The Ten Most Important Steps You Can Take to Protect Your Windows-based Servers from Hackers

Size: px
Start display at page:

Download "The Ten Most Important Steps You Can Take to Protect Your Windows-based Servers from Hackers"

Transcription

1 The Ten Most Important Steps You Can Take to Protect Your Windows-based Servers from Hackers University of California, Riverside Computing and Communications Author: Joel Nylander Document Goal This document is offered as a guide for campus system administrators to assist them in securing their Windows NT and Windows 2000 servers against possible hacking attacks. In addition, this paper will describe the current state of Windows-based server security at UCR and will cite a few examples of recent attacks. No system can be completely safe from attack. There is no guarantee, even if you follow all of the recommendations contained in this white paper, that your systems will be impenetrable. However, if you choose to follow the suggestions outlined below, your risk will be greatly reduced. Introduction In recent months, our campus has witnessed a steadily increasing problem with hackers. These malicious individuals have been attacking several high-profile servers (Human Resources, Parking and others) on campus. These serious assaults have greatly impacted the departments who administer these servers by creating long service outages and by causing many hours of unproductive time for the department s technical staff. The campus microcomputer support capability is also affected by these incursions by way of the many hours that are required to assist the technical staff in other departments in getting their systems back online. These incidents are not unique to UCR and they are not necessarily aimed specifically at our campus. Many of them are carried out by automated hacking tools that can be programmed to scan the internet for vulnerable systems and attack when a hole is found. These types of tools are becoming more sophisticated and more readily available 1. The common theme running through nearly all of these incidents is that the servers being targeted are using the Windows NT 4.0 or Windows operating systems. The reasons that can be enumerated for Windows systems being more vulnerable are many and varied. The fact that Microsoft has issued forty-three security bulletins this year alone (as of 8/20/02) is indicative of the un-ending supply of newly discovered security holes in Microsoft operating systems. In addition, servers that are not centrally administered and housed by Computing and Communications are more vulnerable to attack for the following reasons: They are less likely to be using a more hacker resistant operating system like UNIX or LINUX. They are more likely to be administered by someone whose job function is not limited to their IT responsibilities and who are therefore limited in the amount of time and resources they can spend on staying current with up-to-date info on security and server protection routines. There is more likely to be a lack of physical security 3. Departmental servers are often housed in areas which do not provide the level of physical security recommended for mission critical systems.

2 Mitigative Actions by Computing & Communications (ongoing and planned) Although Computing and Communications can only take responsibility for assuring that the servers that we administer are as fully protected from attack as possible, we have taken steps to assist other campus departments in securing their exposed servers. To achieve this end we have: Applied ACL s (access control lists) on the campus network that function to control the type of traffic which can flow to and from a particular server on our network. These types of tools can be used to block unwanted off-campus traffic from reaching servers for which there is no legitimate need for off-campus access. Placed anti-spoofing rules at the border between the campus network and the rest of the world 4. These rules prevent attackers from using internet addresses (IP numbers) that are not registered to them (they do so to hide their tracks). C&C blocks traffic where: o Incoming packets have a source address from our network. o Incoming packets do not have a destination address that is within our network. o Outgoing traffic does not have a source address from our network. o Outgoing traffic has a destination address of our internal network. Used traffic monitors to scan the campus network for suspicious traffic. Within months, Computing and Communications plans to offer, for a fee, firewall services to any department who desires further protection from attack. A firewall acts to filter data to and from servers and workstations on campus, allowing only legitimate traffic to pass through. Although they cannot prevent all types of attacks 5, firewalls have proven to be a useful tool in many environments. The firewall solution currently being tested and readied for deployment offers the greatest protection at the least possible cost to departments. Critical Security Recommendations for Windows-Based Servers There are numerous steps that system administrators can take to protect their servers from attack. The increase in the number and severity of hacking attempts in recent years has lead to the forming of many organizations that offer consultation on issues of computer security. Many of these organizations freely offer lists of recommended best practices to counter the hacker problem. We have examined many of these documents and based on the most current data available, we have compiled our own set of recommendations. Most of the attacks that we have experienced on campus would have been prevented or at least minimized had the recommendations below been in place. Our recommendations are listed in order of importance. Each of them is important, but if you have limited time or limited resources, we suggest you start at the top of the list and work down. 1. Check all servers at least weekly for compliance with respect to all available Service Packs, patches and Hotfixes. This is the most critical action one can take to reduce the likelihood of an attack. Once a bug or vulnerability is made public, hackers begin to search for systems that have not been patched. The possibility of an attempted assault increases with each passing day. System administrators should make this step their highest ongoing priority. August 26, of 2

