RHS333: Red Hat Enterprise Security: Network Services  

Objectives

  • Learn how to improve and maintain the security of typical network services provided on a Red Hat Enterprise Linux system
  • Focus on mechanisms at the Transport layer or higher in the OSI network model
    • Securing services
    • Cryptography
    • Intrusion Detection and prevention
Audience and Prerequisites

  • Audience: System administrators, consultants, and other IT professionals
  • Prerequisites: RH253, RH300, RHCE certification or comparable work experience; knowledge of basic configuration of the network services covered in the course
Notes on Internationalization

                             Unit 1

The Threat Model and Protection Methods
Objectives

Upon completion of this unit, you should be able to:
  • Basic attack on the system
  • Simple measures for attacks on host security
  • Protection methods
  • Define Virtualization
  • Work with Xen tools
The Attacker's Plan

  • Gather intelligence on the target system
  • Identify vulnerabilities of the target
  • Gain any access to the target required
  • Use a vulnerability to successfully compromise the system
  • Avoid retaliation for the attack
System Security

  • End system compromises include
    • Attacks on system availability
    • Unauthorized access
    • Inappropriate use by authorized users
  • These compromises may involve
    • Exploiting flawed or misconfigured software
    • Exploiting protocol weaknesses
    • Exploiting trust relationships
Service Availability

  • Applications must remain available
  • Denial of Service (DoS) attacks
    • May simply be used to disrupt service
    • May be used so attacker can spoof clients
  • Monitoring is critical
    • Service status and network activity
Information Leakage

  • Services leak information
    • Banner messages (software and version)
    • Hosts or accounts that may use the service
    • Resources that are available
  • This information may be used by an attacker to prepare an intrusion attempt
Authentication and Trust

  • Secure services need to authenticate client identities and authorize access
  • Weak authentication
    • Credential capture attacks
    • Leads to mis authentication, compromise
  • Inappropriate trust
    • Stolen data or authentication credentials
    • Compromise of one trusted host can lead to compromise of many hosts
Input Validation Attack

Responsible for many remote exploits
Program fails to properly check user input for validity
Buffer overflows
More data placed in buffer than expected
Crashes program or executes arbitrary code
Format string attacks
User data used in an insecure way

Protection Mechanism

  • Firewalls
    • Netfilter
    • Proxy
    • Local packet filters
  • TCP Wrappers
  • Xinetd
  • Pluggable Authentication Modules
  • Security Enhanced Linux
  • Service specific
  • Application hardening
Packet Filters

  • Low level security
  • Used as firewalls
Network Proxies

  • Often used in DMZ
  • Good at filtering content
Local Security
  • Why do local security?
    • Firewalls does not stop intruders from within
    • Firewalls cannot offer perfect protection
    • Firewalls cannot filter content like the application can
TCP Wrappers and xinetd

  • TCP Wrappers
    • Test services linked against libwrap.so
    • Powerful for logging and access control
  • xinetd
    • Access control for services under xinetd's control
PAM and SELinux

  • Pluggable Authentication Modules
    • Control access to individual services
      • Time
      • Usage limits
      • Location
  • Security Enhanced Linux
    • Mandatory Access Control
Service Security

  • Control mechanisms not available to the entire system
  • Specialized security
ExecShield

  • Segment Limits
  • NX/XD-Technology
  • sysctl kernel.exec-shield
Virtualization with Xen

  • Advantages of Virtualization
    • Effective resource usage
    • Manageability
    • Security
  • Key Concepts of Xen
    • Small Hypervisor
    • First “Domain” manages the system
    • Supports full and para virtualization
Xen Domains

  • Xen virtual hosts are called domains
    • First domain loaded is called Domain-0
    • Domain-0 is booted immediately after the hypervisor starts
    • Domain-0 provides the user interface at the console
    • Domain-0 is used to install and manage other domains
    • In a real-world setting Domain-0 should be used only to manage other domains.
    • Additional domains have specific names but are also generically referred to as Domain-U
    • Domain-U configuration files are stored in /etc/xen/domain
Xen Configuration

  • Network connectivity can be configured to "bridge" through the network interface of Domain-0
    • By default mapped to xenbr0
    • Each Domain-U has it's own independent network configuration
  • Xen domains use either special files or block devices for storage
  • Domains are started by a service called xendomains
    • xendomains determines what domains to start by which xen domain configuration file are linked in /etc/xen/auto
Domain Management with xm

  • Command line management tool
  • Controlling domains
    • xm <create|destroy> domain
    • xm <pause|unpause> domain
    • xm <save|restore> domain filename
    • xm <shutdown|reboot> domain
  • Monitoring
    • xm list
    • xm top
    • xm console domain
End of Unit 1

  • Questions and Answers
  • Summary
    • Basic types of attacks
    • Simple steps to improve host security
    • Protection mechanisms
    • Xen Terminology
    • xm Commands