cit 140: introduction to itslide #1 csc 140: introduction to it file security
Post on 12-Jan-2016
212 Views
Preview:
TRANSCRIPT
CIT 140: Introduction to IT Slide #1
CSC 140: Introduction to IT
File Security
CIT 140: Introduction to IT Slide #2
Questions
• What is security?• Authentication
– Users– Passwords– Groups
• Privacy• Integrity• Access Control
– chmod
CIT 140: Introduction to IT Slide #3
What is Security?
Security is the prevention of certain types of intentional actions from occuring in a system.– These potential actions are threats.– Threats that are carried out are attacks.– Intentional attacks are carried out by an attacker.– Objects of attacks are assets.
CIT 140: Introduction to IT Slide #4
Assets
1. Identity
2. Network bandwidth
3. Disk space
4. Confidential data
CIT 140: Introduction to IT Slide #5
Threats
1. Theft
2. Vandalism
3. Extortion
4. Con Games
5. Fraud
CIT 140: Introduction to IT Slide #6
Digital Threats: What’s Different• Automation
– Salami Attack from Office Space.
• Action at a Distance– Volodya Levin, from St. Petersburg, Russia, stole
over $10million from US Citibank. Arrested in London.
– Operators of CA BBS tried and convicted in TN court because TN had d/led pornography f/ CA.
• Technique Propagation– Criminals share techniques rapidly and globally.
CIT 140: Introduction to IT Slide #7
Authentication on UNIX
Identity: username– Public knowledge– How would you find out someone’s username?
Authentication: password– Secret– How would you find out someone’s password?
CIT 140: Introduction to IT Slide #8
Figuring out Passwords
1. Intentional disclosure– You tell someone your password.
2. Unintentional disclosure– Someone watches you type your password.
– Someone finds where you wrote it down.
3. Guessing– Guess based on what you know about person.
– Guess dictionary words + permutations.
4. Brute force– Try every combination of characters.
CIT 140: Introduction to IT Slide #9
Changing your Password
• Why?– Prevent it from being guessed.– Change periodically to avoid brute force attacks.
• How?– passwd
CIT 140: Introduction to IT Slide #10
Encryption-based Protection
CIT 140: Introduction to IT Slide #11
Access Control: Identity
• Access to system resources restricted
• Restrictions based on identity– User– Group– Anyone
CIT 140: Introduction to IT Slide #12
Access Control: Permissions
• Read– You can read the file with cat, more, etc.
• Write– You can modify the file with vi, OpenOffice, etc.
• Execute– You can run the file if it’s a program.
CIT 140: Introduction to IT Slide #13
Access Control
CIT 140: Introduction to IT Slide #14
Access Control: Directories
• Read– You can list directory contents with ls, etc.
• Write– You can create new files with touch, etc.– You can delete files with rm, etc.
• Execute– You can cd to the directory.
CIT 140: Introduction to IT Slide #15
Octal Codes for Access Control
CIT 140: Introduction to IT Slide #16
Access Control: Commands
Determining File Access Privilegesls –l , ls –ld
CIT 140: Introduction to IT Slide #17
Access Control: Commands
CIT 140: Introduction to IT Slide #18
Access Control: Commands
CIT 140: Introduction to IT Slide #19
Access Control: Commands
Changing File Access Privileges– chmod [options] octal-mode file– chmod [options] symbolic file
CIT 140: Introduction to IT Slide #20
Examples of chmod Command
CIT 140: Introduction to IT Slide #21
Access Control: chmod
CIT 140: Introduction to IT Slide #22
Access Control: chmod
CIT 140: Introduction to IT Slide #23
Access Control: chmod
CIT 140: Introduction to IT Slide #24
umask mask The access permission value on executable
file or directory is computed by:file permission = 777 –
mask
Current Value of the mask:$ umask
777
$
Access Control: Commands
CIT 140: Introduction to IT Slide #25
Special Access Bits
The Set-User-ID (SUID) Bit– Command runs with privileges of file owner when.– chmod 4xxx file-list– chmod u+s file-list
The Set-Group-ID (SGID) Bit– Command runs with privileges of group owner.– chmod 2xxx file-list– chmod g+s file-list
The Sticky Bit– Prevents non-owners from removing/renaming files in dir.– chmod 1xxx file-list– chmod +t file-list
CIT 140: Introduction to IT Slide #26
Special Bits Examples
SetUID Bit> ls -l /etc/passwd /usr/bin/passwd
-rw-r--r-- 1 root root 1335 2005 /etc/passwd
-rwsr-xr-x 1 root root 25464 2005 /usr/bin/passwd
SetGID Bit> ls –l /usr/bin/wall
-rwxr-sr-x 1 root tty 9784 2005 /usr/bin/wall
Sticky Bit> ls -ld /var/tmp
drwxrwxrwt 13 root root 4096 2005 /var/tmp
CIT 140: Introduction to IT Slide #27
Special Access Bits
top related