How each OS handles security, and how to set up basic configuration on your system
Security in OSes is a fairly hot topic in our modern, connected world. We don't want unauthorized people gaining access to our systems and making our computers do terrible things. Surprisingly, OS security boils down to one simple concept: Does the user have permission to do an action? So, how does the modern OS handle granting and denying permission?
Basic Concepts
OS security is divided into three major components: memory space, accounts, and file permissions.
Memory space security involves separating programs into two levels: kernel mode and user mode. Kernel mode is where important operating system programs are run. User mode is where the rest of the programs and applications run. Kernel-mode programs usually handle the hardware-level aspects of managing the system. If a user-mode program wants to access something in kernel-mode space, it has to make a system call in order to do so. The system call will check the appropriate permissions before committing the action.
Accounts are also divided up into two levels: administrators and users. Administrators generally have permission to perform actions that affect kernel-mode applications. These include setting up an IP address for a network interface or creating a partition. Users normally can't do these actions without administrative permissions, which they usually get by entering an administrator's login or elevating the permissions level temporarily.
File permissions are attributes built into a file system that tell the OS which accounts can do what. Some file systems, like FAT32 and exFAT, don't have a permissions system. File permissions are usually implemented based on the OS they're primarily used in; other OSes that don't normally use them will not enforce them. For example, NTFS file permissions are not supported on Linux because Linux doesn't normally use NTFS.
As administrator accounts have permission to do many things, a lot of attacks and exploits on computers essentially boil down to getting that access. Once an attacker has it, they are free to do anything.
Linux/UNIX Security
Both of these families of OSes derive their security from the POSIX standard. In POSIX, practically all aspects of the system are treated as files. For example, if you want to print something, the idea is that you "write" to the "printer file." A user can do three things to a file or directory:
r - Read the contents of a file or directory
w - Make changes to the file (including delete) or directory (make new files/folders or delete them)
x - Execute a file or search within a directory.
Files and directories are tagged with these permissions flags to say whether a user can do one of those actions. POSIX also allows users to be grouped for administrative/security purposes. This creates a total of three types of users who each need to have those permissions flags defined:
The owner of the file
Everyone in a group
Everyone else who is not the owner of the file or in the group
If you pull up the permissions of a file, either from a file explorer or the console command ls -l, you'll find a string of 10 characters laid out like this:
If a file has a dash (-) as the flag, the user associated with the type does not have permission to perform that action. The directory flag says the "file" is a directory. If it's a dash, the file is just a file.
Example output of the ls -l command, showing permissions on the left side.
Most POSIX OSes have a special account called root. Root has permission to do anything regardless of the permissions flags set. If a user also needs to perform an action to a file and they don't have permission to do so, they can invoke the action with sudo from the command line. This elevates the user temporarily to root privileges.
Linux and UNIX have a variety of ways to change permissions done to a file or directory, but they all have one command: chmod.
chmod (short for change mode) is invoked by the following command in a console: chmod [options] [mode] [file1] [file2] ...
Options you can set are:
-r - Recursive, if performing this on a directory, this makes changes to all subdirectories as well, rather than just the contents of the directory.
-f - Force, this continues the operation even if an error occurs.
-v - Verbose, this shows what's being processed.
Modes are basically the permission flags. It is three numbers from 0-7 representing the 10-character string described above (directory flag is implied). What each number means:
| Number | Meaning |
| 0 | No permission |
| 1 | Execute/search |
| 2 | Write |
| 3 | Write and execute/search |
| 4 | Read |
| 5 | Read and execute/search |
| 6 | Read and write |
| 7 | Read, write, and execute/search |
And here are some examples of what chmod will do to a file or directory:
| chmod 700 example.sh | Allows only the owner to read, write, and execute “example.sh.” |
| chmod 664 example.txtexample2.txt | Allows the owner and the group to read and write to “example.txt” and “example2.txt.” All others can only read the files. |
| chmod –r 754 apps | Allows only the owner to view the contents, create new files or directories, and execute everything in the directory “apps.” The group can only view the contents and execute everything in “apps.” Everyone else can only view what’s in “apps.” |
If your account does not own and/or have write permissions to the file or directory, you must prepend chmod with sudo before changes can be made.
For those new to Linux/UNIX command line interfaces, there are lots of Internet sources that provide cheat sheets for the most common commands you'll need to navigate and perform actions. Here's another option we like because it's particularly handy.
Windows Security
Microsoft started taking security seriously with Windows NT. Windows based on DOS had no concept of security; it allowed any user to do anything. The only limitation in Windows is that only NTFS partitions have security provisions. As stated before, the FAT family of file systems doesn't have built-in permissions.
Like POSIX, Windows has several flags that define permissions for what a user can do to a file or directory. Unlike POSIX though, Windows has a laundry list of permissible actions. The main ones are:
| Action | Allowed | Denied |
| Read | View files or folders | Execute files, view contents of subfolders, delete files or folders, or change permissions or ownership |
| Write | Create new files or folders; Modify current files or folders | Execute files, delete files or folders or change permissions or ownership |
| List folder contents | View contents of a folder, its subfolders, and execute files | Delete files or folders or change permissions or ownership |
| Read and execute | Same as “List folder contents” | Same as “List folder contents” |
| Modify | Read, write, modify, execute, and delete files or folders | Change permissions or ownership |
| Full control | Same as modify, but allows changing of permissions and ownership | Nothing |
Also like POSIX, Windows has an account called "Administrator" that acts as root and has permission to do anything, regardless of what permissions were set. This is different from an administrator-type account, which still has some restrictions on what it can and cannot do.
To change permissions of a file or folder in Windows, open File Explorer and go to the file or folder. In this example, we'll use a folder.
1. Right click on the folder and select "Properties"
2. Go to the "Security" tab
3. Click on the "Edit..." button in the middle, underneath the "Group or user names" listing. This will display another dialog where you can change permissions.
By default, Windows lists the permissions of the following groups:
Authenticated Users: These are users who have authenticated with a domain. This is more a concern for people that use network-based logins.
SYSTEM: This is a Windows internal account that system processes and services use. It runs at the highest privileges by default and cannot be edited by anyone.
Administrators: All accounts that have Administrator privileges.
Users: All accounts that have Standard User privileges.
4. To change a group's permissions, select that group and tick off each action you want to allow or deny. Then press OK or Apply.
5. If the option is grayed out, you're running an account that does not have permission to change permissions. You'll have to give that group "Full Control" first before you can change permissions.
6. If you want to change an individual account's permissions, click on the "Add..." button:
7. In the text area labeled "Enter the object names to select," type in the user's account and press "Check Names." If the name was typed correctly, the box will populate with the user's account. If you're having trouble trying to find out how the account is named, you can look it up in the C:\Users folder.
8. This will add the user's account to the list of groups, which you can then set the permissions flags.
Good Security Practices
The following are some tips you can use to increase protection and security in your OS. These aren't foolproof, but practicing these will limit the damage malware can do.
Do not run as root (Linux/UNIX) or as administrator without UAC (Windows) as your daily driver. Running as an account that allows everything to happen dramatically increases the chances of allowing malware to run its course.
Do not change the permissions of system folders willy-nilly. There's a reason why most of these are only given read or execute permissions only. If you must make a change in permissions, do it at the deepest level possible.
On Windows, run as a standard user account as your daily driver. This helps limit what damage a program can do. While the downside is that UAC prompts require an admin login, it's similar to Linux/UNIX requiring your password every time you invoke sudo.
From maximumpc
from http://bit.ly/1LeGFmY
