cscd 303 essential computer security fall 2010 lecture 4 - desktop security reading:
Post on 19-Dec-2015
219 views
TRANSCRIPT
![Page 1: CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:](https://reader035.vdocuments.site/reader035/viewer/2022062516/56649d365503460f94a0dc95/html5/thumbnails/1.jpg)
CSCD 303Essential Computer SecurityFall 2010
Lecture 4 - Desktop SecurityReading:
![Page 2: CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:](https://reader035.vdocuments.site/reader035/viewer/2022062516/56649d365503460f94a0dc95/html5/thumbnails/2.jpg)
Overview
• Learning Objectives– Understand the OS security functions– Learn about the different levels of
privilege– Learn about Vista and Linux protection
![Page 3: CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:](https://reader035.vdocuments.site/reader035/viewer/2022062516/56649d365503460f94a0dc95/html5/thumbnails/3.jpg)
OS Design Decisions
• Turns out there are design decisions that affect the security of the OS
• Affects ultimate security of the OS and the user experience using the OS• One of the most important decisions is
that the OS is designed as a monolithic program vs. a highly modular design
![Page 4: CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:](https://reader035.vdocuments.site/reader035/viewer/2022062516/56649d365503460f94a0dc95/html5/thumbnails/4.jpg)
OS Design Decisions
• Monolithic Design– Integrate a great deal of functionality into
the OS core– Services are interdependent – Core system is larger– Every flaw in a piece of that system is
exposed through all the services that depend on that system
![Page 5: CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:](https://reader035.vdocuments.site/reader035/viewer/2022062516/56649d365503460f94a0dc95/html5/thumbnails/5.jpg)
Example
• Windows design - Monolithic– Decided to integrate IE into OS, – Did this in an attempt to put Netscape
out of business, wanted to take over Browser market– Every flaw in IE then exposes desktop to
risks that go beyond the browser– Different if browser was separate
![Page 6: CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:](https://reader035.vdocuments.site/reader035/viewer/2022062516/56649d365503460f94a0dc95/html5/thumbnails/6.jpg)
OS Design Decisions
• In contrast, what are the benefits of modular design?– Restricted damage if module has defect– Smaller kernel – Easier to upgrade or repair if flaw• Does not affect so much code
![Page 7: CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:](https://reader035.vdocuments.site/reader035/viewer/2022062516/56649d365503460f94a0dc95/html5/thumbnails/7.jpg)
Example
• Linux - All flavors– Modular design from the beginning– Much smaller kernel than Windows– Device drivers and other applications are
not part of the kernel – More restricted as to what needs
administrative privileges
![Page 8: CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:](https://reader035.vdocuments.site/reader035/viewer/2022062516/56649d365503460f94a0dc95/html5/thumbnails/8.jpg)
OS Security Overview
• Security within OS's–What services should an OS offer for
security?
![Page 9: CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:](https://reader035.vdocuments.site/reader035/viewer/2022062516/56649d365503460f94a0dc95/html5/thumbnails/9.jpg)
OS Security Overview
• Security within OS's–What services should an OS offer for
security?• Secure logon facility
– Authenticate users
• Discretionary Access Control– Allows owner of resource to determine who can
access the resource
• Security Auditing– Record security related events– Keep logs of events
• Object reuse protection– Deleted items or reused memory should be protected
between users
![Page 10: CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:](https://reader035.vdocuments.site/reader035/viewer/2022062516/56649d365503460f94a0dc95/html5/thumbnails/10.jpg)
OS Security Overview
• Security within OS's–What services should an OS offer for
security?• Facility Management
– Support for separate account roles for administrative functions
– Users, administrators have different accounts
![Page 11: CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:](https://reader035.vdocuments.site/reader035/viewer/2022062516/56649d365503460f94a0dc95/html5/thumbnails/11.jpg)
OS Security functions
• Discuss two of previous functions 1. User authentication2. Access to authorized resources
• User authenticationa. Positively ID the user• Compare to stored identity
b. Authenticate the user• User must provide additional information• Password, biometric attribute, keycard
![Page 12: CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:](https://reader035.vdocuments.site/reader035/viewer/2022062516/56649d365503460f94a0dc95/html5/thumbnails/12.jpg)
