Featuring 17 Papers as of January 30, 2017
Attack and Defend: Linux Privilege Escalation Techniques of 2016 STI Graduate Student Research
by Michael Long II - January 30, 2017
Recent kernel exploits such as Dirty COW show that despite continuous improvements in Linux security, privilege escalation vectors are still in widespread use and remain a problem for the Linux community. Linux system administrators are generally cognizant of the importance of hardening their Linux systems against privilege escalation attacks; however, they often lack the knowledge, skill, and resources to effectively safeguard their systems against such threats. This paper will examine Linux privilege escalation techniques used throughout 2016 in detail, highlighting how these techniques work and how adversaries are using them. Additionally, this paper will offer remediation procedures in order to inform system administrators on methods to mitigate the impact of Linux privilege escalation attacks.
Securing Linux Containers by Major Hayden - August 10, 2015
The components that make Linux containers possible have been available for several years, but recent projects, such as LXC and Docker, have made the technology much more accessible to users. Containers allow for even more efficient utilization of server resources through greater density and faster provisioning. However, securing containers is much more challenging than traditional virtualization methods, including KVM. The isolation layer between the container and the kernel, as well as between each container, is extremely thin. Weaknesses in the kernel or the container configuration can lead to compromises of containers or the entire system. The responsibility of managing the operating system within the container can also become blurry with time, and that can also lead to compromises of the container. Fortunately, Linux security modules, such as SELinux and AppArmor, along with careful configuration and container operating system management, can strengthen the thin walls around each container. Organizations that use mature Dev/Ops practices can also improve security within each container by automating the creation and deployment of container images. This paper will discuss the best strategies for securing a system running containers and the trade-offs that come with each.
Securing Blackboard Learn on Linux by David Lyon - December 1, 2011
Blackboard Learn (Bb Learn) is an application suite providing educational technology to facilitate online, web based learning. It is typical to see Bb Learn hosting courses and content. Common add-ons include the Community and Content systems which are licensed separately.
Hardening Debian 4.0 – Creating a simple and solid foundation for your applications by Alexandre Dery - January 14, 2008
Any operating system is vulnerable to attacks if it's not properly configured. People get really emotional about the security of their preferred operating system: every mildly technical forum is bound to be a battle ground for flame wars between OS lovers. But the bottom line is: company politics and policies aside, whatever the operating system is, its security depends mainly on the knowledge of its administrator. Debate all you want, but even an OpenBSD server will be hacked if its administrator has no clue!
NFS Security in Both Trusted and Untrusted Environments by Jakub Dlugolecki - November 1, 2007
This paper describes risks of using NFSv3 and NFSv4 in environments where performance is considered to be a more important factor than security. The paper also describes ways to mitigate those risks.
Secure Network Configuration Management for Linux based Routers by Ron Young - May 5, 2005
This paper presents a detailed implementation and operation plan for remote configuration management of a research network infrastructure. GIAC University is currently involved with several large-scale research projects that utilize individually identifiable medical records.
Step by Step Installation of a Secure Linux Web, DNS and Mail Server by John Holbrook - April 8, 2004
This paper will show how the author configured a Linux based web and e-mail server for a small company. This server is co-located at a local ISP. Because of budget limitations, the company can only locate one physical box at the ISP which limits what security measures that can be installed.
Linux Kernel Hardening by Taylor Merry - December 21, 2003
This paper outlines the installation and configuration of a Grsecurity-enhanced kernel.
Linux Process Containment - A practical look at chroot and User Mode by Paul Lessard - June 3, 2003
This document will explore some of the general ideas of how process containment is performed with chroot and User-mode Linux, and how to help ensure that a successful attack on a jailed process does not affect the main system.
Secure OS Environments for Linux by Pedro Luz-Romero - June 3, 2003
In this paper I make a review of the main set of tools and resources available for Linux system administrators willing to build an operating system with enhanced security features that allow applications to run securely in a network accessible from the Internet.
Linux RootKits For Beginners - From Prevention to Removal by Jeromey Hannel - March 2, 2003
This paper provides an understanding of rootkits and will discuss how to monitor for a rootkit, and the steps taken to remove one.
Using Linux Scripts to Monitor Security by Harvey Newstrom - August 23, 2002
This paper will demonstrate how to create a generic tool using Linux scripting to enable network security monitoring.
Aggressive Patching and the Use of a Standard Build: An OpenBSD Example by Michael Sullenszino - April 5, 2002
This paper discusses the importance of a standard build and defines Aggressive Patching as a vital part of defense in depth. It then goes on to demonstrate how to implement Aggressive Patching by creating a Standard Build internet server farm and support structures that allow for automated patching and rapid deployment of hardened servers.
The Role of Bastille Linux in Information Security by Michael Grimaila - February 18, 2002
In this paper, the author will briefly examine the evolution of Linux, discuss its popularity, and examine in detail Bastille Linux, which is used to increase the security of RedHat and Mandrake Linux distributions.
An Introduction to the NSA's Security-Enhanced Linux: SELinux by Susan Rajnic - February 8, 2002
This paper will introduce the NSA's research project termed "Security-enhanced" Linux.
The Easily Recoverable CD-ROM Booted Linux Internet Server: A How-To by Brian Otto - January 21, 2002
The purpose of this paper is to detail the general steps to create a read-only Internet Server providing DNS and static web pages (bind and Apache).
Security Applications of Bootable Linux CD-ROMs by Richard Bajusz - November 30, 2001
This paper examines the security applications of bootable Linux CD-ROMs.
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact email@example.com.
All papers are copyrighted. No re-posting or distribution of papers is permitted.