Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux...
-
date post
19-Dec-2015 -
Category
Documents
-
view
223 -
download
1
Transcript of Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux...
![Page 1: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/1.jpg)
Disk OrganisationLinux File Systems
Linux File System HierarchyGeneral Security InformationLinux File System Security
Yiğit Cansın HekimciCan Dereli
![Page 2: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/2.jpg)
Disk Organisations
![Page 3: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/3.jpg)
What is a hard disk? A hard disk drive (HDD, also commonly shortened to hard drive and formerly
known as a fixed disk) is a digitally encoded non volatile storage device which
stores data on rapidly rotating platters with magnetic surfaces.
In the simplest of forms , they give computers the ability to remember things when the power goes out.
![Page 4: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/4.jpg)
Hard disk contents
![Page 5: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/5.jpg)
How hard disk works?
• Sectors(256,512) and Tracks
• O/S or hard disk groups them as clusters
• Low level formatting (beginning and end points)
• High level formatting– File storage scheme
– Order of sector and tracks
• After HLF platters are ready to read/write
A sector
A track
![Page 6: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/6.jpg)
Organization of Disks...
1. Positioning the headto the sector
2. Sector is under the head
Low speed readingHigh positioning speed
High speed readingLow positioning speed
![Page 7: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/7.jpg)
Organization of Disks...
2. Positioning of the sector is under the head
The amount of time passed to position the sector under the head is the same inside and outside.But because of having less sectors inside the amount of time passed to position the sector is relatively less.
![Page 8: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/8.jpg)
Organization of Disks...
2. Positioning the Sector under the head..
Practically
%5-10
lesser.
Outside of the disk is always
Faster.
Result in practice
![Page 9: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/9.jpg)
SCSI vs. IDE...
SCSI
Better driver electronicBetter optimized sectorsMuch faster head move.
Tag Sorting..The most important factor
that reduces the search time forthe sector.
SCSI Systems, are indispensable for Applications
that need High Speed
High Databus speed.. Much faster transfer More device to the same databus - RAID
![Page 10: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/10.jpg)
Linux File Systems
![Page 11: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/11.jpg)
Linux EXT2
File location informations are scattered througout the disk.
The pointer to the file (inode) and file info are kept close.
First location to show inode table is called SUPERBLOCK.
Superblock is kept on the disk with 3-4 copies.
Privileges can be given to each of User, Group, Others.
Backs Hard/Symbolic Link.
On-the-fly Compress, immutable files vs..
![Page 12: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/12.jpg)
Linux EXT2 - Metadata
![Page 13: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/13.jpg)
EXT3
It is basicly the same as EXT2 but added journal property.
EXT2 FS, can be easily converted to EXT3:tune2fs -j /dev/hda5 ...
Journal is kept on a file.
System can be used as EXT2 in case of a journal error.
![Page 14: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/14.jpg)
Reiser-FS
Metadata Journal. File System InformationOn Demand, 3. Partu DATA Journal Support
Balanced B* tree. High Performance.
2 G File in directories without loss of performance..
It can hold small files in one block.
Namesys Compatibility
![Page 15: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/15.jpg)
SGI-XFS
Enterprise is a file system for systems.
Many extra properties.File system backup, POSIX 1003.1e ACL,Extended Attributes vs. vs. vs.
64 Bit .. No limit for the near future..
DMAPI for Hierarchical Data Storing..
![Page 16: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/16.jpg)
SGI-XFS
XFS don’t aim for the highest performance.
Strong, extendible FS..
POSIX 1003.6 Compatibility, ACL, MAC, Audit..
%100 data loss free Journal..
More than one Storing unit..
On high level applications guaranteed levelAdequate performance..