3 There are numerous techniques and tools available to assist administrators in keeping their servers upto-date with patches and hotfixes. Here is a list of some of those resources: Microsoft s Best Practices for Applying Service Packs, Hotfixes and Security Patches Microsoft s Hfnetcheck tool: Microsoft Baseline Security Analyzer: IIS Lockdown Tool 2. Verify that all users (and especially those users with administrative rights) have strong passwords. Enforce stronger password policies. The only thing standing between a potential intruder and complete control of your server is your administrator enabled account password(s). If an attacker can obtain the password for an account with administrator privileges, they can do ANYTHING. Each and every account with administrator rights should have a strong password. Individual user accounts should also have strong passwords, but there are human factors which may limit your ability to enforce stricter password policies on the average user. There is a fine balance between enforcing password policies and creating a burden on users that will actually lead to a net loss of protection. For example, if you force users to change their passwords too often, they may resort to writing them down on post-it notes and sticking them on their monitor. Strong password characteristics: Passwords should contain a minimum of eight characters. Passwords should NOT contain dictionary words. Passwords should use a combination of uppercase, lowercase, numeric and special characters. Enable strong password functionality by doing the following: Win NT 4.0: Win 2K: Accounts should be locked out after a maximum of five invalid login attempts. Maximum password duration should be no more than 60 days (a 60 day maximum password duration setting would cause a password to expire after 60 days). Minimum password duration should be set to two or three days to prevent users from changing their passwords when required, then immediately changing them back to what they were previously. Do not allow null passwords (setting a minimum password length as mentioned in the first point above will accomplish this). August 26, of 3

4 3. Provide at least a minimum level of physical security for all servers Physical Security Minimums: Every server should be behind a locked door with access limited to only those individuals who have a legitimate need for access. When there is no one working at the server console, the console session should be either logged out or locked so that a password is required to gain access. The server room should be arranged in a way that people outside the room cannot see the keyboard (thus seeing users/admin passwords) 6. Written evidence of user ID s and passwords should not be left lying around the server room. 4. Implement backup procedures for all systems. Create and maintain backup copies of at least the data files on all servers. Backups should be created regularly using well conceived procedures that should include some form of off-site storage of backup media in case of loss of the facility. Create and maintain a current Emergency Repair Disk (ERD) for all systems. This often overlooked measure is just as important as backing up your data files 7. NT Win 2K - Regularly test your restore procedures to verify that your backups are valid and restorable. Microsoft article on Backup/Recovery procedures: 5. Use up-to-date anti-virus software Anti-virus software on a server may not stop hacking attempts, but they can detect many of the Trojan horse programs that hackers often use to sneak into your systems. After installing anti-virus software, be sure that you routinely update the virus info to ensure that the software will be able to detect all virus, including the most recently discovered ones. 6. Block access to/from any unnecessary TCP/UDP ports. There are over 65,000 TCP and UDP ports on any given server, most of which could become the path used by an attacker to gain unauthorized access to your systems. You should use whatever means at your disposal to block access to the ports on your server that there is no legitimate use for. The most common and effective way to block access to these ports is the use of a firewall. Firewalls can be separated into two categories: Personal Firewall A personal firewall can be installed on the server itself and can be extremely effective at blocking unwanted traffic to and from your server. Below is a list of a few such products: August 26, of 4

5 ZoneAlarm Pro BlackICE Server Protection Sygate Personal Firewall Pro 5 Network Firewall This type of firewall is placed on the campus network, between your server and the rest of the world. The network firewall s job is to block access to/from any particular port on your server. Computing and Communications will offer a firewall service in the next few months. Firewalls cannot prevent every type of attack and they can be somewhat difficult to configure. Determining which ports to leave open to allow the traffic you DO want and which ones to block to filter the traffic you DON T want can be a lengthy and tedious process. Additional firewall information resources: Firewall Guide Reviews Yahoo Directory - Firewalls 7. Enable security logging on all servers. Prevention is ideal, but detection is a must 8 is a commonly repeated axiom in the computer security world. Hence, security forensics is one of the many keys to securing your Windowsbased servers. Turning on the auditing features on your Windows-based servers can enhance your ability to determine how an attempted attack was carried out and to what extent, if at all, your systems were compromised. Auditing can also help administrators detect unsuccessful attacks so that configuration changes can be made to defend against future attacks. Follow the steps outlined at the links below to enable auditing on your servers: NT Win 2K - Enable logging of the following events: Logon and Logoff Success and Failure File and Object Access Failure only Use of User Rights Failure only User and Group Management - Success and Failure Security Policy Changes - Success and Failure Restart, Shutdown and System - Success and Failure Process Tracking None August 26, of 5

