SlideShare a Scribd company logo

Server Hardening Guide

Download as PPTX, PDF
Eric Vanderburg
Eric Vanderburg

Server Hardening Primer - Eric Vanderburg - JURINNOV

Technology
1 of 32
Server Hardening Primer Dr. Eric Vanderburg Director, Information Systems and Security Computer Forensic and Investigation Services JURINNOV LTD John Tsai, CEH, CISSP Security Engineer JURINNOV LTD
Objectives •Disable nonessential systems •Harden operating systems •Harden applications •Harden networks 2
Disabling Nonessential Systems • First step in establishing a defense against computer attacks is to turn off all nonessential systems • The background program waits in the computer’s random access memory (RAM) until the user presses a specific combination of keys (a hot key), such as Ctrl+Shift+P • Then, the idling program springs to life 3
Disabling Nonessential Systems (continued) • Early terminate-and-stay-resident (TSR) programs performed functions such as displaying an instant calculator, small notepad, or address book • In Microsoft Windows, a background program, such as Svchostexe, is called a process • The process provides a service to the operating system indicated by the service name, such as AppMgmt 4
Disabling Nonessential Systems (continued) • Users can view the display name of a service, which gives a detailed description, such as Application Management • A single process can provide multiple services 5
Disabling Nonessential Systems (continued) • A service can be set to one of the following modes: 6 • Automatic • Manual • Disabled • Besides preventing attackers from attaching malicious code to services, disabling nonessential services blocks entries into the system
Disabling Nonessential Systems (continued) • The User Datagram Protocol (UDP) provides for a connectionless TCP/IP transfer • TCP and UDP are based on port numbers • Socket: combination of an IP address and a port number 7 • The IP address is separated from the port number by a colon, as in 19814611820:80
Hardening Operating Systems • Hardening: process of reducing vulnerabilities • A hardened system is configured and updated to protect against attacks • Three broad categories of items should be hardened: 8 • Operating systems • Applications that the operating system runs • Networks
Hardening Operating Systems (continued) • You can harden the operating system that runs on the local client or the network operating system (NOS) that manages and controls the network, such as Windows Server 2008 R2 or Linux 9
Applying Updates 10 • Operating systems are intended to be dynamic • As users’ needs change, new hardware is introduced, and more sophisticated attacks are unleashed, operating systems must be updated on a regular basis • However, vendors release a new version of an operating system every two to four years • Vendors use certain terms to refer to the different types of updates
Applying Updates (continued) • A service pack (a cumulative set of updates including fixes for problems that have not been made available through updates) provides the broadest and most complete update • A hotfix does not typically address security issues; instead, it corrects a specific software problem 11
Applying Updates (continued) • A patch or a software update fixes a security flaw or other problem 12 • May be released on a regular or irregular basis, depending on the vendor or support team • A good patch management system includes documentation and consistent implementation
Securing the File System • Another means of hardening an operating system is to restrict user access • Generally, users can be assigned permissions to access folders (also called directories in the command shell and UNIX/Linux) and the files contained within them 13
Securing the File System (continued) • Microsoft Windows provides a centralized method of defining security on the Microsoft Management Console (MMC) 14 • A Windows utility that accepts additional components (snap-ins) • After you apply a security template to organize security settings, you can import the settings to a group of computers (Group Policy object)
Securing the File System (continued) • Group Policy settings: components of a user’s desktop environment that a network system administrator needs to manage • Group Policy settings cannot override a global setting for all computers (domain-based setting) • Windows stores settings for the computer’s hardware and software in a database (the registry) 15
Hardening Applications • Just as you must harden operating systems, you must also harden the applications that run on those systems • Hotfixes, service packs, and patches are generally available for most applications; although, not usually with the same frequency as for an operating system 16
Hardening Servers • Harden servers to prevent attackers from breaking through the software •Web server delivers text, graphics, animation, audio, and video to Internet users around the world 17
Hardening Servers (continued) • Mail server is used to send and receive electronic messages • In a normal setting, a mail server serves an organization or set of users • All e-mail is sent through the mail server from a trusted user or received from an outsider and intended for a trusted user 18
Hardening Servers (continued) • In an open mail relay, a mail server processes e-mail 19 messages not sent by or intended for a local user • File Transfer Protocol (FTP) server is used to store and access files through the Internet • Typically used to accommodate users who want to download or upload files
Hardening Servers (continued) • FTP servers can be set to accept anonymous logons using • A Domain Name Service (DNS) server makes the Internet available to ordinary users 20 • DNS servers frequently update each other by transmitting all domains and IP addresses of which they are aware (zone transfer)
Hardening Servers (continued) • IP addresses and other information can be used in an attack • USENET is a worldwide bulletin board system that can be accessed through the Internet or many online services • The Network News Transfer Protocol (NNTP) is the protocol used to send, distribute, and retrieve USENET messages through NNTP servers 21
Hardening Servers (continued) • Print/file servers on a local area network (LAN) allow users to share documents on a central server or to share printers • Hardening a print/file server • A DHCP server allocates IP addresses using the Dynamic Host Configuration Protocol (DHCP) • DHCP servers “lease” IP addresses to clients 22
Hardening Data Repositories • Data repository: container that holds electronic information • Two major data repositories: directory services and company databases • Directory service: database stored on the network that contains all information about users and network devices along with privileges to those resources 23
Hardening Data Repositories (continued) • Active Directory is the directory service for Windows • Active Directory is stored in the Security Accounts Manager (SAM) database • The primary domain controller (PDC) houses the SAM database 24
Hardening Networks • Two-fold process for keeping a network secure: 25 • Secure the network with necessary updates • Properly configure it
Firmware Updates • RAM is volatile―interrupting the power source causes RAM to lose its entire contents • Read-only memory (ROM) is different from RAM in two ways: 26 • Contents of ROM are fixed • ROM is nonvolatile―disabling the power source does not erase its contents
Firmware Updates (continued) • ROM, Erasable Programmable Read-Only Memory (EPROM), and Electrically Erasable Programmable Read-Only Memory (EEPROM) are firmware • To erase an EPROM chip, hold the chip under ultraviolet light so the light passes through its crystal window • The contents of EEPROM chips can also be erased using electrical signals applied to specific pins 27
Network Configuration • You must properly configure network equipment to resist attacks • The primary method of resisting attacks is to filter data packets as they arrive at the perimeter of the network 28
Network Configuration (continued) • Rule base or access control list (ACL): rules a network device uses to permit or deny a packet (not to be confused with ACLs used in securing a file system) • Rules are composed of several settings 29
Summary • Establishing a security baseline creates a basis for information security • Hardening the operating system involves applying the necessary updates to the software • Securing the file system is another step in hardening a system 30
Summary (continued) • Applications and operating systems must be hardened by installing the latest patches and updates • Servers, such as Web servers, mail servers, FTP servers, DNS servers, NNTP servers, print/file servers, and DHCP servers, must be hardened to prevent attackers from corrupting them or using the server to launch other attacks 31
For assistance or additional information • Phone: 216-664-1100 • Web: www.jurinnov.com • Email: Eric.Vanderburg@jurinnov.com John.Tsai@jurinnov.com JurInnov Ltd. The Idea Center 1375 Euclid Avenue, Suite 400 Cleveland, Ohio 44115 32

