Академический Документы
Профессиональный Документы
Культура Документы
Marija Mijalkovic
Power Systems Technical Sales
IBM Canada
marija@ca.ibm.com
Agenda
Introduction
AIX Security Expert (aixpert)
Secure by Default (SbD)
File Permission Manater (fpm)
Trusted Execution (TE)
Role Based Access Control (RBAC)
Encrypted Filesystems (EFS)
Trusted AIX (MLS)
Other new features
Introduction ...
Computer security ... Dynamic and changing world
Enterprises must be diligent to integrate many mechanisms to address
threats.
OS is the foundation upon which the rest of the software stack builds
its security
Historically AIX has provided solid security; new features only build on
that.
Encrypted Filesystem
Trusted Execution
Workload Partitions
Trusted AIX
Manage Growth,
Complexity & Risk
Realize Innovation
What is it?
A centralized security
management tool that can
control over 300 security settings
from a single console
Administrators can start from a
Low, Medium, High or
Sarbanes-Oxley security
template and customize settings
to met business requirements
Security settings can be
exported and imported as a
security profile to multiple
systems
On AIX V6.1, security profiles
can be stored in an LDAP
directory for ease of distribution
AIX Security Expert was first
included in AIX V5.3 TL5
2008 IBM Corporation
TCP/IP
IPSec
Auditing
Logging
writing rules and policy to a file first, without altering the system
direct root login gets disabled (local and remote), enforcing 'su'
/etc/inittab
Audit Policy
Network Security
10
11
AIX has been around for a long time setuid bits on many system programs has
not been modified; tool replaces the need for customers to write their own scripts
to reduce setuid and setguid programs
12
Creates logfile of prior permissions for selective and recursive rollback / undo or
default/factory settings
Uses secure hash algorithm with 256 bit key SHA-256 to calculate signature
offline, e.g. check everyday through a cron job (much like 'tcbck')
Policy-driven
13
After all changes are made, put TSD in lockdown mode; to get out of it reboot is
necessary
All system files of this type are put in TSD by default; customer created files
of above type should be added
Will block attemps to execute malicious code and important system file
tampering (trojan horses)
14
Signature
Database
Certificates
Database
Integrity Checker
Tool
Executable/
Module
vs.
Calculate
Hash
Hash/
Signature
Database
Policy Engine
Memory
15
Manage Growth,
Complexity & Risk
What is it?
A new capability of AIX V6.1
that allows privileged
administration tasks to be
delegated to non-privileged
users
Access to system resources are
associated with roles that are
assigned to non-privileged users
Realize Innovation
16
Before
17
18
(default)
Roles
Privileges
19
20
RBAC Infrastructure
Infrastructure to create and track authorization, roles and
priviledges are stored in separate databases
21
Authentication DB
Role DB
Priviledged command DB
Privileged device DB
Privledged File DB
22
Start
Is Command
in the
Database?
Yes
Is user
Authorized?
Yes
No
No
Execution Fails
Color Key
No
Does Process
Have File System
Access Rights?
Yes
Historic
Behavior
New Decisions
23
Execution Allowed
SA
System Administrator
SO
System Operator
24
25
26
$ rolelist -e
rolelist: 1420-062 There is no active role set.
$ bootinfo -r
ksh: bootinfo: 0403-006 Execute permission denied.
$ swrole SysBoot
foo's Password:
$ rolelist -e
SysBoot
System Boot Administration
$ bootinfo -r
524288
$ ^D
$ rolelist -e
rolelist: 1420-062 There is no active role set.
Manage Growth,
Complexity & Risk
Realize Innovation
27
What is it?
The capability to automatically
encrypt data in a JFS2 filesystem
Data can be protected from
access by privileged users
Backup in encrypted or clear
formats
Automated key management key store open on login,
integrated into AIX security
authentication
Each file encrypted with a
unique key
No keys stored in clear in kernel
memory
A variety of AES, and RSA
cryptography keys supported
Each file is encrypted with a separate key (stored in its meta data)
Encryption/Decryption happens in memory, not on storage
User keystore gets opened and loaded by login password or separate pw
28
Keystore holds user's private and public key (asymmetric encryption, RSA)
CryptoLite in C (CLiC) library and kernel extension must be installed and loaded
EFS must be explicity enabled (can be done at any time using 'efsenable')
not to be applied on "/", /usr, /var and /opt since keystore can't be opened during boot
but that's OK, since EFS' main focus is on protecting user/application data
29
Edit abc
Logs in
Clear
File
access
PKCS#12
Keystore
File System
Layer
Memory
Key Cache
30
Encrypted
File
31
The file owners keystore password must also be "saved" or files must
be reencrypted in a timely manner when keystore pw changes
Installtime-only option
Meet or exceed government standards for maximum security
32
MIC
Object
DAC
MAC
DAC
MAC
Default settings
provide the
usual "look and feel"
MIC
Subject
33
Up to 255 characters
Ex
am
ple
shells = /bin/sh,/bin/bsh,[...]
maxlogins = 32767
logintimeout = 60
maxroles = 8
auth_type = STD_AUTH
pwd_algorithm = ssha512
34
LDAP Enhancements
e.g. 'lsldap' and Microsoft Active Directory support for AIX clients
ipfilter
Cryptographic Accelerator PCI-X adapter with support for CCA and PKCS#11
35
Resources
Redbook SG24-7430 "AIX 6 Advanced Security Features:
Introduction and Configuration"
http://www.redbooks.ibm.com/abstracts/sg247430.html?Open
Excellent reference, good overview and intros to various topics, e.g.
cryptography, I/T security in general, etc.
May not be 100% technically accrate due to late changes in beta code
http://publib.boulder.ibm.com/infocenter/pseries/v6r1/topic/com.ibm.a
ix.security/doc/security/security.pdf
Deep dive reference as part of the system documentation in InfoCenter
36
create
network
halt
info
reboot
shutdown
proc
aix
ras
security
system
boot
config
install
stat
wpar
aix.system.boot.info
xa
/usr/sbin/bootinfo:
mp
accessauths = aix.system.boot.info
le
innateprivs = PV_DAC_R,PV_DAC_W,PV_DEV_CONFIG,PV_KER_RAS
37
write same
subject
(HIGH SL)
write
down
read same
object
(HIGH SL)
write
up
read
down
read same
object
(LOW SL)
38
write same
subject
(LOW SL)
read
up
Focus on execution
write same
subject
(HIGH IL)
write
down
read same
object
(HIGH IL)
write
up
read
down
read same
object
(LOW IL)
39
write same
subject
(LOW IL)
read
up