6 IMPORTANT NOTE: Once you have enabled auditing, make a habit of scanning the security logs on a regular basis. You may discover events that could tip you off to an attack that was unsuccessful and provide the information required to stop future attacks. Another article on auditing from Ernest Orlando Lawrence Berkeley National Laboratory: 8. Disable any unnecessary services. If you perform a default installation, Windows NT/2000 servers are configured to run many services which may not be required. Running services on your servers that you don t need is like having doors on your house that you never go through. Why risk someone breaking in when you can eliminate the door altogether? Examine each of your servers and look at each service that is running and ask yourself Do I really need this? If the answer is no, then disable or remove the service. A freeware tool from Foundstone (a computer security company) called Vision can help you identify the services running on your server and the TCP/UDP ports they are associated with. The article referenced below can help you determine which services you need and which ones you don t: Default Services Required for Internet Information Server Services 9. Disable anonymous user account enumeration. By default on all Windows NT systems and on some Windows 2000 systems, a user can log on without a user name and password and can then list all of the user account names on the system. In addition to being able to enumerate the user names, the attacker can is also provided with the information they need to determine which listed accounts have administrator privilege. This security hole has been used recently against campus servers to allow hackers to gain access to a list NT/2000 server usernames, including information regarding which accounts have administrator privileges. Using the RestrictAnonymous registry entry, you can block routine access to user information. NT Win 2K Use NTFS All Windows NT and Windows 2000 systems should be formatted using NTFS and not FAT/FAT32. Neither FAT nor FAT32 utilize file level security and using them represents substantial risk of compromise. August 26, of 6

7 Summary The most important idea to take away from this white paper is this: Securing your windows-based servers is a journey, not a destination 9. There will never be a point at which you can stop and say I m finished now all of my servers are secure. Computer security means staying constantly vigilant both proactively and reactively. Here are some tips: Use checklists to help remind you what steps should be taken and when. Subscribe to lists that focus on security. o o Visit security-focused web sites on a regular basis. Subscribe to one or more of the many periodicals that discuss security related issues: o o Create written procedures for all security related activities so that others can complete important security tasks if you are away. If you would like to learn more about Windows NT/2000 security we have included links to some very informative web resources: Securing NT by SecurityFocus Security and Privacy By Microsoft Enterprise Security By Security Focus CERT (Computer Emergency Response Team) By CERT Security Tools and Checklists By Microsoft Free Security Tools By Foundstone, Inc. Acknowledgments The following individuals helped in the creation of this document by providing tips and helpful ideas. Tom Lee, Computer Security Expert, Foundstone Inc. William Easley, IT Manager, University of California, Riverside Lisa Parks, Network Operations Analyst, University of California, Riverside 1 Copyright 2002 Carnegie Mellon University. 2 Hacker attacks target Windows NT computers, CNN Interactive, March 4, 1998, Copyright 1998 Cable News Network, Inc 3 Copyright 1999, 2000, 2001, 2002 Carnegie Mellon University. 4 As per recommendations found in the SANS report, The Twenty Most Critical Internet Security Vulnerabilities, Copyright SANS Institute Tips on Building Firewalls, Tip #4, Copyright 2001, O'Reilly & Associates, Inc. 6 Physically securing the servers, Copyright 2001 Activsupport Inc. 7 Description of Windows NT Emergency Repair Disk, Copyright Microsoft Corp. 8 The Twenty Most Critical Internet Security Vulnerabilities, Sans Institute, Copyright SANS Institute 9 August 26, of 7

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses 2004 Microsoft Corporation. All rights reserved. This document is for informational purposes only.

More information

Security Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems

Security Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems IT 4823 Information Security Administration Securing Operating Systems June 18 Security Maintenance Practices Basic proactive security can prevent many problems Maintenance involves creating a strategy

More information

Did you know your security solution can help with PCI compliance too?

Did you know your security solution can help with PCI compliance too? Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment

More information

SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X)

SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X) WHITE PAPER SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X) INTRODUCTION This document covers the recommended best practices for hardening a Cisco Personal Assistant 1.4(x) server. The term

More information

Global Partner Management Notice

Global Partner Management Notice Global Partner Management Notice Subject: Critical Vulnerabilities Identified to Alert Payment System Participants of Data Compromise Trends Dated: May 4, 2009 Announcement: To support compliance with

More information

System Security Policy Management: Advanced Audit Tasks

System Security Policy Management: Advanced Audit Tasks System Security Policy Management: Advanced Audit Tasks White Paper October 6, 2005 2005 Altiris Inc. All rights reserved. ABOUT ALTIRIS Altiris, Inc. is a pioneer of IT lifecycle management software that

More information

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee Windows Server Security Best Practices Initial Document Created By: 2009 Windows Server Security Best Practices Committee Document Creation Date: August 21, 2009 Revision Revised By: 2014 Windows Server

