System Security Evaluation: Tools And Techniques Essay.

Your report should include:

• A description of how you investigated the security of the system.

– include fully cited information on tools and techniques you used.

• A description of the results obtained.
• A proposal on how to secure the system.

– you should address each of the security issues you find.

Propose and justify suitable security for a networked computer system.

Use a range of security-related tools.

Critically evaluate tools and techniques for system security.

Research and report on a security-related topic, using appropriate literature.

System Security Aspects

This project refers to investigating the security of the system. The WidgetsInc Company contracted the Benny Vandergast Inc. for developing a new web based store for them. Because, the Benny Vandergast Inc. facilitated testing using the VMware virtual machine. So, the WidgetsInc took decision of providing you a job, related to system security evaluation. In this project, we will perform security evaluation on the provided virtual machine image. All this will be investigated and analyzed in detail.

Accounts for All users

All types of Linux system, have a root account. All the administrative functionalities can be carried out directly in this account. But, other accounts are not having rights to access the system. It represents that not all the user accounts are permissible to access the files and are able to publish the network services. The users who have authorized can only access these files. To access the root account, the user needs to be logged in with appropriate credentials. For our convenience, the user account can be created for individuals or group of people. If a group of people are assigned to do the same resource, then they are allowed to access the files automatically (Stuartellis.name, 2018).

File Access Permissions

To access all types of directory and file system in the Linux based system, there are three types of file access permissions based on the person who have accessed.

• The special account accessibility for the owner.
• The accessibility for the group.
• Permission to access for all the other accounts.

The following permissions will be applied on the files.

• They can read.
• They can write.
• They can execute the file.

The user can only run the program but they can't change the file content. The files in the root account, can be accessed by all the authorized users.

The checksum is created for a file or it is tested against the checksum by using the utility of sha1sum. In Linux based system, to encrypt the files and signing the documents digitally, GNU Privacy Guard (GnuPG) system is enabled. The files that we encrypted and signed digitally are compatible with OpenPGP standard.

As the evolution of email application, it supports both encryption technique and digital signing process along with GnuPG.

If we want to apply the GnuPG features in GNOME PC environment, we need to do installation process by the standardized software management tool.

Encrypted storage process

We can protect our sensitive files in a deeper encrypted way. We can enclose the encrypted data in another directory, wherever required. The decryption password is essential to access the encrypted file. If the user enters valid password, then they can manage the file otherwise it could not be accessed.

To access the encrypted files in all the operating systems, we need to work with cross platform. Sometimes, an entire part of the disk partition need to be encrypted when it caches the data. In such case, the contents can be accessed by the unauthorized users.

Generally, the Linux based system has the OpenSSH version. SSH standard is implemented to provide a secured remote access. In default, SSH has a strong encryption and it gives the following features:

• Providing accessibility for command execution.
• Providing File transfer.
• Providing remote accessibility for graphical software.
• Providing accessibility through command line.

The SSH helps the user to access the tunnel connection to some other services by SSH. This tunneling service provides various benefits such as security and data compression options as in-built functionalities of SSH. This feature provides protection option for the entire communication among Linux systems as the traffic passes through pubic network.

Verification of Data

Software Management

Most of the Linux environment distribution has the facility to manage the software according to the package files. Because, it has a set of pre-defined websites and it is known as channels. The software management facility helps to build and update working copies of the package to execute other tasks that are required by the software package. This software package management tool helps to determine the installed software that is outdated on the system. It represents that the supported software in system could not be affected in the repositories. 

The execution of the system will be verified by its integrity and all the host integrity will be tested by the checksum process. So that, the FreeBSD and Solaris distributions has these integrity testing usages and the integrity monitoring system of cross platform like Osiris and Samhain. These two centralized supporting system auditing processes handles many systems.

The system configuration process will be varied with the integrity tester to exclude specific files and directories, which need to be modified in the system before they are generating the initial checksum database of the system. It compares the obtained checksum of files in the database and report.

