## 2019-2020-1 semester 20,192,420 "Introduction to cyberspace security professionals," the tenth week reading notes (cyberspace security Introduction)

2019-2020-1 semester 20,192,420 "Introduction to cyberspace security professionals," the tenth week reading notes (cyberspace security Introduction)

---

Chapter 4 System Security

4.1 Operating System Overview

• The computer is hardware, operating system software, application software complex systems together constitute.
• Common computer operating systems : Windows, Linux, Android, iOS .
• OS (Operating System) group: management and control of computer software and hardware resources collection, to provide users with convenient computing services of a computer program.
• Computer operating system features include: process management, memory management, device management, file management, user interface .
• Operating system vulnerabilities and virtualized environments security issues will be the operating system security pose a serious threat.

---

4.2 Operating System Security

4.2.1 operating system security threats and vulnerability

• Operating system security threats include: the illegal invasion of a user or a fake user system, the data is unlawful destruction or loss of data, unknown viruses and hacking damage, the operating system is not functioning properly .
• Operating system vulnerabilities include: problems of long-distance calls and operating system vulnerabilities and process management systems .
• Operating system common vulnerabilities include: empty passwords or weak passwords, default shared key system components vulnerabilities and application vulnerabilities .

Common security protection mechanisms 4.2.2 operating system

• Process isolation and memory protection
  in order to achieve process isolation and memory protection mechanisms, computer operating systems added to the memory module management unit (MMU) , a program run by the MMU module is responsible for allocating memory space needed to run the process, process isolation and memory protection mechanism provides independent running space for each process.
• Operating mode
  operating mode of modern CPU is usually divided into kernel mode and user mode two modes of
  1) kernel mode : also known as privileged mode, the Intel x86 series, called the core layer (Ring 0) .
  2) user mode : also referred to as a non-privileged mode, or the user layer (Ring. 3) .
• User access control
  is currently commonly used operating systems typically divided into user permissions system administrator users, ordinary users, guest users different permissions levels.
• File system access control
  typical file operations access control file is read, write, and execute three permissions to restrict, respectively, to deal with file read, modify, and run.

4.2.3 operating system security assessment

• TCSEC by grade and measures should be adopted in response to the processing information, the computer security descending into A, B, C, D 7 security level four, a total of 27 evaluation criteria .
• Class D is the lowest level of security, after the assessment, but the system does not meet the higher grade requirements under the assessment to D grade.
• Class C safety measures are adopted discretionary access control and audit trail . Class C is divided into two levels C1 and C2: customize access control and security level access protection level.
• Class B is a mandatory level of protection, the main requirement is that TCB (Trusted Computing Base) should maintain the integrity of the safety mark, and perform a series of mandatory access control rules on this basis. Class B is divided into three levels: marked security level (B1), means of protection level (B2) and protection level security zone (B3) .
  Aspects of B3 supported by the system:
  security administrator functions
  expanded audit mechanism
  when security-relevant events occurred, signaling that
  provide system recovery mechanism
  system has a high resistance to penetration
• A level of authentication protection level, including severe design, control and verification process . A class is divided into two levels: the design verification stage (A1 grade) and super class A1.
  Ultra range A1 level system includes: system architecture, security testing, formal specification and verification, credible design environment .

4.2.4 commonly used operating system and its security

• Modern operating systems can generally be divided into an ordinary computer operating system, the mobile terminal operating system, an embedded operating system, and the like.
• Windows System Security
  Security Windows systems to Windows security subsystem and is supported by the NTFS file system, Windows service pack and patch mechanisms, system logs, etc., a complete security system.
  1) Windows security subsystem
  Windows security subsystem of the Windows operating system core, is a Windows system security.
  Windows logon by the system control process, security account manager, local safety certification and safety posed by the reference monitor.
• NTFS file system
  NTFS file system from Windows NT version began by Microsoft as the default file system for Windows systems, the file system will not only improve the performance of the file system, but also through the introduction of access rights management system and file access logging mechanism significantly improves file system security.
  The main features of NTFS file include:
  NTFS can support partition sizes can reach 2TB
  NTFS is a recoverable file system is
  NTFS support for partitions, compress and encrypt folders and files
  NTFS uses smaller clusters can be more efficiently manage disk space
  on an NTFS partition, can be a shared resource, folder and file set access permissions
  can be disk quota management in the NTFS file system
  access to the NTFS file system is cumulative
  NTFS file permissions beyond the permissions on a folder
  permission Denied NTFS file system over other permissions
  NTFS permissions are inherited
• Windows service pack and patch
  scanning and exploit system vulnerabilities to attack by hackers commonly used means of attack, to address vulnerabilities most effective way is to install the patch.
  There are four vulnerabilities Microsoft Solution: Windows Update, SUS, SMS and WUS.
• Windows system log
  1) correctly set up and manage system user account
  2) the safety management system of external network services
  3) enable a Windows system logging
• Linux system security
  Linux is completely free to use and free dissemination, POSIX-compliant Unix-like operating system, following the public copyright license, the source code is open, free to modify, freely distributed, is able to run on a variety of hardware platforms, multi-user , multi-tasking operating system.
  (1) security mechanism Linux system
  1) PAM mechanism
  2) Encrypting File System
  3) Firewall
  (2) Linux system security and set
  1) Linux boot loader security settings 2) prevent the use of a combination of keys to reboot the system
  3) secure login, logout
  4) user account security management
  5) file security
  6) restrictions on the use of resources
  7) Clear history
  8) access control system services
  9) system log security
  10) shut down unnecessary services
  11) to prevent the virus
  12) firewall
  13) use security tools
  14) to back up important files
  15) upgrade
  16) Rootkit security
• Rookit consists of: an Ethernet sniffer program, hiding the attacker's catalog and process procedures, some complex Rootkit can also provide telnet, shell and finger the attackers, used to clean up some of the / var / log and / var / adm directory script other files .
• Rootkit Prevention of means : First, do not use clear text passwords over the network, or use one-time password. Secondly, the use of detection tools such as Tripwire and aide attacker can detect intrusion in a timely manner, they are able to provide system integrity check. Further, it may also be used chkrootkit (Rootkit specific testing tool) to check.