More information

Network Security. 1 Pass the course => Pass Written exam week 11 Pass Labs

Network Security. 1 Pass the course => Pass Written exam week 11 Pass Labs Network Security Ola Lundh ola.lundh@hh.se Schedule/ time-table: landris.hh.se/ (NetwoSec) Course home-page: hh.se/english/ide/education/student/coursewebp ages/networksecurity cisco.netacad.net Packet

More information

Windows Client/Server Local Area Network (LAN) System Security Lab 2 Time allocation 3 hours

Windows Client/Server Local Area Network (LAN) System Security Lab 2 Time allocation 3 hours Windows Client/Server Local Area Network (LAN) System Security Lab 2 Time allocation 3 hours Introduction The following lab allows the trainee to obtain a more in depth knowledge of network security and

More information

31 Ways To Make Your Computer System More Secure

31 Ways To Make Your Computer System More Secure 31 Ways To Make Your Computer System More Secure Copyright 2001 Denver Tax Software, Inc. 1. Move to more secure Microsoft Windows systems. Windows NT, 2000 and XP can be made more secure than Windows

More information

GFI White Paper PCI-DSS compliance and GFI Software products

GFI White Paper PCI-DSS compliance and GFI Software products White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption

More information

Common Cyber Threats. Common cyber threats include:

Common Cyber Threats. Common cyber threats include: Common Cyber Threats: and Common Cyber Threats... 2 Phishing and Spear Phishing... 3... 3... 4 Malicious Code... 5... 5... 5 Weak and Default Passwords... 6... 6... 6 Unpatched or Outdated Software Vulnerabilities...

More information

Network Detective. HIPAA Compliance Module. 2015 RapidFire Tools, Inc. All rights reserved V20150201

Network Detective. HIPAA Compliance Module. 2015 RapidFire Tools, Inc. All rights reserved V20150201 Network Detective 2015 RapidFire Tools, Inc. All rights reserved V20150201 Contents Purpose of this Guide... 3 About Network Detective... 3 Overview... 4 Creating a Site... 5 Starting a HIPAA Assessment...

More information

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date: A SYSTEMS UNDERSTANDING A 1.0 Organization Objective: To ensure that the audit team has a clear understanding of the delineation of responsibilities for system administration and maintenance. A 1.1 Determine

More information

86-10-15 The Self-Hack Audit Stephen James Payoff

86-10-15 The Self-Hack Audit Stephen James Payoff 86-10-15 The Self-Hack Audit Stephen James Payoff As organizations continue to link their internal networks to the Internet, system managers and administrators are becoming increasingly aware of the need

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

Firewalls Overview and Best Practices. White Paper

Firewalls Overview and Best Practices. White Paper Firewalls Overview and Best Practices White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information use only, does not

More information

Locking down a Hitachi ID Suite server

Locking down a Hitachi ID Suite server Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime

More information

Fifty Critical Alerts for Monitoring Windows Servers Best practices

Fifty Critical Alerts for Monitoring Windows Servers Best practices Fifty Critical Alerts for Monitoring Windows Servers Best practices The importance of consolidation, correlation, and detection Enterprise Security Series White Paper 6990 Columbia Gateway Drive, Suite

More information

Cyber Security: An Introduction

Cyber Security: An Introduction Cyber Security: An Introduction Security is always a trade-off between convenience and protection. A good security policy is convenient enough to prevent users from rebelling, but still provides a reasonable

More information

Firewalls and Software Updates

Firewalls and Software Updates Firewalls and Software Updates License This work by Z. Cliffe Schreuders at Leeds Metropolitan University is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License. Contents General

More information

Firewall Cracking and Security By: Lukasz Majowicz Dr. Stefan Robila 12/15/08

Firewall Cracking and Security By: Lukasz Majowicz Dr. Stefan Robila 12/15/08 Firewall Cracking and Security By: Lukasz Majowicz Dr. Stefan Robila 12/15/08 What is a firewall? Firewalls are programs that were designed to protect computers from unwanted attacks and intrusions. Wikipedia

More information

Cyber Self Assessment

Cyber Self Assessment Cyber Self Assessment According to Protecting Personal Information A Guide for Business 1 a sound data security plan is built on five key principles: 1. Take stock. Know what personal information you have

More information

Activity 1: Scanning with Windows Defender

Activity 1: Scanning with Windows Defender Activity 1: Scanning with Windows Defender 1. Click on Start > All Programs > Windows Defender 2. Click on the arrow next to Scan 3. Choose Custom Scan Page 1 4. Choose Scan selected drives and folders

More information

Telemedicine HIPAA/HITECH Privacy and Security

Telemedicine HIPAA/HITECH Privacy and Security Telemedicine HIPAA/HITECH Privacy and Security 1 Access Control Role Based Access The organization shall provide secure rolebased account management. Privileges granted utilizing the principle of least

