Security Strategies in Linux Platforms and Applications Chapter
![Security Strategies in Linux Platforms and Applications Chapter 4 User Privileges and Permissions © Security Strategies in Linux Platforms and Applications Chapter 4 User Privileges and Permissions ©](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-1.jpg)
![Learning Objective § Explain user account management and the principle of least privilege to Learning Objective § Explain user account management and the principle of least privilege to](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-2.jpg)
![Key Concepts § Policies for user accounts § Boundaries for the user, system, and Key Concepts § Policies for user accounts § Boundaries for the user, system, and](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-3.jpg)
![The Shadow Password Suite: Fundamental Files /etc/passwd /etc/group /etc/shadow /etc/gshadow Security Strategies in Linux The Shadow Password Suite: Fundamental Files /etc/passwd /etc/group /etc/shadow /etc/gshadow Security Strategies in Linux](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-4.jpg)
![Managing Password Change and Expiration Dates § The following change commands are used to Managing Password Change and Expiration Dates § The following change commands are used to](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-5.jpg)
![User Privileges as a Member of Special Groups Security Strategies in Linux Platforms and User Privileges as a Member of Special Groups Security Strategies in Linux Platforms and](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-6.jpg)
![Group Account § Groups provide a way to better manage accounts in the following Group Account § Groups provide a way to better manage accounts in the following](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-7.jpg)
![Defining the User Account Policy § Who needs access and why? § How long Defining the User Account Policy § Who needs access and why? § How long](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-8.jpg)
![Linux System Administrator § Creates user accounts § Enforces user account and password policy Linux System Administrator § Creates user accounts § Enforces user account and password policy](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-9.jpg)
![Using sudo Command 1 As a root user, issue the following command: [root@is 418 Using sudo Command 1 As a root user, issue the following command: [root@is 418](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-10.jpg)
![Files with Access Control List (ACL) Permissions § ACL grants special permissions that are Files with Access Control List (ACL) Permissions § ACL grants special permissions that are](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-11.jpg)
![Failed Remote Login Attempts Security Strategies in Linux Platforms and Applications © 2015 Jones Failed Remote Login Attempts Security Strategies in Linux Platforms and Applications © 2015 Jones](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-12.jpg)
![Using PAM § An application can use its own authentication file in the /etc/pam. Using PAM § An application can use its own authentication file in the /etc/pam.](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-13.jpg)
![PAM-related Packages on Ubuntu Security Strategies in Linux Platforms and Applications © 2015 Jones PAM-related Packages on Ubuntu Security Strategies in Linux Platforms and Applications © 2015 Jones](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-14.jpg)
![Policy. Kit Authorizations Tool Security Strategies in Linux Platforms and Applications © 2015 Jones Policy. Kit Authorizations Tool Security Strategies in Linux Platforms and Applications © 2015 Jones](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-15.jpg)
![Best Practices for Account Management § Create a password policy in /etc/login. defs file. Best Practices for Account Management § Create a password policy in /etc/login. defs file.](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-16.jpg)
![Summary § System, service, and regular user accounts, group accounts, and user account policy Summary § System, service, and regular user accounts, group accounts, and user account policy](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-17.jpg)
![Virtual Lab § Hardening Security with User Account Management and Security Controls Security Strategies Virtual Lab § Hardening Security with User Account Management and Security Controls Security Strategies](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-18.jpg)
![OPTIONAL SLIDES Security Strategies in Linux Platforms and Applications © 2015 Jones and Bartlett OPTIONAL SLIDES Security Strategies in Linux Platforms and Applications © 2015 Jones and Bartlett](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-19.jpg)
![System, Service, and Regular User Accounts System Account Service Account Regular Account Created when System, Service, and Regular User Accounts System Account Service Account Regular Account Created when](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-20.jpg)
![Establishing a User Account Policy 1. Open the /etc/login. defs file. 2. Set the Establishing a User Account Policy 1. Open the /etc/login. defs file. 2. Set the](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-21.jpg)
- Slides: 21
![Security Strategies in Linux Platforms and Applications Chapter 4 User Privileges and Permissions Security Strategies in Linux Platforms and Applications Chapter 4 User Privileges and Permissions ©](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-1.jpg)
Security Strategies in Linux Platforms and Applications Chapter 4 User Privileges and Permissions © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www. jblearning. com All rights reserved.
