Chapter IV Safety System
4.1 Operating System Overview
The computer is a complex system consists of hardware, operating system software, application software together constitute. Among them, a series of complex hardware is the foundation of the computer, a variety of application software for the user to provide a variety of application services, and the operating system is the "soul" of the entire computer system.
== operating system is a set of management and control of computer software and hardware resources, to provide users with a set of convenient computing services of a computer program. ==
computer operating system features include:
1) Process Manager
2) Memory Management
3) Device Management
4) File Management
5) User Interface
4.2 Operating System Security
4.2.1 operating system security threats and vulnerability
1. Operating system security threats
Threats to the security of the computer operating system has a lot, mainly in the following areas:
(1) the invasion of illegal users or user fake system
(2) Data is unlawful destruction or loss of data
(3) the destruction of unknown viruses and hacking
(4) the operating system is not functioning properly
2. The operating system vulnerabilities
No matter what kind of computer system, it was developed and is controlled, so there is a security breach is inevitable, and inevitably will be destroyed and interference. The vulnerability of the operating system mainly from the following aspects:
(1) operating system vulnerabilities remotely calls and
problems (2) process management system
Common Vulnerabilities of the operating system include:
(1) empty passwords or weak passwords
(2) default shared secret
(3) system components vulnerabilities
(4) application vulnerability
Common security protection mechanisms 4.2.2 operating system
1. process isolation and memory protection
In order to achieve process isolation and memory protection mechanisms, the computer operating system added a memory management unit module, when the program runs in a computer, the MMU module is responsible for allocating memory space needed to run the process, process isolation and protected memory for each a process to provide space to run independent of each other, the mechanisms to achieve isolation by banning the reading and writing process and other processes memory space system processes, and to achieve inter-process communication between isolated environment under the mechanism and process of resource sharing mechanism through a series of complex mechanisms .
2. Run mode
For security reasons, the operation mode of modern CPU is usually divided into kernel mode and user mode two modes of operation:
(1) the kernel mode: also known as privileged mode, the Internet x86 series, called the core layer (Ring 0)
(2 ) user mode: also referred to as a non-privileged mode, or the user layer (Ring 3)
3. User Access Control
The current popular operating systems are usually divided into different user rights system administrator user privileges, ordinary users, guest users and other levels, different types of user accounts with different operating authority, usually the system administrator user has the operating system to manage all authority, ordinary users will only execute, modify the permissions of their own application software and files, and guest users can only share out user access to the system administrators and ordinary users rarely files and applications.
4. File System Access Control
A typical file operations access control file is read, write, and execute permissions to limit three areas, respectively, to deal with file operations to read, modify and run.
4.2.3 Operating System Security Evaluation Criteria
Class D: No protection level
Class C: self-protection level
- Class C1: independent security level
- C2 level: Level Control Access Protection
Class B: mandatory level of protection
- Class B1: security level mark
- Class B2: means Protection Level
- B3 level: the protected zones level
Class A: protection level verification
- Class A1: Verify the design stage
- Super Class A1
4.2.4 commonly used operating system and its security
1.Windows System Security
(1) Windows security subsystem
core Windows security subsystem of the Windows operating system
1) flow control system login
2) the security account manager
3) Local Security Authority
4) security reference monitor
(2) NTFS file system
NTFS file system since the beginning of the Windows NT version of Microsoft Windows as the system's default file system. NTFS file system object can set the file system is very fine-grained access rights, which is characterized mainly include:
- NTFS can support partition sizes up to 2TB. The FAT32 support of Windows2000 in the partition size up to 32GB
- NTFS is a recoverable file system
- NTFS support for partitions, folders and files compression and encryption
- NTFS uses smaller clusters can more efficiently manage disk space
- On an NTFS partition, you can share resources, folder and file access permissions settings
- In the NTFS file system disk quota management
- NTFS file system access permissions are cumulative
- NTFS file permissions beyond the permissions on a folder
- Permission Denied NTFS file system over other rights
- NTFS permissions are inherited
(3) Windows service packs and patches
(4) Windows system log
Windows system the user can enhance the security of Windows systems through the following means.