More information

Contents Introduction xxvi Chapter 1: Understanding the Threats: E-mail Viruses, Trojans, Mail Bombers, Worms, and Illicit Servers

Contents Introduction xxvi Chapter 1: Understanding the Threats: E-mail Viruses, Trojans, Mail Bombers, Worms, and Illicit Servers Contents Introduction xxvi Chapter 1: Understanding the Threats: E-mail Viruses, Trojans, Mail Bombers, Worms, and Illicit Servers 1 Introduction 2 Essential Concepts 3 Servers, Services, and Clients 3

More information

Computer Security Maintenance Information and Self-Check Activities

Computer Security Maintenance Information and Self-Check Activities Computer Security Maintenance Information and Self-Check Activities Overview Unlike what many people think, computers are not designed to be maintenance free. Just like cars they need routine maintenance.

More information

Windows Remote Access

Windows Remote Access Windows Remote Access A newsletter for IT Professionals Education Sector Updates Issue 1 I. Background of Remote Desktop for Windows Remote Desktop Protocol (RDP) is a proprietary protocol developed by

More information

ViRobot Desktop 5.5. User s Guide

ViRobot Desktop 5.5. User s Guide ViRobot Desktop 5.5 User s Guide ViRobot Desktop 5.5 User s Guide Copyright Notice Copyright 2007 by HAURI Inc. All rights reserved worldwide. No part of this publication or software may be reproduced,

More information

Security Audit Report for ACME Corporation

Security Audit Report for ACME Corporation Security Audit Report for ACME Corporation Acme Security Audit 1 Table of Contents Acme Security Audit...3 Executive Summary...3 Security Architecture and Design...5 Network Security...7 Host Security...10

More information

How To Audit The Mint'S Information Technology

How To Audit The Mint'S Information Technology Audit Report OIG-05-040 INFORMATION TECHNOLOGY: Mint s Computer Security Incident Response Capability Needs Improvement July 13, 2005 Office of Inspector General Department of the Treasury Contents Audit

More information

This chapter covers the following topics: Why Network Security Is Necessary Secure Network Design Defined Categorizing Network Security Threats How

This chapter covers the following topics: Why Network Security Is Necessary Secure Network Design Defined Categorizing Network Security Threats How This chapter covers the following topics: Why Network Security Is Necessary Secure Network Design Defined Categorizing Network Security Threats How Network Security Is Breached Network Security Policy

More information

Windows Operating Systems. Basic Security

Windows Operating Systems. Basic Security Windows Operating Systems Basic Security Objectives Explain Windows Operating System (OS) common configurations Recognize OS related threats Apply major steps in securing the OS Windows Operating System

More information

Summary of Technical Information Security for Information Systems and Services Managed by NUIT (Newcastle University IT Service)

Summary of Technical Information Security for Information Systems and Services Managed by NUIT (Newcastle University IT Service) Introduction This document provides a summary of technical information security controls operated by Newcastle University s IT Service (NUIT). These information security controls apply to all NUIT managed

More information

Symantec Mail Security for Domino

Symantec Mail Security for Domino Getting Started Symantec Mail Security for Domino About Symantec Mail Security for Domino Symantec Mail Security for Domino is a complete, customizable, and scalable solution that scans Lotus Notes database

More information

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems Course: Information Security Management in e-governance Day 1 Session 5: Securing Data and Operating systems Agenda Introduction to information, data and database systems Information security risks surrounding

More information

SonicWALL PCI 1.1 Implementation Guide

SonicWALL PCI 1.1 Implementation Guide Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard

More information

AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT FIVE. Microsoft Windows Security. www.uscyberpatriot.

AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT FIVE. Microsoft Windows Security. www.uscyberpatriot. AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT FIVE Microsoft Windows Security www.uscyberpatriot.org AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION

More information

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities Objectives After reading this chapter and completing the exercises, you will be able to: Describe vulnerabilities of Windows and Linux operating systems Identify specific vulnerabilities and explain ways

More information

California State Polytechnic University, Pomona. Desktop Security Standard and Guidelines

California State Polytechnic University, Pomona. Desktop Security Standard and Guidelines California State Polytechnic University, Pomona Desktop Security Standard and Guidelines Version 1.7 February 1, 2008 Table of Contents OVERVIEW...3 AUDIENCE...3 MINIMUM DESKTOP SECURITY STANDARD...3 ROLES

More information

On-Site Computer Solutions values these technologies as part of an overall security plan:

On-Site Computer Solutions values these technologies as part of an overall security plan: Network Security Best Practices On-Site Computer Solutions Brian McMurtry Version 1.2 Revised June 23, 2008 In a business world where data privacy, integrity, and security are paramount, the small and

More information

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager Should Ask Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager/Executive Must Answer in Order

