课程.ppt
《云嘉区网中心研习课程.ppt》由会员分享,可在线阅读,更多相关《云嘉区网中心研习课程.ppt(45页珍藏版)》请在三一办公上搜索。
1、1,雲嘉區網中心研習課程,系統安全管理,國立中正大學電算中心,張永榴,changccunix.ccu.edu.tw,2,系統安全管理,雲嘉區網中心研習課程,PART I.UNIX Security BasicsPART II.Enforcing Security on your SystemPART III.Handling Security Incidents,3,系統安全管理,雲嘉區網中心研習課程,PART I.UNIX Security Basics1.Introduction2.Users and Passwords3.The UNIX Filesystem,4,系統安全管理,雲嘉區網
2、中心研習課程,A computer is secure if you can depend on it and its software to behave as you expect it to.,The three parts of UNIX:The kernel Standard utility programs System database files,Introduction,5,系統安全管理,雲嘉區網中心研習課程,Prevention:1.Backup2.Monitoring system log files and running processes.3.upgrade OS
3、patches4.Dont install illegal packages.5.Read news about security,6,系統安全管理,雲嘉區網中心研習課程,Users and Passwords:,The crypt AlgorithmPassword Salt Encrypted Password-nutmeg Mi MiqkFWCm1fNJIellen1 ri ri79KNd7V6.SkSharon././2aN7ysff3qMnorahs am amfIADT2iqjAfnorahs 7a 7azfT5tIdyh0I,/etc/passwd filesroot:fi3sE
4、D95ibqR6:0:1:System Operator:/:/bin/cshdaemon:*:1:1:/tmpuucp:ooRoMN9FyZNE:4:4:/usr/spool/uucpublic:/usr/lib/uucp/uucicorachel:eH5/.mj7NB3dx:181:100:Rachel Cohen:/u/rachel:/bin/csharlin:f8fk3jlOrf34:182:100:Arlin Steinberg:/u/arlin:/bin/csh,7,系統安全管理,雲嘉區網中心研習課程,Bad Passwords:login name,anybodys name,b
5、irth date phone number,a place,all the same letter,word in the English dictionary,all numbers,less than 6 letters,.Adminstrative Techniques assign passwords to users crack your own passwords shadow password files password aging and expirationSummary ensure every account has a password ensure every u
6、ser choose a strong password use shadow password file,if available,8,系統安全管理,雲嘉區網中心研習課程,The UNIX FilesystemFile permissions read,write,execute The umask commandSUID,SGID%ls-l/bin/su-rwsr-sr-x 1 root 16384 Sep 3 1989/bin/su%find/-perm 4000-print,9,系統安全管理,雲嘉區網中心研習課程,1.Defending Your Accounts2.Securing
7、Your Data3.The UNIX Log Files4.Modems5.Networks and Security6.NFS7.COPS8.Patch Installation9.Firewall,Part II.Enforcing Security on Your System,10,系統安全管理,雲嘉區網中心研習課程,Defending Your Accounts,Dangerous Accounts accounts without passwords defaults accounts accounts that run a single command open account
8、s Protecting the root Accounts secure terminals the wheel group,11,系統安全管理,雲嘉區網中心研習課程,Securing Your DataFile backups 1.Why back up?user error,system staff error,hardware error,software error,electronic break-ins,natural disaster 2.What should you back up?user files,system databases,any system directo
9、ries 3.How long back up?Database daily checking/etc/passwd,/etc/group,/etc/rc*,/etc/ttys,/etc/inittab,/usr/spool/cron/crontabs,/etc/aliases,/etc/exports,/etc/vfstab,/etc/netgroup,12,系統安全管理,雲嘉區網中心研習課程,The UNIX Log Files/usr/adm/lastlog/etc/utmp,/usr/adm/wtmp,/usr/adm/wtmpx/usr/adm/pacct/usr/adm/sulog
10、,13,系統安全管理,雲嘉區網中心研習課程,Modems1.Devices:/dev/modem,/dev/ttys(0-9),/dev/ttyfa,/dev/ttyda,/dev/cua*2.Mode and owner:chmod 600/dev/modem chown root/dev/modem3.Modems hang-up checking:,14,系統安全管理,雲嘉區網中心研習課程,Networks and Security,Trusted ports 01023/etc/services fileRlogin and rsh/etc/hosts.equiv/.rhosts“r”
11、commands in/etc/inetd.conf file/.netrc Remote print/etc/hosts.lpq,15,系統安全管理,雲嘉區網中心研習課程,Networks and Security,Restricting FTP/etc/ftpusers Set EEPROM password#eeprom security-mode=full#eeprom security-password=Changing PROM password:New password:Retype password:Cron jobs:/var/spool/cron/crontabs file
12、 Set“CRONLOG=yes”in/etc/default/cron,16,系統安全管理,雲嘉區網中心研習課程,Networks and Security,Finger/etc/inetd.conf kill-1 pid_of_inetd Sendmail 1.debug,wiz,kill command 2.delete decode aliases from alias file.(decode:”|/usr/bin/uudecode”)3.disable the“wizard”password in the sendmail.cf file.Example:#Let the wiza
13、rd do what she want OWsitrVlWxktZ67,17,系統安全管理,雲嘉區網中心研習課程,Networks and Security,Anonymous FTP 1.create ftp account.2.mkdir ftp/bin ftp/etc ftp/pub 3.cp/bin/ls ftp/bin 4.chmod 111 ftp/pub/ftp/etc ftp/bin ftp/bin/ls 5.cp/etc/passwd ftp/etc/passwd 6.cp/etc/group ftp/etc/group 7.chmod 444 ftp/etc/*8.chow
14、n root ftp ftp/etc/ftp/bin 9.chown ftp.ftp ftp/pub 10.chmod 555 ftp,18,系統安全管理,雲嘉區網中心研習課程,NFS,NIS 1./etc/passwd file+:0:0:(wrong)+:*:0:0:(on NIS clients only)2.Netgroup/etc/netgroup(hostname,username,domainname),19,系統安全管理,雲嘉區網中心研習課程,NFS,/etc/exports File exportfs command showmount command,20,系統安全管理,雲
15、嘉區網中心研習課程,COPS File,directory and device files permissions/etc/passwd and/etc/group files SUID files examples:,21,系統安全管理,雲嘉區網中心研習課程,ATTENTION:Security Report for Wed Dec 18 13:30:30 CST 1991from host Warning!A“+”entry in/etc/hosts.equiv!Warning!“.”(or current directory)is in roots path!Warning!Direc
16、tory/usr/spool/mail is _World_writable!Warning!File/etc/motd is _World_writable!Warning!File/etc/mntab is _World_writable!Warning!File/etc/remote is _World_writable!Warning!File/etc/sm is _World_writable!Warning!File/etc/sm.bak is _World_writable!Warning!File/etc/state is _World_writable!Warning!Fil
17、e/etc/tmp is _World_writable!Warning!File/etc/utmp is _World_writable!Warning!User uucps home directory/var/spool/uucpublic is mode 03777Warning!Password file,line 2,negative user id:nobody:*:-2:-2:/:Warning!Password file,line 11,no password:sync:1:1:/:/bin/syncWarning!Password file,line 12,user sys
18、diag has uid=0 and is not root sysdiag:*:0:1:System Diagnostic:/usr/diag/sysdiag:/usr/diag/sysdiag/sysdiag,22,系統安全管理,雲嘉區網中心研習課程,Patch Installation ftp:/sunsite.ccu.edu.twexample:,23,系統安全管理,雲嘉區網中心研習課程,Denial of Service Attacks and Solutions,一、Destruction Attacks:1.Reformating a disk partition=Prevent
19、 anyone from acessing the machine in single-user mode.Protect the superuser account.2.Deleting critical files:=Protect system files by specifying approicate modes(eg.,755 or 711).Protect the superuser account.3.turn off power=Put the computer in a physically location.,24,系統安全管理,雲嘉區網中心研習課程,Denial of
20、Service Attacks and Solutions,二、Overload Attacks1.Process Overload Attacks:example.main()while(1)fork();=Solaris:/etc/system set maxproc=1002.System Overload:=set your own priority as high as you can with the renice command,25,系統安全管理,雲嘉區網中心研習課程,Denial of Service Attacks and Solutions,三、Disk Attacks1
21、.Disk Full Attacks:du command find/-size+1000-exec ls-l;quote-f/dev/sd0a set quotas(edquota)reserved space2.Swap Space Attacks:for Solaris:#mkfile 50m/home#swap-a/home for SUNOS:#mkfile 50m/home#swapon/home,26,系統安全管理,雲嘉區網中心研習課程,Denial of Service Attacks and Solutions,四、Tree Structure Attacks:example
22、:#!/bin/kshwhile mkdir_anotherdo cd./another cp/bin/cc fillitupdone=DIY=shell script=delete the inode of the top directory#boot-s#ls-i another#df another#/usr/sbin/clri/dev/dsk/c0t2d0s2 1491#fsck/dev/dsk/c0t2d0s2,27,系統安全管理,雲嘉區網中心研習課程,PART III.Handling Security Incidents,系統入侵檢測:1.檢查連線記錄檔中是否有不尋常的來 源或操
23、作動作。2.找出系統中所有setuid及setgid檔案3.檢查系統執行檔是否被修改,如login,su,telnet,netstat,ifconfig,ls,find,du,df sync,任何在/etc/inetd.conf中記載的 程式。4.檢查系統中是否有正在執行網路監聽 程式。5.檢查所有由cron和at所執行的程式。,28,系統安全管理,雲嘉區網中心研習課程,PART III.Handling Security Incidents,6.檢查/etc/inetd.conf是否被更改、對應程 式是否正確。7.檢查/etc/passwd內容及檔案屬性的更動。8.檢查系統和網路設定檔。ho
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 云嘉区网 中心 研习 课程
![提示](https://www.31ppt.com/images/bang_tan.gif)
链接地址:https://www.31ppt.com/p-5935172.html