Disabling Nonessential Systems
First step in establishing a defense against
computer attacks is to turn off all nonessential
systems
The background program waits in the
computer’s random access memory (RAM) until
the user presses a specific combination of keys
(a hot key), such as Ctrl+Shift+P
Then, the idling program springs to life
Early terminate-and-stay-resident (TSR)
programs performed functions such as
displaying an instant calculator, small notepad,
or address book
In Microsoft Windows, a background program,
such as Svchostexe, is called a process
The process provides a service to the operating
system indicated by the service name, such as
AppMgmt
Users can view the display name of a service,
which gives a detailed description, such as
Application Management
A single process can provide multiple services
39 trang |
Chia sẻ: candy98 | Lượt xem: 513 | Lượt tải: 0
Bạn đang xem trước 20 trang tài liệu Security + Certification - Chapter 9: System Hardening - Athena, để xem tài liệu hoàn chỉnh bạn click vào nút DOWNLOAD ở trên
Chapter 9
System Hardening
Objectives in this chapter
Disable nonessential systems
Harden operating systems
Harden applications
Harden networks
ATHENA
Disabling Nonessential Systems
First step in establishing a defense against
computer attacks is to turn off all nonessential
systems
The background program waits in the
computer’s random access memory (RAM) until
the user presses a specific combination of keys
(a hot key), such as Ctrl+Shift+P
Then, the idling program springs to life
ATHENA
Disabling Nonessential
Systems (continued)
Early terminate-and-stay-resident (TSR)
programs performed functions such as
displaying an instant calculator, small notepad,
or address book
In Microsoft Windows, a background program,
such as Svchostexe, is called a process
The process provides a service to the operating
system indicated by the service name, such as
AppMgmt
ATHENA
Disabling Nonessential
Systems (continued)
Users can view the display name of a service,
which gives a detailed description, such as
Application Management
A single process can provide multiple services
ATHENA
Disabling Nonessential
Systems (continued)
ATHENA
Disabling Nonessential
Systems (continued)
ATHENA
Disabling Nonessential
Systems (continued)
A service can be set to one of the following
modes:
• Automatic
• Manual
• Disabled
Besides preventing attackers from attaching
malicious code to services, disabling
nonessential services blocks entries into the
system
ATHENA
Disabling Nonessential
Systems (continued)
The User Datagram Protocol (UDP) provides for
a connectionless TCP/IP transfer
TCP and UDP are based on port numbers
Socket: combination of an IP address and a port
number
• The IP address is separated from the port
number by a colon, as in 19814611820:80
ATHENA
Disabling Nonessential
Systems (continued)
ATHENA
Hardening Operating Systems
Hardening: process of reducing vulnerabilities
A hardened system is configured and updated
to protect against attacks
Three broad categories of items should be
hardened:
• Operating systems
• Applications that the operating system runs
• Networks
ATHENA
Hardening Operating
Systems (continued)
You can harden the operating system that runs
on the local client or the network operating
system (NOS) that manages and controls the
network, such as Windows Server 2003 or
Novell NetWare
ATHENA
Applying Updates
Operating systems are intended to be
dynamic
As users’ needs change, new hardware is
introduced, and more sophisticated attacks
are unleashed, operating systems must be
updated on a regular basis
However, vendors release a new version of
an operating system every two to four years
Vendors use certain terms to refer to the
different types of updates (listed in Table 4-3
on page 109)
ATHENA
Applying Updates (continued)
A service pack (a cumulative set of updates
including fixes for problems that have not been
made available through updates) provides the
broadest and most complete update
A hotfix does not typically address security
issues; instead, it corrects a specific software
problem
ATHENA
Applying Updates (continued)
ATHENA
Applying Updates (continued)
A patch or a software update fixes a security
flaw or other problem
• May be released on a regular or irregular basis,
depending on the vendor or support team
• A good patch management system includes the
features listed on pages 111 and 112 of the text
ATHENA
Securing the File System
Another means of hardening an operating
system is to restrict user access
Generally, users can be assigned permissions to
access folders (also called directories in DOS
and UNIX/Linux) and the files contained
within them
ATHENA
Securing the File System (continued)
Microsoft Windows provides a centralized
method of defining security on the Microsoft
Management Console (MMC)
• A Windows utility that accepts additional
components (snap-ins)
• After you apply a security template to organize
security settings, you can import the settings to a
group of computers (Group Policy object)
ATHENA
Securing the File System (continued)
Group Policy settings: components of a user’s