OS Security functions
• Access to authorized resources– Decision based on access rules– Typically authorization based on user or
group individual membership and– Labels attached to objects
• Example: Windows users with admin privilege – Allowed to both view and change user
accounts
![Page 13: CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:](https://reader035.vdocuments.site/reader035/viewer/2022062516/56649d365503460f94a0dc95/html5/thumbnails/13.jpg)
OS's Manage Privilege Level
• Two levels of privilege in modern CPU's• This is offered by the CPU itself, Intel,
AMD– User mode – unprivileged– Kernel mode – privileged
• The OS runs in Kernel mode• User programs – User mode• User programs make calls to the OS– To use the hardware resources– Use the OS API to access hardware
![Page 14: CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:](https://reader035.vdocuments.site/reader035/viewer/2022062516/56649d365503460f94a0dc95/html5/thumbnails/14.jpg)
User Powers
• Seems to be a need to have a user with greater powers– Root, superuser or administrator
• Yet, this comes with added risk– If user makes a mistake, can possibly
damage the system– Or, if they get their identity stolen,
attacker has full power to OS
![Page 15: CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:](https://reader035.vdocuments.site/reader035/viewer/2022062516/56649d365503460f94a0dc95/html5/thumbnails/15.jpg)
User Powers• Because of this problem of risk from
elevated power, concept of – “Least Privilege”– Only want to operate with the minimum of
needed power to get a job done– So, while I could always log in as administrator,
if I get my account hijacked or I get infected by malware while I am administrator• Attackers then have full access to the machine's
resources
– Example: In Linux Ubuntu, have sudo command
![Page 16: CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:](https://reader035.vdocuments.site/reader035/viewer/2022062516/56649d365503460f94a0dc95/html5/thumbnails/16.jpg)
File System Access• In OS's– Data and programs stored as files in
directories– Concept of ownership of files either by
users or the OS itself– Then files have permissions set for reading,
writing or executing them
• Windows– Access control is done by an Access Control
List (ACL)– Ea. object in system – Files, network
shares, directories have an ACL
![Page 17: CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:](https://reader035.vdocuments.site/reader035/viewer/2022062516/56649d365503460f94a0dc95/html5/thumbnails/17.jpg)
File System Access• Windows– ACL has users or groups, operations like
read or write, and a permission – allow or deny– How it works• When user, Carol, tries to open a file, the kernel
checks ACL for the file to see if she is allowed or denied access• If not, action fails else Carol is allowed access to
resource
• Linux– Permissions are set for each object• Looks at group, user or everyone for read, write
and execute privileges
![Page 18: CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:](https://reader035.vdocuments.site/reader035/viewer/2022062516/56649d365503460f94a0dc95/html5/thumbnails/18.jpg)
Kernel Level Privilege for Outside Code
• Kernel mode programs – Usually come with OS and are developed
by company creating the OS– Need to support other people's programs
– third party programs– Most typical is allowing third party
developers to write programs that support a wide range of peripherals• Printers, video cards, network cards
– Programs, Device Drivers
![Page 19: CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:](https://reader035.vdocuments.site/reader035/viewer/2022062516/56649d365503460f94a0dc95/html5/thumbnails/19.jpg)
Windows Privilege Levels• In XP and other pre-Vista versions– Had 2 choices of privilege– 1. Administrator or 2. Normal user• Administrator – access to everything• Normal user – many system level tasks you
needed to do, you couldn't do
– Consequently, most people ran as Administrator most of the time– Most users not even aware of the need
NOT to run as admin
![Page 20: CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:](https://reader035.vdocuments.site/reader035/viewer/2022062516/56649d365503460f94a0dc95/html5/thumbnails/20.jpg)
Windows Privilege Levels
• Vista– Have more choices– Can operate as a restricted normal user and
still be able to do almost everything in OS– And when necessary, you can be elevated
to an administrator for a short time to accomplish some task– Known at User Account Control (UAC)– Basically, copied sudo in Linux• Except it seemed to ask far more often !!!
