Prepared By: Abdelsalam Aref Manhal Tawfiq

Prepared By Abdelsalam Aref Manhal Tawfiq

Supervised By Dr Lorsquoai Tawalbeh2006

New York Institute of Technology (NYIT)- Jordanrsquos campus-2006

outlines

bull What is UNIXbull UNIX POPULARITYbull Structure of UNIXbull Advantages of UNIXbull Disadvantages of UNIXbull Unix securitybull Unix forensics toolsbull Summarybull references

What is UNIX

Is a general ndash purpose multi-user operating system developed at Bell Laboratories as a private research project by a small group of people starting in 1969

About one year later during the early 1970 unix was unveiled to the general public

The main goals of the group were to design an operating system to satisfy the following objectives bullSimple and elegant bullWritten in a high level language rather than assembly language bullAllow re-use of code

Cont

bull Today UNIX has evolved into three main categoriesbull BSD (Berkley software distributed)bull System V Release 4bull And hybrid

bull Some of the most populer UNIX arebull IBMrsquos AIXbull Sun Microsystemsrsquo salariesbull SGIrsquoS IRIXbull LINUXbull OPEN BSDbull AND FREE BSD

UNIX POPULARITY

bull Only a very small amount of code in UNIX is written in assembly language This makes it relatively easy for a computer vendor to get

bull The application program interface allows many different types of applications to be easily implemented under UNIX without writing assembly language

bull Vendor-independent networking allows users to easily network multiple systems from many different vendors

Structure of UNIX

The Unix system consists of 3 levels

bull Kernel that schedules tasks and manages data storage It performs low levels jobs to schedule processes keep track of files and control hardware devices

bull The shell is a program that interprets the commands typed by the user and translates them into commands that the kernel understands

bull The outermost layer consists of tools and applications adding special capabilities to the operating system The tools come either with the operating system or could be obtained from third party to enhance the functioning of the operating system

Advantages of UNIX

bull UNIX is portable from large systems to medium-sized systems to single user systems

bull UNIXs utilities are brief single-operation commands that can be combined to achieve almost any desired result

bull UNIX is device independent Since it includes the device drivers as part of the operating system UNIX can be configured to run any device

bull UNIX is multitasking Multiple programs can run at one time bull UNIX is multi-user The same design that permits multitasking

permits multiple users to use the computer Multiple users can simultaneously use a single computer running UNIX

Cont

bullUNIX runs on older less powerful machines Chances are that if a computer does not have enough CPU speed and memory for Windows it can still run UNIX

bull Several UNIX variants such as FreeBSD are free High quality free applications like the emacs text editor Apache web server and GIMP image editor are available for UNIX platforms

cont

bullUnix is more flexible and can be installed on many different types of machines including main-frame computers supercomputers and micro-computers

bull Unix is more stable and does not go down as often as Windows does therefore requires less administration and maintenance

bull Unix has greater built-in security and permissions features than Windows

bullUnix possesses much greater processing power than Windows

bull Unix is the leader in serving the Web About 90 of the Internet relies on Unix operating systems running on Apache the worlds most widely used Web server

bull Software upgrades from Microsoft often require the user to purchase new or more hardware or prerequisite software That is not the case with Unix

Disadvantages of UNIX

bull UNIX is harder to install maintain and upgrade than Windows

bull UNIXs commands are so brief that novice users find the operating system unfriendly

bull More home oriented applications run under Windows than UNIX

bull There is no single standard version of the operating system

Unix security

Design concepts

User and administrative techniques

Unix security Design concepts

1 Permissions

bullA core security feature in these systems is the permissions system All files have permissions set enabling different access to a file

bullUnix permissions permit different users access to a file Different user groups have different permissions on a file

bullMore advanced Unix file systems include the Access Control List concept which allows permissions to be granted to multiple users or groups An Access Control List may be used to grant permission to additional individual users or groups

Unix security Design concepts

UNIX defines three fields of 3 bits each ndash r w x1048631 r controls read access1048631 w controls write access1048631 x controls execution

In this scheme 9 bits per file are needed to recordprotection information

A separate field is kept for the file owner for the filersquosgroup and for all other users

Unix security Design concepts

A Sample UNIX Directory Listing

bull The first field describes the file or directoryrsquos protectionbull A d as the first character indicates a subdirectorybull Also shown arendash The number of links to the filendash The ownerrsquos namendash The grouprsquos namendash The size of the file in units of bytesndash The date of last modificationndash The filersquos name (with optional extension)

Unix security Design concepts

2 User groups Users under Unix operating systems often belong to managed groups

with specific access permissions This enables users to be grouped by the level of access they have to this system

3 Issues Most Unix style systems have an account or group which enables a user to exact complete control over the system often known as a root account If access to this account is gained by an unwanted user this results in a complete breach of the system A root account however is necessary for administrative purposes usage of the root account can be more closely monitored

Unix security User and

administrative techniques

1 Passwords bull Selecting a strong password and guarding it properly is probably the

most important things a user can do to improve Unix security In Unix systems passwords are usually stored under the file etcpasswd Actually this file stores more rather than just passwds it keeps track of the users registered in the system and their main definitions The entries in etcpasswd are like this

bull nicknamepassword_hashUserIDGroupIDComplete_Namehome_dirshell_bin

bull An example would be xfze$1$zuW2nX3sslp3qJm9MYDdglEApAc36r1000100Joseacute Carlos D S Saraivahomexfzebinbash

