Operating

System
Security
 Strategies
• The 2010 Australian Signals Directorate (ASD)
lists the “Top 35 Mitigation Strategies”
• Over 85% of the targeted cyber intrusions
investigated by ASD in 2009 could have been
prevented
• The top four strategies for prevention are:
• White-list approved applications
• Patch third-party applications and operating system vulnerabilities
• Restrict administrative privileges
• Create a defense-in-depth system

• These strategies largely align with those in the

“20 Critical Controls” developed by DHS, NSA,
the Department of Energy, SANS, and others in
the United States
 Operating System
Security
• Possible for a system to be compromised during
the installation process before it can install the
latest patches
• Building and deploying a system should be a
planned process designed to counter this threat
• Process must:
• Assess risks and plan the system deployment
• Secure the underlying operating system and then the key applications
• Ensure any critical content is secured
• Ensure appropriate network protection mechanisms are used
• Ensure appropriate processes are used to maintain security
 System Security
Planning
The first step in
Plan needs to deploying a new
identify system is planning
appropriate
personnel and Planning should
training to include a wide
install and security
manage the assessment of
system the organization

Planning process
needs to determine Aim is to
security maximize
requirements for the security while
system, applications, minimizing
data, and users costs
System Security Planning
Process
The purpose of the Any additional
system, the type of Who will administer security measures
information stored, the system, and how required on the
the applications and they will manage the system, including
services provided, system (via local or the use of host
and their security remote access) firewalls, anti-virus
requirements or other malware
protection
mechanisms, and
What access the logging
The categories of
system has to
users of the system,
information stored
the privileges they
on other hosts, such
have, and the types
as file or database
of information they
servers, and how
can access
this is managed

How access to the

How the users are information stored
authenticated on the system is
managed
 Operating Systems
Hardening
• First critical step in securing a system is to secure
the base operating system
• Basic steps
• Install and patch the operating system
• Harden and configure the operating system to adequately
address the identified security needs of the system by:
• Removing unnecessary services, applications, and protocols
• Configuring users, groups, and permissions
• Configuring resource controls
• Install and configure additional security controls, such as
anti-virus, host-based firewalls, and intrusion detection
system (IDS)
• Test the security of the basic operating system to ensure
that the steps taken adequately address its security needs
 Initial Setup and
Patching
Overall The integrity
boot and source of
process any
must also additional
be device driver
secured code must be
carefully
validated

System
security Initial Should stage
begins with installation
and validate
the should
Critical that all patches
install the
installation minimum
the system be
on the test
kept up to
of the necessary date, with all systems
operating for the critical before
desired
system system
security deploying
related
patches them in
installed production

Full
Ideally new installation
systems and hardening
should be process should
occur before
constructe
the system is
d on a deployed to its
protected intended
network location
 Remove
Unnecessary
Services,
Applications,
• When performing the
initial installation the
Protocols supplied defaults
should not be used
• Default configuration is
set to maximize ease of
• If fewer software use and functionality
rather than security
packages are available
to run the risk is • If additional packages
reduced are needed later they
can be installed when
• System planning they are required
process should identify
what is actually
required for a given
system
 • System planning process
Configure
Users, Groups,
and
Authentication
• Default accounts included
• Not all users with access to
a system will have the
same access to all data and
resources on that system
• Elevated privileges should
be restricted to only those
users that require them,
and then only when they
are needed to perform a
task
should consider:
• Categories of users on the
system
• Privileges they have
• Types of information they can
access
• How and where they are
defined and authenticated
as part of the system
installation should be
secured
• Those that are not required
should be either removed or
disabled
• Policies that apply to
authentication credentials
configured

Configure
Resource
Controls
• Once the users and groups
are defined, appropriate • Further security possible
permissions can be set on
data and resources
• Many of the security
hardening guides provide
lists of recommended
changes to the default
access configuration
Install
Additional
Security
Controls
by installing and
configuring additional
security tools:
• Anti-virus software
• Host-based firewalls
• IDS or IPS software
• Application white-listing

Test the
System
Security
• Final step in the process
of initially securing the
base operating system is
security testing
• Goal:
• Ensure the previous security
configuration steps are
correctly implemented
• Identify any possible
vulnerabilities
• Checklists are included
in security hardening
guides
• There are programs
specifically designed to:
• Review a system to
ensure that a system
meets the basic
security
requirements
• Scan for known
vulnerabilities and
poor configuration
practices
• Should be done
following the initial
hardening of the system
• Repeated periodically
 Application
Configuration
• May include:
• Creating and specifying appropriate data storage areas for
application
• Making appropriate changes to the application or service
default configuration details
• Some applications or services may include:
• Default data
• Scripts
• User accounts
• Of particular concern with remotely accessed
services such as Web and file transfer services
• Risk from this form of attack is reduced by ensuring that most
of the files can only be read, but not written, by the server
Encryption Technology
Is a key
enabling
technology
that may be If secure network Cryptographi
used to services are c file systems
If secure
secure data Must be provided using network
are another
both in TLS or IPsec use of
configured services are
encryption
transit and and suitable public provided using
when appropriate and private keys SSH,
stored must be appropriate
cryptographi server and
c keys generated for
client keys
created, each of them must be
signed, and created
secured
 Security Maintenance
• Process of maintaining security is
continuous
• Security maintenance includes:
• Monitoring and analyzing logging information
• Performing regular backups
• Recovering from security compromises
• Regularly testing system security
• Using appropriate software maintenance processes to
patch and update all critical software, and to monitor
and revise configuration as needed
 Logging
In the event of a
Key is to ensure you
Can only inform you system breach or
capture the correct
about bad things that failure, system
data and then
have already administrators can
appropriately monitor
happened more quickly identify
and analyze this data
what happened