![Page 17: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/17.jpg)
Ext2
1000
500
50 100% Fullness rate
KB/sec
1K Blocs
4K Blocs
![Page 18: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/18.jpg)
1000
500
50 100% Fullness rate
KB/sec
ReiserFS
![Page 19: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/19.jpg)
2000
1000
50 100% Fullness rate
KB/sec
ReiserFS (mount -o notail)
![Page 20: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/20.jpg)
1000
500
50 100
KB/sec
XFS
% Fullness rate
![Page 21: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/21.jpg)
Any access method isn’t suitablefor every time..
Small but many files.Particion vastnessLarge filesKernel I/O mechanismPrograms disk access..
WHY ?
![Page 22: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/22.jpg)
Real Life...
Programs may reach very different places at the same time..
There are no queued Requests on the system..
No one can know what the programs will want on the next step..
![Page 23: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/23.jpg)
Real Life...
Adequently efficient if 4K blocks are used
It is a system which proved itself.
Can journal with ext3.
Fullness of the disk or defragmentation doesn’t effect speed.
![Page 24: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/24.jpg)
Real Life...
Relatively small but for many files..
Very good on performance
Not so trustworty.
Reiser4 comes on September/November 2002..
![Page 25: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/25.jpg)
Real Life...
Optimal performance is aimed.
Good on performance
Look strong, can have interesting conflicts ..not included in Kernel code..
SGI ? Promises alot with design targets
![Page 26: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/26.jpg)
For people who don’t like mathematics...
We tested 3 different systems.
486 DX2 32 MB RAM, 4.3 GB HDD
CEL 433 128 MB RAM, 8.4 GB HDD
PIII 1000, 512 MB RAM, 40 GB HDD..
![Page 27: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/27.jpg)
For people who don’t like mathematics...
On Desktop...
486 DX2 32 MB RAM, 4.3 GB HDD
CEL 433 128 MB RAM, 8.4 GB HDD
PIII 1000, 512 MB RAM, 40 GB HDD..
XFS slowest, Reiser FS average, Ext2 good..
XFS and Ext2 never got down, Reiser FS :((
XFS and Ext2 never got down, Reiser FS :((
XFS slowest, ReiserFS fast, Ext2 average
XFS and Ext2 never got down, Reiser FS :((XFS - ReiserFS same, Ext2 :((
![Page 28: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/28.jpg)
For people who don’t like mathematics...
We set up a network (Always been there...)
22 PIII 64..128 MB RAM, 6.4..20 GB HDDWindows 98 and Mandrake 8.0
PIII 1000 CPU512/1024 MB RAM2x40 GB SoftRAID0 HDDSuse 7.1, Linux 2.4.18 KernelApache 1.3, Samba 2.2.3aSendmail + ipop3d23 GB MP315 GB ISO Image..3 100 Mbit Ethernet
![Page 29: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/29.jpg)
For people who don’t like mathematics...
With Windows 98 :Using Explorer, streaming music..Copied ISO’s to the disk..We sent CD’s to the main machine with FTP..
With Linux:Watched clips through NFS.Got ISO’s through FTP.Downloaded MP3’s with Konqueror.On every machine we ran STMP and POP3
with 150 processes..
![Page 30: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/30.jpg)
For people who don’t like mathematics...
Performance
For Web Server:ReiserFS -> Very goodXFS -> Goodext2 -> Goodext3 -> average..
FTP/SMB/NFS:ReiserFS -> GoodXFS -> Very goodext2 -> Acceptable.ext3 -> Acceptable.
![Page 31: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/31.jpg)
For people who don’t like mathematics...
Stability:
ReiserFS:Make at least two UPS avaible.Don’t forget to back up.Can go down without sortege.
XFS:Don’t necessarily pay for UPS.Again don’t neglect back up.Didn’t go down without sortege.Could not be saved with Journal.
EXT2/EXT3:Having UPS is a good thing.Again don’t neglect back uping.Didn’t go down without sortege.
![Page 32: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/32.jpg)
For people who don’t like mathematics...
General recommendation:
For small,desktops ext2/ext3..
For people who want to be fast and furious, ReiserFS
For ReiserFs you should wait Raiser 4..
Larger machines, servers XFS..