More information

modules 1 & 2. Section: Information Security Effective: December 2005 Standard: Server Security Standard Revised: Policy Ref:

modules 1 & 2. Section: Information Security Effective: December 2005 Standard: Server Security Standard Revised: Policy Ref: SERVER SECURITY STANDARD Security Standards are mandatory security rules applicable to the defined scope with respect to the subject. Overview Scope Purpose Instructions Improperly configured systems,

More information

IS TEST 3 - TIPS FOUR (4) levels of detective controls offered by intrusion detection system (IDS) methodologies. First layer is typically responsible for monitoring the network and network devices. NIDS

More information

Defense Security Service Office of the Designated Approving Authority Standardization of Baseline Technical Security Configurations

Defense Security Service Office of the Designated Approving Authority Standardization of Baseline Technical Security Configurations Defense Security Service Office of the Designated Approving Authority Standardization of Baseline Technical Security Configurations March 2009 Version 2.2 This page intentionally left blank. 2 1. Introduction...4

More information

Network Incident Report

Network Incident Report To submit copies of this form via facsimile, please FAX to 202-406-9233. Network Incident Report United States Secret Service Financial Crimes Division Electronic Crimes Branch Telephone: 202-406-5850

More information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable

More information

WhatsUp Gold v16.1 Installation and Configuration Guide

WhatsUp Gold v16.1 Installation and Configuration Guide WhatsUp Gold v16.1 Installation and Configuration Guide Contents Installing and Configuring Ipswitch WhatsUp Gold v16.1 using WhatsUp Setup Installing WhatsUp Gold using WhatsUp Setup... 1 Security guidelines

More information

Server Security. Contents. Is Rumpus Secure? 2. Use Care When Creating User Accounts 2. Managing Passwords 3. Watch Out For Aliases 4

Server Security. Contents. Is Rumpus Secure? 2. Use Care When Creating User Accounts 2. Managing Passwords 3. Watch Out For Aliases 4 Contents Is Rumpus Secure? 2 Use Care When Creating User Accounts 2 Managing Passwords 3 Watch Out For Aliases 4 Deploy A Firewall 5 Minimize Running Applications And Processes 5 Manage Physical Access

More information

Running A Fully Controlled Windows Desktop Environment with Application Whitelisting

Running A Fully Controlled Windows Desktop Environment with Application Whitelisting Running A Fully Controlled Windows Desktop Environment with Application Whitelisting By: Brien M. Posey, Microsoft MVP Published: June 2008 About the Author: Brien M. Posey, MCSE, is a Microsoft Most Valuable

More information

NetBrain Security Guidance

NetBrain Security Guidance NetBrain Security Guidance 1. User Authentication and Authorization 1.1. NetBrain Components NetBrain Enterprise Server includes five components: Customer License Server (CLS), Workspace Server (WSS),

More information

FIREWALL POLICY November 2006 TNS POL - 008

FIREWALL POLICY November 2006 TNS POL - 008 FIREWALL POLICY November 2006 TNS POL - 008 Introduction Network Security Services (NSS), a department of Technology and Network Services, operates a firewall to enhance security between the Internet and

More information

Guide to Vulnerability Management for Small Companies

Guide to Vulnerability Management for Small Companies University of Illinois at Urbana-Champaign BADM 557 Enterprise IT Governance Guide to Vulnerability Management for Small Companies Andrew Tan Table of Contents Table of Contents... 1 Abstract... 2 1. Introduction...

More information

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

ITEC441- IS Security. Chapter 15 Performing a Penetration Test 1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and

More information

Network and Host-based Vulnerability Assessment

Network and Host-based Vulnerability Assessment Network and Host-based Vulnerability Assessment A guide for information systems and network security professionals 6600 Peachtree-Dunwoody Road 300 Embassy Row Atlanta, GA 30348 Tel: 678.443.6000 Toll-free:

More information

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM Internet Security Protecting Your Business Hayden Johnston & Rik Perry WYSCOM Introduction Protecting Your Network Securing Your Information Standards & Best Practices Tools & Options Into The Future Creating

More information

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams

More information

ICTN 4040. Enterprise Database Security Issues and Solutions

ICTN 4040. Enterprise Database Security Issues and Solutions Huff 1 ICTN 4040 Section 001 Enterprise Information Security Enterprise Database Security Issues and Solutions Roger Brenton Huff East Carolina University Huff 2 Abstract This paper will review some of

More information

6WRUP:DWFK. Policies for Dedicated SQL Servers Group

6WRUP:DWFK. Policies for Dedicated SQL Servers Group OKENA 71 Second Ave., 3 rd Floor Waltham, MA 02451 Phone 781 209 3200 Fax 781 209 3199 6WRUP:DWFK Policies for Dedicated SQL Servers Group The sample policies shipped with StormWatch address both application-specific