System Recovery

User can easily restore the software program files which is added along with the distribution of software management tools. The user even contains the access to the copies of log files, configuration as well as data. These aspects need separate back up mechanism. The backup system is used to providing the capacity of restoring the versions of the user files from several earlier facts. It discovers that, the current system has compromised, then it can get damaged any time and it needs reverting to the previous version of the key files. Hence, it should not be considered as an adequate backup. It provides the wide range of backup tools and gives a suitable backup arrangement for their systems (Stuartellis.name, 2018).

To limit the user account and user application resources, configure various mechanisms. Because, the system has multiple users and they enforces with the resource limitation for making sure that there must not be any deliberate and accidental reason which could fail the facilities, when the available resources are used by the user. It enables storage quota on each partition, because the quotas are used to prevent the users from the backup facilities and from storage overloading.

Monitoring and audit features

In Linux, the klogd and syslog services are record activities and they are reported according to various system parts. Linux kernel basically reports to klogd, whereas system facilities and other services send log messages to the syslog service. Read and analyze the system log files by using several tools provided by the distributions. The monitoring and audit facilities also provide the central logging facility for the user network by configuring the syslog services on the other system to forward the information that they receive to the syslog services, on the log host. It maintains the record of all the processes that are run on that system (Stuartellis.name, 2018).

Secured remote access along with OpenSSH

The Firewall of the System

In Linux system, netfilter framework is installed in its kernel to provide restriction for both incoming and outgoing connection in network. This is based on the rules defined by the system administrator. In most of the Linux system, the firewall rules are set as default. Some of the simple firewall configurations are set into the simple firewall configuration. So that, we can manage the rules of firewall in any Linux System along with appropriate command line utilities. These Linux distributions help the user to utilize the blocked connections from other systems and services. So that, the port is managed from irrelevant port.

The Linux based system environment provides various methodologies to reduce the capability of system program to damage both host systems as well as the running program itself.

MAC (Mandatory Access Control) provides the usual security features of LINUX and it limits to any type of account and program.

Virtualization process helps assigning the hardware resources’ limited set, in the virtual machine. It will be monitored and the data can be backed up by the host system's separate process,

Linux container which helps to generate the new file system and separates this from an usual host system process.

The chroot utility runs the software programs along with the particular working directory and it helps to prevent the file directory from some other infected file directories.

1. Open Virtual machine (Golden, 2018).

2. Configuration->Hardware Tab -> Boot Order.
3. Choose the 'Select boot device on startup' and Run Ubuntu.
4. After, start target virtual machine.
5. Press Shift key repeatedly until you see the grub menu.
6. In boot menu, select recovery mode.
7. Select the recovery mode and then wait for all the completion of boot-up processes.
8. An ultimate administrator is referred to the root account, which can do anything for installing Ubuntu.
9. In the recent Ubuntu versions, the filesystem is mounted as read-only. Thus, enter the following command, for remounting it as read-write. Because, this allows making changes. mount -o rw, remount /

10. When the username is forgotten, type:

• ls /home

11. To reset the password, type: passwd ubuntu

This will reset the password. For returning to the recovery menu, type exit. Once, you get back to the recovery menu, select resume normal boot. Then, Ubuntu can be used normally.

By dismissing the dependence of working frameworks on a framework's physical state, framework virtualization enables numerous working frameworks to be introduced on a VMM, and in this way different working framework VMs can be introduced on each physical framework. Permitting various VMs on a similar equipment offers numerous points of interest. Near-complete isolation between visitor working frameworks on a similar equipment ensures against OSs being a self-contained purpose of dissatisfaction. It likewise permits OS combination from various machines as it is important to reduce framework underutilization and keep up effectiveness of task. This conversation from the equipment state permits not just numerous working frameworks to exist together on a similar equipment, yet for one VMM to keep running on various diverse organized physical frameworks simultaneously. By using a VMM to interfere between the OS and the equipment, virtualization changes the coordinated mapping of OSs to equipment to, many-to-many (Guthrie and Lowe, 2013).

Although some open frameworks actualize this model just freely, as a VM does not, as a rule keep running on different frameworks simultaneously, permitting one VMM to be moved over numerous physical frameworks perfectly while running has enhanced the contributions for elite and high-accessibility frameworks and distributed computing. Additionally for the commoditization of handling power. While we center in this article around framework virtualization, there are numerous other virtualization advances that cover with what we talk about, for example, storing virtualization and system virtualization.

