Model Specification and Analysis
In this report the security architectural analysis will focus on the Linux operating system. The operating system can be traced to the efforts of Linus Benedict Torvalds in 1991 (Mookhey, Burghate & ISACA 2005, p. 3). At the time Mr. Torvalds, a second year university student was interested in learning to program for Intel’s x86 line of processors. The only available operating system at the time to the university was known as MINIX. The student wanted to make modifications to the system to allow it operate according to his specifications (Mookhey, Burghate & ISACA 2005, p. 3).
From these humble roots the system today known as Linux began to grow. It is important to note that Linux refers essentially to the Linux kernel and a host of software applications. Much of the software developed a s part of the project GNU (Mookhey, Burghate & ISACA 2005, p. 4). The history of Linux is closely linked with the GNU project initiated by Richard Stallman. The project was developed to ensure that users can access software and the source code for the applications. In time the GNU project had developed several applications and all that was lacking was the kernel to run the applications which was readily supplied Linux (Mookhey, Burghate & ISACA 2005, p. 4).
The kernel for Linux and most GNU applications are distributed and developed under the GNU general public license (Mookhey, Burghate & ISACA 2005, p. 4). The main purpose of establishing and operations under a common license is so as to allow the software users make modifications to applications where they find it suitable. This open source approach is especially beneficial as developers need not compete with modified versions of the software as all upgrades, modifications, bug fixes all fall under the original work.
A common misconception associated with open source is that the software is cheap and free. The enterprise versions of these products are offered at some cost and the main advantage in open source is actually the joint effort in software development (Mookhey, Burghate & ISACA 2005, p. 5).
When running the Linux operating system the kernel is responsible for the control of all internal and external aspects of the system (Ghori 2009, p. 324). This includes system hardware such as the memory, storage media, Input / Output (I/O) devices as well as process such as security and access controls, service daemons, etc. The kernel receives these instructions from the system shell and executes them as instructed (Ghori 2009, p. 324). The Linux kernel is designed as a set of modules that interoperate to allow for smooth and efficient operation of applications, services and programs on the system.
In the field of computing security of an operating system is not considered as absolute but rather a collection of protective measures that ensure a desired level safety. In practice the desired level of safety would require knowledge on how to prevent security breaches occurring during operation. This can be achieved by developing a security policy which may be adjusted to meet user needs. Most operating systems provide a default policy which can be adjusted by the administrator as is the case of Microsoft Windows (Danseglio & Allen 2006, p. 3). Linux systems also provide basic security based on a default set of rules defined in the security policy which can be amended to suit user needs (Mookhey, Burghate & ISACA 2005, p.11).
In addition to this there are several kernel patches available that can be useful in improving the Linux system. The security changes are possible as this will cause change in the operating mode of the kernel. In a Linux system the root user has unrestricted access to all segments of the system (Mookhey, Burghate & ISACA 2005, p.11). The patches primarily take away some of the potential abilities of the root user thus improving overall system security.
The Linux Intrusion Detection system (LIDS) provides a patch that can ensure the total security of the files on the system. With this feature in place files on the system can not be altered or transferred in any way even by the root user (Mookhey, Burghate & ISACA 2005, p.11). The feature provides security at points of entry such as ports, alerts about possible intrusion attempts, places restrictions on file or folder access, and restrictions on system capabilities allocated to processes. However, even with these patches threats still exist in the software and related applications owing to programming constructs such as buffer overflows, format string vulnerabilities, race conditions associated with threads, etc.
The LIDS patch is especially useful given that if vulnerability is identified in a program that is run as root it is possible to cause major damage to the system (Hatch 2001, p. 1 of 3). If an attacker could gain access to the system with the permissions of the root there are no limits to damage that may be caused.
Discussion of Standards
With regards to standards for IT security most principles are reported to be universal irrespective of the operating system (Nemeth, Snyder & Hein 2007, p. 678). For this reason the discussion on standards will focus on these universal principles. For example it is not wise to provide security through obscurity. This would refer to attempts such as the use of clear text as a security measure (Mookhey, Burghate & ISACA 2005, p.17). This occurs based on the assumption that if the user does not know of the files existence then the system is secure from damage that could result from manipulation of such files.
In addition to that it is important to develop security in depth. This suggests that the system should not depend on a single layer to provide security to the entire system. A good security infrastructure should develop several layers or approaches to protect from the same vulnerabilities (Mookhey, Burghate & ISACA 2005, p.17). It is also wise to consider security concerns right from the onset of development. It is not wise to begin security consideration upon implementation. Security issues need to be addressed tight from the design phase to ensure a balance between function and security (Mookhey, Burghate & ISACA 2005, p.17).
