Soma-notes - User contributions [en]

SystemsSec 2016W Lecture 4

2016-02-11T15:55:19Z

Jessjohnson: /* Topics & Readings */

===Topics & Readings===
----
* chroot jails
* MULTICS
* Trent Jaeger's ''Operating Systems Security'' textbook
* TCP IP Illustrated

===Class Notes===
----
====Jails====
A chroot jail isolates a single process from the rest of the system, and should be used by non-root users.
* BSD mechanism, not really a Linux thing
* limiting hierarchy to make a non-root dir seem like the root dir, forces hierarchy to be duplicated so that nothing seems weird
* fake root user gets ‘jailed’ into subset of hierarchy, and doesn’t really have real root privileges
* process has a different root dir in kernel, but to the fake root user it still seems like the root dir
* one kernel space, multiple user spaces
* kind of like OS virtualization

=====DD-WRT=====
DD-WRT is firmware for routers. LinkSys used to make a router models that came with a Linux kernel on them, [https://en.wikipedia.org/wiki/Linksys_WRT54G_series#Hardware_and_revisions the WRT54G series].

====Proxy vs VPN tunneling====
* proxies are for HTTP specifically
* VPN is for any internet traffic
If you're having a hard time understanding networking, [https://en.wikipedia.org/wiki/TCP/IP_Illustrated ''TCP IP illustrated''] , look into reading these 3 volumes. They are highly recommended by Anil.

====(Complex Security) Policies====
''"Suck, don’t make them."'' - Anil, 2016.
We can’t approximate how humans approach information with logic systems, so we shouldn't try.

====MULTICS====
'''Mult'''iplexed '''I'''nformation and '''C'''omputing '''S'''ervice
* supposed to be a “grown up” OS
* first OS to take security seriously
* took a "shotgun approach" to security, too much generality
* implemented a ring system which was overly complicated

====UNIX====
Our favourite open sourced OS. All praise to the GNU.
* simplest security mechanisms, most usable

====SELinux====
'''S'''ecurity '''E'''nhanced Linux

A set of kernel modifications whose goals are to make the Linux kernel more secure. These mainly include implementing and enforcing security policies.

====Reference Monitor====
* software that mediates all security decisions
* MULTICS designed to have a reference monitor, which was their ring system
* UNIX doesn’t really have one, processes (kind of) moderate security decisions together

===Important Questions===
----
====Jails====
* What is an OS jail?
* What would happen if a user broke out of a jail?

====MULTICS====
* What is it?
* What was good/bad about MULTICS?
* How did MULTICS affect UNIX?

====Reference Monitor====
* What is it?
* What is it's role in an OS?
* How is it implemented in UNIX and MULTICS?

SystemsSec 2016W Lecture 4

2016-02-09T21:07:09Z

Jessjohnson: /* Topics & Readings */

===Topics & Readings===
----
* chroot jails
* MULTICS
* Trent Jaeger's ''Operating Systems Security'' textbook

===Class Notes===
----
====Jails====
A chroot jail isolates a single process from the rest of the system, and should be used by non-root users.
* BSD mechanism, not really a Linux thing
* limiting hierarchy to make a non-root dir seem like the root dir, forces hierarchy to be duplicated so that nothing seems weird
* fake root user gets ‘jailed’ into subset of hierarchy, and doesn’t really have real root privileges
* process has a different root dir in kernel, but to the fake root user it still seems like the root dir
* one kernel space, multiple user spaces
* kind of like OS virtualization

=====DD-WRT=====
DD-WRT is firmware for routers. LinkSys used to make a router models that came with a Linux kernel on them, [https://en.wikipedia.org/wiki/Linksys_WRT54G_series#Hardware_and_revisions the WRT54G series].

====Proxy vs VPN tunneling====
* proxies are for HTTP specifically
* VPN is for any internet traffic
If you're having a hard time understanding networking, [https://en.wikipedia.org/wiki/TCP/IP_Illustrated ''TCP IP illustrated''] , look into reading these 3 volumes. They are highly recommended by Anil.

====(Complex Security) Policies====
''"Suck, don’t make them."'' - Anil, 2016.
We can’t approximate how humans approach information with logic systems, so we shouldn't try.

====MULTICS====
'''Mult'''iplexed '''I'''nformation and '''C'''omputing '''S'''ervice
* supposed to be a “grown up” OS
* first OS to take security seriously
* took a "shotgun approach" to security, too much generality
* implemented a ring system which was overly complicated

====UNIX====
Our favourite open sourced OS. All praise to the GNU.
* simplest security mechanisms, most usable

====SELinux====
'''S'''ecurity '''E'''nhanced Linux

A set of kernel modifications whose goals are to make the Linux kernel more secure. These mainly include implementing and enforcing security policies.

====Reference Monitor====
* software that mediates all security decisions
* MULTICS designed to have a reference monitor, which was their ring system
* UNIX doesn’t really have one, processes (kind of) moderate security decisions together

===Important Questions===
----
====Jails====
* What is an OS jail?
* What would happen if a user broke out of a jail?

====MULTICS====
* What is it?
* What was good/bad about MULTICS?
* How did MULTICS affect UNIX?

====Reference Monitor====
* What is it?
* What is it's role in an OS?
* How is it implemented in UNIX and MULTICS?

SystemsSec 2016W Lecture 4

2016-02-09T21:06:57Z

Jessjohnson: /* Topics & Readings */

===Topics & Readings===
----
* chroot jails
* MULTICS
* Trent Jaeger's ''Operating Systems Security'' Textbook

===Class Notes===
----
====Jails====
A chroot jail isolates a single process from the rest of the system, and should be used by non-root users.
* BSD mechanism, not really a Linux thing
* limiting hierarchy to make a non-root dir seem like the root dir, forces hierarchy to be duplicated so that nothing seems weird
* fake root user gets ‘jailed’ into subset of hierarchy, and doesn’t really have real root privileges
* process has a different root dir in kernel, but to the fake root user it still seems like the root dir
* one kernel space, multiple user spaces
* kind of like OS virtualization

=====DD-WRT=====
DD-WRT is firmware for routers. LinkSys used to make a router models that came with a Linux kernel on them, [https://en.wikipedia.org/wiki/Linksys_WRT54G_series#Hardware_and_revisions the WRT54G series].

====Proxy vs VPN tunneling====
* proxies are for HTTP specifically
* VPN is for any internet traffic
If you're having a hard time understanding networking, [https://en.wikipedia.org/wiki/TCP/IP_Illustrated ''TCP IP illustrated''] , look into reading these 3 volumes. They are highly recommended by Anil.

====(Complex Security) Policies====
''"Suck, don’t make them."'' - Anil, 2016.
We can’t approximate how humans approach information with logic systems, so we shouldn't try.

====MULTICS====
'''Mult'''iplexed '''I'''nformation and '''C'''omputing '''S'''ervice
* supposed to be a “grown up” OS
* first OS to take security seriously
* took a "shotgun approach" to security, too much generality
* implemented a ring system which was overly complicated

====UNIX====
Our favourite open sourced OS. All praise to the GNU.
* simplest security mechanisms, most usable

====SELinux====
'''S'''ecurity '''E'''nhanced Linux

A set of kernel modifications whose goals are to make the Linux kernel more secure. These mainly include implementing and enforcing security policies.

====Reference Monitor====
* software that mediates all security decisions
* MULTICS designed to have a reference monitor, which was their ring system
* UNIX doesn’t really have one, processes (kind of) moderate security decisions together

===Important Questions===
----
====Jails====
* What is an OS jail?
* What would happen if a user broke out of a jail?

====MULTICS====
* What is it?
* What was good/bad about MULTICS?
* How did MULTICS affect UNIX?

====Reference Monitor====
* What is it?
* What is it's role in an OS?
* How is it implemented in UNIX and MULTICS?

SystemsSec 2016W Lecture 4

2016-02-05T00:40:21Z

Jessjohnson: /* UNIX */

===Topics & Readings===
----
* chroot jails
* MULTICS

===Class Notes===
----
====Jails====
A chroot jail isolates a single process from the rest of the system, and should be used by non-root users.
* BSD mechanism, not really a Linux thing
* limiting hierarchy to make a non-root dir seem like the root dir, forces hierarchy to be duplicated so that nothing seems weird
* fake root user gets ‘jailed’ into subset of hierarchy, and doesn’t really have real root privileges
* process has a different root dir in kernel, but to the fake root user it still seems like the root dir
* one kernel space, multiple user spaces
* kind of like OS virtualization

=====DD-WRT=====
DD-WRT is firmware for routers. LinkSys used to make a router models that came with a Linux kernel on them, [https://en.wikipedia.org/wiki/Linksys_WRT54G_series#Hardware_and_revisions the WRT54G series].

====Proxy vs VPN tunneling====
* proxies are for HTTP specifically
* VPN is for any internet traffic
If you're having a hard time understanding networking, [https://en.wikipedia.org/wiki/TCP/IP_Illustrated ''TCP IP illustrated''] , look into reading these 3 volumes. They are highly recommended by Anil.

====(Complex Security) Policies====
''"Suck, don’t make them."'' - Anil, 2016.
We can’t approximate how humans approach information with logic systems, so we shouldn't try.

====MULTICS====
'''Mult'''iplexed '''I'''nformation and '''C'''omputing '''S'''ervice
* supposed to be a “grown up” OS
* first OS to take security seriously
* took a "shotgun approach" to security, too much generality
* implemented a ring system which was overly complicated

====UNIX====
Our favourite open sourced OS. All praise to the GNU.
* simplest security mechanisms, most usable

====SELinux====
'''S'''ecurity '''E'''nhanced Linux

A set of kernel modifications whose goals are to make the Linux kernel more secure. These mainly include implementing and enforcing security policies.

====Reference Monitor====
* software that mediates all security decisions
* MULTICS designed to have a reference monitor, which was their ring system
* UNIX doesn’t really have one, processes (kind of) moderate security decisions together

===Important Questions===
----
====Jails====
* What is an OS jail?
* What would happen if a user broke out of a jail?

====MULTICS====
* What is it?
* What was good/bad about MULTICS?
* How did MULTICS affect UNIX?

====Reference Monitor====
* What is it?
* What is it's role in an OS?
* How is it implemented in UNIX and MULTICS?

SystemsSec 2016W Lecture 4

2016-02-05T00:39:43Z

Jessjohnson: /* MULTICS */

===Topics & Readings===
----
* chroot jails
* MULTICS

===Class Notes===
----
====Jails====
A chroot jail isolates a single process from the rest of the system, and should be used by non-root users.
* BSD mechanism, not really a Linux thing
* limiting hierarchy to make a non-root dir seem like the root dir, forces hierarchy to be duplicated so that nothing seems weird
* fake root user gets ‘jailed’ into subset of hierarchy, and doesn’t really have real root privileges
* process has a different root dir in kernel, but to the fake root user it still seems like the root dir
* one kernel space, multiple user spaces
* kind of like OS virtualization

=====DD-WRT=====
DD-WRT is firmware for routers. LinkSys used to make a router models that came with a Linux kernel on them, [https://en.wikipedia.org/wiki/Linksys_WRT54G_series#Hardware_and_revisions the WRT54G series].

====Proxy vs VPN tunneling====
* proxies are for HTTP specifically
* VPN is for any internet traffic
If you're having a hard time understanding networking, [https://en.wikipedia.org/wiki/TCP/IP_Illustrated ''TCP IP illustrated''] , look into reading these 3 volumes. They are highly recommended by Anil.

====(Complex Security) Policies====
''"Suck, don’t make them."'' - Anil, 2016.
We can’t approximate how humans approach information with logic systems, so we shouldn't try.

====MULTICS====
'''Mult'''iplexed '''I'''nformation and '''C'''omputing '''S'''ervice
* supposed to be a “grown up” OS
* first OS to take security seriously
* took a "shotgun approach" to security, too much generality
* implemented a ring system which was overly complicated

====UNIX====
Our favourite open sourced OS. All praise to the GNU.
* simplest mechanisms, most usable

====SELinux====
'''S'''ecurity '''E'''nhanced Linux

A set of kernel modifications whose goals are to make the Linux kernel more secure. These mainly include implementing and enforcing security policies.

====Reference Monitor====
* software that mediates all security decisions
* MULTICS designed to have a reference monitor, which was their ring system
* UNIX doesn’t really have one, processes (kind of) moderate security decisions together

===Important Questions===
----
====Jails====
* What is an OS jail?
* What would happen if a user broke out of a jail?

====MULTICS====
* What is it?
* What was good/bad about MULTICS?
* How did MULTICS affect UNIX?

====Reference Monitor====
* What is it?
* What is it's role in an OS?
* How is it implemented in UNIX and MULTICS?

SystemsSec 2016W Lecture 4

2016-02-05T00:39:29Z

Jessjohnson: /* MULTICS */

===Topics & Readings===
----
* chroot jails
* MULTICS

===Class Notes===
----
====Jails====
A chroot jail isolates a single process from the rest of the system, and should be used by non-root users.
* BSD mechanism, not really a Linux thing
* limiting hierarchy to make a non-root dir seem like the root dir, forces hierarchy to be duplicated so that nothing seems weird
* fake root user gets ‘jailed’ into subset of hierarchy, and doesn’t really have real root privileges
* process has a different root dir in kernel, but to the fake root user it still seems like the root dir
* one kernel space, multiple user spaces
* kind of like OS virtualization

=====DD-WRT=====
DD-WRT is firmware for routers. LinkSys used to make a router models that came with a Linux kernel on them, [https://en.wikipedia.org/wiki/Linksys_WRT54G_series#Hardware_and_revisions the WRT54G series].

====Proxy vs VPN tunneling====
* proxies are for HTTP specifically
* VPN is for any internet traffic
If you're having a hard time understanding networking, [https://en.wikipedia.org/wiki/TCP/IP_Illustrated ''TCP IP illustrated''] , look into reading these 3 volumes. They are highly recommended by Anil.