1) correctly set up and manage system user accounts, including:
- Stop using the Guest account
- Less add the user account as much as possible
- For each account a complex password settings
- Correctly set permissions for each account
- The system default administrator account renamed
- Minimize the use of system administrator account login system
2) the safety management system of external network services
3) enable a Windows system logging
2.Linux System Security
(1) Linux system security
Linux has taken many safety precautions, some is distributed as "patches", the following is a brief security mechanism Linux systems:
1) PAM mechanism
2) Encrypting File System
3) Firewall
(2 ) Linux system security and set
1) Linux boot loader security settings
2) prevent the use of a combination of keys to reboot the system
3) secure login, logout
4) user account security management
5) file security
6) restrictions on the use of resources
7) Clear history
8) access control system services
9) system log security
10) shut down unnecessary services
11) to prevent the virus
12) firewall
13) using the security tools
14) to back up important files
15) upgrade
16) Rootkit security
consisting of Rootkit:
- Ethernet sniffer program
- Hidden attacker directory and process procedures
- Some complex Rootkit can also provide telent, shell and other services to the attacker's finger
- Some used to clean up the / var / log and / var / adm directory script other files
Rootkit is currently the most common Linux Rootkit, to LRK, for example, LRK working set includes:
- Fix: timestamp and checksum, which is used to timestamp and checksum tampered with the program and change program is the same as the original system
- Linsniffer: steal information specific network sniffer
- Wted: Check out or remove the specified field in wtmp
- Z2: remove a user last utmp / wtmp / lastlog record
Prevention and detection Rootkit:
First, do not use clear text passwords on the Internet, or use one-time password.
Secondly, the use of detection tools such as Tripwire and aide attacker can detect intrusion in a timely manner, they are able to provide system integrity check.
Also, if you suspect you may be implanted Rootkit, you can use chkrootkit to check.
4.3 mobile terminal security
4.3.1 The concept of the mobile terminal and the main security issues
1. The concept of the mobile terminal
The mobile terminal (or called mobile communication terminal) is a computer device used may be used on the move. Broadly speaking, mobile terminals including mobile phones, laptops, POS, and even on-board computers, but in most cases refers to a cell phone or smart phone with a variety of application functions.
We can roughly be divided into the following two categories:
1) a movable cable terminal: refers to the U disk, mobile hard disk and the data lines needed to connect to the computer.
2) wireless mobile terminal: means using a wireless transmission protocol module to provide a wireless connection, a common wireless mobile terminal including a smart phone, POS, notebook computers also belongs to the mobile radio terminal.
Mobile terminal face security problems in two ways. On the one hand, any system or platform has its own vulnerabilities, an attacker can exploit these vulnerabilities to attack, the mobile terminal is no exception; on the other hand, a large number of applications on mobile terminals, many applications before the line for various reasons they did not undergo rigorous safety testing, leading to serious security risk.
2. The security issues facing the mobile terminal
Currently, the mobile terminal security problems can be summarized as the type of local storage, data transmission networks, malicious software, applications, and system security sensitive information security issues.
(1) sensitive information stored locally
(2) data transmission network
(3) application security issues
(4) Malicious Software
(5) System Security
4.3.2 Android platform and its security
1. Recognizes that the Android platform
The first commercial version of the Android system, released in 2008, so far, the Android system has become the worldwide mobile operating system widely used. Android system not only for mobile phones and tablets, and has been used in smart watches, smart television and even personal computers.
The platform features 2.Android
Android platform is divided into multiple levels on the system architecture, the more important are the application layer, layer framework, runtime, and Linux kernel layer.
- Application Layer: the application software to provide users with services directly.
- Frame layer: the core of the Android system, composed of a plurality of system services.
- Runtime: When running the Android platform by the Java core libraries and the Dalvik virtual machine composed.
- INL: Linux kernel is the bottom layer of the Android system.
Security issues 3.Android platform
4.ROOT hazards
- Not through the official software upgrade
- It increases the chance of accidentally deleted due cause system crashes
- Virus on the device, the Trojans have more opportunities to destroy the device or using the system to achieve their illegal purpose
5. The threat of malicious software
4.3.3 iOS platform and its security
1. Recognizes the iOS platform
Apple's iOS platform is released in 2007 designed specifically for mobile terminal operating system such as the use of the original iPhone.