![Page 21: CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:](https://reader035.vdocuments.site/reader035/viewer/2022062516/56649d365503460f94a0dc95/html5/thumbnails/21.jpg)
Security Identifiers (SIDs)
Each user account has a SID that uniquely identifies it
![Page 22: CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:](https://reader035.vdocuments.site/reader035/viewer/2022062516/56649d365503460f94a0dc95/html5/thumbnails/22.jpg)
Tokens
When you log on, you get a security access token Includes your User Name,
SID, and groups you belong to
Each program you launch gets a copy of your security access token
Token
![Page 23: CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:](https://reader035.vdocuments.site/reader035/viewer/2022062516/56649d365503460f94a0dc95/html5/thumbnails/23.jpg)
• Windows Vista splits the access tokens for users with administrative privileges– Vista included only two types of users.
• Administrators• Tokens provided are a “filtered” standard user
token and an “full administrator access” token• Standard Users• Only provided a “standard user” token
– Benefits of the User Account Control (UAC)• Installation of software now requires conscious
action on the part of the user• Malicious code cannot be installed without the
knowledge of the user
Tokens
![Page 24: CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:](https://reader035.vdocuments.site/reader035/viewer/2022062516/56649d365503460f94a0dc95/html5/thumbnails/24.jpg)
Account Types
Account Types are a convenience to describe memberships in the most frequently-user groups
Administrator accounts are in the Administrators group
Standard accounts are in the Users group
Guest accounts are in the Guests group
![Page 25: CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:](https://reader035.vdocuments.site/reader035/viewer/2022062516/56649d365503460f94a0dc95/html5/thumbnails/25.jpg)
Tasks Only Administrators Can Perform
Create, change, and delete user accounts and groups Install and uninstall programs Configure automatic updating or install Windows updates
manually Install an ActiveX control Install or remove hardware device drivers Share folders Set permissions Access all files, including those in another user’s folder Take ownership of files Copy or move files into the %ProgramFiles% or
%SystemRoot% folders Restore backed-up system files Grant rights to other user accounts and to themselves Configure Parental Controls Configure Windows Firewall
![Page 26: CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:](https://reader035.vdocuments.site/reader035/viewer/2022062516/56649d365503460f94a0dc95/html5/thumbnails/26.jpg)
Tasks Available to Standard Users
Change the password and picture for their own user account
Use programs that have been installed on the computer
Install approved ActiveX controls Configure a secure Wi-Fi connection View permissions Create, change, and delete files in their document
folders and in shared document folders Restore their own backed-up files View the system clock and calendar, and change
the time zone Configure power options Log on in Safe Mode
![Page 27: CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:](https://reader035.vdocuments.site/reader035/viewer/2022062516/56649d365503460f94a0dc95/html5/thumbnails/27.jpg)
Guests
Guests have privileges similar to Standard accounts
Guests cannot create a password
![Page 28: CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:](https://reader035.vdocuments.site/reader035/viewer/2022062516/56649d365503460f94a0dc95/html5/thumbnails/28.jpg)
OS Services• Services are– Processes that run when the OS starts– Not necessarily started by you, but run
by the OS to perform tasks
![Page 29: CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:](https://reader035.vdocuments.site/reader035/viewer/2022062516/56649d365503460f94a0dc95/html5/thumbnails/29.jpg)
Windows Vista Services
• Prior to Vista, many Services received LocalSystem privileges
• Problem was LocalSystem account had virtually unlimited access to local machine and network resources• Vista, one big security measures was to protect
running Services by providing them with security token of either LocalService or NetworkService– Are severely limited compared with LocalSystem
• Vista also included tighter security restrictions to ensure that none of the three system accounts has access to sensitive files, folders or processes
![Page 30: CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:](https://reader035.vdocuments.site/reader035/viewer/2022062516/56649d365503460f94a0dc95/html5/thumbnails/30.jpg)
The End
• Next Time: See miniAssignment 3
• Next: Lab today, meet in CEB 342