Security Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems



Similar documents
Windows Operating Systems. Basic Security

Host Hardening. OS Vulnerability test. CERT Report on systems vulnerabilities. (March 21, 2011)

Data Stored on a Windows Computer Connected to a Network

System Security Policy Management: Advanced Audit Tasks

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses

The Ten Most Important Steps You Can Take to Protect Your Windows-based Servers from Hackers

Network and Host-based Vulnerability Assessment

Activity 1: Scanning with Windows Defender

Data Stored on a Windows Server Connected to a Network

Network Incident Report

Locking down a Hitachi ID Suite server

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee

modules 1 & 2. Section: Information Security Effective: December 2005 Standard: Server Security Standard Revised: Policy Ref:

SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X)

Common Cyber Threats. Common cyber threats include:

Windows Client/Server Local Area Network (LAN) System Security Lab 2 Time allocation 3 hours

Web Security School Entrance Exam

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities

Image Assistant. User Guide. Image Assistant. Laplink Software, Inc. User Guide. The ONLY Way to Restore an Old Image to a New PC!

Security Advice for Instances in the HP Cloud

System Management. What are my options for deploying System Management on remote computers?

GFI White Paper PCI-DSS compliance and GFI Software products

PC Security and Maintenance

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Don t skip these expert tips for making your firewall airtight, bulletproof and fail-safe. 10 Tips to Make Sure Your Firewall is Really Secure

VoipSwitch Security Audit

Remote Administration

HoneyBOT User Guide A Windows based honeypot solution

Compliance series Guide to meeting requirements of the UK Government Cyber Essentials Scheme

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

Best Practices For Department Server and Enterprise System Checklist

6WRUP:DWFK. Policies for Dedicated SQL Servers Group

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy

ESET Endpoint Security 6 ESET Endpoint Antivirus 6 for Windows

Securing Database Servers. Database security for enterprise information systems and security professionals

Practice test Domain-2 Security (Brought to you by RMRoberts.com)

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Nessus and Antivirus. January 31, 2014 (Revision 4)

Cyber Essentials Scheme

Global Partner Management Notice

Vulnerability Audit: Why a Vulnerability Scan Isn t Enough. White Paper

Network Security and Firewall 1

Did you know your security solution can help with PCI compliance too?

Maintaining a Microsoft Windows Server 2003 Environment

Cyber Security: Beginners Guide to Firewalls

Computer Networks & Computer Security

74% 96 Action Items. Compliance

March

SANS Institute First Five Quick Wins

Defense Security Service Office of the Designated Approving Authority Standardization of Baseline Technical Security Configurations

Host/Platform Security. Module 11

Microsoft Baseline Security Analyzer (MBSA)

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

The Self-Hack Audit Stephen James Payoff

Security Audit Principles and Practices. Configuring Logging. Overview

A Decision Maker s Guide to Securing an IT Infrastructure

Lectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003

Windows Remote Access

Building A Secure Microsoft Exchange Continuity Appliance

INTRUSION DETECTION SYSTEMS and Network Security

Web Security School Final Exam

Chapter 4 Application, Data and Host Security

Unit 3 Research Project. Eddie S. Jackson. Kaplan University. IT540: Management of Information Security. Kenneth L. Flick, Ph.D.

Timbuktu Pro for Windows, version 8

ABB s approach concerning IS Security for Automation Systems

Section 12 MUST BE COMPLETED BY: 4/22

imagepress CR Server A7000 Powered by Creo Color Server Technology For the Canon imagepress C7000VP/C6000VP/ C6000

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

Selected Windows XP Troubleshooting Guide

Hack Your SQL Server Database Before the Hackers Do

Kaspersky Endpoint Security 10 for Windows. Deployment guide

Contents. McAfee Internet Security 3

StruxureWare Power Monitoring 7.0.1

Database Security Guide

IDS and Penetration Testing Lab ISA656 (Attacker)

A Roadmap for Securing IIS 5.0

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP

References NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household

McAfee.com Personal Firewall

A Guide to Information Technology Security in Trinity College Dublin

Symantec Mail Security for Domino

Managing Remote Access

Network Detective. HIPAA Compliance Module RapidFire Tools, Inc. All rights reserved V

FIREWALL POLICY November 2006 TNS POL - 008

Secondary DMZ: DMZ (2)

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

6WRUP:DWFK. Policies for Dedicated IIS Web Servers Group. V2.1 policy module to restrict ALL network access

Audit Tools That Won t Break the Bank

Cyber Security Beginners Guide to Firewalls A Non-Technical Guide

ICT OPERATING SYSTEM SECURITY CONTROLS POLICY

Transcription:

IT 4823 Information Security Administration Securing Operating Systems June 18 Security Maintenance Practices Basic proactive security can prevent many problems Maintenance involves creating a strategy Review and update software Review and update hardware Review and update security policy Assign tasks to specific people Set a schedule Notice: This session is being recorded. Copyright 2007 by Bob Brown Hardening Operating Systems Overall goal is to harden the system (make it more secure) Hardening is iterative and changing (Especially with respect to OS updates!) Hardening may not dissuade a persistent attacker Patches, Fixes, and Revisions A cracker is a person who attempts to compromise your computer system Hackers don t generally have malicious intent; crackers do Terms are often used interchangeably and don t make any real difference anyway! An exploit is a procedure that takes advantage of a vulnerability that can be used to compromise a system Exploits are routinely shared among crackers, and problems will begin to show up on multiple systems Antivirus Software Identifies files that contain known viruses Antivirus software has a scanning mode that checks files throughout a system to see if they contain a virus signature A virus signature is a set of instructions or data that is unique to a particular virus After scanning, the software can remove or repair the virus Antivirus Software A virus shield scans incoming files for viruses The virus signature database must be up to date in order to be effective Most antivirus packages offer automatic updates After an update, you should scan your file system to catch any files that have already been infected A final precaution is to train users to recognize and report suspicious activity 1

Applying a Post-Install Security Checklist Use a security checklist to ensure that you have achieved all of the required tasks A checklist helps you to stay organized and disciplined A checklist should be based on professional experience Use standard checklists available from the operating system manufacturer and other resources as basis Customize the checklist for your own Hardening the Windows Registry The registry is a central repository for system values Arranged as a database of registry keys that store values Can be edited with the Windows Registry Editor or 3 rd party applications It is important to understand the implications for each key value, changes can be dangerous Create a backup before editing the Windows Registry Removing Unneeded Services The default Windows installation enables services that may not be needed in many s Extra services consume resources and provide entry points for attackers Securing Networking Protocols and Services Limit access to services that are not disabled Use a firewall if you re connected to the Internet Disable networking protocols that are not used Review services related to remote access and networking, and remove any that are non-essential Windows Security Miscellany Physically secure your computer Stay up-to-date with operating system patches Download and use the Microsoft Baseline Security Analyzer (MBSA) and enable the Encrypting File System for Windows XP if appropriate Do not use Administrator accounts for everyday user tasks Disable the Guest account Use antivirus software Protect backups and passwords Enable system auditing and disable CD-ROM auto-run 2

UNIX Checklist Elements Security philosophy is similar for Windows and Unix but the details are substantially different Removing Unneeded Unix Protocols and Services Disable any non-essential services and daemons Some services can be disabled by editing the /etc/inet.d file The TCP Wrapper TCPWrapper is a common name for the tcpd daemon Can accept or deny any packet before it is passed to its target service Suspicious requests can be dropped, logged, and/or an administrator can be notified Unix Security Miscellany Physically secure your computer Stay up-to-date with operating system patches Protect super user IDs Ensure strong user passwords and train users on passwords Use antivirus software Protect backups Enable system auditing and review the logs Run vulnerability scanners against your system File System Security Issues The file system is the set of programs that manage and store data on secondary storage The file system is presented as a hierarchical tree structure The top of the tree is the root directory (the entry point) Disks can be divided into sections called partitions Each partition has its own file system and root directory In Windows, each file system has a drive letter In UNIX, each file system has a mount point Securing NT File System (NTFS) NTFS is the preferred file system for Windows computers Designed for file protection in a multi-user Each file or folder has associated access control lists File systems offer 6 to 13 possible permissions for files and folders, attributes, and extended attributes Stored in an access control entry NTFS gives administrators very precise access control for files and folders 3

Windows Share Security Windows files and printers can be shared with remote users Enable File and Printer Sharing Three security levels for each share Global level: anyone can access the share Share level: requires a password for access User level: access is restricted to specific users User Accounts and Passwords A user account is the primary access requirement for modern systems The most common vulnerability in a user account is a weak password Educate users to create strong passwords Don t use dictionary words, common phrases, personal information Use a different password for each account Don t write down passwords, and change them periodically Use letters, numbers, punctuation, uppercase, and lowercase Windows Account Security Users are typically created at the domain level In newer Windows operating systems, all security permissions can be centralized Users can log into any computer in a domain Must have administrator privileges to create user accounts User accounts can be added to groups Permissions can be set at group level Easier to assign group permissions Plan and organize account strategy before implementing Unix Account Security Mechanisms Unix accounts are typically local Two levels of account security User and group File permissions can be set for users or groups Overall security concepts are similar to Windows but details are different Detecting Unauthorized Changes A checksum is a mathematically generated number that is unique for a particular input For the same input, the checksum will not change unless the input changes Used to ensure that files haven t changed without authorization Commonly used in collecting forensic evidence Most operating systems implement utilities for generating checksums md5sum and tripwire are popular Using System Logging Utilities Current operating systems have many options for logging activity Logging uses resources CPU resources Storage resources Manpower resources Match logging activity to what is required in your specific Do more logging for systems that require strict security or for new systems, less when not needed 4

Summary Security maintenance requires a strategic plan for Reviewing and updating hardware, software, and policies Assigning and scheduling tasks Crackers try to compromise systems by finding and sharing exploits System is most vulnerable when a new exploit is discovered To minimize risk, stay up-to-date on Operating system patches, fixes, and revisions Antivirus software Antivirus software scans existing files and shields incoming files Summary Checklists should be used to maintain thorough and disciplined security practices should be customized for the operating system and the File systems generally allow some level of permissions to be assigned to each file/directory to control access User accounts are most vulnerable to weak passwords Checksums are used to tell if a file has been changed System logging is a powerful tool to be used judiciously Questions 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information