====(Complex Security) Policies====
''"Suck, don’t make them."'' - Anil, 2016.
We can’t approximate how humans approach information with logic systems, so we shouldn't try.

====MULTICS====
'''Mul'''tiplexed '''I'''nformation and '''C'''omputing '''S'''ervice
* supposed to be a “grown up” OS
* first OS to take security seriously
* took a "shotgun approach" to security, too much generality
* implemented a ring system which was overly complicated

====UNIX====
Our favourite open sourced OS. All praise to the GNU.
* simplest mechanisms, most usable

====SELinux====
'''S'''ecurity '''E'''nhanced Linux

A set of kernel modifications whose goals are to make the Linux kernel more secure. These mainly include implementing and enforcing security policies.

====Reference Monitor====
* software that mediates all security decisions
* MULTICS designed to have a reference monitor, which was their ring system
* UNIX doesn’t really have one, processes (kind of) moderate security decisions together

===Important Questions===
----
====Jails====
* What is an OS jail?
* What would happen if a user broke out of a jail?

====MULTICS====
* What is it?
* What was good/bad about MULTICS?
* How did MULTICS affect UNIX?

====Reference Monitor====
* What is it?
* What is it's role in an OS?
* How is it implemented in UNIX and MULTICS?

SystemsSec 2016W Lecture 4

2016-02-05T00:38:50Z

Jessjohnson: /* SELinux */

===Topics & Readings===
----
* chroot jails
* MULTICS

===Class Notes===
----
====Jails====
A chroot jail isolates a single process from the rest of the system, and should be used by non-root users.
* BSD mechanism, not really a Linux thing
* limiting hierarchy to make a non-root dir seem like the root dir, forces hierarchy to be duplicated so that nothing seems weird
* fake root user gets ‘jailed’ into subset of hierarchy, and doesn’t really have real root privileges
* process has a different root dir in kernel, but to the fake root user it still seems like the root dir
* one kernel space, multiple user spaces
* kind of like OS virtualization

=====DD-WRT=====
DD-WRT is firmware for routers. LinkSys used to make a router models that came with a Linux kernel on them, [https://en.wikipedia.org/wiki/Linksys_WRT54G_series#Hardware_and_revisions the WRT54G series].

====Proxy vs VPN tunneling====
* proxies are for HTTP specifically
* VPN is for any internet traffic
If you're having a hard time understanding networking, [https://en.wikipedia.org/wiki/TCP/IP_Illustrated ''TCP IP illustrated''] , look into reading these 3 volumes. They are highly recommended by Anil.

====(Complex Security) Policies====
''"Suck, don’t make them."'' - Anil, 2016.
We can’t approximate how humans approach information with logic systems, so we shouldn't try.

====MULTICS====
Multiplexed Information and Computing Service
* supposed to be a “grown up” OS
* first OS to take security seriously
* took a "shotgun approach" to security, too much generality
* implemented a ring system which was overly complicated

====UNIX====
Our favourite open sourced OS. All praise to the GNU.
* simplest mechanisms, most usable

====SELinux====
'''S'''ecurity '''E'''nhanced Linux

A set of kernel modifications whose goals are to make the Linux kernel more secure. These mainly include implementing and enforcing security policies.

====Reference Monitor====
* software that mediates all security decisions
* MULTICS designed to have a reference monitor, which was their ring system
* UNIX doesn’t really have one, processes (kind of) moderate security decisions together

===Important Questions===
----
====Jails====
* What is an OS jail?
* What would happen if a user broke out of a jail?

====MULTICS====
* What is it?
* What was good/bad about MULTICS?
* How did MULTICS affect UNIX?

====Reference Monitor====
* What is it?
* What is it's role in an OS?
* How is it implemented in UNIX and MULTICS?

SystemsSec 2016W Lecture 4

2016-02-05T00:38:28Z

Jessjohnson: /* (Complex Security) Policies */

===Topics & Readings===
----
* chroot jails
* MULTICS

===Class Notes===
----
====Jails====
A chroot jail isolates a single process from the rest of the system, and should be used by non-root users.
* BSD mechanism, not really a Linux thing
* limiting hierarchy to make a non-root dir seem like the root dir, forces hierarchy to be duplicated so that nothing seems weird
* fake root user gets ‘jailed’ into subset of hierarchy, and doesn’t really have real root privileges
* process has a different root dir in kernel, but to the fake root user it still seems like the root dir
* one kernel space, multiple user spaces
* kind of like OS virtualization

=====DD-WRT=====
DD-WRT is firmware for routers. LinkSys used to make a router models that came with a Linux kernel on them, [https://en.wikipedia.org/wiki/Linksys_WRT54G_series#Hardware_and_revisions the WRT54G series].

====Proxy vs VPN tunneling====
* proxies are for HTTP specifically
* VPN is for any internet traffic
If you're having a hard time understanding networking, [https://en.wikipedia.org/wiki/TCP/IP_Illustrated ''TCP IP illustrated''] , look into reading these 3 volumes. They are highly recommended by Anil.

====(Complex Security) Policies====
''"Suck, don’t make them."'' - Anil, 2016.
We can’t approximate how humans approach information with logic systems, so we shouldn't try.

====MULTICS====
Multiplexed Information and Computing Service
* supposed to be a “grown up” OS
* first OS to take security seriously
* took a "shotgun approach" to security, too much generality
* implemented a ring system which was overly complicated

====UNIX====
Our favourite open sourced OS. All praise to the GNU.
* simplest mechanisms, most usable

====SELinux====
'''S'''ecurity '''E'''nhanced Linux
A set of kernel modifications whose goals are to make the Linux kernel more secure. These mainly include implementing and enforcing security policies.

====Reference Monitor====
* software that mediates all security decisions
* MULTICS designed to have a reference monitor, which was their ring system
* UNIX doesn’t really have one, processes (kind of) moderate security decisions together

===Important Questions===
----
====Jails====
* What is an OS jail?
* What would happen if a user broke out of a jail?

====MULTICS====
* What is it?
* What was good/bad about MULTICS?
* How did MULTICS affect UNIX?

====Reference Monitor====
* What is it?
* What is it's role in an OS?
* How is it implemented in UNIX and MULTICS?

SystemsSec 2016W Lecture 4

2016-02-05T00:38:13Z

Jessjohnson: /* (Complex Security) Policies */

===Topics & Readings===
----
* chroot jails
* MULTICS

===Class Notes===
----
====Jails====
A chroot jail isolates a single process from the rest of the system, and should be used by non-root users.
* BSD mechanism, not really a Linux thing
* limiting hierarchy to make a non-root dir seem like the root dir, forces hierarchy to be duplicated so that nothing seems weird
* fake root user gets ‘jailed’ into subset of hierarchy, and doesn’t really have real root privileges
* process has a different root dir in kernel, but to the fake root user it still seems like the root dir
* one kernel space, multiple user spaces
* kind of like OS virtualization

=====DD-WRT=====
DD-WRT is firmware for routers. LinkSys used to make a router models that came with a Linux kernel on them, [https://en.wikipedia.org/wiki/Linksys_WRT54G_series#Hardware_and_revisions the WRT54G series].