The properties of virtualization are not only favorable for the security, they can be unfavorable. Because, virtualization is huge and extremely a dynamic research field, with new research and threats turning out daily, any scope can never be comprehensive. As expressed in the Introduction, this work is expected as an introduction for the concerns of security, contemplations, and for coming up with suggestions, by using the virtualized frameworks. Thus, such a work proposes a general scope of security related problems, which contain virtualization. We are worried about threats that influences the accompanying operators like, VMM, VMs, OSs in VMs, programming running on OSs, and are in operational condition. For instance, system. Since we are attempted an extremely broad approach, there are circumstances where a particular illustration will be secured quickly. For more data we need per user to suggest to the suitable references. Security, with regards to this work, refers the revelation and modification of information and tasks that might be viewed as touchy. Associated threats includes, two ruptures of expected benefit and breaks of different controls which are allowed frequently and certainly. It might be connected on a case-by-case premise, for suiting the situation.

Software Management

To begin with virtualization, it includes extra layers of framework complexity. This refers to checking for the extraordinary events and oddities which similarly turns out to be more difficult when compared to the current situation, for recognizing the security related problems. For instance, advanced constant risks.

Next, by configuration the virtualized situations are dynamic, which instantly changes every time. In few minutes, not all the physical situations, can the virtual machines be turned up.  It can be anything but hard to forget what is on the web, disconnected and subsequently what potential security openings are uncovered. This is recognized based on a phenomenon called virtual extension. It refers to when the quantity of virtual machines present inside a situation achieves a point where they can never again be overseen, adequately. For instance, making all the security fixes connected correctly. In similar situation, the security of all the virtual machine can never be ensured again. The attackers have used the disconnected virtual machines as a portal, for accessing the framework of an organization, as it is guaranteed in the Browser Stack break.

At last, although the dynamic idea of virtual machines and workloads can be instantly moved. This represents a security hazard. For instance, a specific workload may require an abnormal state of security, and the underlying virtual machine the workload is allocated to give that security. Yet, when looked with the preparation need for more mission-basic workloads, without setting up appropriate governing rules, it could be moved undoubtedly to the other virtual machine, by bringing down the level of security, where a potential gap is opened.

To secure a virtual machine by using the osquery. The osquery refers to an open source security tool to provide secure operating system and it transforms as a giant database, which contains tables that you can query, with the help of SQL-like statements. This tool is used to monitor the system security including monitoring the file integrity, checking on the status, performing security audits of the target server and firewall configuration. The osquery is a cross platform application supporting various operating systems. It is described as SQL powered operating system analytics, instrumentation and monitoring framework. The osquery has three components like, osqueryi, osqueryd and osqueryctl. The osqueryi is used to interact with the osquery shell for performing the ad hoc queries. The osqueryd is daemon for running and scheduling the queries in the background. The osqueryctl is a helper script for testing osquery configuration and deployment (Digitalocean.com, 2018). It is also used instead of operating system service manager to start, stop and restart the osqueryd. These components are independent tools. So, these do not communicate with others.

The osquery function needs to work properly by modifying the following operating system aspects. These are discussed below.

Allowing osquery to Access the System Log

Here, we will modify the operating system syslog application to allow osquery to query and consume the system log by entering the below command, for opening a configuration file enter the below code in the configuration file. It is shown below (Stuartellis.name, 2018).

Testing the host integrity

Creating an osquery Configuration File

Creating an osquery configuration file makes it easier to run osqueryi. So, here we need to create and open the configuration file by using the below command.

Then, type the below command.

Then, save and close the configuration file.

Finally, validate the query by using the below command.

Setting Up the osquery File Integrity Monitoring Pack

Here, we will keep a watchful eye on the file integrity on user server, because it is a critical aspect of monitoring its system security. So, the osquery provide the ready solution for that. So, we need to set up the osquery file monitoring pack which will contain the directives and query that will be used for the file integrity monitoring. First, user needs to create the file by entering the below command (Sarkar, 2013).

Type the below command on the created file. It is shown below.

Then, save and close the file.

Next, set the rules to pack list by opening the configuration file, by entering the following command.

