|
|
UNIX, Linux, Apple™ OSX, & Linspire™ (Formerly Lindows OS) Security Most of the viruses, worms, and other cyber attacks you see on the Internet today affect primarily the MS Windows Operating Systems (OSs). Why is this the case? Well, simply put, hackers, crackers, cyber terrorists and others such as virus programmers attack MS Windows OSs mainly because they are the most prevalently used OSs worldwide. Security concerns on PCs running OSs other than MS Windows are therefore less likely to be targeted for attacks. However, this is not the only reason. Another reason for MS Windows being targeted more than other OSs such as UNIX, Linux, Apple OSX and Linspire can be explained by the fact that MS Windows OSs have more vulnerabilities and security holes written into them and because today’s cyber terrorists are more familiar with MS Windows because they have studied how they work in greater detail than some other OSs in use today. For instance, Linux, a derivative of UNIX (an OS originally developed by Bell Laboratories), which was invented by Linus Torvalds, a Norwegian programmer, with the assistance of other UNIX programmers worldwide since 1991, has always been an OS that not many people, with the exception of UNIX and Linux geeks, could fully understand. Linux is starting to make its way onto the desktops of more and more PCs over the last decade and, as a result, is no longer less a security target than it was before when it was protected through obscurity and ignorance. Likewise, Apple Computers has released its latest version of Operating System for the Mac known as OSX which is totally UNIX-based and no longer relies on the original Apple™ OS, such as existed in Apple OS9.x and earlier. Since both of these OSs as well as Linspire are built on the original UNIX code, they are by design less vulnerable to security attacks. When addressing security with other OSs, keep in mind that the security practices that we have discussed earlier apply equally to PCs & Macs running UNIX, Linux, Apple OSX & Linspire. In this section, I would like to concentrate my discussion not so much on general security practices but security issues that center primarily around UNIX, Linux, Apple OSX & Linspire and how these are specifically handled. A better understanding of how MS Windows is different from the other OSs mentioned here will provide a clearer insight into how the two dichotomies differ with respect to security. MS Windows OSs are written primarily in the C, C and Visual C programming languages. These programming languages are very well known to the world at large whereas UNIX is written in a less familiar machine programming language developed by Bell Laboratories back in the early 1960s. There are over 230 OSs that have sprung up since then that use the UNIX code, but I have chosen only 3 to discuss here. UNIX is a more versatile, stable, and secure OS than any MS Windows OS simply because it was designed with simplicity and flexibility in mind. Some examples of other OSs that use UNIX as their derivation are: AbCenix, CLIX, FreeMiNT, Cromix, IRIX, BSD/OS, & SunOS, just to name a few. MS Windows is designed to look at hardware differently than Linux, for instance, as the first OS mounts its file systems (FAT, FAT32, NTFS) using a logical drive letter scheme. That is to say, MS Windows uses drive letters when it assigns access to hard drives on a PC or virtual drives on a network. These drive letters are assigned as A:(floppy drive), B:(secondary floppy drive), C:(local hard disk), D: (secondary drive partition, secondary hard drive, or CD-ROM Drive), E:, F:, etcetera. In contrast, Linux uses a hierarchical arrangement starting at /root when it mounts its file systems (ext, ext2, and ext3) using this inverted tree scheme not only to mount devices on the system, but to control all sorts of aspects relating to commands, administrative tools, access points, application data, etcetera. Some examples of other directories used by Linux other than /root which is at the base of the inverted tree is: /bin, /etc /dev, /home, /mnt, / sbin, /tmp, just to name a few. How these two OSs approach the concept of hardware interfacing with the OS itself, makes a great deal of difference in how stable and vulnerable to attacks one is over the other. From a security standpoint, every system has the capability of being broken into. Where UNIX and its derivatives are at an advantage is that many more software developers are designing programs for the MS Windows-based rather than the UNIX-based applications, which themselves, have security vulnerabilities built-in. The easiest way of preventing someone from attacking your system or network is to have a means of locking the front door to your system. This is most easily accomplished through the use of firewalls (which we discussed earlier). MS Windows handles firewalls through the use of access control logs and IP/Port blocking control logs. UNIX and specifically Linux, handles firewalls through the use of iptables or ipchains. These are text-based lists that are more flexible and versatile than access control logs. Hence, they are also more secure if configured properly. Linux doesn’t use a registry file like MS Windows OSs do but rather uses configuration files to control its operational aspects. Since there are literally hundreds or even thousands of these configuration files spread out throughout the system in Linux as opposed to one massive registry file in Windows, it would be harder simply from a stochastic standpoint for a cracker to enter a UNIX-based system and do damage than if he/she could access one file on a Windows-based PC. Keep in mind that the greatest risk to any system from a security standpoint is the ease with which someone can access it. Access control is the number one means of preventing a breach of security. UNIX is a multi-user OS that is based on access control. Thus, Linux, Apple OSX and Linspire fall into this category of limiting user access from the ground up. The only way an individual should be able to access a Linux system, for instance, is if they have a user account. If a user account is not setup for them, then theoretically they don’t have access to anything on the Linux box. Access to files and folders in a Linux system is controlled by permissions assigned to these files and folders (or directories as Linux refers to them) and this is controlled