---

4.3 mobile terminal security

• The current mainstream mobile terminal operating system platform is divided into two camps: produced by Apple's iOS platform and Google's Android platform produced .
• Mobile terminal development has on the security foundation is still shallow, but the degree of attention is not high, is caused by the mobile terminal security issues biggest reason .

4.3.1 The concept of the mobile terminal and the main security issues

• The mobile terminal means a computer device that can be used on the move.
• Classification of the mobile terminal:
  a) a movable cable terminal: refers to the U disk, mobile hard disk data lines and the need to use a computer connected.
  2) wireless mobile terminal: means using a wireless transmission protocol module to provide a wireless connection, a common wireless mobile terminal including a smart phone, POS, notebook computers also belongs to the mobile radio terminal.
• The mobile terminal security problems can be summarized as: sensitive local storage, data transmission network, malicious software, application and security information security system types.

4.3.2 Android platform and its security

• Android system is based on the Linux open source operating system, both mobile phone manufacturers or individual developers can be customized on the basis of the standard Android operating system on.
• Android platform is divided into multiple levels on the system architecture, the more important are the application layer, layer framework, runtime, and Linux kernel layer .
• Android platform because of its open characteristics relative to other mobile terminal platform greater security risks.
• Android phone ROOT after a major influence is not through the official system upgrade, but you can download a lot of third-party system firmware, the mobile phone has a better body scalability .
• Malicious software may be in the user's knowledge of the implementation of theft, sneak flow calls, silent install other applications background operation, pose a threat to privacy and property safety of the user.
• To avoid malware own mobile devices, users should refuse to install from unknown sources application , try to use the market to download the application through official channels or a third party can be trusted. At the same time, you can choose to install anti-virus software to enhance security of the mobile terminal.

4.3.3 iOS platform and its security

• iOS is a streamlined change comes from Apple's desktop MacOSX, two operating systems are based on Darwin's called class UNIX kernel .
• iOS compared to Android's advantages : a closed development environment and a relatively sound security mechanisms so that the system greatly reduced attack surface, can better protect the user's data, to avoid infringement of malware, thus obtaining the trust of many users .
• In many iOS security mechanisms, the representative has permission to separate, mandatory code signing, random address space layout and sandbox .
• Sandbox functional mechanisms of limitations: can not break a location outside of the application directory; other processes on the system can not access; not using any hardware device directly; unable to generate dynamic code .
• XcodeGhost harm caused as follows:
  1) User Information Upload
  2) popups app
  3) perform other operations by URLScheme
• XcodeGhost has important implications of reasons : starting from the development environment for malicious code at compile time; not reviewed the applications of malicious code; lack of awareness of security developers.

4.3.4 Mobile systems reverse engineering and debugging

• Reverse Engineering : The disassembly, decompilation and other means to restore the process of program source code from the application's executable file.
• Reverse engineering can be divided into systems analysis and code analysis into two stages.
• In the code analysis phase, mainly through uncover vulnerabilities, malicious code and Trojan virus analysis and detection of binary programs for analysis.
• Two reverse engineering an important role :
  1) breached the target program, to get critical information, can be classified in security-related reverse engineering.
  2) learn from other people's program features to develop their own software, it can be classified as related to reverse engineering and development.
• apk file file contains:
  . 1) AndroidMainifest.xml document
  2) res folder
  3) classes.dex file
  . 4) resources.arsc
  . 5) the META-INF folder
• To prevent reverse engineering application software is Android, the following may adopt protective measures :
  1) code obfuscation: You can use ProGuard to obfuscate Java code, decompile the code more difficult to read.
  2) shell: apk is increased by way of the protective housing, wherein the protection code, and increase the difficulty of illegal modification decompiled.
  3) debugger detection: dynamically adding module detector in the code debugger, the program detects when a debugger attached, immediately terminate the program.
• Commonly used iOS reverse analysis tools as follows:
  . 1) Dumpcrypt: application downloaded from AppStore husking operation is performed.
  2) class-dump: usually class-dump in an initial stage of reverse engineering.
  3) IDAPro and HopperDisassembler: Top disassembler , the executable file for the accurate and detailed analysis of static, pseudo-code into the source code of proximity.
  4) GDB and a LLDB
  . 5) Cycript
• Reverse engineering has become the primary means to protect system security , reverse engineering, to further discovery system vulnerabilities and security risks, to better ensure user security.