![Learning Objective Explain user account management and the principle of least privilege to Learning Objective § Explain user account management and the principle of least privilege to](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-2.jpg)
Learning Objective § Explain user account management and the principle of least privilege to protect and secure the system and its data. Security Strategies in Linux Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www. jblearning. com All rights reserved. Page 2
![Key Concepts Policies for user accounts Boundaries for the user system and Key Concepts § Policies for user accounts § Boundaries for the user, system, and](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-3.jpg)
Key Concepts § Policies for user accounts § Boundaries for the user, system, and root accounts § Group accounts for managing the security process § Pluggable Authentication Modules (PAM) § Special user privileges for accessing files, including the executable files Security Strategies in Linux Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www. jblearning. com All rights reserved. Page 3
![The Shadow Password Suite Fundamental Files etcpasswd etcgroup etcshadow etcgshadow Security Strategies in Linux The Shadow Password Suite: Fundamental Files /etc/passwd /etc/group /etc/shadow /etc/gshadow Security Strategies in Linux](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-4.jpg)
The Shadow Password Suite: Fundamental Files /etc/passwd /etc/group /etc/shadow /etc/gshadow Security Strategies in Linux Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www. jblearning. com All rights reserved. Page 4
![Managing Password Change and Expiration Dates The following change commands are used to Managing Password Change and Expiration Dates § The following change commands are used to](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-5.jpg)
Managing Password Change and Expiration Dates § The following change commands are used to enforce password change and expire accounts: § The command to enable user “jdoe” to change password at next login: [root@is 418 ~]# chage -d 0 jdoe § The command to expire the user account “jane” on May 31, 2011: [root@is 418 ~]# chage -E “ 05/31/2011” jane Security Strategies in Linux Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www. jblearning. com All rights reserved. Page 5
![User Privileges as a Member of Special Groups Security Strategies in Linux Platforms and User Privileges as a Member of Special Groups Security Strategies in Linux Platforms and](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-6.jpg)
User Privileges as a Member of Special Groups Security Strategies in Linux Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www. jblearning. com All rights reserved. Page 6
![Group Account Groups provide a way to better manage accounts in the following Group Account § Groups provide a way to better manage accounts in the following](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-7.jpg)
Group Account § Groups provide a way to better manage accounts in the following ways: • Permissions can be given to a group rather than individuals. • Employees can be added or deleted from predefined groups. • Groups improve the maintainability of user accounts. Security Strategies in Linux Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www. jblearning. com All rights reserved. Page 7
![Defining the User Account Policy Who needs access and why How long Defining the User Account Policy § Who needs access and why? § How long](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-8.jpg)
Defining the User Account Policy § Who needs access and why? § How long does a user need access? § Where will the user access the computer system from? § What are the tasks the user needs to perform? Security Strategies in Linux Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www. jblearning. com All rights reserved. Page 8
![Linux System Administrator Creates user accounts Enforces user account and password policy Linux System Administrator § Creates user accounts § Enforces user account and password policy](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-9.jpg)
Linux System Administrator § Creates user accounts § Enforces user account and password policy § Establishes user account policy Security Strategies in Linux Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www. jblearning. com All rights reserved. Page 9
![Using sudo Command 1 As a root user issue the following command rootis 418 Using sudo Command 1 As a root user, issue the following command: [root@is 418](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-10.jpg)
Using sudo Command 1 As a root user, issue the following command: [root@is 418 ~]# visudo 2 Enable ALL privileges to user “jdoe” by using the following command: jdoe ALL=(ALL) ALL 3 Login as “jdoe” and use the following sudo command: [jdoe@is 418 ~]# sudo useradd maryj Security Strategies in Linux Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www. jblearning. com All rights reserved. Page 10
![Files with Access Control List ACL Permissions ACL grants special permissions that are Files with Access Control List (ACL) Permissions § ACL grants special permissions that are](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-11.jpg)
Files with Access Control List (ACL) Permissions § ACL grants special permissions that are not part of the regular file permissions. § These files are used to provide a user or group special access to a file or executable without changing the file permissions. § Permissions can be granted to a user (u), a group (g), and others (o). § Permissions are typically read, write, and execute. Security Strategies in Linux Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www. jblearning. com All rights reserved. Page 11
![Failed Remote Login Attempts Security Strategies in Linux Platforms and Applications 2015 Jones Failed Remote Login Attempts Security Strategies in Linux Platforms and Applications © 2015 Jones](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-12.jpg)
Failed Remote Login Attempts Security Strategies in Linux Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www. jblearning. com All rights reserved. Page 12