Recommended

System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Applicationedavid2685
 
CentOS Linux Server Hardening
CentOS Linux Server HardeningCentOS Linux Server Hardening
CentOS Linux Server HardeningMyOwn Telco
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxSecurity Session
 
Linux Hardening - nullhyd
Linux Hardening - nullhydLinux Hardening - nullhyd
Linux Hardening - nullhydn|u - The Open Security Community
 
Server hardening
Server hardeningServer hardening
Server hardeningTeja Babu
 
System Hardening Recommendations_FINAL
System Hardening Recommendations_FINALSystem Hardening Recommendations_FINAL
System Hardening Recommendations_FINALMartin Evans
 
Host Based Security Best Practices
Host Based Security Best PracticesHost Based Security Best Practices
Host Based Security Best Practiceswebhostingguy
 
Windows server hardening 1
Windows server hardening 1Windows server hardening 1
Windows server hardening 1Frank Avila Zapata
 

Recommended

System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Applicationedavid2685
 
CentOS Linux Server Hardening
CentOS Linux Server HardeningCentOS Linux Server Hardening
CentOS Linux Server HardeningMyOwn Telco
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxSecurity Session
 
Linux Hardening - nullhyd
Linux Hardening - nullhydLinux Hardening - nullhyd
Linux Hardening - nullhydn|u - The Open Security Community
 
Server hardening
Server hardeningServer hardening
Server hardeningTeja Babu
 
System Hardening Recommendations_FINAL
System Hardening Recommendations_FINALSystem Hardening Recommendations_FINAL
System Hardening Recommendations_FINALMartin Evans
 
Host Based Security Best Practices
Host Based Security Best PracticesHost Based Security Best Practices
Host Based Security Best Practiceswebhostingguy
 
Windows server hardening 1
Windows server hardening 1Windows server hardening 1
Windows server hardening 1Frank Avila Zapata
 
