OS Tools to Implement Security Functions

• We have seen access control in a previous chapter.
• Audit logs are another factor
  • While this does not give you the ability to prevent violations.
  • They can indicate when a violation occurred
  • And help prevent future violations.
  • By the nature of the problem, these can not log every item.
    • But they can be set up to monitor things in great detail.
  • They are only useful if analyzed.
  • There are tools to do this.
    • Look at what Greylog says it can do.
      • Collect logs for the entire system.
      • Works in a distributed system for access to logs.
      • Provides analysis tools.
      • 
  • To be useful, logs need to be stored outside of an individual machine.
    • An attacker can modify/corrupt/remove a log stored on the system.
• Virtualization
  • "Providing the appearance of one set of resources by using a different set of resources."
  • A virtual machine - the virtualization/emulation of a computer system (Wikipedia)
  • Your text points out that there is no way a user could tell that they are on a virtual machine.
  • Advantages
    • Redundancy
    • Quick Rebuild/restoration
    • Easy to increase simulated resources.
    • More efficient deployment
    • Due to sharing underlying hardware, fewer resources needed.
  • A Hypervisor is the software that implements the virtual machine.
    • Emulate different hardware.
    • Emulate multiple platforms
    • Emulate a network connection as well.
  • This would allow you to
    • Run legacy applications that only run on older hardware/os on modern hardware.
    • Support isolation/separation of purpose on reduced hardware.
• Sandbox
  • What do kids do in a sandbox?
  • So do developers.
  • They say Java was originally developed as a sandbox environment
    • JVM
    • Completely isolated underlying system
• Honeypot
  • a fake (faux) environment designed to lure hackers in so they can be
    • Discovered
    • Monitored
    • Disabled.
  • The article Stalking the Wily Hacker is great.