![Using PAM An application can use its own authentication file in the etcpam Using PAM § An application can use its own authentication file in the /etc/pam.](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-13.jpg)
Using PAM § An application can use its own authentication file in the /etc/pam. d directory. § PAM can be used to: • Allow access to specific application only during certain times of the day • Deny user logins based on files and restrict the user of the su command to only certain groups or users • Disconnect a user after ‘x’ number of login attempts Security Strategies in Linux Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www. jblearning. com All rights reserved. Page 13
![PAMrelated Packages on Ubuntu Security Strategies in Linux Platforms and Applications 2015 Jones PAM-related Packages on Ubuntu Security Strategies in Linux Platforms and Applications © 2015 Jones](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-14.jpg)
PAM-related Packages on Ubuntu Security Strategies in Linux Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www. jblearning. com All rights reserved. Page 14
![Policy Kit Authorizations Tool Security Strategies in Linux Platforms and Applications 2015 Jones Policy. Kit Authorizations Tool Security Strategies in Linux Platforms and Applications © 2015 Jones](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-15.jpg)
Policy. Kit Authorizations Tool Security Strategies in Linux Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www. jblearning. com All rights reserved. Page 15
![Best Practices for Account Management Create a password policy in etclogin defs file Best Practices for Account Management § Create a password policy in /etc/login. defs file.](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-16.jpg)
Best Practices for Account Management § Create a password policy in /etc/login. defs file. § Lock user accounts that will not need access for a long period of time. § Set account expiration for temporary accounts. § Remove user and service accounts that are no longer being used. § Monitor account usage and login attempts. Security Strategies in Linux Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www. jblearning. com All rights reserved. Page 16
![Summary System service and regular user accounts group accounts and user account policy Summary § System, service, and regular user accounts, group accounts, and user account policy](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-17.jpg)
Summary § System, service, and regular user accounts, group accounts, and user account policy § Best practices for account management § Process of establishing a user account policy, managing password change, and using sudo command § Files with ACL permissions and the roles and responsibilities of a Linux system administrator § Use of PAM Security Strategies in Linux Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www. jblearning. com All rights reserved. Page 17
![Virtual Lab Hardening Security with User Account Management and Security Controls Security Strategies Virtual Lab § Hardening Security with User Account Management and Security Controls Security Strategies](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-18.jpg)
Virtual Lab § Hardening Security with User Account Management and Security Controls Security Strategies in Linux Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www. jblearning. com All rights reserved. Page 18
![OPTIONAL SLIDES Security Strategies in Linux Platforms and Applications 2015 Jones and Bartlett OPTIONAL SLIDES Security Strategies in Linux Platforms and Applications © 2015 Jones and Bartlett](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-19.jpg)
OPTIONAL SLIDES Security Strategies in Linux Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www. jblearning. com All rights reserved. Page 19
![System Service and Regular User Accounts System Account Service Account Regular Account Created when System, Service, and Regular User Accounts System Account Service Account Regular Account Created when](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-20.jpg)
System, Service, and Regular User Accounts System Account Service Account Regular Account Created when the operating system is installed Created automatically when installing a service using a package management program Created by root or an account with privileged access Users and groups < 100 Users and groups < 500 Users and groups > 500 Login directory typically set to /sbin/nologin or a system command, such as /sbin/shutdown Login directory mostly Login directory set to /sbin/nologin but /bin/bash may also be set to a typical login shell, such as /bin/bash Security Strategies in Linux Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www. jblearning. com All rights reserved. Page 20
![Establishing a User Account Policy 1 Open the etclogin defs file 2 Set the Establishing a User Account Policy 1. Open the /etc/login. defs file. 2. Set the](https://slidetodoc.com/presentation_image/4680317b865be4355d8312fff08b8676/image-21.jpg)
Establishing a User Account Policy 1. Open the /etc/login. defs file. 2. Set the Password Change directive. 3. Set the Warn directive. 4. Set the password minimum length. 5. Enable login failure logging. 6. Enable successful login logging. 7. Enable the su command. 8. Save and exit. Security Strategies in Linux Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www. jblearning. com All rights reserved. Page 21
Security strategies in linux platforms and applications
Security strategies in linux platforms and applications
Security strategies in windows platforms and applications
Security strategies in windows platforms and applications
Security strategies in windows platforms and applications
Linux security modules
What is the nature of online platforms and applications
Privatesecurity
Uclinux
Prog3 bme
Acquiring information systems and applications
Linux security features
Lsm framework
Wireless security in cryptography
Security policy and integrated security in e-commerce
It diverse information sharing through universal web access
Linux operation and administration chapter 8
Osi standard for security architecture is
Guide to network security
Visa international security model diagram
Electronic mail security in network security
Explain about cnss security model