Feb. 9, 2010 ICACT 2010@Phoenix Park, Korea
Feb. 9, 2010 ICACT 2010@Phoenix Park, Korea Feb. 9, 2010 ICACT 2010@Phoenix Park, Korea
Feb. 9, 2010 ICACT 2010@Phoenix Park, Korea webhostingguy
 
Andy Davis' Black Hat USA Presentation Revealing embedded fingerprints
Andy Davis' Black Hat USA Presentation Revealing embedded fingerprintsAndy Davis' Black Hat USA Presentation Revealing embedded fingerprints
Andy Davis' Black Hat USA Presentation Revealing embedded fingerprintsNCC Group
 
Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3David Pasek
 
Security Onion Conference - 2015
Security Onion Conference - 2015Security Onion Conference - 2015
Security Onion Conference - 2015DefensiveDepth
 
[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted Computing[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted ComputingOWASP
 
CNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesCNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesSam Bowne
 
BlueHat v18 || First strontium uefi rootkit unveiled
BlueHat v18 || First strontium uefi rootkit unveiledBlueHat v18 || First strontium uefi rootkit unveiled
BlueHat v18 || First strontium uefi rootkit unveiledBlueHat Security Conference
 
Linux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsLinux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsSunil Paudel
 
Systems administration for coders presentation
Systems administration for coders presentationSystems administration for coders presentation
Systems administration for coders presentationMatt Willsher
 
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)BlueHat Security Conference
 
Utilizing Novell Sentinel Advisor and Attack Vulnerability
Utilizing Novell Sentinel Advisor and Attack VulnerabilityUtilizing Novell Sentinel Advisor and Attack Vulnerability
Utilizing Novell Sentinel Advisor and Attack VulnerabilityNovell
 
NCC Group 44Con Workshop: How to assess and secure ios apps
NCC Group 44Con Workshop: How to assess and secure ios appsNCC Group 44Con Workshop: How to assess and secure ios apps
NCC Group 44Con Workshop: How to assess and secure ios appsNCC Group
 
Hacked? Pray that the Attacker used PowerShell
Hacked? Pray that the Attacker used PowerShellHacked? Pray that the Attacker used PowerShell
Hacked? Pray that the Attacker used PowerShellNikhil Mittal
 
[Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide
[Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide[Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide
[Bind DNS + Zimbra + SpamAssassin] Antispam Installation GuideMạnh Nguyễn Văn
 
Zumasys Citrix Top 10 Tips and Tricks
Zumasys Citrix Top 10 Tips and TricksZumasys Citrix Top 10 Tips and Tricks
Zumasys Citrix Top 10 Tips and TricksFrank A. Petillo, Sr.
 
Ch 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksCh 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksSam Bowne
 
Intel update
Intel updateIntel update
Intel updateThe Linux Foundation
 
Docking stations andy_davis_ncc_group_slides
Docking stations andy_davis_ncc_group_slidesDocking stations andy_davis_ncc_group_slides
Docking stations andy_davis_ncc_group_slidesNCC Group
 
Manual Sophos
Manual SophosManual Sophos
Manual SophosOlavo Dalcorso
 
Txt Introduction
Txt IntroductionTxt Introduction
Txt IntroductionLogic Solutions, Inc.
 
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgEric Vanderburg
 
Untangled Conference - November 8, 2014 - Security Awareness
Untangled Conference - November 8, 2014 - Security AwarenessUntangled Conference - November 8, 2014 - Security Awareness
Untangled Conference - November 8, 2014 - Security AwarenessEric Vanderburg
 

More Related Content

What's hot

Feb. 9, 2010 ICACT 2010@Phoenix Park, Korea
Feb. 9, 2010 ICACT 2010@Phoenix Park, Korea Feb. 9, 2010 ICACT 2010@Phoenix Park, Korea
Feb. 9, 2010 ICACT 2010@Phoenix Park, Korea webhostingguy
 
Andy Davis' Black Hat USA Presentation Revealing embedded fingerprints
Andy Davis' Black Hat USA Presentation Revealing embedded fingerprintsAndy Davis' Black Hat USA Presentation Revealing embedded fingerprints
Andy Davis' Black Hat USA Presentation Revealing embedded fingerprintsNCC Group
 
Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3David Pasek
 
Security Onion Conference - 2015
Security Onion Conference - 2015Security Onion Conference - 2015
Security Onion Conference - 2015DefensiveDepth
 
[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted Computing[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted ComputingOWASP
 
CNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesCNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesSam Bowne
 
BlueHat v18 || First strontium uefi rootkit unveiled
BlueHat v18 || First strontium uefi rootkit unveiledBlueHat v18 || First strontium uefi rootkit unveiled
BlueHat v18 || First strontium uefi rootkit unveiledBlueHat Security Conference
 