desktop environment that a network system
administrator needs to manage
Group Policy settings cannot override a global
setting for all computers (domain-based
setting)
Windows stores settings for the computer’s
hardware and software in a database (the
registry)
ATHENA
Hardening Applications
Just as you must harden operating systems, you
must also harden the applications that run on
those systems
Hotfixes, service packs, and patches are
generally available for most applications;
although, not usually with the same frequency
as for an operating system
ATHENA
Hardening Servers
Harden servers to prevent attackers from
breaking through the software
Web server delivers text, graphics, animation,
audio, and video to Internet users around the
world
Refer to the steps on page 115 to harden a Web
server
ATHENA
Hardening Servers (continued)
Mail server is used to send and receive
electronic messages
In a normal setting, a mail server serves an
organization or set of users
All e-mail is sent through the mail server from a
trusted user or received from an outsider and
intended for a trusted user
ATHENA
Hardening Servers (continued)
ATHENA
Hardening Servers (continued)
In an open mail relay, a mail server processes e-
mail messages not sent by or intended for a
local user
File Transfer Protocol (FTP) server is used to
store and access files through the Internet
• Typically used to accommodate users who want to
download or upload files
ATHENA
Hardening Servers (continued)
ATHENA
Hardening Servers (continued)
FTP servers can be set to accept anonymous
logons using a window similar that shown in
Figure 4-8
A Domain Name Service (DNS) server makes
the Internet available to ordinary users
• DNS servers frequently update each other by
transmitting all domains and IP addresses of which
they are aware (zone transfer)
ATHENA
Hardening Servers (continued)
ATHENA
Hardening Servers (continued)
IP addresses and other information can be used
in an attack
USENET is a worldwide bulletin board system
that can be accessed through the Internet or
many online services
The Network News Transfer Protocol (NNTP) is
the protocol used to send, distribute, and
retrieve USENET messages through NNTP
servers
ATHENA
Hardening Servers (continued)
Print/file servers on a local area network (LAN)
allow users to share documents on a central
server or to share printers
Hardening a print/file server involves the tasks
listed on page 119 of the text
A DHCP server allocates IP addresses using the
Dynamic Host Configuration Protocol (DHCP)
DHCP servers “lease” IP addresses to clients
ATHENA
Hardening Data Repositories
Data repository: container that holds electronic
information
Two major data repositories: directory services
and company databases
Directory service: database stored on the
network that contains all information about
users and network devices along with privileges
to those resources
ATHENA
Hardening Data
Repositories (continued)
Active Directory is the directory service for
Windows
Active Directory is stored in the Security
Accounts Manager (SAM) database
The primary domain controller (PDC) houses
the SAM database
ATHENA
Hardening Networks
Two-fold process for keeping a network secure:
• Secure the network with necessary updates
• Properly configure it
ATHENA
Firmware Updates
RAM is volatile―interrupting the power source
causes RAM to lose its entire contents
Read-only memory (ROM) is different from
RAM in two ways:
• Contents of ROM are fixed
• ROM is nonvolatile―disabling the power source
does not erase its contents
ATHENA
Firmware Updates (continued)
ROM, Erasable Programmable Read-Only
Memory (EPROM), and Electrically Erasable
Programmable Read-Only Memory (EEPROM)
are firmware
To erase an EPROM chip, hold the chip under
ultraviolet light so the light passes through its
crystal window
The contents of EEPROM chips can also be
erased using electrical signals applied to
specific pins
ATHENA
Network Configuration
You must properly configure network
equipment to resist attacks
The primary method of resisting attacks is to
filter data packets as they arrive at the
perimeter of the network
ATHENA
Network Configuration (continued)
Rule base or access control list (ACL): rules a
network device uses to permit or deny a packet
(not to be confused with ACLs used in securing
a
file system)
Rules are composed of several settings (listed
on pages 122 and 123 of the text)
Observe the basic guidelines on page 124 of the
text when creating rules
ATHENA
Network Configuration (continued)
ATHENA
Summary
Establishing a security baseline creates a basis
for information security
Hardening the operating system involves
applying the necessary updates to the software
Securing the file system is another step in
hardening a system
ATHENA
Summary (continued)
Applications and operating systems must be
hardened by installing the latest patches and
updates
Servers, such as Web servers, mail servers, FTP
servers, DNS servers, NNTP servers, print/file
servers, and DHCP servers, must be hardened
to prevent attackers from corrupting them or
using the server to launch other attacks
ATHENA