OPS245 Lab 7
!!!THIS LAB IS NOT READY YET!!!
Computer security is a very large and complicated field, there are multi-year programs you could take just to get the basics. But we can get an introduction to some of the more obvious security issues you are likely to run into as a system administrator.
No security without hardware security
Depending on your experience you may already know that no bike lock can guarantee your bike won't get stolen, a locksmith can open any door without a key in seconds (or at most in minutes), and noone has yet come up with a way to prevent stealing a car.
In fact with very few exceptions anything can be broken into no matter how well the protection was designed, and how much it cost. The biggest strongest safe you can imagine can be cut into given the right tools and the time to do it.
Roughly the same applies to computers. You can implement any sort of security you like, but ultimately a determined attacker can break it if they can take your hardware apart. The only exception is a properly implemented encryption system using good keys, but even that can often be bypassed.
We'll use our server2 machine as an example to practice this.
- Boot up server2 normally, and log in as root.
- Create some secret files in root's home directory, and set their permissions so that only root can read them.
- You can set a very long and complicated password for root if you like, later you will see that it doesn't actually matter how good it is.
- Shut down server1 and make a snapshot of it just in case you make a mistake and damage something.
The trick we'll use in this case is to boot another operating system kernel on server1's hardware, and access server1's filesystem using that other operating system. That way we will bypassing any security that would have been enforced by server1's operating system kernel.
- In the VM's settings double-check that it will attempt to boot from a DVD before booting from the harddrive, then insert your Linux Mint ISO you used in the beginning of the course into server2's virtual optical drive: