Unix Security

Operating System security (CYB 0204)

lecture #4
Outline

 Introduction
 What is Unix?
 Common security threats
 User authentication
 File system security
 Privilege management
 System Updates and Patch Management
 Network security
 Security Monitoring and Incident Response
Introduction

Unix security refers to the measures and practices implemented to protect

Unix-based operating systems from various security threats, ensuring the
confidentiality, integrity, and availability of system resources and data.
Unix systems are widely used in critical infrastructure, servers, and
workstations, making them attractive targets for attackers.
Breaches in Unix security can result in unauthorized access, data breaches,
disruption of services, and financial loss.
The presentation aims to provide an in-depth understanding of Unix security,
discuss common security threats faced by Unix systems, and provide practical
guidance on implementing effective security measures.
 What is Unix?

Unix is a powerful and versatile operating system that originated in the 1970s.
It is known for its stability, scalability, and security features.
Unix and its derivatives, such as Linux and macOS, are widely used in various industries
and sectors.
Unix is used in a wide range of environments, including servers, mainframes,
supercomputers, workstations, and embedded systems.
It powers critical infrastructure, web servers, cloud platforms, and scientific research
facilities.
The importance of securing Unix systems due to their prevalence: With Unix being
widely deployed, it becomes crucial to secure these systems to protect sensitive data,
intellectual property, and critical operations from potential threats and vulnerabilities.
Common Security Threats

The different types of security threats Unix systems face. These threats
include malware, such as viruses, worms, and ransomware, which can
compromise system integrity, steal sensitive information, or disrupt
operations.
Unauthorized access, where attackers gain entry to the system without
proper authentication, is also a significant threat.
Data breaches, where sensitive information is exposed or stolen, can
lead to severe consequences. Insider threats, where authorized users
misuse their privileges, can also pose security risks.
Common Security Threats Cont.

The need for proactive security measures to mitigate these threats.

Reactive approaches, such as incident response and recovery, are often
insufficient.
Proactive security measures, such as preventive controls, continuous
monitoring, and security awareness training, are necessary to detect,
prevent, and respond to security incidents effectively.
User Authentication

User authentication is the process of verifying the identity of users

before granting access to a Unix system.
Strong authentication ensures that only authorized individuals can log in,
reducing the risk of unauthorized access.
The importance of using strong passwords and enforcing password
policies.
Passwords should be complex, unique, and regularly changed.
 User Authentication Cont.

Password policies can enforce these requirements and prevent the use of weak
passwords.
Additionally, implementing password hashing and salting techniques can protect
passwords from being easily compromised.
The use of additional authentication methods like two-factor authentication
(2FA) or biometrics.
Two-factor authentication adds an extra layer of security by requiring users to
provide a second form of verification, such as a code from a mobile app or a
biometric factor like fingerprints or facial recognition.
These methods provide an added level of assurance in user authentication.
File System Security

The importance of securing the file system.

The file system is where data and system files are stored, and securing
it is crucial to protect sensitive information and ensure system integrity.
The Unix file permission system (chmod) and its role in controlling
access.
 Unix file permissions

Unix file permissions determine who can read, write, and execute files and directories.
Each file has permissions for the owner, group, and others.
Understanding and properly configuring file permissions helps restrict access to
authorized users only, preventing unauthorized modification, deletion, or disclosure of
files.
The concepts of read, write, and execute permissions for users, groups, and others.

 Unix file permissions are assigned using three levels: user (owner), group, and others.

 Each level can be granted read, write, or execute permissions independently.

 Properly setting permissions ensures that files are accessible to the appropriate users
while limiting access to unauthorized parties.
Privilege Management

Privilege escalation refers to the process of gaining higher levels of access

within a system than initially granted.
Attackers often attempt to escalate privileges to gain unauthorized control
over the system.
Privilege escalation vulnerabilities can allow attackers to execute arbitrary
commands, modify system files, or access sensitive data.
The principle of least privilege

The principle of least privilege (POLP states that users should be granted
the minimum privileges necessary to perform their tasks.
Limiting administrative privileges reduces the potential impact of a
compromised account.
By implementing POLP, the potential damage caused by an attacker who
gains access to a user account is significantly reduced.
The importance of limiting administrative privileges and implementing
access controls. By restricting administrative privileges to authorized
personnel only, the attack surface is reduced and the potential for
unauthorized system modifications or access is minimized.
System Updates and Patch
Management
Regular system updates and patch management are essential for addressing
vulnerabilities and security flaws that could be exploited by attackers.
Vendors often release patches to fix known vulnerabilities, and delaying their installation
increases the risk of exploitation.
Patch management processes should be established to ensure timely patch deployment
across Unix systems.
Automated patch management tools can streamline the update process by automating
patch deployment, tracking vulnerabilities, and providing centralized management
capabilities.
 These tools help ensure that all Unix systems are consistently updated and protected
against known vulnerabilities.
 Network Security

Unix systems often communicate over networks, making them potential targets for network-based
attacks.
Network security measures are necessary to protect data in transit and prevent unauthorized
access.
Firewalls act as a barrier between trusted internal networks and untrusted external networks,
filtering incoming and outgoing network traffic based on predefined rules.
Firewalls help prevent unauthorized access and protect Unix systems from network-based attacks.
Encrypting network traffic using protocols such as Secure Shell (SSH) or Transport Layer Security
(TLS) helps secure data transmitted over networks, preventing eavesdropping and tampering by
attackers.
Encryption ensures the confidentiality and integrity of network communications.
 Security Monitoring and Incident Response

Effective monitoring helps detect and respond to security incidents promptly,

minimizing the potential impact of an attack.
The use of intrusion detection systems (IDS) and intrusion prevention systems (IPS).
IDS and IPS monitor network traffic and system logs for suspicious activities, such as
unauthorized access attempts or unusual patterns.
They can alert administrators or take automated actions to prevent or mitigate potential
threats.
The importance of incident response planning. Incident response plans define the
steps to be taken in the event of a security incident, including containment, eradication,
and recovery.
Having a well-defined incident response plan in place helps minimize downtime, data
loss, and the overall impact of a security breach.