====Proxy vs VPN tunneling====
* proxies are for HTTP specifically
* VPN is for any internet traffic
If you're having a hard time understanding networking, [https://en.wikipedia.org/wiki/TCP/IP_Illustrated ''TCP IP illustrated''] , look into reading these 3 volumes. They are highly recommended by Anil.

====(Complex Security) Policies====
''"Suck, don’t make them."'' - Anil, 2016.
We can’t approximate how humans approach information with logic systems, so we shouldn't try. If we could we would have solved the AI problem.

====MULTICS====
Multiplexed Information and Computing Service
* supposed to be a “grown up” OS
* first OS to take security seriously
* took a "shotgun approach" to security, too much generality
* implemented a ring system which was overly complicated

====UNIX====
Our favourite open sourced OS. All praise to the GNU.
* simplest mechanisms, most usable

====SELinux====
'''S'''ecurity '''E'''nhanced Linux
A set of kernel modifications whose goals are to make the Linux kernel more secure. These mainly include implementing and enforcing security policies.

====Reference Monitor====
* software that mediates all security decisions
* MULTICS designed to have a reference monitor, which was their ring system
* UNIX doesn’t really have one, processes (kind of) moderate security decisions together

===Important Questions===
----
====Jails====
* What is an OS jail?
* What would happen if a user broke out of a jail?

====MULTICS====
* What is it?
* What was good/bad about MULTICS?
* How did MULTICS affect UNIX?

====Reference Monitor====
* What is it?
* What is it's role in an OS?
* How is it implemented in UNIX and MULTICS?

SystemsSec 2016W Lecture 4

2016-02-05T00:37:48Z

Jessjohnson: /* Proxy vs VPN tunneling */

===Topics & Readings===
----
* chroot jails
* MULTICS

===Class Notes===
----
====Jails====
A chroot jail isolates a single process from the rest of the system, and should be used by non-root users.
* BSD mechanism, not really a Linux thing
* limiting hierarchy to make a non-root dir seem like the root dir, forces hierarchy to be duplicated so that nothing seems weird
* fake root user gets ‘jailed’ into subset of hierarchy, and doesn’t really have real root privileges
* process has a different root dir in kernel, but to the fake root user it still seems like the root dir
* one kernel space, multiple user spaces
* kind of like OS virtualization

=====DD-WRT=====
DD-WRT is firmware for routers. LinkSys used to make a router models that came with a Linux kernel on them, [https://en.wikipedia.org/wiki/Linksys_WRT54G_series#Hardware_and_revisions the WRT54G series].

====Proxy vs VPN tunneling====
* proxies are for HTTP specifically
* VPN is for any internet traffic
If you're having a hard time understanding networking, [https://en.wikipedia.org/wiki/TCP/IP_Illustrated ''TCP IP illustrated''] , look into reading these 3 volumes. They are highly recommended by Anil.

====(Complex Security) Policies====
* "Suck, don’t make them." - Anil, 2016.
We can’t approximate how humans approach information with logic systems, so we shouldn't try. If we could we would have solved the AI problem.

====MULTICS====
Multiplexed Information and Computing Service
* supposed to be a “grown up” OS
* first OS to take security seriously
* took a "shotgun approach" to security, too much generality
* implemented a ring system which was overly complicated

====UNIX====
Our favourite open sourced OS. All praise to the GNU.
* simplest mechanisms, most usable

====SELinux====
'''S'''ecurity '''E'''nhanced Linux
A set of kernel modifications whose goals are to make the Linux kernel more secure. These mainly include implementing and enforcing security policies.

====Reference Monitor====
* software that mediates all security decisions
* MULTICS designed to have a reference monitor, which was their ring system
* UNIX doesn’t really have one, processes (kind of) moderate security decisions together

===Important Questions===
----
====Jails====
* What is an OS jail?
* What would happen if a user broke out of a jail?

====MULTICS====
* What is it?
* What was good/bad about MULTICS?
* How did MULTICS affect UNIX?

====Reference Monitor====
* What is it?
* What is it's role in an OS?
* How is it implemented in UNIX and MULTICS?

SystemsSec 2016W Lecture 4

2016-02-05T00:35:36Z

Jessjohnson: /* Jails */

===Topics & Readings===
----
* chroot jails
* MULTICS

===Class Notes===
----
====Jails====
A chroot jail isolates a single process from the rest of the system, and should be used by non-root users.
* BSD mechanism, not really a Linux thing
* limiting hierarchy to make a non-root dir seem like the root dir, forces hierarchy to be duplicated so that nothing seems weird
* fake root user gets ‘jailed’ into subset of hierarchy, and doesn’t really have real root privileges
* process has a different root dir in kernel, but to the fake root user it still seems like the root dir
* one kernel space, multiple user spaces
* kind of like OS virtualization

=====DD-WRT=====
DD-WRT is firmware for routers. LinkSys used to make a router models that came with a Linux kernel on them, [https://en.wikipedia.org/wiki/Linksys_WRT54G_series#Hardware_and_revisions the WRT54G series].

====Proxy vs VPN tunneling====
* proxies are for HTTP specifically
* VPN is for any internet traffic
* TCP IP illustrated, to better understand networking

====(Complex Security) Policies====
* "Suck, don’t make them." - Anil, 2016.
We can’t approximate how humans approach information with logic systems, so we shouldn't try. If we could we would have solved the AI problem.

====MULTICS====
Multiplexed Information and Computing Service
* supposed to be a “grown up” OS
* first OS to take security seriously
* took a "shotgun approach" to security, too much generality
* implemented a ring system which was overly complicated

====UNIX====
Our favourite open sourced OS. All praise to the GNU.
* simplest mechanisms, most usable

====SELinux====
'''S'''ecurity '''E'''nhanced Linux
A set of kernel modifications whose goals are to make the Linux kernel more secure. These mainly include implementing and enforcing security policies.

====Reference Monitor====
* software that mediates all security decisions
* MULTICS designed to have a reference monitor, which was their ring system
* UNIX doesn’t really have one, processes (kind of) moderate security decisions together

===Important Questions===
----
====Jails====
* What is an OS jail?
* What would happen if a user broke out of a jail?

====MULTICS====
* What is it?
* What was good/bad about MULTICS?
* How did MULTICS affect UNIX?

====Reference Monitor====
* What is it?
* What is it's role in an OS?
* How is it implemented in UNIX and MULTICS?

SystemsSec 2016W Lecture 4

2016-02-05T00:34:00Z

Jessjohnson: /* Reference Monitor */

===Topics & Readings===
----
* chroot jails
* MULTICS

===Class Notes===
----
====Jails====
* better version of chmod
* BSD mechanism, not really a Linux thing
* limiting hierarchy to make a non-root dir seem like the root dir, forces hierarchy to be duplicated so that nothing seems weird
* fake root user gets ‘jailed’ into subset of hierarchy, and doesn’t really have real root privileges
* process has a different root dir in kernel, but to the fake root user it still seems like the root dir
* one kernel space, multiple user spaces
* kind of like OS virtualization

=====DD-WRT=====
DD-WRT is firmware for routers. LinkSys used to make a router models that came with a Linux kernel on them, [https://en.wikipedia.org/wiki/Linksys_WRT54G_series#Hardware_and_revisions the WRT54G series].

