Security Best Practice

Similar documents
modules 1 & 2. Section: Information Security Effective: December 2005 Standard: Server Security Standard Revised: Policy Ref:

Host Hardening. OS Vulnerability test. CERT Report on systems vulnerabilities. (March 21, 2011)

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

System Security Policy Management: Advanced Audit Tasks

What the student will need:

Before deploying SiteAudit it is recommended to review the information below. This will ensure efficient installation and operation of SiteAudit.

GE Measurement & Control. Cyber Security for NEI 08-09

RES ONE Automation 2015 Task Overview

TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee

Course Description and Outline. IT Essential II: Network Operating Systems V2.0

Information Technology Security Procedures

VMware vsphere-6.0 Administration Training

Avaya TM G700 Media Gateway Security. White Paper

Avaya G700 Media Gateway Security - Issue 1.0

Thecus N2100 FAQ. 1. NAS Management

Terms of Reference Microsoft Exchange and Domain Controller/ AD implementation

Security Audit Report for ACME Corporation

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Mac OS X Security Checklist:

SonicWALL PCI 1.1 Implementation Guide

ACME Enterprises IT Infrastructure Assessment

1 Introduction 2. 2 Document Disclaimer 2

Minimum Requirements for Cencon 4 with Microsoft R SQL 2008 R2 Standard

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:

MSP Center Plus Features Checklist

SERVICE SCHEDULE DEDICATED SERVER SERVICES

Ignify ecommerce. Item Requirements Notes

Upgrade to Webtrends Analytics 8.7: Best Practices

FortiOS Handbook - Hardening your FortiGate VERSION 5.2.3

SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X)

Active Directory - User, group, and computer account management in active directory on a domain controller. - User and group access and permissions.

Storage Sync for Hyper-V. Installation Guide for Microsoft Hyper-V

HighPoint RAID Management User s Guide

COURCE TITLE DURATION CompTIA A+ Certification 40 H.

VMware vsphere 5.0 Boot Camp

Locking down a Hitachi ID Suite server

NetBrain Security Guidance

VTrak SATA RAID Storage System

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Web Plus Security Features and Recommendations

VMware ESXi 3.5 update 2

Codes of Connection for Devices Connected to Newcastle University ICT Network

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities

Reboot the ExtraHop System and Test Hardware with the Rescue USB Flash Drive

SolarWinds Log & Event Manager

Sophos Enterprise Console Help. Product version: 5.1 Document date: June 2012

SAN TECHNICAL - DETAILS/ SPECIFICATIONS

How To Secure An Rsa Authentication Agent

A Decision Maker s Guide to Securing an IT Infrastructure

Minimum Requirements for Cencon 4 with Microsoft R SQL 2008 R2 Express

Parallels Cloud Server 6.0

Post Genie TM WebMail Server 2400/2208R

Network Monitoring User Guide Pulse Appliance

RH033 Red Hat Linux Essentials or equivalent experience with Red Hat Linux..

VMware ESX Server 3 Configuration Guide

Dell PowerVault MD3400 and MD3420 Series Storage Arrays Deployment Guide

HUS-IPS-5100S(D)-E (v.4.2)

HOMEROOM SERVER INSTALLATION & NETWORK CONFIGURATION GUIDE

Hardware Performance Optimization and Tuning. Presenter: Tom Arakelian Assistant: Guy Ingalls

WD My Cloud EX4 Personal Cloud Storage Release Notes for Firmware

Installation Notes for Outpost Network Security (ONS) version 3.2

Small Business Server Part 1

IPMI overview. Power. I/O expansion. Peripheral UPS logging RAID. power control. recovery. inventory. Hugo CERN-FIO-DS

Lenovo ThinkServer Solution For Apache Hadoop: Cloudera Installation Guide

RSA Security Analytics. S4 Broker Setup Guide

Best Practices for VMware ESX Server 2

Virtual Private Servers

System Admin Module User Guide. Schmooze Com Inc.

IT Networking and Security

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

System Compatibility. Enhancements. Security. SonicWALL Security Appliance Release Notes

MyPBX Security Configuration Guide

Windows Operating Systems. Basic Security

IT Security Standard: Computing Devices

IT Assessment Report. Prepared by: Date: BRI Works East Main Street, Suite 200 Charlottesville VA

Decrease your HMI/SCADA risk

Configuring Security for FTP Traffic

CONTENTS. Security Policy

SSIM Database Extension Pack 4.0 for Oracle on Linux Installation Guide

Deploying SAP on Microsoft SQL Server 2008 Environments Using the Hitachi Virtual Storage Platform

AX4 5 Series Software Overview

Ultra Thin Client TC-401 TC-402. Users s Guide

VMware vsphere 5.1 Advanced Administration

LANDesk White Paper. LANDesk Management Suite for Lenovo Secure Managed Client

Security Policy for External Customers

USB 2.0 Flash Drive User Manual

It should be noted that the installer will delete any existing partitions on your disk in order to install the software required to use BLËSK.

3.5 EXTERNAL NETWORK HDD. User s Manual

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

Freshservice Discovery Probe User Guide

Prerequisites and Configuration Guide

Quick Deployment: Step-by-step instructions to deploy the SampleApp Virtual Machine v406

Proof of Concept Guide

IBM PureData System for Transactions. Technical Deep Dive. Jonathan Rossi, PureSystems Specialist

Transcription:

Security Best Practice Presented by Muhibbul Muktadir Tanim mmtanim@gmail.com 1

Hardening Practice for Server Unix / Linux Windows Storage Cyber Awareness & take away Management Checklist 2

Hardening Server Architecture should be Separate zone Should have N+1 node level redundancy Individual node redundancy in: physical RAM, HDD, NIC etc. Power supply units, HDDs, removable media devices should be Hot swappable. Each node must have at least one non built-in NIC. Even number of NICs in all nodes required. Server rack with redundant PDUs and redundant Power connectors. All the nodes should have their firmware (BIOS, Management Port, Storage Controllers, Switch Controllers) upgraded. 3

Hardening Server (cont..) Hardware should be within EOL (End of Life) Hardware or server must be mounted on rack properly. Sever Rack grounding must be done properly. The Racks should be stabilized before power cables are connected. Proper cable managing and tagging for serviceability must be done. All the nodes should be accessible via management ports. Rack system s doors should be possible to lock. 4

Hardening Storage The storage system must have redundant controllers. Controllers must have web based secure interface. The firmware Upgrade should be possible without downtime. Hot plug expansion and replacement of redundant controllers, fans, power supplies, and I/O modules for simple, fast installation and maintenance is required. Each controller with minimum 2 GB cache. Cache memory battery should stable. The cache memory should have protection with backup. Redundant san switches have same configuration. 5

Hardening Storage The storage system must support standard RAID systems. The storage must support SNMP monitoring. Must be within HLD / LLD. San switch & storage will be connected with separate power source. Storage, san switch management IP will be in different IP block. Storage system must have successful cache dumping capability in case of power failure. Storage system must have at least 2 hot spare disc. 6

Hardening OS [Unix / Linux] User Accounts without password should not exist. Inactive User accounts (i.e. uucp, smtp, listen, nobody, ftp) should be deleted. Direct root-login shell should be only allowed from the system consol. Root login should only allowed from an authenticated user account with proper logging records. Auto logout after 5 min if not attended or inactive. Must comply Password Policy 7

Hardening OS [Unix / Linux] cont.. Minimize Packages to Minimize Vulnerability Disable unnecessary network services Always keep system updated with latest releases patches, security fixes and kernel when it s available. To lock a user using cron, simply add user names in cron.deny and to allow a user to run cron add in cron.allow file. If you would like to disable all users from using cron, add the ALL line to cron.deny file. Disable USB stick to Detect. Create a file /etc/modprobe.d/no-usb and adding below line will not detect USB storage. Disable Ctrl+Alt+Delete in Inittab 8

Hardening OS [Unix / Linux] cont.. Monitor User activities with psacct and acct command. Ignore icmp or broadcast request Configure Iptables and TCPWrappers for Unix Delete X Windows Hardening Kernel configuration parameters i.e /etc/sysctl.conf Separate disk partitions should be practiced Identify world writable files (+w) and unnecessary SUID, SGID binaries that can be ignored 9