Platform security mechanism 2.iOS
- Privilege separation
- Mandatory code signing
- Random address space layout
- Sandbox
feature sandbox restrictions are as follows:
1) can not break a location outside of the application directory
2) other processes on the system can not be accessed, even with the same UID process
3) not using any hardware device directly, only through Apple API access is constrained to
4) can not generate dynamic code
3.XcodeGhost event analysis
XcodeGhost harm caused by the following categories:
1) upload user information
2) within the application pop
perform other operations by URLScheme
4.3.4 Mobile systems reverse engineering and debugging
Reverse Engineering the mobile terminal 1. Overview
Reverse engineering, by definition, is reduced by disassembly, decompilation and other means from the application's executable file in the source code of the process.
In the code analysis phase, mainly, binary file that was analyzed by the following points.
1) discovered security vulnerabilities: In the case of unknown source code, can analyze the application through reverse engineering, found application in potential security breaches and data leakage risk
2) detection of malicious code: Reverse engineering is the existence of malware detection programs an important method code
3) Trojan virus analysis: reverse engineering, can accurately understand the operational mechanism and behavioral characteristics of the virus, killing and killing tools to facilitate the preparation of the virus.
Summing up the above analysis, reverse engineering have two main functions:
- Break target program, to get critical information, can be classified in safety-related reverse engineering
- Learn from other people's program features to develop their own software, it can be classified as related to reverse engineering and development
2.Android reverse engineering platform
Under normal circumstances, apk file package contains the following files:
- AndroidMainifest.xml file: Application global configuration file that contains the usage rights for the definition and application of established
- res folder: the resources used to store the resource file folder
- classes.dex file: Application Android system executable file
- Resources.arsc: compiled binary resource files
- META-INF folder: signature-related information storage
The following brief analysis described classes.dex manner:
1) to disassemble the executable file, analyze the resulting Darvik bytecode.
2) Use Apktool or Baksmali generate smali file for reading.
3) Use tools such as DDMS Android operating status monitoring program, dynamic debugging program for Android.
In order to prevent reverse engineering application software is Android, you can take the following precautions:
1) code obfuscation: You can use ProGuard to obfuscate Java code, increase the difficulty of decompilation after reading.
2) shell: apk is increased by way of the protective housing, wherein the protection code, and increase the difficulty of illegal modification decompiled.
3) debugger detection: adding detector dynamic template in the code debugger, the program detects when a debugger attached, immediately terminate the program
3.iOS reverse engineering platform
IOS reverse analysis tools commonly used are the following:
- Dumpcrypt: Shelling operation of applications downloaded from the Appstore
- class-dump: commonly used class-dump at the initial stage of reverse engineering
- IDAPro and HopperDisassembler: famous disassembly tools for executable files accurate and detailed static analysis, into a pseudo-code close to the source code
- GDB and LLDB: static analysis corresponds to these two tools for more in-depth and thorough analysis of the program by way of dynamic debugging system
- Cycript: by way of injection process dependent program running iOS, and JavaScript syntax can be used to test procedures
4.4 Virtualization Security
4.4.1 Virtualization Overview
Computer virtualization technology is a resource management technology, all kinds of physical resources it computer, such as CPU, memory, and storage, networking and so on, through the abstract, the conversion to the user.
Classification 4.4.2 virtualization technology
1. By application
- Operating system virtualization
- Application Virtualization
- Desktop Virtualization
- Storage virtualization, network virtualization
2. Application of Pattern Classification
- Many
- Many-to
- Many to many
3. Press the call mode hardware resource classification
- Full virtualization
- Paravirtualization
- Hardware-assisted virtualization
4. Press the operating platform classification
- x86 platform
- Non-x86 Platform
4.4.3 security threats in the virtual environment
1.Hypervisor security
The following are recommendations for enhanced security Hypervisor:
1) installation of Hypervisor vendors release updates all
access 2) limit the Hypervisor management interface
3) Close all unused Hypervisor service
usage monitoring capabilities to monitor the safety of every Guest OS
5) carefully monitors the Hypervisor itself a sign of vulnerability
2.Guest OS security
The following is a Guest OS's own safety recommendations:
1) to comply with the recommended management practices physical OS
2) promptly install all the updates of Guest OS
3) in each Guest OS, the disconnect unused virtual hardware
4) for each Guest OS independent authentication scheme, special circumstances may require two Guest OS share certificate
5) ensure that the Guest OS virtual devices are properly associated physical device to a host system
3. Virtualization Infrastructure Security
4. planning and deployment of security
(1) planning
at this stage is to organize work to be done before the start of the program design, planning stage need to determine the current and future needs, determine the function and safety. A key work planning phase is to develop virtualization security policy, security policy should define what form of organization allows each of virtualization and virtualization can use the programs and data.