====Proxy vs VPN tunneling====
* proxies are for HTTP specifically
* VPN is for any internet traffic
* TCP IP illustrated, to better understand networking

====(Complex Security) Policies====
* "Suck, don’t make them." - Anil, 2016.
We can’t approximate how humans approach information with logic systems, so we shouldn't try. If we could we would have solved the AI problem.

====MULTICS====
Multiplexed Information and Computing Service
* supposed to be a “grown up” OS
* first OS to take security seriously
* took a "shotgun approach" to security, too much generality
* implemented a ring system which was overly complicated

====UNIX====
Our favourite open sourced OS. All praise to the GNU.
* simplest mechanisms, most usable

====SELinux====
'''S'''ecurity '''E'''nhanced Linux
A set of kernel modifications whose goals are to make the Linux kernel more secure. These mainly include implementing and enforcing security policies.

====Reference Monitor====
* software that mediates all security decisions
* MULTICS designed to have a reference monitor, which was their ring system
* UNIX doesn’t really have one, processes (kind of) moderate security decisions together

===Important Questions===
----
====Jails====
* What is an OS jail?
* What would happen if a user broke out of a jail?

====MULTICS====
* What is it?
* What was good/bad about MULTICS?
* How did MULTICS affect UNIX?

====Reference Monitor====
* What is it?
* What is it's role in an OS?
* How is it implemented in UNIX and MULTICS?

SystemsSec 2016W Lecture 4

2016-02-05T00:30:37Z

Jessjohnson: /* UNIX */

===Topics & Readings===
----
* chroot jails
* MULTICS

===Class Notes===
----
====Jails====
* better version of chmod
* BSD mechanism, not really a Linux thing
* limiting hierarchy to make a non-root dir seem like the root dir, forces hierarchy to be duplicated so that nothing seems weird
* fake root user gets ‘jailed’ into subset of hierarchy, and doesn’t really have real root privileges
* process has a different root dir in kernel, but to the fake root user it still seems like the root dir
* one kernel space, multiple user spaces
* kind of like OS virtualization

=====DD-WRT=====
DD-WRT is firmware for routers. LinkSys used to make a router models that came with a Linux kernel on them, [https://en.wikipedia.org/wiki/Linksys_WRT54G_series#Hardware_and_revisions the WRT54G series].

====Proxy vs VPN tunneling====
* proxies are for HTTP specifically
* VPN is for any internet traffic
* TCP IP illustrated, to better understand networking

====(Complex Security) Policies====
* "Suck, don’t make them." - Anil, 2016.
We can’t approximate how humans approach information with logic systems, so we shouldn't try. If we could we would have solved the AI problem.

====MULTICS====
Multiplexed Information and Computing Service
* supposed to be a “grown up” OS
* first OS to take security seriously
* took a "shotgun approach" to security, too much generality
* implemented a ring system which was overly complicated

====UNIX====
Our favourite open sourced OS. All praise to the GNU.
* simplest mechanisms, most usable

====Reference Monitor====
* software that mediates all security decisions
* MULTICS designed to have a reference monitor, which was their ring system
* UNIX doesn’t really have one, processes (kind of) moderate security decisions together

===Important Questions===
----
====Jails====
* What is an OS jail?
* What would happen if a user broke out of a jail?

====MULTICS====
* What is it?
* What was good/bad about MULTICS?
* How did MULTICS affect UNIX?

====Reference Monitor====
* What is it?
* What is it's role in an OS?
* How is it implemented in UNIX and MULTICS?

SystemsSec 2016W Lecture 4

2016-02-05T00:29:20Z

Jessjohnson: /* MULTICS */

===Topics & Readings===
----
* chroot jails
* MULTICS

===Class Notes===
----
====Jails====
* better version of chmod
* BSD mechanism, not really a Linux thing
* limiting hierarchy to make a non-root dir seem like the root dir, forces hierarchy to be duplicated so that nothing seems weird
* fake root user gets ‘jailed’ into subset of hierarchy, and doesn’t really have real root privileges
* process has a different root dir in kernel, but to the fake root user it still seems like the root dir
* one kernel space, multiple user spaces
* kind of like OS virtualization

=====DD-WRT=====
DD-WRT is firmware for routers. LinkSys used to make a router models that came with a Linux kernel on them, [https://en.wikipedia.org/wiki/Linksys_WRT54G_series#Hardware_and_revisions the WRT54G series].

====Proxy vs VPN tunneling====
* proxies are for HTTP specifically
* VPN is for any internet traffic
* TCP IP illustrated, to better understand networking

====(Complex Security) Policies====
* "Suck, don’t make them." - Anil, 2016.
We can’t approximate how humans approach information with logic systems, so we shouldn't try. If we could we would have solved the AI problem.

====MULTICS====
Multiplexed Information and Computing Service
* supposed to be a “grown up” OS
* first OS to take security seriously
* took a "shotgun approach" to security, too much generality
* implemented a ring system which was overly complicated

====UNIX====
* simplest mechanisms, most usable

====Reference Monitor====
* software that mediates all security decisions
* MULTICS designed to have a reference monitor, which was their ring system
* UNIX doesn’t really have one, processes (kind of) moderate security decisions together

===Important Questions===
----
====Jails====
* What is an OS jail?
* What would happen if a user broke out of a jail?

====MULTICS====
* What is it?
* What was good/bad about MULTICS?
* How did MULTICS affect UNIX?

====Reference Monitor====
* What is it?
* What is it's role in an OS?
* How is it implemented in UNIX and MULTICS?

SystemsSec 2016W Lecture 4

2016-02-05T00:28:49Z

Jessjohnson: /* (Complex Security) Policies */

===Topics & Readings===
----
* chroot jails
* MULTICS

===Class Notes===
----
====Jails====
* better version of chmod
* BSD mechanism, not really a Linux thing
* limiting hierarchy to make a non-root dir seem like the root dir, forces hierarchy to be duplicated so that nothing seems weird
* fake root user gets ‘jailed’ into subset of hierarchy, and doesn’t really have real root privileges
* process has a different root dir in kernel, but to the fake root user it still seems like the root dir
* one kernel space, multiple user spaces
* kind of like OS virtualization

=====DD-WRT=====
DD-WRT is firmware for routers. LinkSys used to make a router models that came with a Linux kernel on them, [https://en.wikipedia.org/wiki/Linksys_WRT54G_series#Hardware_and_revisions the WRT54G series].

====Proxy vs VPN tunneling====
* proxies are for HTTP specifically
* VPN is for any internet traffic
* TCP IP illustrated, to better understand networking

====(Complex Security) Policies====
* "Suck, don’t make them." - Anil, 2016.
We can’t approximate how humans approach information with logic systems, so we shouldn't try. If we could we would have solved the AI problem.