strictly by /root. Passwords on a Linux system should be entirely separate for /root and any other user. To have the identical password for /root as any other user is strictly forbidden in Linux and is in fact impossible to setup. The system itself prevents this from accidentally occurring. This is not the case in a MS Windows-based system where the system administrator account’s password can be identical to another user on the system. This is just one of many examples how Linux and the other UNIX-based OSs have security advantages over MS Windows. Tightening Security in Linux  In order to further tighten security in Linux, there are a couple of essentials that should be performed. First of all, the Linux administrator should protect the ROOT account. If you are unfamiliar with this account, the ROOT user is the all-powerful Linux account holder. Root can do anything within the Linux filesystem while either logged in as root user or by issuing what is called the “SuperUser”, or su command at the command line using what is referred to as an X-Terminal window. It is for this reason that the root account is the most vulnerable account on a Linux system simply because anyone who discovers the password for the root account can do anything (benign or destructive) on a Linux system. Fortunately, there is a very simple solution which involves changing the security surrounding the root account that will greatly increase the overall security of your Linux system. This change involves the use of the wheel group to protect the su command. The wheel group is a special group built into most UNIX systems (including Linux) whose members, by convention, are the only users given access to the su command. Since the su command can be called up by a normal account user in order to obtain root privileges for administrative task purposes, protecting su from access by normal users is a very good way to strengthen security. If a malicious user can call su repeatedly, they might eventually discover the root password and thus gain total administrative control over a Linux network. To strengthen security on a Linux box and/or network in this manner involves activating the wheel group and limiting properties of su. This is a two-step process: Add at least one user to the wheel group, who already has administrative privileges because he or she can call su. Change the group membership and permissions of the su program to restrict access to members of the wheel group.
After you have added a member(s) to the wheel group, you will need to change the ownership of the su program from root.root (user root, group root) to root.wheel (user root, group wheel). This is accomplished using the chown command This allows you to restrict execute permissions to members of the wheel group, removing public execute permissions entirely. The command line for executing this as administrator is: chown root.wheel /bin/su
Now that you have added administrators to the wheel group as desired and changed the ownership of the su to root.wheel, you need to assign permissions to su as follows: Owner (root) read, write, and SUID (SetUser ID) execute Group (wheel) read and execute No permissions for non-owner, non-group members
This last step is accomplished through the use of the chmod command at an X-Terminal window. This command is: chmod 4750 /bin/su
Here the chmod command, issued in numerical MODE, assigns the SUID as executable by virtue of the 4 following chmod. The 750 that follows the 4 in this 4-digit value indicates that the owner of su has read/write/execute rights, the members of the group (wheel) have read/execute rights and everyone else has no rights whatsoever. Therefore, anyone gaining access to your Linux network wouldn’t even be able to call up the su command in order to gain administrative rights over your system because you have not explicitly assigned them to the wheel group. Another security risk is the amount of time a legitimate user has to spend on your network if their account remains idle. Idle accounts logged into the network can leave a network vulnerable. Fortunately, there is an easy solution to this problem as well. This security risk is alleviated by causing a user’s account to expire or timeout after a certain length of time. This is accomplished in Linux by creating 2 timeout profile files on the system and deleting those shells in Linux that don’t support timeouts. Here’s how it is done: Create a file called /etc/profile.d/secure.sh and place only one line in that file. The one line that should be in that file is the timeout. This one line should read: “TMOUT=1800”. This value can be changed to anything you like. The value of TMOUT is in seconds and we have chosen 1800 seconds or 30 minutes as the timeout value for illustrative purposes. If you feel 30 minutes is too long, reduce this value to a lower timeout figure. Now, after creating and saving that file, you must make the file executable by everyone. This is accomplished through the command:
chmod ugo x /etc/profile.d/secure.sh
There are two other shells in Linux that accommodate timeouts that also must be modified since users may log in and use them rather than the default shells that support the TMOUT value. These shells are csh and tsch. Therefore, you must create another file in /etc/profile.d called secure.csh which has one line of code that looks like this: set autologout=30
Here, the autologout time period is in minutes rather than seconds as in the previous example; and, again, you must mark this file as executable: chmod ugo x /etc/profile.d/secure.csh
Finally, in order to prevent anyone from logging onto your Linux system and using a shell that doesn’t support timeouts, you as administrator must delete them from the system. Shells in Linux are kept in the /etc/shells file. Therefore, open /etc/shells in your favorite text editor and eliminate the following two shells from the list and save the file: After completing this last step, all users on your Linux system will be logged out automatically after 30 minutes of idle time on their accounts, thus diminishing the possibility of crackers from accessing idle sessions on your Linux system. I will be adding more content for Other OSs as time goes by. This is just the beginning. Copyright 2006, CAC Network Security Website, All Rights Reserved This page was last modified on Saturday, November 04, 2006 16:47 GMT-05:00 |
|
|