Also important as far as overall security is concerned it has been reported that it is better to use open system standards as opposed to proprietary standards (Mookhey, Burghate & ISACA 2005, p.17). During design of architecture or applications it is prudent to use open standards that incorporate both user and developer concepts. This is because home grown algorithms for encryption or protocols are often more risky than open standards.
Further, it is important for the system to adhere to the principle of least privileges. This ensures that the user is allocated only those privileges that are extremely essential for normal operation. This is the key to authorization and developers may easily be swayed to ease functionality at the cost of security (Mookhey, Burghate & ISACA 2005, p.18). In line with this it has been observed that when there is a choice the system should typically deny all access and only allow selected user’s access.
Also crucial to the security of a system is the consideration to provide mechanisms that allow the system to monitor the internal system status (Nemeth, Snyder & Hein 2007, p. 678). This is because security is not a one time process and the fact that authorization, authentication and input validation are well implemented system it does not ensure security breaches can not occur (Mookhey, Burghate & ISACA 2005, p.17).
It is also necessary to keep in mind that 100% security does not exist and as such even in the presence of security measures and checkpoints vulnerability may still exist. However, it is through following the security guidelines that an acceptable level of security can be established (Mookhey, Burghate & ISACA 2005, p.17). It is also advisable to segregate duties and responsibilities between staff in charge of administration and security are concerned.
Discussion of Risks
As earlier mentioned it is impossible to provide 100% security on a system but instead a set of guidelines are utilized to provide a reasonable level of security. In line with this there is a common risk of exposure that arises from details that can be collected through a system fingerprint. During operation it is common for the system to produce data known as a fingerprint which contains info about the system such as error messages, open ports, TCP/IP stack values, etc (Hatch 2008, p. 96).
This information can be used to provide information on the system to potential threats outside the system. To prevent the potential problems from fingerprints it is advised that the configurable values should be changed to emulate those of a similar function on a different operating system (Hatch 2008, p. 96). It is advisable to maintain consistency when carrying out such tactics to eliminate the possibility of identification. The more methods used to disguise the identity of the operating system and services the less likely it becomes that the intruder can decipher their true identity.
Another risk that exists with regards to operating system vulnerability is the SYN flood. This is occurs following the procedures associated with initiating a TCP connection. Typically when initiating a connection the source send a SYN packet to the destination. The destination acknowledges by sending a corresponding flag to synchronize communication (Soyinka 2008, p. 248). The sender acknowledges receipt of the acknowledgement thus opening a communication channel. A SYN flood occurs when a sender transmits a series of SYN packets to a destination with no intention of responding by acknowledgment (Soyinka 2008, p. 248). The result is the destinations host tables result in an overflow making the system unstable.
Linux through the use of a syncookie can prevent SYN flooding (Soyinka 2008, p. 248). Through this mechanism the operating system can manage the number of requests being handled and ensure the system is not overwhelmed. When a request is received the cookie is updated. When the rate of receipt of cookies exceeds a specified threshold the system can begin to eliminate requests that are not making a move to be established (Soyinka 2008, p. 248).
A common approach by intruders is the use of a hoax to gain access to the system. An example of such hoaxes is used in IP spoofing where an IP packet is created and transmitted with a false source address (Rash 2007). From the perspective of a security provider it is clear that a spoofed packet can not be trusted. Linux therefore allows the configuration of firewalls that ensure such packets are not allowed onto the network.
Another risk may occur through the use of DNS spoofing by would be intruders. A DNS request is normally sent when a user requests a webpage via a website. This request results in a response that contains the IP address of the website requested. This approach is normally exercised in collaboration with ARP spoofing which will allow the attacker observe the sent DNS requests. The attacker then allows the user to access the spoofed website and is able to collect the user authentication details giving access to the actual website (Hatch 2008, p. 414).Linux does not provide any means to prevent DNS spoofing but can limit ARP spoofing via static ARP entries. This approach can limit the attacks by preventing the forged DNS requests from poisoning the stored ARP entries.
Analysis of Contingency Planning
An effective operating system needs to have some mechanism to address incidents that may cause system instability. Linux allows the user to utilize a number of tools and options for response to various incidents. These tools have been found useful for functions ranging from recovery of passwords to a complete forensic analysis of the system (Hatch 2008, p. 119). Upon deciding to shut down the system a bootable Linux incident response can be useful in discovery of what compromises have been made on the system and suggesting methods for recovery. There are also several enterprise forensic solutions available for use with the software that is effective in providing incident response e.g. EnCase or FTK.
With regards to disaster recovery Linux allows the user to prepare for disaster through making backups of the system and data files. In the event a disaster occurs the recovery will require loading these back ups and ensure the user can resume normal operations in a short period (Hatch 2008, p. 119). It should be noted that though the operating system may provide mechanisms for disaster recovery, not exploiting them will ensure inability to recover from disaster. Business continuity planning thus requires that the establishment prepare a procedure to periodically back up data and system files to assist in system recovery after breakdown (Turnbull, Lieverdink & Matotek 2009, p. 626).