Generates significant
Range of data
Information can be volumes of
acquired should be
generated by the information and it is
determined during
system, network and important that
the system planning
applications sufficient space is
stage
allocated for them

Automated analysis is
preferred
 Data Backup and
Archive
Performing Needs and
regular backups Backup Archive policy relating
of data is a to backup and
critical control archive should
that assists with The process of be determined
The process of
maintaining the making copies
retaining copies
during the
of data over
integrity of the of data at extended system
system and user regular periods of time
intervals in order to meet planning stage
data legal and
operational
May be legal or requirements to
operational access past data
Kept online or
requirements
offline
for the
retention of
data

Stored locally
or transported
to a remote
site
• Trade-offs
include ease of
implementation
and cost versus
greater security
and robustness
against different
threats
 Linux/Unix Security
• Patch management
• Keeping security patches up to date is a widely recognized
and critical control for maintaining security

• Application and service configuration

• Most commonly implemented using separate text files for
each application and service
• Generally located either in the /etc directory or in the
installation tree for a specific application
• Individual user configurations that can override the system
defaults are located in hidden “dot” files in each user’s home
directory
• Most important changes needed to improve system security
are to disable services and applications that are not required
 Linux/Unix Security
• Users, groups, and permissions
• Access is specified as granting read, write,
and execute permissions to each of owner,
group, and others for each resource
• Guides recommend changing the access
permissions for critical directories and files
• Local exploit
• Software vulnerability that can be exploited by an
attacker to gain elevated privileges
• Remote exploit
• Software vulnerability in a network server that could
be triggered by a remote attacker
Linux/Unix Security
Remote Logging and
access log rotation
controls • Should not
• Several host assume that the
firewall default setting
programs may is necessarily
be used appropriate
• Most systems
provide an
administrative
utility to select
which services
will be
permitted to
access the
system
 Linux/Unix Security
• chroot jail
• Restricts the server’s view of the file system to just
a specified portion
• Uses chroot system call to confine a process by
mapping the root of the filesystem to some other
directory
• File directories outside the chroot jail aren’t visible
or reachable
• Main disadvantage is added complexity
 Windows Security

Users
Patch administration
management and access
• “Windows Update” controls
and “Windows Server • Systems implement
Update Service” discretionary access
assist with regular controls resources
maintenance and • Vista and later systems
should be used include mandatory integrity
controls
• Third party
• Objects are labeled as
applications also being of low, medium, high,
provide automatic or system integrity level
update support • System ensures the
subject’s integrity is equal
or higher than the object’s
level
• Implements a form of the
Biba Integrity model
 Windows Security
Users Administration and
Access Controls
Windows systems also
define privileges Combination of share and
• System wide and granted to NTFS permissions may be
user accounts used to provide additional
security and granularity
when accessing files on a
shared resource

User Account Control Low Privilege Service

(UAC) Accounts
• Provided in Vista and later • Used for long-lived service
systems processes such as file, print, and
• Assists with ensuring users with DNS services
administrative rights only use
them when required, otherwise
accesses the system as a normal
user
 Windows Security
Application and service
configuration

• Much of the configuration

information is centralized in the
Registry
• Forms a database of keys and values that may
be queried and interpreted by applications
• Registry keys can be directly
modified using the “Registry Editor”
• More useful for making bulk changes
 Windows Security
Other security
controls
• Essential that anti-virus, anti-spyware, personal firewall, and
other malware and attack detection and handling software
packages are installed and configured
• Current generation Windows systems include basic firewall and
malware countermeasure capabilities
• Important to ensure the set of products in use are compatible

Windows systems also support a range of

cryptographic functions:
• Encrypting files and directories using the Encrypting File System
(EFS)
• Full-disk encryption with AES using BitLocker
“Microsoft Baseline Security
Analyzer”
• Free, easy to use tool that checks for compliance with Microsoft’s
security recommendations
 Virtualization
• A technology that provides an abstraction of the
resources used by some software which runs in a
simulated environment called a virtual machine
(VM)