====MULTICS====
* supposed to be a “grown up” OS
* first OS to take security seriously
* took a "shotgun approach" to security, too much generality
* implemented a ring system which was overly complicated

====UNIX====
* simplest mechanisms, most usable

====Reference Monitor====
* software that mediates all security decisions
* MULTICS designed to have a reference monitor, which was their ring system
* UNIX doesn’t really have one, processes (kind of) moderate security decisions together

===Important Questions===
----
====Jails====
* What is an OS jail?
* What would happen if a user broke out of a jail?

====MULTICS====
* What is it?
* What was good/bad about MULTICS?
* How did MULTICS affect UNIX?

====Reference Monitor====
* What is it?
* What is it's role in an OS?
* How is it implemented in UNIX and MULTICS?

SystemsSec 2016W Lecture 4

2016-02-05T00:27:57Z

Jessjohnson: /* Important Questions */

===Topics & Readings===
----
* chroot jails
* MULTICS

===Class Notes===
----
====Jails====
* better version of chmod
* BSD mechanism, not really a Linux thing
* limiting hierarchy to make a non-root dir seem like the root dir, forces hierarchy to be duplicated so that nothing seems weird
* fake root user gets ‘jailed’ into subset of hierarchy, and doesn’t really have real root privileges
* process has a different root dir in kernel, but to the fake root user it still seems like the root dir
* one kernel space, multiple user spaces
* kind of like OS virtualization

=====DD-WRT=====
DD-WRT is firmware for routers. LinkSys used to make a router models that came with a Linux kernel on them, [https://en.wikipedia.org/wiki/Linksys_WRT54G_series#Hardware_and_revisions the WRT54G series].

====Proxy vs VPN tunneling====
* proxies are for HTTP specifically
* VPN is for any internet traffic
* TCP IP illustrated, to better understand networking

====(Complex Security) Policies====
* "Suck, don’t make them." - Anil, 2016.
* can’t approximate how humans approach information with logic systems

====MULTICS====
* supposed to be a “grown up” OS
* first OS to take security seriously
* took a "shotgun approach" to security, too much generality
* implemented a ring system which was overly complicated

====UNIX====
* simplest mechanisms, most usable

====Reference Monitor====
* software that mediates all security decisions
* MULTICS designed to have a reference monitor, which was their ring system
* UNIX doesn’t really have one, processes (kind of) moderate security decisions together

===Important Questions===
----
====Jails====
* What is an OS jail?
* What would happen if a user broke out of a jail?

====MULTICS====
* What is it?
* What was good/bad about MULTICS?
* How did MULTICS affect UNIX?

====Reference Monitor====
* What is it?
* What is it's role in an OS?
* How is it implemented in UNIX and MULTICS?

SystemsSec 2016W Lecture 4

2016-02-05T00:27:48Z

Jessjohnson: /* Topics & Readings */

===Topics & Readings===
----
* chroot jails
* MULTICS

===Class Notes===
----
====Jails====
* better version of chmod
* BSD mechanism, not really a Linux thing
* limiting hierarchy to make a non-root dir seem like the root dir, forces hierarchy to be duplicated so that nothing seems weird
* fake root user gets ‘jailed’ into subset of hierarchy, and doesn’t really have real root privileges
* process has a different root dir in kernel, but to the fake root user it still seems like the root dir
* one kernel space, multiple user spaces
* kind of like OS virtualization

=====DD-WRT=====
DD-WRT is firmware for routers. LinkSys used to make a router models that came with a Linux kernel on them, [https://en.wikipedia.org/wiki/Linksys_WRT54G_series#Hardware_and_revisions the WRT54G series].

====Proxy vs VPN tunneling====
* proxies are for HTTP specifically
* VPN is for any internet traffic
* TCP IP illustrated, to better understand networking

====(Complex Security) Policies====
* "Suck, don’t make them." - Anil, 2016.
* can’t approximate how humans approach information with logic systems

====MULTICS====
* supposed to be a “grown up” OS
* first OS to take security seriously
* took a "shotgun approach" to security, too much generality
* implemented a ring system which was overly complicated

====UNIX====
* simplest mechanisms, most usable

====Reference Monitor====
* software that mediates all security decisions
* MULTICS designed to have a reference monitor, which was their ring system
* UNIX doesn’t really have one, processes (kind of) moderate security decisions together

===Important Questions===
====Jails====
* What is an OS jail?
* What would happen if a user broke out of a jail?

====MULTICS====
* What is it?
* What was good/bad about MULTICS?
* How did MULTICS affect UNIX?

====Reference Monitor====
* What is it?
* What is it's role in an OS?
* How is it implemented in UNIX and MULTICS?

SystemsSec 2016W Lecture 4

2016-02-05T00:27:35Z

Jessjohnson: /* Class Notes */

===Topics & Readings===
* chroot jails
* MULTICS

===Class Notes===
----
====Jails====
* better version of chmod
* BSD mechanism, not really a Linux thing
* limiting hierarchy to make a non-root dir seem like the root dir, forces hierarchy to be duplicated so that nothing seems weird
* fake root user gets ‘jailed’ into subset of hierarchy, and doesn’t really have real root privileges
* process has a different root dir in kernel, but to the fake root user it still seems like the root dir
* one kernel space, multiple user spaces
* kind of like OS virtualization

=====DD-WRT=====
DD-WRT is firmware for routers. LinkSys used to make a router models that came with a Linux kernel on them, [https://en.wikipedia.org/wiki/Linksys_WRT54G_series#Hardware_and_revisions the WRT54G series].

====Proxy vs VPN tunneling====
* proxies are for HTTP specifically
* VPN is for any internet traffic
* TCP IP illustrated, to better understand networking

====(Complex Security) Policies====
* "Suck, don’t make them." - Anil, 2016.
* can’t approximate how humans approach information with logic systems

====MULTICS====
* supposed to be a “grown up” OS
* first OS to take security seriously
* took a "shotgun approach" to security, too much generality
* implemented a ring system which was overly complicated

====UNIX====
* simplest mechanisms, most usable

====Reference Monitor====
* software that mediates all security decisions
* MULTICS designed to have a reference monitor, which was their ring system
* UNIX doesn’t really have one, processes (kind of) moderate security decisions together

===Important Questions===
====Jails====
* What is an OS jail?
* What would happen if a user broke out of a jail?

====MULTICS====
* What is it?
* What was good/bad about MULTICS?
* How did MULTICS affect UNIX?

====Reference Monitor====
* What is it?
* What is it's role in an OS?
* How is it implemented in UNIX and MULTICS?

SystemsSec 2016W Lecture 4

2016-02-05T00:26:47Z

Jessjohnson: /* DD-WRT */

===Topics & Readings===
* chroot jails
* MULTICS

===Class Notes===

====Jails====
* better version of chmod
* BSD mechanism, not really a Linux thing
* limiting hierarchy to make a non-root dir seem like the root dir, forces hierarchy to be duplicated so that nothing seems weird
* fake root user gets ‘jailed’ into subset of hierarchy, and doesn’t really have real root privileges
* process has a different root dir in kernel, but to the fake root user it still seems like the root dir
* one kernel space, multiple user spaces
* kind of like OS virtualization

=====DD-WRT=====
DD-WRT is firmware for routers. LinkSys used to make a router models that came with a Linux kernel on them, [https://en.wikipedia.org/wiki/Linksys_WRT54G_series#Hardware_and_revisions the WRT54G series].