Analysis of Data Hiding Methodologies
Linux provides the user a variety of methods for encryption to hide data as a means of providing additional security (Mookhey, Burghate & ISACA 2005, p.72). Among the popular encryption applications offered on the platform is PGP which is available via GNU known as GnuPG. Through encryption of files the data can be protected from the casual observer as the data requires a cryptographic key to unlock (Thomas, Channelle & Sicam 2009, p. 187).
Linux normally offer two types of encryption namely, file and email encryption. File encryption requires that a special secret password or key be utilized to unlock the file thus allowing users an additional security option for stored data files. Also the system can provide email encryption to email messages so that only the user is able to read these messages (Thomas, Channelle & Sicam 2009, p. 187). In addition the email application evolution allows for the user to digitally sign email messages and encryption of sent email and decryption of received messages.
The Linux system also provides additional security to the user by the obscuring of fonts used in entering information. During entering login information in text mode the system for security purposes obscures the text (Garrels 2007, p. 38). The color of the text is the same as the background and so the user can not see what they are entering (Garrels 2007, p. 38). This ensures additional security from prying eyes. This simple procedure ensures that the person watching the screen as you enter your authentication data can not ‘steal’ private data. Another approach that is used on the Linux system to provide security is the macro approach.
The role of macros in security on Linux systems is that they can be used instead of creating separate rule set. A macro is a simple command that instructs the system on what action to take and what variables to consider in performing the action. A macro can be used when a transition occurs from one user to the next and to consider the type of permissions to grant the user (Petersen 2009, p. 294). This approach to security makes the process of handling system events such as changes in system control easier to manage and more secure as opposed to constant redefinition of rule sets.
Another common approach to security on most operating systems is the use of metadata. Metadata refers to collecting significant data about data such as timestamps, users, source of information, etc. (Xiong 2008, p. 655). This data can be created from all forms of data and can be used in provide description or functional information on data on a system. This approach is especially crucial for security given that an attacker may store a harmful file on the system (Xiong 2008, p. 655). The metadata can thus be used in finding in formation about this file and help in system recovery.
In addition to security concerns metadata is commonly used by libraries, search engine and corporate networks to facilitate faster and more efficient searching (Xiong 2008, p. 655). Thus Linux generates metadata on all files and folders during operation. This data contains information on permissions of the user, timestamp, security, etc. Linux also generates metadata in relation to the web content accessed via browsers and other applications (Xiong 2008, p. 655).
Many of the applications designed to run on Linux are also designed to provide metadata that can be useful for recovery of their operations. Examples of Linux applications that utilize metadata include word processors, imaging software and spreadsheets. On these applications just as on the system the metadata provides useful traces information that can help in application recovery such as document creation date, modification date, etc.
Conclusion
The discussion presented in this report has briefly highlighted information on the Linux operating system and how it is developed in relation to various security issues. It has been observed that the system is reasonably secure but it is crucial to once again emphasize that there is no such thing as 100% secure system. This is because the various security implementations need to be wisely utilized to ensure a reasonable level of security is achieved.
References
Danseglio, M & Allen, R 2006, Windows Server 2003 Security Cookbook, O’Reilly Media Inc, California.
Garrels, M 2007, Introduction to Linux (Second Edition), Fultus Corporation, California.
Ghori, A 2009, Red Hat certified technician & engineer, Lightning Source Inc, Printed in USA.
Hatch, B 2001, Overview of LIDS, Part One. Web.
Hatch, B 2008, Hacking exposed Linux: Linux Security Secrets & Solutions, The McGraw-Hill Companies, New York.
Mann, S & Mitchell, EL 2000, Linux system security: An administrator’s guide to open source security tools, Prentice Hall PTR, New Jersey.
Mookhey, KK, Burghate, N & ISACA 2005, Linux: Security, Audit and Control Features, Information Systems Audit and Control Association: Illinois.
Nemeth, E, Snyder, G & Hein, TR 2007, Linux Administration Handbook, Pearson Education Inc, New Jersey.
Petersen, R 2009, Ubuntu 9.04: System Administration and Security, Surfing Turtle Press, Alameda, CA.
Rash, M 2007, Linux firewalls: attack, detection and response with IP tables, psad and fwsnort, No Starch Press Inc, California.
Soyinka, W 2008, Linux Administration: A Beginner’s guide, The McGraw-Hill Companies, New York.
Thomas, K, Channelle, A & Sicam, J 2009, Beginning Ubuntu Linux: From novice to professional, Apress Inc, New York.
Turnbull, J, Lieverdink, P & Matotek, D 2009, Pro Linux system administration, Springer publications, New York.
Xiong, H 2008, Encyclopedia of GIS, Springer Science + Business Media LLC, New York.