2019-2020-1 semester 20,192,419 "Introduction to cyberspace security professionals," the tenth week study summary (study notes)

Chapter IV Safety System

4.1 Operating System Overview

The computer is a complex system consists of hardware, operating system software, application software together constitute.
The operating system is a set of management and control of computer software and hardware resources, to provide users with a set of convenient computing services of a computer program.
Computer operating system features include:
1) process management: also known as processor management, mainly on the CPU time allocation, the operation of the processor for effective management.
2) Memory management
3) Device Management
4) File Management
5) User Interface: The user interface is divided into a command line interface, graphical interface and the program call several types of interfaces.

4.2 Operating System Security

4.2.1 operating system security threats and vulnerability

1. Operating system security threats
   threats to the security of the computer operating system has a lot, mainly in the following areas:
   (1) the invasion of illegal users or user fake system
   (2) Data is unlawful destruction or loss of data
   damage (3) and unknown viruses hacking
   (4) operating system is not functioning properly
   

2. Operating system vulnerability
   vulnerability of the operating system mainly from the following aspects:
   (1) the operating system of long-distance calls and system vulnerabilities
   problems (2) process management system
   Common Vulnerabilities of the operating system include:
   1) empty passwords or weak passwords
   2 ) The default shared key
   3) system components vulnerabilities
   4) application vulnerabilities

   Common security protection mechanisms 4.2.2 operating system

   There are several security mechanisms:
   
3. Process isolation and memory protection
   
4. Run mode: Run mode modern CPU is usually divided into kernel mode and user mode two modes of operation: 1) kernel mode: also known as privileged mode. 2) User mode: also known as non-privileged mode.
5. User access control

6. File system access control: access control typical file operations on the file is read, write, and execute permissions to limit three areas, respectively, to deal with file operations to read, modify and run.

   4.2.3 Operating System Security Evaluation Criteria

   United States Department of Defense "Trusted Computer System Evaluation Criteria", the standard has been regarded as an important assessment standard computer operating system security. The computer security descending into A, B, C, D 7 security level four, a total of 27 evaluation criteria.
   Class D is the lowest level of security, after the assessment, but does not meet the higher grade requirements under the evaluation system to grade D, has only one level.
   Class C is the level of self-protection, has some protection, safety measures are adopted discretionary access control and review tracking. Generally apply only to multi-user environment with a certain level. Class C is divided into two levels C1 and C2: customize security level (C1) and controlling access protection level (C2).
   Class B is mandatory level of protection, the main requirement is that TCB (Trusted Computing Base) should maintain the integrity of the safety mark, and perform a series of mandatory access control rules on this basis.
   Class B is divided into three levels: Level security tag (B1 grade), means of protection level (B2 level) and the protection level security zone (B3 stage)
   A level of authentication protection level, comprising a rigid design, control and verification process .
   A class is divided into two levels: level design verification, super class A1.

   4.2.4 commonly used operating system and its security

   Generally can be divided into ordinary computer operating systems, mobile terminal operating system, embedded operating system, of which the most widely used common computer operating systems Windows and Linux.
   
7. Windows System Security
   Security Windows systems to Windows security subsystem and is supported by the NTFS file system, Windows service pack and patch mechanisms, system logs, etc., to form a complete security system.
   (1) Windows security subsystem
   Windows security subsystem of the Windows operating system kernel layer, system security is the foundation for Windows, Windows logon security subsystem control flow by the system, security account manager, local security authentication and security reference monitor, etc. modules.
   (2) NTFS file system
   and its main features include:
   ● can support NTFS partitions (if using dynamic disks are called volumes) small day can reach 2TB. The FAT32 support of Windows2000 in the partition size up to 32GB.
   ● NTFS is a recoverable file system.
   ● NTFS support for partitions, folders and files are compressed and encrypted.
   ● NTFS uses smaller clusters can more efficiently manage disk space.
   ● on an NTFS partition, can share resources, folder and file set access permissions. In the NTFS file system disk quota management.
   ● access to the NTFS file system is cumulative.
   ● NTFS file permissions beyond the permissions on the folder.
   ● refused permission to the NTFS file system over other permissions.
   ● NTFS permissions are inherited
   (3) Windows service packs and patches
   to address vulnerabilities most effective way is to install the patch, there are four vulnerabilities Microsoft Solution: Windows Update, SUS, SMS and WUS.
   Windows Update is the Windows operating system comes with an automatic update tool.
   Microsoft SUS is to provide customers with rapid deploy the latest critical updates and security updates for free software.
   Windows Server Update Services (WSUS) is Microsoft's new patch distributed server system.
   Namely SMS Systems Management Server, is a management solution for Windows-based desktop and server systems and configuration changes, and its main features include hardware and software inventory, software metering, software distribution, and remote troubleshooting and so on.
   (4) Windows system log
   

8. Linux system security
   (1) security mechanisms Linux system
   1) the PAM mechanism 2) Encrypting File System 3) a firewall
   (2) Linux system security and setting
   1) Linux boot loader security settings 2) prevents the key combination to reboot the system 3) Safety login, logout 4) user account security 6 security management 5) file) restrictions on the use of resources 7) Clear history 8) access control system services
   9) system log security: in the Linux system, there are three main logging subsystem : connection time log, process log statistics, error logs.
   10) shut down unnecessary services 11) to prevent the virus 12) Firewall 13) using a secure tool 14) to back up important files 15) upgrade
   16) Rootkit security: Rootkit can get access to the system root class of tools.
   Rootkit component: Ethernet sniffer program, hiding the attacker's catalog and process procedures, some complex Rootkit can also provide telnet, shell and finger services to the attacker, used to clean up some of the / var / log and / var / adm directory script other files.
   Rootkit is currently the most common Linux Rootkit.

   4.3 mobile terminal security

   4.3.1 The concept of the mobile terminal and the main security issues

9. Concept of the mobile terminal
   

10. The mobile terminal security problems faced by
    currently existing mobile terminal can be classified into local security type memory, a data transmission network, malicious software, applications, and system security sensitive information security issues.

    4.3.2 Android platform and its security

    Android platform is divided into multiple levels on the system architecture, followed by the more important are the application layer, layer framework, runtime, and Linux kernel layer.

• Application Layer: the application software to provide users with direct services
• Frame layer: the core of the Android system, composed of a plurality of system services.
• Runtime: When running the Android platform by the Java core libraries and the Dalvik virtual machine composed.
• INL: Linux kernel is the bottom layer of the Android system

In the Linux system, ROOT user with the highest privileges. Although ROOT can bring convenience when used for some users, but will also bring some security risk.

4.3.3 iOS platform and its security

iOS platform security mechanisms, the representative has permission to separate, mandatory code signing, random address space layout and sandbox.
Functional limitations sandbox mechanism is as follows:
1) can not break a location outside of the application directory
2) other processes on the system inaccessible
3) can not directly use any hardware device
4) can not generate dynamic code
iOS because it has strong security mechanisms It was once thought to be highly secure systems, but iOS is also not absolutely safe. iOS application development platform is based Xcode has become a weak link in security.
XcodeGhost harm caused by the following categories: 1) upload user information 2) within the application pop

4.3.4 Mobile systems reverse engineering and debugging

1. Reverse Engineering the mobile terminal overview
   of reverse engineering, by definition, through the disassembly, decompilation process means restores the source code of the executable file from the application. 1) find security holes 2) detection of malicious code 3) analysis of the Trojan virus
   reverse engineering have two main functions: to break target program and learn from other people's program features to develop their own software.
   
2. Android platform reverse engineering
   the following brief description classes.dex Analysis Method:
   1) to disassemble the executable file, analyze the resulting Darvik bytecode.
   2) Use Apktool or Baksmail generate smali file for reading.
   3) Use tools such as DDMS Android operating status monitoring program, dynamic debugging program for Android.
   To prevent reverse engineering application software is Android, the following protective measures may be taken:
   1) code obfuscation 2) packers 3) debugger detection
   
3. iOS platform of reverse engineering
   Info.plist entry analysis is a iOS applications, a record basic information of APP. One of the more important elements Executable file, which is the name of the executable file APP. IPA executable file is a core file, the reverse is also the main objective analysis of the project.
   IOS reverse analysis tools commonly used are the following:
   

• Dumpcrypy
• class-dump
• IDAPro与HopperDisassembler
• GDB and LLDB

• Cycript

  4.4 Virtualization Security

  4.4.1 Virtualization Overview

  Overview of computer technology is a resource management techniques, various physical resources of the computer it will, through the abstract, the conversion to the user.

  Classification 4.4.2 virtualization technology

1. By application: operating system virtualization, application virtualization, desktop virtualization, storage virtualization, network virtualization.
   