More information

HIPAA Security COMPLIANCE Checklist For Employers

HIPAA Security COMPLIANCE Checklist For Employers Compliance HIPAA Security COMPLIANCE Checklist For Employers All of the following steps must be completed by April 20, 2006 (April 14, 2005 for Large Health Plans) Broadly speaking, there are three major

More information

Spooks in the Machine

Spooks in the Machine A Higher Education Services Company Spooks in the Machine Proactive Strategies for Securing the Network Steven M. Helwig, CISSP Technical Director shelwig@sungardcollegis.com Contents of Presentation Aligning

More information

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies Cyber Security in Taiwan's Government Institutions: From APT To Investigation Policies Ching-Yu, Hung Investigation Bureau, Ministry of Justice, Taiwan, R.O.C. Abstract In this article, we introduce some

More information

information security and its Describe what drives the need for information security.

information security and its Describe what drives the need for information security. Computer Information Systems (Forensics Classes) Objectives for Course Challenges CIS 200 Intro to Info Security: Includes managerial and Describe information security and its critical role in business.

More information

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0.

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0. Medical Device Security Health Imaging Digital Capture Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0 Page 1 of 9 Table of Contents Table of Contents... 2 Executive Summary...

More information

Information Technology Security Procedures

Information Technology Security Procedures Information Technology Security Procedures Prepared By: Paul Athaide Date Prepared: Dec 1, 2010 Revised By: Paul Athaide Date Revised: September 20, 2012 Version 1.2 Contents 1. Policy Procedures... 3

More information

MONTHLY WEBSITE MAINTENANCE PACKAGES

MONTHLY WEBSITE MAINTENANCE PACKAGES MONTHLY WEBSITE MAINTENANCE PACKAGES The security and maintenance of your website is serious business, and what you don t know can certainly hurt you. A hacked or spamvertised site can wreak havoc on search

More information

Effective Software Security Management

Effective Software Security Management Effective Software Security Management choosing the right drivers for applying application security Author: Dharmesh M Mehta dharmeshmm@mastek.com / dharmeshmm@owasp.org Table of Contents Abstract... 1

More information

CNA NetProtect Essential SM. 1. Do you implement virus controls and filtering on all systems? Background:

CNA NetProtect Essential SM. 1. Do you implement virus controls and filtering on all systems? Background: 1. Do you implement virus controls and filtering on all systems? Anti-Virus anti-virus software packages look for patterns in files or memory that indicate the possible presence of a known virus. Anti-virus

More information

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS $ ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS Boston Private Bank & Trust Company takes great care to safeguard the security of your Online Banking transactions. In addition to our robust security

More information

Foundstone ERS remediation System

Foundstone ERS remediation System Expediting Incident Response with Foundstone ERS Foundstone Inc. August, 2003 Enterprise Risk Solutions Platform Supports Successful Response and Remediation Introduction The Foundstone Enterprise Risk

More information

74% 96 Action Items. Compliance

74% 96 Action Items. Compliance Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated

More information

Database Security Guide

Database Security Guide Institutional and Sector Modernisation Facility ICT Standards Database Security Guide Document number: ISMF-ICT/3.03 - ICT Security/MISP/SD/DBSec Version: 1.10 Project Funded by the European Union 1 Document

More information

AUDIT REPORT 03-11 WEB PORTAL SECURITY REVIEW. 2004 FEBRUARY R. D. MacLEAN CITY AUDITOR

AUDIT REPORT 03-11 WEB PORTAL SECURITY REVIEW. 2004 FEBRUARY R. D. MacLEAN CITY AUDITOR AUDIT REPORT 03-11 WEB PORTAL SECURITY REVIEW 2004 FEBRUARY R. D. MacLEAN CITY AUDITOR Web Portal Security Review Page 2 Audit Report 03-11 Web Portal Security Review INDEX SECTION I EXECUTIVE SUMMARY

More information

Data Stored on a Windows Server Connected to a Network

Data Stored on a Windows Server Connected to a Network Attachment A Form to Describe Sensitive Data Security Plan For the Use of Sensitive Data from The National Longitudinal Study of Adolescent to Adult Health Data Stored on a Windows Server Connected to

More information

6WRUP:DWFK. Policies for Dedicated IIS Web Servers Group. V2.1 policy module to restrict ALL network access

6WRUP:DWFK. Policies for Dedicated IIS Web Servers Group. V2.1 policy module to restrict ALL network access OKENA 71 Second Ave., 3 rd Floor Waltham, MA 02451 Phone 781 209 3200 Fax 781 209 3199 6WRUP:DWFK Policies for Dedicated IIS Web Servers Group The policies shipped with StormWatch address both application-specific

