DrupalCon Portland 2013

Cómo configurar bien la seguridad de los sistemas Linux

Kees Cook  · 

Transcripción

Extracto de la transcripción automática del vídeo realizada por YouTube.

hello everyone welcome to the DevOps track now that you're all wait this afternoon I'm Jeff shelter in one of the track chairs and I just wanted to introduce my first featured speaker case cook he previously worked at canonical work you let the looting

security team and in currently he's working at Google Chrome OS security so this talk is mostly because some ideas already had a chance you can download slides there every every presentation again I always cheat show people hence my name that's my

name so just a little introduction about meeting basically I like like breaking into computer systems I've been going to defcon for quite some time the largest pure hacker conferences in the world and they won a contest each year called capsular flag it's

a team-based challenge where teams tried everything to each other's computers and defend their computers and other people heard been working on my skills and making friends building teams we got team there's a lot of works I huge family wmm developed

over and ultimately i managed to channel 9 tendencies in essence you're securing resistance is close to breaking as the primary i worked at the the open-source development lab sort of the predecessor to the next foundation and quick trivia i just read

cheering everyone having hired minutes for balls in wisco he worked from home of course but any time we gave tours at OSD able to throw up of the things people really want to and we always had to say Oh black stairs this is so one day we decided I should break

out a name plate for him and put the minister bald nameplate on an empty tube at OS do on any time to announce hey where's mr. bolt state we could say welcome home but here's is cute and people take picture with again to cube do is think like that

so Oh sailboat upon I moved on to working conical into security team to Google work mostly focusing from person so about this talk talk about security and the first thing you want to do is try to convince you that it's important the direction I'm going

to that makes sense I'm going to cover some areas or how to design your systems blowing and then finally to start with so first part what do you mean post intrusion daddy here is that most security breaches and problems with services it's just an insecurity

art a single bug that gets an attacker they want so the standard progression of an attack is more like this where you find a bug in public facing service and then you find underneath that which with privilege escalation and that maybe you can fall doing more

motive act another system in the sort of continues examples being somewhat recent another probably were penetration between sort of like this this series of stolen ssh-keys Colonel bugs SH demons like there's this whole training attack then more recently

what was affecting some observers people discovered that they were living iframes checked it into their bound web services they're coming from and where they located as a kernel root kit that had been installed and was actually injecting i framed into

the outgoing piece of these dreams it was scary but and all these things sort of in the information security community to to get called the advanced persistent threat and biobanks i think it just successful so and for those of us using debian ubuntu the acronym

community is very confusing anyway these are sort of the things that are going on in real-world attempts on an actual system and that's what I mean my person post improving the first attack just get you in and then what happens from there we really have

to go through a lot of steps to to expand the reach of your attack starts important defend against them and that gets me to air and security any well-designed system a lot over the years of security and this is this is basically doing more than one thing to

be protecting entirety get set up and there isn't cloaking security so in a crazy world you can prepare to be breach that every single layer that you designed and think about how you can contain above at any of it any one of those layers and it's you

can go about this pretty systematically and the reason that hurt xperia does exist because there's both everything and people think well i have this this file that only my user can read which means no other user around we can get at it then well that is

the design and that's a good first step what if there's a printable mobility will be completely masses bypasses permission checking so you end up in a situation where it's like okay if we can just reduce the scope of what people have access to

their what interfaces they want to be over in a better position to define you so another problem exists in some improper upstream development is this reasoning that oh well art code doesn't need to be defensive because there are no bugs here so why should

we be defensive about it now doesn't leave any room for mistake everything has bugs so why not position of code so that it encountered something that was unexpected it drilled with a gracefully even if it's even if that condition by your estimation

isn't possible defensive and that's development so I think another one of the first areas to really look at it it's pretty slippery I broke this down two layers here I'm going to talk about dealing with authentication tokens whatever that means

a queenly discretionary access control work Dinah that's the standard UNIX for the terminal and idiot with that is that those access controls are openly up to the user in the unix permission model the mandatory access control sort of a stronger version

of that tends to be dictated by the system administrator I can further compliance then finally sort of a little piece of the end and talk about multi-factor authentication since pretty easy powerful so moving on to authentication thank you I don't want

to confine people's thinking to just SSH keys in this case but anything that you're used to prove to a system that you are is pretty broadly applicable so and as a quick aside I want to try to encourage people to stop using password password based

authentication in fact I have been trying to say the phrase password that implies just one kind of look but it's text and really once a test for use but anyway um keep your tokens your keys your ssh keys for example encrypted and tie them to a specific

device the device access this means if you lose control that system you lost control of all the FN occasion tokens addictive games I mean access the however many ones so didn't confine your ssh keys for example to just your laptop which doesn't have

ssh listing phone theory those up too much listen is kind of scary that also gets you better walking in finer control replication so for some examples on a local device your desktop you find your key things are the two halves at the ssh public TV that's

all fine if you didn't have a password on your TV goat on it now we vacuuming them actually set that up so if someone steals your key they would need to also have stolen you can pass greatest to unlock it and theoretically it is arguable that that is a

form of to drop okay and then on a remote system lower section weeks either there's no keeks all we have is the authorized who's actually able to get into this machine where do they come from and I like works painting yes it says the ssh key comments

because it tells you generated on what machine it's a little bit easier to figure out what is going on top of this this is a little bit safe specific but when confronted new confirmations actually use dead horse check your SS foster captor SSH key whatever

but I find a lot of times the reason that sort of gets tipped over is this that people go oh well I don't remember what the host key is that gene and I don't really remember how to actually find it is if you look on the system going well that's

[ ... ]

Nota: se han omitido las otras 3.971 palabras de la transcripción completa para cumplir con las normas de «uso razonable» de YouTube.