2. According to the application pattern classification: many, many-to-many
   
3. Call mode by hardware resource classification: full virtualization, paravirtualization and hardware-assisted virtualization
   

4. Platform run by Category: X86 platform, non-X86 platform

   4.4.3 security threats in the virtual environment

   Virtual machine system there may be security issues as follows: 1) virtual machine escape 2) the risk of a virtualized network environment 3) Risk 4) virtualization environmental risks virtual machine image files and snapshots

   4.4.4 virtualization security system

5. Hypervisor Security
6. Guest OS security
7. Virtual basic social security facilities

8. Security planning and deployment

   Advanced computing security issues under Chapter VII of the big data background

   7.2 Cloud Security

   7.2.1 cloud of related concepts

9. Cloud
   virtual machine refers to a complete hardware system functions, a complete computer system operation software simulation in a completely isolated environment, a package, independence, barrier properties, compatibility, and hardware independent.
   
10. Cloud Computing
    Cloud computing is a computing method, upcoming on-demand services converging efficient pool of resources, delivered as a service to users. Cloud computing is distributed computing, parallel computing, utility computing, network storage, virtualization, load balancing, redundancy hot backup.
    
11. Cloud services
    cloud service is a service in a cloud computing environment delivery model, is based on the increase related services Internet, use and delivery models, usually involving to improve dynamic and scalable resources via the Internet, the resources of cloud service providers are usually virtualization H. Cloud computing currently offers three different levels of models: Infrastructure as a Service, Platform as a Service, Software as a Service.
    
12. Cloud Hosting
    Cloud Hosting is an important part of the cloud computing infrastructure applications, cloud computing industry chain at the bottom of the pyramid.
    

13. Cloud security
    cloud security is the cloud and hosted services, can efficient and safe running.

    7.2.2 security challenges facing cloud

    Cloud security challenges currently facing are mainly concentrated in four areas:
    1) how to address the new risks posed by new technology
    2) how to plan the risks associated with resources, data, etc.
    3) how to implement policies to the requirements of the regulatory indicators risk
    4) how to manage the risks of cloud operation and maintenance of its resources
    
14. New technology
    security risks virtualized network and host security, control, dynamic and virtual machine escape attacks.
    
15. Centralized
    centralized security challenges include at least the following:
    1) the presence of the planning and design of the network structure, identifying and migrating systems, centralized authority and other issues of security aspects of cloud data centers.
    2) there is the risk of abuse cloud platform administrator privileges, once a malicious person access to cloud platform administrator account through illegal means, will bring incalculable damage to the entire cloud platform.
    3) safe isolation of the user. The use of computing resources between different tenants, network resources, storage resources, such as isolation did not do a good job security, will result in a malicious person to obtain confidential information, destroy important data, implant viruses, Trojans and other serious consequences
    4) user resource pool resources and snatch malicious attacks.
    
16. Compliance
    

17. Operation Management

    Security in the cloud environment 7.2.3

    Cloud security needs to be considered from the construction of six levels, including the physical layer, network layer, the host layer, application layer, the virtualization layer and the data layer. Network security building security to be achieved by FW, IDS / IPS, DDoS, VPN , etc., illustrate product features are as follows:
    ● FW: to achieve security isolation through the firewall. Different division of security groups, security group by ECS instance with the same security requirements and the same geographic area consisting of mutual trust. Firewall security group for setting network access control single or multiple cloud servers, it is an important safety isolation means.
    ● IDS / IPS: deploying intrusion prevention systems, monitoring the log file analysis, feature scans and other means to provide account brute force, WebShell killing and other anti-intrusion measures.
    ● DDoS: DDoS prevention of various types of washing systems may be based on various DDoS attacks against the network layer, transport layer and application layer (including CC, SYN Flood, UDP Flood, UDP DNS Query Flood, (M) Stream Flood, ICMP Flood, HTTP Get Flood and all other DDoS attacks), and real-time SMS notification website defensive.
    ● VPN: establish a secure channel to ensure that users access information data confidentiality, integrity and availability.
    3) Host Security to consider endpoint security, information security protection aspects of host security, system integrity protection, OS reinforcement, security patches, virus protection and so on.
    4) Virtualization security building can consider virtualization platform reinforcement, reinforcement and isolated virtual machine, the virtual network monitoring, prevention of malicious VM, Virtual Security Gateway VFW / VIPS and other aspects to technical implementation. Which, VFW / VIPS is a virtual firewall and virtual intrusion defense system that provides a full range of cloud security services, including access control, traffic and application visualization, threat detection and isolation between virtual machines, network attacks such as auditing and tracing .
    5) Application Security building may wish to adopt a multi-factor authentication access, WAF, security auditing technology.
    Aspect 6) may control data from a data access security, DB-FW, the encrypted image data desensitization, residual information protection, storage location requirements for information security protection.