Übungsaufgabe, Permissions, ACLs

Aktuell: http://heise.de/-1542748 Österreichische Bürgerkarte erneut angreifbar Die österreichische Bürgerkarte, die ähnliche Signierfunktionen wie hierzulande der nPerso hat, ist erneut angreifbar: Ein Angreifer kann die Java-basierte Online-Version der Bürgerkartenumgebung (BKU) missbrauchen, um etwa Banktransaktionen zu autorisieren oder PDF-Dokumente mit der qualifizierten Signatur des Opfers (gleichbedeutend mit einer Unterschrift auf Papier) zu unterzeichnen. Dies hat der Sicherheitsexperte Wolfgang Ettlinger herausgefunden. … Dr. Wolf Müller

Vorstellung: Übungsaufgabe Seitenkanalangriff  Crackme https://www2.informatik.hu-berlin.de/sar/Itsec/uebung_ssl/crackme.pdf Dr. Wolf Müller

Software IDAPro auf gruenau[1-4] idal Terminal idaq GUI Dr. Wolf Müller

FAT File System MS-DOS FAT12,FAT16 frühe Windows-Versionen FAT16 Single user, single tasking FAT (File Allocation Table) file system. Einfache Dateiattribute: Directory entry Read Only Archive System Hidden 8.3 Format für Dateien, Verzeichnisse 12 bit FAT = max 4096 clusters of 512 to 4k bytes (max 16Mb) 16 Bit FAT = max 65,525 clusters of 2k to 32k each (max 2Gb) SHARE.EXE erlaubt Mehrfachzugriff für Dateien Permissions, ACLs? MS-DOS FAT12,FAT16 frühe Windowsversionen FAT16 Single user, single tasking FAT (File Allocation Table) file system. Einfache Dateiattribute: Directory entry Read Only Archive System Hidden 8.3 Format für Dateien, Verzeichnisse 12 bit FAT = max 4096 clusters of 512 to 4k bytes (max 16Mb) 16 Bit FAT = max 65,525 clusters of 2k to 32k each (max 2Gb) SHARE.EXE erlaubt Mehrfachzugriff für Dateien

VFAT Windows 95 lange Dateinahmen Single user / multitasking Dateiattribute wie gehabt. 2 Terabyte disk size with FAT32 In summary FAT whatever the flavour is wasteful in terms of slack space, ie the space between what the file users and the size of the cluster. FAT has no attributes for security.

FAT32 Windows 95sr2/ Windows 98 Adressierung mit 32 Bit, 4 Bit reserviert: 228 = 268.435.456 Cluster adressierbar Dateien dürfen max. bis zu 4 GiB − 1 Byte (= 4.294.967.295 Byte) groß sein

OS/2 Single User, Multi-tasking Uses HPFS – High Performance File System, File attributes As per MS-DOS plus Creation time and date Modification time and date Access time and date 256 character file names 2 Terabyte maximum disk size HPFS although an improvement over DOS FAT does not have security to make it appealing for network resource sharing. OS/2 LAN Manager used to add network capabilities

NTFS Windows NT, 2000, XP, 2003 Various versions of NTFS latest being version 5.0 Multi-user, multi-tasking NTFS is a Journaled File System File attributes and Permissions Attributes Read Only, System, Hidden and Archive. Permissions Read Write Execute Delete Ownership Control Multi-user, multi-tasking NTFS is a Journaled File System File attributes and Permissions Attributes Read Only, System, Hidden and Archive. Permissions Read Write Execute Delete Ownership Control

NTFS (2) Features File quotas File compression Encryption Indexing service Drive spanning The machine’s user need not be given access rights to all the resources. Problem? Refer to Knoppix for booting from Linux with NTFS file system enabled, deleting SAM etc.

NTFS - Access Control Lists MFT Security Descriptor Attribute for a file or folder contains two tables of lists: SACL – System Access Control List, which records auditing information DACL – Discretionary Access Control List – which maintains list (of Access Control Entities) i.e. users’ SID and list of permissions for that file or folder Win NT uses static inheritance model When a folder is created it inherits permission from the parent folder, but if changes are later made to the parent the subfolders do not change unless you select to Apply the changes to subfolders, which can act as a sledgehammer overwriting individually set subfolder permissions Win 2000 uses dynamic inheritance model As parent folder change, permissions are inherited to the subfolders dynamically. Win 2000 offers more flexible control over inheritance ACLs can be resident in the MFT or stored as separate Metadata

NTFS – Data Streams file:stream e.g. echo Hello > test.txt:AWPP echo GoodBye >> test.txt more < test.txt more <test.txt:AWPP I present this is an example of the difference between FAT and NTFS. So far it seems that just an alternate hidden file is stored away, but the example of data streams shows how different NTFS is. What are its purposes... Many... Its primary used was for the simulation and support of Fork and Resource component for a Macintosh file like the HFS system (Macintosh Hierarchical File System). But it can also be used for inbuilt thumbnails of a graphic file, copyright information for music. Also if you right click on a file from Explorer you can set properties for the file which are maintained as alternate data streams. In case some of you are wondering this feature has already been used in malware, to avoid detection of malicious code, and naturally enough used to hide information from law enforcement agencies. If you copy a file with data streams to an NTFS volume it will retain the stream, but not when you copy to other file systems. This has implications when backing up files, if you copy them to a CD you will lose the alternate data streams, but if you tape backup software supports streamed data then you will preserve it. Some compression software will preserve ADS but others like Winzip lose it. For interest you can hide an executable in a data stream , and then execute it with start .\myfile:stream.exe (ie include ,exe in the stream name)

File system’s role in User Level Security in NTFS NTFS has extended attributes to support secure multi-user access. Access Control List, ACL, maintains list of User, Groups (or Computers) with rights allowed or denied to a resource. Cannot access Local machine’s data, without valid user account with rights to do so.

