Analysis on the protection of Windows and Linux system permissions

Intermediary transaction SEO diagnosis Taobao guest Cloud host technology Hall

Introduction

No matter on which server system, the execution of any file must have certain permissions, if the hacker obtained this permission, it is possible to use this vulnerability to run some hacker programs, so as to control the entire computer. Conversely, even if hackers can put some hacker programs uploaded to the server, due to the permissions of the problem, these hacker programs will not run, can not endanger our system. For example Findpass is like this.

1 Windows System Permissions protection

Focus on password security first. After a lot of security incidents, people look at the reason and find a very surprising thing is that many people generally do not set or set only a very simple Windows Administrator password. This is actually tantamount to the control of the system to the hacker, network security of the second line of defense, this moment will become quite fragile.

Hackers scan if found this happy news, directly can be remote control or upload and run virus trojan, the system will become a "chicken". Hackers can often control these "chickens" to attack other computers without the user's knowledge, and hide behind the scenes to avoid cyber police tracking. In this way, users not only lose their own resources, shielding hackers, but also harm the computer of others, it is a heavy loss. So a secure password is very important to a system and must not be taken lightly.

Second, from the perspective of Rights management, the Rights management of Windows is actually relatively simple, just defined a few groups and several special users to manage the computer, where the highest power of the administrator can not manage the system of everything, if the system found a virus, Sometimes the administrator can only watch, unable to end the process.

However, if Windows is upgraded to a domain controller (DC), his rights management will vary greatly, and the system will enforce strict management of each domain user based on domain Group Policy, which can improve the security of system rights management. However, such rights management is still not optimistic, for example, users who do not join the domain may cause security risks to the network, the domain controller itself will have loopholes.

Finally, from a security policy perspective, Windows manages the system primarily through the registry, but the registry is very complex. To address this problem, Windows provides some registry management tools: Local Security policy, local Group Policy, control Panel, and so on. If they are carefully configured to modify the registry, they can be used to improve network security and not to consume system resources. But this way configuration is very complex, inflexible, more cumbersome to modify, for professionals can also be accepted, if the average user is not appropriate.

2 Linux system Rights protection

Linux's permissions settings are fundamentally different from windows. Linux Rights Management in all aspects of a complete system, and windows in this area is very fragmented, fragmentation, and the coordination between each module is almost no, and many functions just exist, and no practical significance.

(1) In terms of password security, Linux, like Windows, requires a secure password. But the Linux password if lost, although the system will be a security risk, but not as soon as windows as "chicken". Because there are other security measures in Linux that can compensate for the problem of password loss. Still, password security should not be overlooked.

(2) from the Linux Authority management, Linux file system is a "tree", and privilege management is to serve the tree and design. But Linux permissions are relatively simple, only "owner", "group", "other" 3 parts, control is very inflexible. In order to make up for these, Linux has added ACL privilege Management mechanism, which makes the user's rights management flexible.

(3) From the Linux security Policy, Tcpwarpper is a simple security policy, is a security policy that can limit the access of one IP or one IP segment to a service of a Linux server, and is powerful, Can be a good way to limit the access of a remote computer to a Linux server. If we cooperate with Iptables firewall, we can isolate many dangerous information, effectively reduce the probability of the server being threatened by the network and improve the security of the system.

(4) From the Linux security certification, the powerful Pam authentication mechanism, generally translated into "Pluggable authentication module", or "Pluggable authentication module." It is a robust, flexible user-level authentication method, Linux and Unix preferred security authentication. Through the modular structure, it solves many cumbersome user access authentication problems conveniently and flexibly, regulates user access and authorized behavior, restricts access and behavior of unauthorized users, and is a rare authentication mechanism.

(5) from the Linux iptables firewall, iptables Firewall is the essence of the Linux kernel integrated IP packet filtering system. The system is very powerful and can manage the rules of the firewall very easily, and the resource footprint is very small. The iptables packet filtering system has a common architecture netfilter in the kernel, it provides "table", each "table" contains "chain", "chain" is configured with corresponding "rules". Ultimately, Iptables is just a tool for managing kernel-pack-and-worry. The iptables firewall is a consistent security system, and almost all security paths use firewalls.

When a packet enters the system, the system first decides which chain to send the packet according to the corresponding table, and when a packet arrives at a chain, the system starts checking it from the first rule to see if it meets the conditions of the rule. If satisfied, the system processes the packet according to the method defined by the rule, and continues to check the next rule if it is not satisfied. If the packet does not conform to any of the rules in the chain, the system processes the packet according to the predefined policies of the chain.

iptables firewall function is very powerful, simple and easy to use, high security, and can also complete the NAT and other functions, so many users have been praised.

(6) from the perspective of Linux intrusion detection, Snort has a very powerful system monitoring capabilities, and has a wealth of rules (can be downloaded from the official website), can effectively monitor the operation of the network, is a free based on LIBPCAP lightweight network intrusion detection system. It can be used across platforms to monitor small business networks and respond quickly to other security mechanisms, limiting threats to a minimal scope. At the same time, it supports a large number of extensible plug-ins, effectively with other security mechanisms in the system to protect the system security. For example, the Guardian package mentioned in this article is a snort extension module written by developers (for Plug-ins that are linked to iptables).

(7) from the SELinux of Linux, it is actually to strengthen the system Authority management mechanism, can effectively make up the system account password leakage brought about by security risks. If you use SELinux to restrict permissions and storage mechanisms, you must use the enforcing mode. In this mode, even root users are powerless to direct control and management of key processes in some systems. If you have the protection of SELinux, in case the hacker gets the root account, if you want to control the system, you have to go through layers of auditing and restriction, and you can't change the contents of the file. This minimizes the risk of invasion.

(8) From the Linux security audit aspect, audit is an integrated event recorder in the 2.6 kernel, which can effectively monitor the server's system state. A specific rule is added before monitoring, and when the rule is met, it is considered an intrusion and an alert is issued. Unlike intrusion detection, the audit monitor object is the server, and the intrusion detection monitoring object is the network data stream.

Security audit itself is a huge system, in most cases, Linux is to use audit with other security mechanisms to complete the system security aspects of the record, for the System Management personnel analysis and warning. Information collected by the audit system includes the event name, event status, and other security information.

Throughout the Linux security system, it is not difficult to find that all aspects of the system are very closely matched. In general, it is difficult for hackers to complete the control of permissions, let alone remote control. Even if some hackers use unknown vulnerabilities can get certain system permissions, but they are difficult to remote control of the system, and even if you can upload Trojan virus, due to restrictions on permissions, can not run these viruses, so the damage to the system is limited.

This paper is originated from Jiangcheng thesis: http://www.xoock.com