More information

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes Category Question Name Question Text C 1.1 Do all users and administrators have a unique ID and password? C 1.1.1 Passwords are required to have ( # of ) characters: 5 or less 6-7 8-9 Answer 10 or more

More information

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This

More information

Sygate Secure Enterprise and Alcatel

Sygate Secure Enterprise and Alcatel Sygate Secure Enterprise and Alcatel Sygate Secure Enterprise eliminates the damage or loss of information, cost of recovery, and regulatory violation due to rogue corporate computers, applications, and

More information

NETWORK AND INTERNET SECURITY POLICY STATEMENT

NETWORK AND INTERNET SECURITY POLICY STATEMENT TADCASTER GRAMMAR SCHOOL Toulston, Tadcaster, North Yorkshire. LS24 9NB NETWORK AND INTERNET SECURITY POLICY STATEMENT Written by Steve South November 2003 Discussed with ICT Strategy Group January 2004

More information

PCI Data Security Standards (DSS)

PCI Data Security Standards (DSS) ENTERPRISE APPLICATION WHITELISTING SOLUTION Achieving PCI Compliance at the Point of Sale Using Bit9 Parity TM to Protect Cardholder Data PCI: Protecting Cardholder Data As the technology used by merchants

More information

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda

More information

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)

More information

When you listen to the news, you hear about many different forms of computer infection(s). The most common are:

When you listen to the news, you hear about many different forms of computer infection(s). The most common are: Access to information and entertainment, credit and financial services, products from every corner of the world even to your work is greater than ever. Thanks to the Internet, you can conduct your banking,

More information

How to Configure Windows Firewall on a Single Computer

How to Configure Windows Firewall on a Single Computer Security How to Configure Windows Firewall on a Single Computer Introduction Windows Firewall is a new feature of Microsoft Windows XP Service Pack 2 (SP2) that is turned on by default. It monitors and

More information

Introduction. PCI DSS Overview

Introduction. PCI DSS Overview Introduction Manage Engine Desktop Central is part of ManageEngine family that represents entire IT infrastructure with products such as Network monitoring, Helpdesk management, Application management,

More information

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

CHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS 1 FIVE KEY RECOMMENDATIONS During 2014, NTT Group supported response efforts for a variety of incidents. Review of these engagements revealed some observations

More information

Nixu SNS Security White Paper May 2007 Version 1.2

Nixu SNS Security White Paper May 2007 Version 1.2 1 Nixu SNS Security White Paper May 2007 Version 1.2 Nixu Software Limited Nixu Group 2 Contents 1 Security Design Principles... 3 1.1 Defense in Depth... 4 1.2 Principle of Least Privilege... 4 1.3 Principle

More information

Secure Software Programming and Vulnerability Analysis

Secure Software Programming and Vulnerability Analysis Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Operations and Denial of Service Secure Software Programming 2 Overview

More information

Best Practices for Building a Security Operations Center

Best Practices for Building a Security Operations Center OPERATIONS SECURITY Best Practices for Building a Security Operations Center Diana Kelley and Ron Moritz If one cannot effectively manage the growing volume of security events flooding the enterprise,

More information

University of Pittsburgh Security Assessment Questionnaire (v1.5)

University of Pittsburgh Security Assessment Questionnaire (v1.5) Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided

More information

Cyber Essentials Scheme

Cyber Essentials Scheme Cyber Essentials Scheme Requirements for basic technical protection from cyber attacks June 2014 December 2013 Contents Contents... 2 Introduction... 3 Who should use this document?... 3 What can these

More information

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004 A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:

More information

Network Segmentation

Network Segmentation Network Segmentation The clues to switch a PCI DSS compliance s nightmare into an easy path Although best security practices should be implemented in all systems of an organization, whether critical or

More information

Network Security Policy

Network Security Policy Network Security Policy I. PURPOSE Attacks and security incidents constitute a risk to the University's academic mission. The loss or corruption of data or unauthorized disclosure of information on campus

More information

Alert (TA14-212A) Backoff Point-of-Sale Malware

Alert (TA14-212A) Backoff Point-of-Sale Malware Alert (TA14-212A) Backoff Point-of-Sale Malware Original release date: July 31, 2014 Systems Affected Point-of-Sale Systems Overview This advisory was prepared in collaboration with the National Cybersecurity

More information

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A

More information

Standard: Event Monitoring

Standard: Event Monitoring Standard: Event Monitoring Page 1 Executive Summary The Event Monitoring Standard defines the requirements for Information Security event monitoring within SJSU computing resources to ensure that information

More information

For more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at www.visa.

For more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at www.visa. Global Partner Management Notice Subject: Visa Data Security Alert Malicious Software and Internet Protocol Addresses Dated: April 10, 2009 Announcement: The protection of account information is a responsibility

More information