====Proxy vs VPN tunneling====
* proxies are for HTTP specifically
* VPN is for any internet traffic
* TCP IP illustrated, to better understand networking

====(Complex Security) Policies====
* "Suck, don’t make them." - Anil, 2016.
* can’t approximate how humans approach information with logic systems

====MULTICS====
* supposed to be a “grown up” OS
* first OS to take security seriously
* took a "shotgun approach" to security, too much generality
* implemented a ring system which was overly complicated

====UNIX====
* simplest mechanisms, most usable

====Reference Monitor====
* software that mediates all security decisions
* MULTICS designed to have a reference monitor, which was their ring system
* UNIX doesn’t really have one, processes (kind of) moderate security decisions together

===Important Questions===
====Jails====
* What is an OS jail?
* What would happen if a user broke out of a jail?

====MULTICS====
* What is it?
* What was good/bad about MULTICS?
* How did MULTICS affect UNIX?

====Reference Monitor====
* What is it?
* What is it's role in an OS?
* How is it implemented in UNIX and MULTICS?

SystemsSec 2016W Lecture 4

2016-02-05T00:21:20Z

Jessjohnson: /* Important Concepts */

===Topics & Readings===
* chroot jails
* MULTICS

===Class Notes===

====Jails====
* better version of chmod
* BSD mechanism, not really a Linux thing
* limiting hierarchy to make a non-root dir seem like the root dir, forces hierarchy to be duplicated so that nothing seems weird
* fake root user gets ‘jailed’ into subset of hierarchy, and doesn’t really have real root privileges
* process has a different root dir in kernel, but to the fake root user it still seems like the root dir
* one kernel space, multiple user spaces
* kind of like OS virtualization

====DD-WRT====
* firmware for routers
* WRT54G LinkSys router with a Linux kernel on it

====Proxy vs VPN tunneling====
* proxies are for HTTP specifically
* VPN is for any internet traffic
* TCP IP illustrated, to better understand networking

====(Complex Security) Policies====
* "Suck, don’t make them." - Anil, 2016.
* can’t approximate how humans approach information with logic systems

====MULTICS====
* supposed to be a “grown up” OS
* first OS to take security seriously
* took a "shotgun approach" to security, too much generality
* implemented a ring system which was overly complicated

====UNIX====
* simplest mechanisms, most usable

====Reference Monitor====
* software that mediates all security decisions
* MULTICS designed to have a reference monitor, which was their ring system
* UNIX doesn’t really have one, processes (kind of) moderate security decisions together

===Important Questions===
====Jails====
* What is an OS jail?
* What would happen if a user broke out of a jail?

====MULTICS====
* What is it?
* What was good/bad about MULTICS?
* How did MULTICS affect UNIX?

====Reference Monitor====
* What is it?
* What is it's role in an OS?
* How is it implemented in UNIX and MULTICS?

SystemsSec 2016W Lecture 4

2016-02-04T15:16:38Z

Jessjohnson: /* Reference Monitor */

===Topics & Readings===
* chroot jails
* MULTICS

===Class Notes===

====Jails====
* better version of chmod
* BSD mechanism, not really a Linux thing
* limiting hierarchy to make a non-root dir seem like the root dir, forces hierarchy to be duplicated so that nothing seems weird
* fake root user gets ‘jailed’ into subset of hierarchy, and doesn’t really have real root privileges
* process has a different root dir in kernel, but to the fake root user it still seems like the root dir
* one kernel space, multiple user spaces
* kind of like OS virtualization

====DD-WRT====
* firmware for routers
* WRT54G LinkSys router with a Linux kernel on it

====Proxy vs VPN tunneling====
* proxies are for HTTP specifically
* VPN is for any internet traffic
* TCP IP illustrated, to better understand networking

====(Complex Security) Policies====
* "Suck, don’t make them." - Anil, 2016.
* can’t approximate how humans approach information with logic systems

====MULTICS====
* supposed to be a “grown up” OS
* first OS to take security seriously
* took a "shotgun approach" to security, too much generality
* implemented a ring system which was overly complicated

====UNIX====
* simplest mechanisms, most usable

====Reference Monitor====
* software that mediates all security decisions
* MULTICS designed to have a reference monitor, which was their ring system
* UNIX doesn’t really have one, processes (kind of) moderate security decisions together

===Important Concepts===
====Jails====
* What is an OS jail?
* What would happen if a user broke out of a jail?

====MULTICS====
* What is it?
* What was good/bad about MULTICS?
* How did MULTICS affect UNIX?

====Reference Monitor====
* What is it?
* What is it's role in an OS?
* How is it implemented in UNIX and MULTICS?

SystemsSec 2016W Lecture 4

2016-02-04T15:13:35Z

Jessjohnson: /* Reference Monitor */

===Topics & Readings===
* chroot jails
* MULTICS

===Class Notes===

====Jails====
* better version of chmod
* BSD mechanism, not really a Linux thing
* limiting hierarchy to make a non-root dir seem like the root dir, forces hierarchy to be duplicated so that nothing seems weird
* fake root user gets ‘jailed’ into subset of hierarchy, and doesn’t really have real root privileges
* process has a different root dir in kernel, but to the fake root user it still seems like the root dir
* one kernel space, multiple user spaces
* kind of like OS virtualization

====DD-WRT====
* firmware for routers
* WRT54G LinkSys router with a Linux kernel on it

====Proxy vs VPN tunneling====
* proxies are for HTTP specifically
* VPN is for any internet traffic
* TCP IP illustrated, to better understand networking

====(Complex Security) Policies====
* "Suck, don’t make them." - Anil, 2016.
* can’t approximate how humans approach information with logic systems

====MULTICS====
* supposed to be a “grown up” OS
* first OS to take security seriously
* took a "shotgun approach" to security, too much generality
* implemented a ring system which was overly complicated

====UNIX====
* simplest mechanisms, most usable

====Reference Monitor====
* software that mediates all security decisions
* MULTICS designed to have a reference monitor, which was their ring system
* UNIX doesn’t really have one, processes (kind of) moderate security decisions together

===Important Concepts===
====Reference Monitor====
* What is it?
* What is it's role in an OS?
* How is it implemented in UNIX and MULTICS?