Then, add the below command on the configuration file. It is shown below (Security system, 2016).

Finally, save and close the file. Here, osqueryi successfully installed. We will use the osqueryi to query the system. This process is shown below.

Using osqueryi to Perform Ad-hoc Security Checks

Here, we will perform various security checks on the user system using osqueryi. First, user needs to launch the osquery with a configuration file by typing the below command.

Then, start with basic security checks on the system.

For example, To find who else other than you is logged into the system now?

Enter the below command on terminal.

select * from logged_in_users ;

It is shown below (Network Computing, 2018).

Then, find who is logged in now, but what about the previous logins?

Enter the below command,

select * from last ;

It is shown below.

Later, find what type of jobs are scheduled in crontab?

Enter the below command on terminal,

select command, path from crontab ;

This query is used to find the malware that have been scheduled to run a specific interval.

It is shown below.

Here, we will check the files on the system that are setuid enabled?

Enter the below command on the terminal.

select * from suid_bin ;

This process is used to detect the back doored binaries.

It is shown below (SearchCloudSecurity, 2018).

To view the list of loaded kernel modules by entering the below command on the terminal.

select name, used_by, status from kernel_modules where status="Live" ;

Here, we will find the back doors on the server to run a query and it is used to list all the listening ports by entering the following command.

select * from listening_ports ;

It is shown below.

Finally, user needs to look at file activity on the server by entering the below command.

select target_path, action, uid from file_events;

This query is used to show all the recent file activity on the server based on the user id responsible for the activity.

Finally, the osquery tool is used to monitoring the system security to provide the secure operating system.

Conclusion

This project successfully investigated the security of the operating system because WidgetsInc Company contracted the Benny Vandergast Inc. for developing a new web based store for them. Because, the Benny Vandergast Inc. facilitated testing using the VMware virtual machine. Thus, WidgetsInc took decision of providing you a job, related to system security evaluation. In this project, we will successfully performed the security evaluation on the provided virtual machine image. These are investigated and analyzed in detail. Benny Vandergast Inc. is used the osquery tool to provide the secure and effective virtual machine for a WidgetsInc Company. The osquery tool is analyzed and discussed in detail. The WidgetsInc Company also needs password recovery for a virtual machine operating system and it is successfully recovered. This process also discussed and analyzed in detail.

References

Digitalocean.com. (2018). How To Monitor Your System Security with osquery on Ubuntu 16.04 | DigitalOcean. [online] Available at: https://www.digitalocean.com/community/tutorials/how-to-monitor-your-system-security-with-osquery-on-ubuntu-16-04 [Accessed 4 Aug. 2018].

Golden, B. (2018). 3 key issues for secure virtualization. [online] CSO Online. Available at: https://www.csoonline.com/article/2131147/cloud-security/3-key-issues-for-secure-virtualization.html [Accessed 4 Aug. 2018].

Guthrie, F. and Lowe, S. (2013). VMware vSphere design. Indianapolis, Indiana: John Wiley & Sons.

Lans, R. (2012). Data virtualization for business intelligence architectures. Amsterdam: Elsevier/MK.

Network Computing. (2018). Top 11 Virtualization Risks Identified. [online] Available at: https://www.networkcomputing.com/data-centers/top-11-virtualization-risks-identified/2062567936 [Accessed 4 Aug. 2018].

Perspectives, I. (2018). Virtualization and Security: Overcoming the Risks. [online] Data Center Knowledge. Available at: https://www.datacenterknowledge.com/archives/2015/03/09/virtualization-security-overcoming-risks [Accessed 4 Aug. 2018].

Sarkar, P. (2013). VMware vCloud security. Birmingham: Packt Publishing.

SearchCloudSecurity. (2018). Top virtualization security risks and how to prevent them. [online] Available at: https://searchcloudsecurity.techtarget.com/tip/Top-virtualization-security-risks-and-how-to-prevent-them [Accessed 4 Aug. 2018].

Security system. (2016). Washington, D.C.: United States. Dept. of Energy.

Stuartellis.name. (2018). Linux and LINUX Security Features · Field Notes. [online] Available at: https://www.stuartellis.name/articles/Linux-security-features/ [Accessed 4 Aug. 2018].