![Page 33: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/33.jpg)
Understanding The Linux File System Hierarchy
![Page 34: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/34.jpg)
![Page 35: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/35.jpg)
![Page 36: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/36.jpg)
![Page 37: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/37.jpg)
![Page 38: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/38.jpg)
Mounting a device on the file system
Sample.tar.z – index.html – Makefile – binutils-2.15.92.0.2-5. – vsftpd_2.0.3-1.deb
![Page 39: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/39.jpg)
General Security Informations
![Page 40: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/40.jpg)
Cert/CC Incidents Reported Throughout the Years
6 132 252 406 773 1334 2340 2412 2573 2134 3734
9859
21756
52658
0
10000
20000
30000
40000
50000
60000
1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001
![Page 41: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/41.jpg)
Threat Types
Internal Threat Elements
– Ignorant and unconcious usage
– Bad intended actions
~ % 80
External Threat Elements
– Attacks that are aimed
– Attacks that are loose
~ % 20
![Page 42: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/42.jpg)
Internal Threat Elements
• Ignorent and Unconcious Usage– Unplugging of the Server by the cleaner– Database deletion by an uneducated employee
• Bad Intended Actions– A fired employee changing the corporate web site– An employee who runs a “Sniffer” under the network
and reading E-Mails– An executive selling a plan for a developed product to
the rivals
![Page 43: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/43.jpg)
External Threat Elements
• Attacks that are aimed– An attacker changing the corporate web site– An attacker changing corporate accounting registers– Multiple attackers accessing the corporate web server
and stolling it for service
• Attacks that are loose– Virus Attacks (Melissa, CIH – Chernobyl, Vote)– Worm Attackers (Code Red, Nimda)– Trojan Back Doors (Netbus, Subseven, Black Orifice)
![Page 44: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/44.jpg)
Attacker Types
• Professional Criminals
• Young generation attackers
• Corporate employees
• Industry and Technology spies
• Outside Government Administrations
![Page 45: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/45.jpg)
Quality of attack and the evolution of attackers abilities (CERT/CC)
![Page 46: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/46.jpg)
Quality of Attackes and Their Guessed Numbers
Very Dangerous
Predator
Mid-Level
Entry Level
Hundreds
Thousands
Tens of Thousans
MillionsCarnegie Mellon University
(1998-1999-2000)
![Page 47: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/47.jpg)
Attacker Motivation
• Financial Benefits• Rivalry Advantage
– Political– Economical/Commercial
• Desire to Gain Extra Resources• Personal Anger or Revenge• Curiosity or Desire to Learn• Reckless Behaviour
![Page 48: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/48.jpg)
Systems That Are on a Network And Have Potential Risks
Local Network
Security Wall
Internet
Other Networks
Router
Web Server that is left on the conjectural
corporation
E-Mail server that allow Relay
Client that belongs to
the secretary
Client that belongs to
the administrat
orSecurity Wall that
neglects divided packeges
Router that can channel source or
Spoof
![Page 49: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/49.jpg)
Spoofing
• Basicly it can be defined as misleading the source.
• Usually it is used to gain extra rights from the targer, diverting the guilt to other people’s/corporations responsibility, hide itself or arrange disorganized attacks.
• It can be used in various protocols, verifiying systems , applying special processes.
![Page 50: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/50.jpg)
Spoofing Tecniques
• MAC Spoofing can be made through changing of MAC addresses psically or with the changes in the ethernet packeges
• ARP Spoofing can be made through misleading the matching of ARP protocol packeges and IP/MAC addresses
• IP Spoofing can be made through changing the source IP address in IP packeges
• DNS Spoofing can be made through taking over DNS servers or sending fake replies to the requests
• Identity diversion can be made through copying cookies that are taken from Web server
• It can be done in finger print systems with previously gotten finger print
![Page 51: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/51.jpg)
Spoofing – Example Spoofing Process
System to be attackedSystem to Take Over
Attacker
Stay outI am “it”
1 2
![Page 52: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/52.jpg)
Spoofing – Preventing Methods
• Using external verifying systems• Ousting services that uses verifying through
IP,DNS,ARP,MAC addresses• Using static ARP tables, matching every port one
Switches with a MAC address and protecting Switches from table overflows
• Activating reverse request (RDNS, RARP vb.)• Stopping verifying informations (passwords,files etc.)