Local User Accounts Give users access to resources on a single machine, whether that user logs in locally or remotely These accounts reside in the Security Access Manager (SAM) located as a file on the machine. SAM maintains passwords and permissions for the user, and each user is given a Security Identified SID SID’s are used in Access Control Lists on files and folders Local Groups can be created to group similar user permissions. Built in accounts include Administrator and Guest Built in groups include Administrators, Power Users, User, Everyone Standard Permission make the bewildering array of choices easier to work with Only the Administrator or members of the Administrator Group can manage the full set of information for users and groups. The Guest account can represent a security weakness, or can be used to implement Share Level type security for systems not requiring high security

Issues with User Level security in workgroups or standalone Each user and or group must be setup on each local and remote machine that user need to access, management is complex Passwords can get out of sync very easily, users may not be set up identically through the system. Verifying a user’s access rights across a large organisation is an impossibly daunting task System is generally very secure, which can be a problem if users forget passwords, especially to Administrator user account on Local machine. You forget - You regret. In many cases you need administrator rights to install software, or configure the machine ActiveDirectory, WindowsDomains

Workgroups or stand alone with User Level sharing Each machine (server or workstation peer ton peer server) that a user wishes to remotely log on to must have that user set up in the database of users for that machine. Each user is generally defined with a password. Users can be added as members to groups to Any of the pre-defined standard groups, eg User, Everyone, Power Users, Administrators or groups can created on the machine. You must have an Administrator account or someone of that equivalence.

Workgroups or stand alone with User Level sharing (cont) How to share a Folder Set Permissions

Workgroups or stand alone with User Level sharing How to share a Folder Browse to folder On Share Tab on Properties box check Share Folder Permissions and security

Workgroups or stand alone with User Level sharing (cont) How to share a Folder (cont) Use Security for Control of inherited rights Fine control of advanced security

Workgroups or stand alone with User Level sharing (cont) Log on as a Local User to a machine Enter Username and Password This username must match a user already setup on this machine, and how has permission to log on as a local user Log on as Remote User to a shared resource Use Network neighbourhood to Browse thru Workgroup, find a machine, and browse the shareable resources on machine Select shared resource If username and password on local machine match then you are granted access, otherwise you must enter the login name and password. The username password pair must be setup on remote machine

Win XP – Simple File Sharing Simple File Sharing allows you to access shared files using the Guest Account (which by default has no password) and comes close to the sort of file sharing of Win95/98/ME There is little or no security using this and is best turned off From with My Computer – Tools – Folder Options from View Tab click Advanced – Sharing and Security.

Windows Domains Organises servers and computers into administrative and physical structures, and users log on to the Domain rather than the individual machines. Where networks are large enough to have several domains, Trust relationships can be used to verify the identity of a user logged on to one domain to another domain. Users still need to be created and managed in each domain, the Trust only authenticates the user A domain has one SAM (Security Account Manager) for the Domain, consolidating management The SAM is managed and stored on a machine known as the PDC (Primary Domain Controller), only one machine in a domain can act in this role, it is always advisable to have a Backup Domain Controller (BDC) which has a read only replica of the SAM

CD and DVD File Systems ISO-9660 also called CDFS UFS Universal File System Includes advanced features such as Long and Unicode filenames 64 bit file sizes File symbolic links ACL Access Control Lists Alternate Data Streams UFS is constantly evolving

Linux File Systems Ext2 (Extended File System ) Ext3 Reiser JFS XFS Is the usual native file system for Linux Uses inodes and allocation bitmaps (like NTFS) Ext3 Adds journalling to Ext2 Reiser Uses balanced tree indexing, is very efficient with large directories of small files (64k block size) Provides metadata journalling (like NTFS) JFS A journaled file system based on an IBM file systems from OS/2 Warp XFS Each of the above support ACL’s. ACL’s which were introduced in the Linux Kernel 2.5.46

Linux Permission Systems Traditionally Linux (and Unix) offer 3 sets of permissions for files and directories Read, Write and Execute for the three groups Owner, Group and Others This can be very restrictive, being only one owner, and one group per file or directory. Additional control of permissions is provided with ACL’s (like the Windows ACL’s) Support for ACL’s was first brought about for support for Samba (Microsoft file sharing support) Managed through the getfacl and setfacl programs, whereas traditional permissions are managed thru chmod

Linux S-Bit Sticky-Bit Aufgaben: Zufriff teilen zwischen mehreren Nutzern 1.) automatisiert auch für neue Verzeichnisse S-Bit für Shellskripte? Nur Eigentümer einer Datei (oder der Eigentümer des Verzeichnisses) darf Datei löschen oder umbenennen Dr. Wolf Müller