• Benefits include better efficiency in the use of

the physical system resources

• Provides support for multiple distinct operating

systems and associated applications on one
physical system

• Raises additional security concerns

 Hypervisor
• Software that sits between the hardware and the
VMs
• Acts as a resource broker
• It allows multiple VMs to safely coexist on a
single physical server host and share that host’s
resources
• Virtualizing software provides abstraction of all
physical resources and thus enables multiple
computing stacks, called virtual machines, to be
run on a single physical host
• Each VM includes an OS, called the guest OS
• This OS may be the same as the host OS, if present,
or a different one
Hypervisor Functions
• Execution management of VMs
The • Devices emulation and access control
princip • Execution of privileged operations by
al hypervisor for guest VMs
• Management of VMs (also called VM
functio lifecycle management)
ns • Administration of hypervisor platform
perfor and hypervisor software
med by
a
hypervi
sor are:
 Virtualized Systems
• In virtualized systems, the available hardware resources
must be appropriately shared among the various guest OS’s
• These include CPU, memory, disk, network, and other
attached devices
• CPU and memory are generally partitioned between these,
and scheduled as required
• Disk storage may be partitioned, with each guest having
exclusive use of some disk resources
• Alternatively, a “virtual disk” may be created for each
guest, which appears to it as a physical disk with a full file-
system, but is viewed externally as a single ”disk image”
file on the underlying file-system
• Attached devices such as optical disks, or USB devices are
generally allocated to a single guest OS at a time
 Software Defined
Networks (SDNs)
SDNs enable network segments to logically span multiple
servers within and between data centers, while using the
same underlying physical network

There are several possible approaches to providing SDNs,

including the use of overlay networks

• These abstract all layer 2 and 3 addresses from the underlying physical
network into whatever logical network structure is required
• This structure can be easily changed and extended as needed
• The IETF standard DOVE (Distributed Overlay Virtual Network) which
uses VXLAN (Virtual Extended Local Area Network) can be used to
implement such an overlay network
• With this flexible structure, it is possible to locate virtual servers, virtual
IDS, and virtual firewalls anywhere within the network as required
 Containers
• A recent approach to virtualization is known as
container virtualization or application virtualization
• In this approach, software known as a virtualization
container, runs on top of the host OS kernel and provides
an isolated execution environment for applications
• Unlike hypervisor-based VMs, containers do not aim to
emulate physical servers
• All containerized applications on a host share a common
OS kernel
• For containers, only a small container engine is required
as support for the containers
• Containerization sits in between the OS and applications
and incurs lower overhead, but potentially introduces
greater security vulnerabilities
Virtualization Security
Issues
• Security concerns include:
• Guest OS isolation
• Ensuring that programs executing within a guest OS
may only access and use the resources allocated to it
• Guest OS monitoring by the hypervisor
• Which has privileged access to the programs and
data in each guest OS
• Virtualized environment security
• Particularly image and snapshot management which
attackers may attempt to view or modify
 Securing
Virtualization Systems
Organizations
using
virtualization
should:
• Carefully plan the
security of the virtualized
system
• Secure all elements of a
full virtualization solution
and maintain their
security
• Ensure that the
hypervisor is properly
secured
 Hypervisor Security
• Should be
• Secured using a process similar to securing an operating system
• Installed in an isolated environment
• Configured so that it is updated automatically
• Monitored for any signs of compromise
• Accessed only by authorized administration

• May support both local and remote administration so must be

configured appropriately

• Remote administration access should be considered and

secured in the design of any network firewall and IDS
capability in use

• Ideally administration traffic should use a separate network

with very limited access provided from outside the
Virtualized
Infrastructu Access to VM
image and
snapshots

re Security must be
carefully
controlled

Access
must be
limited to
just the
appropriat
e guest
OSs Systems
manage
access to
hardware
resources
 Virtual Firewall
Provides firewall capabilities for the network traffic
flowing between systems hosted in a virtualized or
cloud environment that does not require this traffic
to be routed out to a physically separate network
supporting traditional firewall services

VM Host-Based
VM Bastion Host Hypervisor Firewall
Firewall

Where a separate VM is used as Where host-based firewall

a bastion host supporting the
same firewall systems and
services that could be configured
to run on a physically separate
bastion, including possibly IDS
and IPS services
capabilities provided by the
Guest OS running on the VM Where firewall capabilities
are configured to secure that are provided directly by the
host in the same manner as hypervisor
used in physically separate
systems
 Summary
• Introduction to operating
• Linux/Unix security
system security
• Patch management
• System security planning • Application and service configuration

• Operating systems • Users, groups, and permissions

• Remote access controls
hardening • Logging and log rotation
• Operating system installation: initial
• Application security using a chroot
setup and patching
jail
• Remove unnecessary services,
applications and protocols • Security testing
• Configure users, groups, and
authentications
• Windows security
• Patch management
• Configure resource controls
• Install additional security controls
• Users administration and access
controls
• Test the system security
• Application and service configuration
• Application security • Other security controls
• Application configuration • Security testing
• Encryption technology
• Virtualization security
• Security maintenance • Virtualization alternatives
• Logging • Virtualization security issues
• Data backup and archive
• Securing virtualization systems
Thank You!

• Questions?