Information Security Measures and Monitoring System at BARC. - R.S.Mundada Computer Division B.A.R.C., Mumbai-85

Transcription

1 Information Security Measures and Monitoring System at BARC - R.S.Mundada Computer Division B.A.R.C., Mumbai-85

2 Information Security Approach Secure Network Design, Layered approach, with SPF and Application firewalls Harden the OS Use Secure Applications with Secure Configurations Virus scanning for Mail and Web access Intrusion Detection system (HIDS, NIDS) Encryption Centralized logging and monitoring Local Vulnerability tests, DAE audit

3 Hardening the Operating System Partition layout Minimum install File System mount options Kernel Configuration Disable IP forwarding Disable NFS support Remove unwanted programs R series utilities, compilers etc Configure securettys root login from console Use better password program

4 Enforce login time, day restrictions Disable user account after certain unsuccessful login attempts Use SSH/SCP instead of TELNET/FTP SUID/SGID programs Keep minimum ports open Set immutable bit, Use high securelevel Use packet filtering to allow desired traffic

5 Securing Mail-gateways 1. Harden the OS 2. Mail Server should be running minimum services (mail and maybe dns) 3. No general users 4. Network logins may not be allowed 5. Administration from console only 6. Use secure mail server software like Postfix/Qmail

6 Enable Content Filtering (Postfix) Enable SPAM control features Mail relaying, Mail size limit, No. of Recipients, FQDN, Sender/Recipients restrictions Mail server should be run as ordinary user in chrooted environment.

7 Securing DNS servers Run DNS server as a ordinary user in chrooted environment. Recursive queries should be restricted to our network only. Master DNS server Directories and files used by DNS server should be owned by root. Secondary DNS server Zone info files should be owned by user running DNS server. Restrict zone transfers to valid secondary DNS servers.

8 Securing Web Server Web server should be configured so that it does not support PUT, UPDATE, CGI on web server Web server should be run as ordinary user in chrooted environment Web data should be put in read-only partition Online integrity check for web server data (Our local enhancement to Apache web server)

9 Web / Mail access Squid Proxy with caching feature for fast HTTP access SquidGuard for controlling HTTP access Virus scanning for HTTP browsing Virus Scanning for mail on magnum and apsara system ANTISPAM measures

10 Intrusion Detection System Host Intrusion Detection System Security Monitoring System Developed at BARC Network Intrusion Detection System Open Source SNORT IDS implemented with rule set customized for our environment.

11 Security Software Developed Centralized Logging and Security Monitoring System Web-Pages Integrity check module for Apache Web-Server Centralized LDAP based authentication Host Configuration Scanner Modem Hunter

12 Centralized logging and Monitoring System All Internet Servers, routers logs are collected on centralized log server Logs are parsed for abnormal events on Routers, Internet connected hosts All incoming/outgoing mail archived Mail logs are parsed for generating Mail usage, abnormal event statistics Proxy server logs are parsed for generating proxy server usage statistics

13 Web-pages Integrity check module for Apache Web-Server Web-pages Integrity check module stores cryptographic checksums of all web pages in dbm format in a secure place. Web pages are served only if on-the-fly cryptographic checksum calculated matches with good checksum stored in the database Guarantees only clean web pages (unhacked) are served to Internet community.

14 DAC / MAC DAC Restricting access to objects based on the identity and need-to-know of the user, process, and/or groups to which they belong Discretionary, in the sense that a subject is capable of passing certain access permission on to another subject MAC Restricting access to objects based on fixed security attributes or labels assigned to users and to files or other objects. Mandatory, in the sense that controls cannot be modified by users or their programs Depends on system-enforced mechanisms that override the intentions of the resource owner Widely used in government and DoD systems MAC and DAC are not mutually exclusive, and may be used in conjunction

15 IT Security Audit Local IT Security Audit automated by running NMAP, SARA, NESSUS Vulnerability test software daily. Periodic manual check of systems and configuration files. DAE IT Security audit of the Organization.

16

17

18

19

20

21 Firewall Violation Report

22 Firewall Violation Report

23 Firewall Violation Report

24 Host Security Report

25 Host Security Report

26 Host Security Report

27 Host Security Report (Tripwire)

28 Host Security Report (Host Firewall)