being stored on client system
![Page 53: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/53.jpg)
Prevention Methods of Virus, Worm and Trojan’s
• Anti-Virus systems should be used to protect all clients and servers
• To stop Worm attacks,precautions should be taken through Intrusion Detection Systems (if possible Security Wall)
• Packages that come through Internet to the corporate Network with protocols like FTP,HTTP,STMP,POP3 and IMAP should be scanned by Anti-Virus systems and if possible an Anti-Virus Network Bridge should be used
![Page 54: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/54.jpg)
The Linux File System Security
![Page 55: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/55.jpg)
File System Security Types
1. Secure file deletion
2. Access control lists (ACL’s)
3. File encryption
4. Filesystem encryption
5. Hiding data
• vipe - fwipe
•NSA SELinux - RSBAC
• PGP - GnuPG
• TCFS - BestCrypt - PPDD
• StegHide - OutGuess - RubberHose
![Page 56: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/56.jpg)
GnuPGWith GPG, you can create your public and private key pair, encrypt filesusing your key, and also digitally sign a message to authenticate that it’s
really from you.
![Page 57: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/57.jpg)
GnuPG
![Page 58: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/58.jpg)
Some Problems and Solutions with GnuPG
1- Encrypting Directories Problem:You want to encrypt an entire directory tree. Solution:To produce a single encrypted file containing all files in the directory, with symmetric encryption:
$ tar cf - name_of_directory | gpg -c > files.tar.gpg
or key-based encryption:$ tar cf - name_of_directory | gpg -e > files.tar.gpg
To encrypt each file separately:$ find name_of_directory -type f -exec gpg -e '{}' \;
![Page 59: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/59.jpg)
The Source Books
• For Dummies – Linux All in One Desk Reference For Dummies May 2006
• Hack Proofing Linux• For Dummies - Linux For Dummies 7th Edition May 2006• Prentice Hall PTR - Real World Linux Security• O'Reilly - Linux Security Cookbook• O’Reilly - Running Linux 5th Edition - 2005 Dec
• For Dummies – Linux All in One Desk Reference For Dummies May 2006
• Hack Proofing Linux• For Dummies - Linux For Dummies 7th Edition May 2006• Prentice Hall PTR - Real World Linux Security• O'Reilly - Linux Security Cookbook• O’Reilly - Running Linux 5th Edition - 2005 Dec
![Page 60: Disk Organisation Linux File Systems Linux File System Hierarchy General Security Information Linux File System Security Yiğit Cansın Hekimci Can Dereli.](https://reader035.fdocuments.in/reader035/viewer/2022062313/56649d395503460f94a135d0/html5/thumbnails/60.jpg)
• http://www.informatik.uni-frankfurt.de/~loizides/reiserfs/• http://www.tldp.org/HOWTO/HOWTO-INDEX/os.html#OSPARTITIONS• http://www.namesys.com• http://en.wikipedia.org/wiki/Linux• http://www.oreilly.com/catalog/runlinux5/index.html• http://www.oreilly.com/catalog/linuxsckbk/• http://www.amazon.com/Real-World-Linux-Security-Prevention/dp/0130281
875• http://www.dummies.com/WileyCDA/DummiesTitle/productCd-0471752827.
html• http://www.amazon.com/Hack-Proofing-Linux-Source-Security/dp/19289943
42• http://www.dummies.com/WileyCDA/DummiesTitle/productCd-0471752622.
html• http://web.mit.edu/tytso/www/linux/ext2.html• http://uranus.it.swin.edu.au/~jn/explore2fs/es2fs.htm• http://www.ing.umu.se/~bosse/
The Source Links