Hardening OS [Windows] HDD RAID Minimum 50GB for OS Drive Application is recommended to be installed other than system drive, but if any specific requirement arises then it can be installed on Operating System drive. Database is recommended to be installed other than the Operating System drive. Server should be joined to the domain. This will ensure the server manageability and maintain server corporate baseline standards. Server has to be updated with latest Service Packs and Patches before going to the production environment. 10

Hardening OS [Windows] Local Guest account should be disabled Local Administrator account name should be renamed Server Firewall has to be turned on and only necessary ports will be opened for Home and Public Network. Firewall may be turned off for the Domain network based on the requirement. Server default Terminal Service will be enabled which enables two concurrent remote sessions to the server. Server Telnet Service will be disabled by default. Last logged on Username will not be shown during the user log on. Interactive logon: Message text for users attempting to logon Interactive logon: Message title for users attempting to log on 11

Hardening OS [Windows] Approved Windows Patch Management policy has to be followed to maintain the consistency and integrity of the server operation in future. Server must be installed with Antivirus solution. Server built in Local Administrator account will be retained and handed over proper Administration team. 12

Cyber Awareness 13

What is Cyber Security cybersecurity = security of cyberspace 11/3/2015 BDSAF 2015 Security Best Practices 14

What is Cyber Security cybersecurity = security of cyberspace information systems and networks 11/3/2015 BDSAF 2015 Security Best Practices 15

What is Cyber Security cybersecurity = security of information systems and networks 11/3/2015 BDSAF 2015 Security Best Practices 16

What is Cyber Security cybersecurity = security of information systems and networks + with the goal of protecting operations and assets 11/3/2015 BDSAF 2015 Security Best Practices 17

What is Cyber Security cybersecurity = security of information systems and networks with the goal of protecting operations and assets 11/3/2015 BDSAF 2015 Security Best Practices 18

What is Cyber Security cybersecurity = security of information systems and networks with the goal of protecting operations and assets security in the face of attacks, accidents and failures 11/3/2015 BDSAF 2015 Security Best Practices 19

What is Cyber Security cybersecurity = security of information systems and networks in the face of attacks, accidents and failures with the goal of protecting operations and assets 11/3/2015 BDSAF 2015 Security Best Practices 20

What is Cyber Security cybersecurity = security of information systems and networks in the face of attacks, accidents and failures with the goal of protecting operations and assets availability, integrity and Confidentiality 11/3/2015 BDSAF 2015 Security Best Practices 21

What is Cyber Security cybersecurity = availability, integrity and Confidentiality of information systems and networks in the face of attacks, accidents and failures with the goal of protecting operations and assets (Still a work in progress.) 11/3/2015 BDSAF 2015 Security Best Practices 22

What is Cyber Crime Cybercrime, is any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target The former descriptions were "computer crime", "computer-related crime" or "crime by computer". With the pervasion of digital technology, some new terms like "high-technology" or "information-age" crime were added to the definition. Also, Internet brought other new terms, like "cybercrime" and "net" crime. 23

Cyber Crime includes Illegal Access Illegal Interception System Interference Data Interference Misuse of devices Fraud 24

TIPS Is That App Giving Away Your Privacy? Have A Backup Plan Configure Your Computer Securely Keep Software and Operating Systems Updated Use Strong Passwords Be Cautious About Links and Attachments Protect Your Personal Information Review Your Financial Statements Regularly 25

Management Checklist Update antivirus software. Automate updates if possible Update spyware software Update operating system and software Back up files Perform incremental back ups Perform full back up Conduct security review Establish and review inventory (hardware / software) Change staff access control Draft non-disclosure agreements Review policies Revise policies Notify users of alerts / advisories Vulnerability Testing / Penetration Testing Risk Assessment Daily Daily On a regular schedule, as patches are released. Daily Daily Weekly Anually Anually/As acquired As needed and when job function changes Start of agreements Annually As needed Daily or as needed Annually Annually 26

THANK YOU 11/3/2015 BDSAF 2015 Security Best Practices 27

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information