---

4.4 Virtualization Security

• Virtualization is important to cloud computing technology support needs of the entire virtual environment storage, computing and network security and other support resources.

4.4.1 Virtualization Overview

• Computer virtualization technology is a resource management technology, all kinds of physical resources of the computer it will, through abstraction, converted after presented to the user.

Classification 4.4.2 virtualization technology

• By Application :
  1) operating system virtualization
  2) application virtualization
  3) Desktop Virtualization
  4) storage virtualization, network virtualization
• Pattern classification according to the application :
  1) many
  2) many-
  3) many-
• Call mode by hardware resource classification :
  1) full virtualization
  2) paravirtualization
  3) hardware-assisted virtualization
• Classified by operating platform :
  1) X86 platform
  2) non-X86 platform

4.4.3 security threats in the virtual environment

• Virtualization system that may exist in security issues : virtual machine escape, virtualized network environment risk, the risk of virtualization and virtualization environmental risks mirroring and snapshot files .

4.4.4 virtualization security system

• Hypervisor is in a virtualized system central position , it can control with Start Guest OS, creating a new Guest OS image, perform other privileged operations.
• Hypervisor recommendations on how to enhance the security of:
  1) the installation of Hypervisor vendors release of all updated
  2) restrict access to the Hypervisor management interface
  3) Close all unused services Hypervisor
  Security 4) using the monitoring function to monitor each Guest OS of
  5) Hypervisor itself to carefully monitor signs of vulnerability
• With regard to Guest OS 's own safety recommendations:
  1) to comply with the recommended management practices physical OS
  2) promptly update all installed Guest OS
  3) in each Guest OS, the disconnect unused virtual hardware.
  4) for each Guest OS independent authentication scheme
  5) to ensure that the physical device Guest OS virtual devices are properly associated with a host system
• Planning and deployment of security of the main measures: planning, design (password authentication problems and issues), implementation (physical-to-virtual conversion, monitoring, security implementation, operation and maintenance) and so on.

---

7.2 Cloud Security

7.2.1 cloud of related concepts

• VM : simulated by software having a function of a complete hardware system, operating in a completely isolated environment full computer system, having a package, independence, barrier properties, compatibility , and hardware independent.
• Cloud is a pool of computing resources, usually for a number of large server clusters, each group includes hundreds of thousands or even millions of servers, a supply of services and the development of the entire virtual environment.
• From the technical architecture on it can be divided into three layers: service software as a service, platform as a service and infrastructure as a service .
• From the object-oriented cloud it can be divided into public cloud, private and hybrid clouds .
• Cloud computing : an algorithm for the upcoming on-demand services converging efficient pool of resources to a service delivered to users.
• Cloud services offer three different levels of models: Infrastructure as a Service, Platform as a Service, Software as a Service .
• Cloud Security : a new term calculation derived from the cloud means cloud and hosted services can be efficient and safe running.

7.2.2 security challenges facing cloud

• Currently facing the cloud security challenges focused on four areas:
  1) how to address risks posed by new technology
  2) how to plan the risks associated with resources, data, etc.
  3) how to implement the requirements of the risk indicators of policy, regulatory issues
  4) how to manage the risks of cloud operation and maintenance of its resources
• Security risks of new technologies focused on controllability, dynamic and virtual machine escape aspect and so on.
• Cloud faced centralized security challenges :
  1) the presence of the planning and design of the network structure, identifying and migrating systems, centralized authority and other issues cloud security aspects of data center
  2) there is a cloud platform administrator rights abuse risk
  3) the user's security isolation
  4) resource pool resources to snatch users and malicious attacks
• Construction of cloud security needs to be considered from the six levels including the physical layer, network layer, the host layer, application layer, virtualization and data layers :
  1) physical security access control needs to be considered, fire, temperature and humidity control, electromagnetic shielding, mine aspects of information security protection, environmental monitoring systems.
  2) network security building security to be achieved by FW, IDS / IPS, DDoS, VPN , etc.
  3) Host Security to consider endpoint security, information security protection aspects of host security, system integrity protection, OS reinforcement, security patches, virus protection and so on.
  4) Virtualization security building can consider virtualization platform reinforcement, reinforcement and isolated virtual machine, the virtual network monitoring, prevention of malicious VM, Virtual Security Gateway VFW / VIPS and other aspects to technical implementation.
  5) Application Security building may wish to adopt a multi-factor authentication access, WAF, security auditing technology.
  Aspect 6) may control data from a data access security, DB-FW, the encrypted image data desensitization, residual information protection, storage location requirements for information security protection.