Cont

But as all users must have access to this file in order for the system to compare the password given at the login prompt with the one stored in the file anyone could have access to the file and retrieve other users password hash

To solve this problem is to use what is known as a shadow file (etcshadow) The whole idea is then to move the encrypted passwords from etcpasswd to etcshadow and make the latter not readable by normal users

Unix security User and administrative techniques

2 Users and accounts bull Administrators should delete old accounts promptly bull only no remote root logins

UNIX forensics tools

bull Data Acquisition IR Toolsbull Media Management Analysis Toolsbull File System Analysis Toolsbull Application Analysis Toolsbull Network Analysis Tools

Data Acquisition IR Tools

bull Title Automated Image and Restore (AIR) bull Description AIR (Automated Image amp Restore) is a GUI front-end

to dddcfldd designed for easily creating forensic bit images

bull Title dcfl-dd bull Description dcfl-dd is a modified version of the GNU binutils

version of dd It calculates the MD5 hash value of the data while it copies the data

bull Title ddbull Description dd is a common UNIX tool that copies data from one

file to another It can also be used with netcat to send data to a server over the network

Media Management Analysis Tools

bull TitleCDfs

bull DescriptionCDfs is a file system for Linux systems that `exports all tracks and boot images on a CD as normal files These files can then be mounted (eg for ISO and boot images) copied played (audio and VideoCD tracks)

bull Title Cdrecord bull Description Cdrecord supports DVD-R and DVD-RW with all known DVD-

writers on all UNIX-like OS and on Win32 DVD writing support is implemented in cdrecord since march 1998 Cdrecord writes DVD media similar to CD media The readcd tool can be used to read the contents of a CD

Titledisktype Description The purpose of disktype is to detect the content format of a disk or

disk image It knows about common file systems partition tables and boot codes (Ed It is similar to file but gives much more details about the file system or partition table)

File System Analysis Tools

bull Title Autopsy Forensic bull Description Autopsy is a graphical interface to the command line tools in

The Sleuth Kit and allows one to view deleted NTFS FAT EXTxFS and FFS files perform keyword searches and create timelines of file activity

bull Titledisktype bull Description The purpose of disktype is to detect the content format of a

disk or disk image It knows about common file systems partition tables and boot codes (Ed It is similar to file but gives much more details about the file system or partition table)

bull Title e2salvage bull Description e2salvage is a utility which tries to do in-place data

recovery a from damaged ext2 filesystems Unlike e2fsck it does not look for the data at particular places and it dont tend to believe the data it finds thus it can handle much more damaged filesystem

Network Analysis Tools

bull Title tcpflow bull Description tcpflow is a program that captures data transmitted as

part of TCP connections (flows) and stores the data in a way that is convenient for protocol analysis or debugging A program like tcpdump shows a summary of packets seen on the wire but usually doesnt store the data thats actually being transmitted In contrast tcpflow reconstructs the actual data streams and stores each flow in a separate file for later analysis

bull Title Ethereal bull Description Ethereal is used by network professionals around the

world for troubleshooting analysis software and protocol development and education It has all of the standard features you would expect in a protocol analyzer and several features not seen in any other product Its open source license allows talented experts in the networking community to add enhancements It runs on all popular computing platforms including Unix Linux and Windows

Application Analysis Tools

bull Title Autopsy Forensic Browser

bull Description Autopsy is a graphical interface to the command line tools in The Sleuth Kit and allows one to view deleted NTFS FAT EXTxFS and FFS files perform keyword searches and create timelines of file activity

bull Title binutils

bull Description The GNU Binutils are a collection of binary tools For forensics these are used for binary analysis including strings

bull Title findAuthor bull Description The find program searches a directory tree to find a file

or group of files It traverses the directory tree and reports all occurrences of a file matching the users specifications The find program includes very powerful searching capability

Summary

bull Unix operating systems are widely used in both servers and workstations

bull UNIX has several advantages as an operating system such as portability powerful utilities device independence being multitasking allowing multi-user low system requirements and the availability of free software

bull There are disadvantages of using the UNIX operating system Some of them are unfriendly commands no standard version of UNIX difficult installation and lack of commercially available software

bull We found that Windows NT has slightly more rigorous security features than ldquostandardrdquo UNIX but the two systems display similar vulnerabilities The conclusion is that there are no significant differences in the ldquorealrdquo level of security between these systems

Resources

bullBooksbullMaurice J Bach The Design of The UNIX Operating System Prentice-Hall Inc1986

bullUNIX System Security A Guide for Users and System Administrators Addison- Wesley 1994

bullAbraham Silberschatz and Peter Galvin ldquoOperating System Conceptsrdquo 6th Edition byAddison-Wesley Publisher 2001

bullWebsites bullhttpftimessourceforgenetFTimesindexshtml bullhttpsourceforgenetprojectsbiatchux bullhttpdirectoryfsforgsysadminBackupsddhtml bullhttpfreshmeatnetprojectscdrecord

Questions