SCSC 455 Computer Security 2011 Spring

Chapter 3

User Security

Index

Password security Pluggable Authentication Modules (PAM) User security utilities sudo utility

Access computer system

Users can access computer systems in two different ways: To use client software that connects to a server

Q: What is client/server computing paradigm?

Q: what is a server? The user’s access is limited to the functions performed by the

service running on the server

To log in as a user on the system The user must have a valid user account The user must enter a password corresponding to a user ID

Creating good passwords and keeping them secure is crucial

Creating good passwords

What are the good practices of creating passwords?Must be long enough (the length >= 8 characters) Include at least one number or symbol (@#$%^&*) Could include two or three words separated by symbols or

numbers Using words are foreign or altered so that they do not appear

in a dictionary Using a series of numbers or a pattern of altered letters can

make it easier to remember

Examples …

Attack on Passwords

Attackers utilize social engineering to gain access to your system Q: What is social engineering? Examples …

Attackers can also resort to brute force attack Q: what is brute force attack?

all possible combinations are tried until one succeeds in guessing a password

How to protect passwords?

Protect password from social engineering Passwords must not be written down

especially not anywhere near the computer to which they provide access

Passwords must be chosen carefully so they can be remembered without a written aid

Passwords should not include easily guessed words or numbers

Users should never tell anyone their password

Q: How to protect password from brute force attack?

Linux Password files When a new user account is added to the system, a

single line is added to file /etc/passwd

Example …

The actual encrypted password is stored in the file /etc/shadow can only access by root In Red Hat Linux, passwords are encrypted by MD5 by default

Example …

Q: why using two files for passwords?

Managing Linux Passwords

Each user can change his/her password using the passwd utilitye.g. $ passwd When this command is entered, the user is prompted to enter

their current password, then their new password two times passwd utility performs a few basic checks on the entered

password based on the configuration of Linux PAM modules.

Root can change any user’s passworde.g. # passwd bob

Caution: should NOT edit /etc/password and /etc/shadow files directly in a text editor.

passwd command-line options

useradd command-line options for password control

Index

Password security Pluggable Authentication Modules (PAM) User security utilities sudo utility

Pluggable Authentication Modules The Pluggable Authentication Module (PAM) was

developed by Sun Microsystems PAM is an architecture and set of libraries that let a

programmer create a module to perform a specific security-related function

System administrators can select, configure, and then use one or more PAM modules to control the PAM aware Linux programs

How to use PAM? select the modules necessary to to control the activity

of a program list them in the program’s configuration file

(The details of PAM are not required in this course.)

Index

Password security Pluggable Authentication Modules (PAM) User security utilities sudo utility

Security utilities for users There are many security utilities that system

administrators and users need to be aware of Some of security utilities are PAM controlled Others are separated packages that you have to

install and configure before using

Security utilities for users (next a few slides)

Utilities for console security Utilities for login security Utilities for file security Utilities for monitoring user activities

Utilities for console security

Screen locking programs disable

keyboard input and hide the

screen so that private information

is not visible nor accessible

vlock is used from a text console

xlock is employed from a graphical interface

Linux desktop (Gnome and KDE) also have their own screensaver

Utilities for login security /etc/securetty file

The root user can only log in from terminals that are listed in the file /etc/securetty

By default this file contains only the virtual consoles terminals.

None of the network or other devices are listed Root cannot login from network

/etc/nologin file If /etc/nologin exists, only root can log in

The contents in this file are displayed for any user tries to log in

When this file is deleted, all users can log in again

SUID

Set UID bit (SUID) Executable files can have a special file permission set

SUID causes files to take on the permissions of the user who

owns the file rather than the user who executed the file Root can set SUID for a file # chmod u+s

Warning: Too many files with SUID is a great security risk any user on the system could easily get root access.

Utilities for file security Linux file systems support a number of attributes that

you can set on files Notice that: these attributes are different from file access

control attributes (r, w, x)

Examples …

Utilities for monitoring user activities Linux includes a number of utilities for monitoring

user activities who – list all of the users who are currently logged in

on the system. who am i (to see who you are logged in as)

w - list all of the users who are currently logged in with their username, terminal, the command that the user is currently running, CPU time … includes the remote location from which the users has

logged in

Utilities for monitoring user activities

mesg – Enable or disable the ability of other users to send a message to your screen (by using utilities such as write, talk).

dmesg – print the contents of the kernel ring buffer to screen. kernel ring buffer is a memory area holds messages

generated by the kernel. Using dmesg utility to monitor all hardware related

messages

Utilities for monitoring user activities

last – display a history of user log-ins and log-outs, system reboot information

Examples …

Index

Password security Pluggable Authentication Modules (PAM) User security utilities sudo utility

Why do we need “sudo” utility? Ans: If a server needs to be administered by a

number of people, it is normally not a good idea for them all to use the root account. difficult to determine exactly who did what, when and

where if everyone logs in with the same credentials. The sudo utility was designed to overcome this

difficulty.

Sudo

Sudo lets you assign privileges to any user account to execute only specific programs. The system administrators can complete common

administration task without login as root or su to root

Examples …

/etc/sudoers configuration file to determine which user can perform which task.

How does sudo utitlity work?

The basic format of a configuration linein /etc/sudoers

user host = command_list

Example …

Note that: to edit /etc/sudoers file, you must use the visudo program

The security concern of sudo utility Sudo utility can present security dangers if not

properly configured A user should have exactly as much as access as

her job requires. “need to know” “least privilege” A malicious user will try to use access to a single

command to gain access to other commands.

Example …

The security concern of sudo utility Many program support shelling out.

Q: what is “shelling out” ?

The sudo utility cannot control it once the power is handed out.

Conclusion: system administrator must hand out sudo power carefully.