(2) Design
for the design of virtualization solutions, security technology to be considered are as follows:
1) certification issue
2) password problem
3) implement
virtualization solution after good design, the next step is to put the system into practical solutions involving aspects as follows:
- Physical-to-virtual conversion
- Surveillance
- Security implementation
- Operation and maintenance
Advanced computing security issues under Chapter VII of the big data background
7.2 Cloud Security
7.2.1 cloud of related concepts
1. Cloud
Refers to the virtual machine, running in a complete computer system has a completely isolated environment the integrity of the hardware system functions by software simulation, a package, independence, barrier properties, compatibility, and hardware independent.
Cloud is a metaphor, is a pool of computing resources, usually for a number of large server clusters, each group includes hundreds of thousands or even millions of servers, a supply of services and the development of the entire virtual environment.
Clouds from a technical architecture can be divided into three layers:
- Services Software as a Service
- Platform as a Service
- Infrastructure as a Service
Object-oriented from the cloud can be divided into:
- Public cloud
- Private Cloud
- Hybrid Cloud
2. Cloud Computing
Cloud computing is a computing method, the service will soon need to provide the converging efficient pool of resources, delivered as a service to users. Cloud computing via the Internet to provide dynamic, scalable and often virtualized resources.
Cloud computing is distributed computing, parallel computing, utility computing, network storage, virtualization, load balancing, hot standby redundancy traditional computer network technology and the integration of the product.
3. Cloud Services
Cloud service is a service in a cloud computing environment delivery model, is based on the increase related services Internet, use and delivery models, usually involving providing dynamic and scalable resources via the Internet, the resources of cloud service providers are often virtualized resources .
4. Cloud Hosting
Cloud Hosting is an important part of the cloud computing infrastructure applications, cloud computing industry chain at the bottom of the pyramid.
5. Cloud Security
Cloud computing security is a new term derived from the cloud means cloud and hosted services, can efficient and safe running.
7.2.2 security challenges facing cloud
Cloud security challenges currently facing are mainly concentrated in four areas:
1) how to address the new risks posed by new technology
2) how to plan the risks associated with resources, data, etc.
3) how to implement policies to the requirements of the regulatory indicators risk
4) how to manage the risks of cloud operation and maintenance of its resources
1. New Technology
1) controllability
2) dynamic
3) virtual machine escape
2. Centralization
How to plan a cloud architecture, the deployment will be a problem, the following centralized security challenges include at least:
1) to identify the presence and migration planning and design of network architecture, system security aspects of cloud data center, centralized authority and other issues
2 ) cloud platform administrator privileges exist the risk of abuse, once a malicious person access to cloud platform administrator account through illegal means, will bring incalculable damage to the entire cloud platform
3) user's security isolation
4) user resource pool resources and snatch malicious attacks
3. Compliance
4. Operation Management
Security in the cloud environment 7.2.3
1. Cloud security standards
2. Cloud security building
1) physical security access control needs to be considered, fire, temperature and humidity control, electromagnetic shielding, information security aspect lightning protection, environmental monitoring systems, etc.
2) through the network security building security FW, IDS / IPS, DDoS, VPN , etc. to achieve
3) host security endpoint security need to be considered, aspects of host security, system integrity protection, OS reinforcement, security patches, virus protection, and information security protection
4) virtualization security through virtualization platform construction reinforcement, reinforcement virtual machine and isolation, virtual network monitoring, prevention of malicious VM, virtual security gateway VFW / VIPS and other aspects to carry out technology
5) may consider building application security through multi-factor authentication access, WAF, security auditing technology