SystemsSec 2016W Lecture 4

2016-02-04T15:11:30Z

Jessjohnson: /* Jails */

===Topics & Readings===
* chroot jails
* MULTICS

===Class Notes===

====Jails====
* better version of chmod
* BSD mechanism, not really a Linux thing
* limiting hierarchy to make a non-root dir seem like the root dir, forces hierarchy to be duplicated so that nothing seems weird
* fake root user gets ‘jailed’ into subset of hierarchy, and doesn’t really have real root privileges
* process has a different root dir in kernel, but to the fake root user it still seems like the root dir
* one kernel space, multiple user spaces
* kind of like OS virtualization

====DD-WRT====
* firmware for routers
* WRT54G LinkSys router with a Linux kernel on it

====Proxy vs VPN tunneling====
* proxies are for HTTP specifically
* VPN is for any internet traffic
* TCP IP illustrated, to better understand networking

====(Complex Security) Policies====
* "Suck, don’t make them." - Anil, 2016.
* can’t approximate how humans approach information with logic systems

====MULTICS====
* supposed to be a “grown up” OS
* first OS to take security seriously
* took a "shotgun approach" to security, too much generality
* implemented a ring system which was overly complicated

====UNIX====
* simplest mechanisms, most usable

====Reference Monitor====
* software that mediates all security decisions
* MULTICS designed to have a reference monitor, which was their ring system
* UNIX doesn’t really have one, processes (kind of) moderate security decisions together

SystemsSec 2016W Lecture 4

2016-02-04T15:11:06Z

Jessjohnson: /* Jails */

===Topics & Readings===
* chroot jails
* MULTICS

====Jails====
* better version of chmod
* BSD mechanism, not really a Linux thing
* limiting hierarchy to make a non-root dir seem like the root dir, forces hierarchy to be duplicated so that nothing seems weird
* fake root user gets ‘jailed’ into subset of hierarchy, and doesn’t really have real root privileges
* process has a different root dir in kernel, but to the fake root user it still seems like the root dir
* one kernel space, multiple user spaces
* kind of like OS virtualization

====DD-WRT====
* firmware for routers
* WRT54G LinkSys router with a Linux kernel on it

====Proxy vs VPN tunneling====
* proxies are for HTTP specifically
* VPN is for any internet traffic
* TCP IP illustrated, to better understand networking

====(Complex Security) Policies====
* "Suck, don’t make them." - Anil, 2016.
* can’t approximate how humans approach information with logic systems

====MULTICS====
* supposed to be a “grown up” OS
* first OS to take security seriously
* took a "shotgun approach" to security, too much generality
* implemented a ring system which was overly complicated

====UNIX====
* simplest mechanisms, most usable

====Reference Monitor====
* software that mediates all security decisions
* MULTICS designed to have a reference monitor, which was their ring system
* UNIX doesn’t really have one, processes (kind of) moderate security decisions together

SystemsSec 2016W Lecture 4

2016-02-02T23:33:44Z

Jessjohnson: Created page with "====Jails==== * better version of chmod * BSD mechanism, not really a Linux thing * limiting hierarchy to make a non-root dir seem like the root dir, forces hierarchy to be du..."

====Jails====
* better version of chmod
* BSD mechanism, not really a Linux thing
* limiting hierarchy to make a non-root dir seem like the root dir, forces hierarchy to be duplicated so that nothing seems weird
* fake root user gets ‘jailed’ into subset of hierarchy, and doesn’t really have real root privileges
* process has a different root dir in kernel, but to the fake root user it still seems like the root dir
* one kernel space, multiple user spaces
* kind of like OS virtualization

====DD-WRT====
* firmware for routers
* WRT54G LinkSys router with a Linux kernel on it

====Proxy vs VPN tunneling====
* proxies are for HTTP specifically
* VPN is for any internet traffic
* TCP IP illustrated, to better understand networking

====(Complex Security) Policies====
* "Suck, don’t make them." - Anil, 2016.
* can’t approximate how humans approach information with logic systems

====MULTICS====
* supposed to be a “grown up” OS
* first OS to take security seriously
* took a "shotgun approach" to security, too much generality
* implemented a ring system which was overly complicated

====UNIX====
* simplest mechanisms, most usable

====Reference Monitor====
* software that mediates all security decisions
* MULTICS designed to have a reference monitor, which was their ring system
* UNIX doesn’t really have one, processes (kind of) moderate security decisions together

SystemsSec 2016W Lecture 5

2016-01-21T16:20:12Z

Jessjohnson: /* Remote attacker, authenticated */

Class discussion: threat models and attacker goals

==Local attacker==

==Administrative attacker==

==Remote attacker, authenticated==

=== Group 3 ===
====Members====
* Dania Ghazal
* Ankush Varshneya
* Olivier Hamel
* Michael Aaya
* Ryan Morfield
* Daniel Vanderveen
* Jess Johnson

====Example Scenario====
'''Targeted System'''
* CIA database - find out who killed Kennedy?
'''Attackers'''
* remote authenticators
* contractors (non CIA)
'''Goals'''
* “exfiltrating data”
* exfiltrate the CIA database to find out who killed Kennedy
'''Means'''
* someone at the CIA left a node.js server running in the background :)
* ssh credentials
* use outdated emacs (implementing a root privileged mail daemon) to inject a password into etc/passwd to escalate attacker’s privileges
* look around the system for more vulnerable/outdated services to exploit
* generate a race condition to create a file that you know a root user would create, then let the root user put their “sensitive data” into attacker’s file (such as files in /temp)
* social engineering - submit a help ticket to someone within the CIA to gain higher privileges for a seemingly innocent reason
====Attack Strategies====
'''Where are the Accessible Weaknesses?'''
* outdated services
* any service that lets attacker execute a task as another user
'''How Do You Attack Them?'''
* user privilege escalation
* abusing service vulnerabilities

==Physical attacker, authenticated==

==Physical attacker, unauthenticated==

==Remote attacker, unauthenticated==

SystemsSec 2016W Lecture 5

2016-01-21T16:16:53Z

Jessjohnson: /* Remote attacker, authenticated */

Class discussion: threat models and attacker goals

==Local attacker==

==Administrative attacker==

==Remote attacker, authenticated==

=== Group 3 ===
====Members====
* Dania Ghazal
* Ankush Varshneya
* Olivier Hamel
* Michael Aaya
* Ryan Morfield
* Daniel Vanderveen
* Jess Johnson

====Example Scenario====
'''Targeted System'''
* CIA database - find out who killed Kennedy?
'''Attackers'''
* remote authenticators
* contractors (non CIA)
'''Goals'''
* “exfiltrating data”
* Exfiltrate the CIA database to find out who killed Kennedy
'''Means'''
* someone at the CIA left a node.js server running in the background :)
* ssh credentials
* use outdated emacs (implementing a root privileged mail daemon) to inject a password into etc/passwd to escalate attacker’s privileges
* look around the system for more vulnerable/outdated services to exploit
* generate a race condition to create a file that you know a root user would create, then let the root user put their “sensitive data” into attacker’s file (such as files in /temp)
* social engineering - submit a help ticket to someone within the CIA to gain higher privileges for a seemingly innocent reason
====Attack Strategies====
'''Where are the Accessible Weaknesses?'''
* outdated services
* any service that lets attacker execute a task as another user
'''How Do You Attack Them?'''
* user privilege escalation
* abusing service vulnerabilities

==Physical attacker, authenticated==

==Physical attacker, unauthenticated==

==Remote attacker, unauthenticated==