Linux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsLinux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsSunil Paudel
 
Systems administration for coders presentation
Systems administration for coders presentationSystems administration for coders presentation
Systems administration for coders presentationMatt Willsher
 
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)BlueHat Security Conference
 
Utilizing Novell Sentinel Advisor and Attack Vulnerability
Utilizing Novell Sentinel Advisor and Attack VulnerabilityUtilizing Novell Sentinel Advisor and Attack Vulnerability
Utilizing Novell Sentinel Advisor and Attack VulnerabilityNovell
 
NCC Group 44Con Workshop: How to assess and secure ios apps
NCC Group 44Con Workshop: How to assess and secure ios appsNCC Group 44Con Workshop: How to assess and secure ios apps
NCC Group 44Con Workshop: How to assess and secure ios appsNCC Group
 
Hacked? Pray that the Attacker used PowerShell
Hacked? Pray that the Attacker used PowerShellHacked? Pray that the Attacker used PowerShell
Hacked? Pray that the Attacker used PowerShellNikhil Mittal
 
[Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide
[Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide[Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide
[Bind DNS + Zimbra + SpamAssassin] Antispam Installation GuideMạnh Nguyễn Văn
 
Zumasys Citrix Top 10 Tips and Tricks
Zumasys Citrix Top 10 Tips and TricksZumasys Citrix Top 10 Tips and Tricks
Zumasys Citrix Top 10 Tips and TricksFrank A. Petillo, Sr.
 
Ch 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksCh 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksSam Bowne
 
Docking stations andy_davis_ncc_group_slides
Docking stations andy_davis_ncc_group_slidesDocking stations andy_davis_ncc_group_slides
Docking stations andy_davis_ncc_group_slidesNCC Group
 

What's hot (20)

Feb. 9, 2010 ICACT 2010@Phoenix Park, Korea
Feb. 9, 2010 ICACT 2010@Phoenix Park, Korea Feb. 9, 2010 ICACT 2010@Phoenix Park, Korea
Feb. 9, 2010 ICACT 2010@Phoenix Park, Korea
 
Andy Davis' Black Hat USA Presentation Revealing embedded fingerprints
Andy Davis' Black Hat USA Presentation Revealing embedded fingerprintsAndy Davis' Black Hat USA Presentation Revealing embedded fingerprints
Andy Davis' Black Hat USA Presentation Revealing embedded fingerprints
 
Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3Spectre meltdown performance_tests - v0.3
Spectre meltdown performance_tests - v0.3
 
Security Onion Conference - 2015
Security Onion Conference - 2015Security Onion Conference - 2015
Security Onion Conference - 2015
 
[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted Computing[Wroclaw #3] Trusted Computing
[Wroclaw #3] Trusted Computing
 
CNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesCNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS Vulnerabilites
 
BlueHat v18 || First strontium uefi rootkit unveiled
BlueHat v18 || First strontium uefi rootkit unveiledBlueHat v18 || First strontium uefi rootkit unveiled
BlueHat v18 || First strontium uefi rootkit unveiled
 
Linux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by StepsLinux Server Hardening - Steps by Steps
Linux Server Hardening - Steps by Steps
 
Systems administration for coders presentation
Systems administration for coders presentationSystems administration for coders presentation
Systems administration for coders presentation
 
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
BlueHat v18 || Return of the kernel rootkit malware (on windows 10)
 
Utilizing Novell Sentinel Advisor and Attack Vulnerability
Utilizing Novell Sentinel Advisor and Attack VulnerabilityUtilizing Novell Sentinel Advisor and Attack Vulnerability
Utilizing Novell Sentinel Advisor and Attack Vulnerability
 
NCC Group 44Con Workshop: How to assess and secure ios apps
NCC Group 44Con Workshop: How to assess and secure ios appsNCC Group 44Con Workshop: How to assess and secure ios apps
NCC Group 44Con Workshop: How to assess and secure ios apps
 
Hacked? Pray that the Attacker used PowerShell
Hacked? Pray that the Attacker used PowerShellHacked? Pray that the Attacker used PowerShell
Hacked? Pray that the Attacker used PowerShell
 
[Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide
[Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide[Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide
[Bind DNS + Zimbra + SpamAssassin] Antispam Installation Guide
 
Zumasys Citrix Top 10 Tips and Tricks
Zumasys Citrix Top 10 Tips and TricksZumasys Citrix Top 10 Tips and Tricks
Zumasys Citrix Top 10 Tips and Tricks
 
Ch 11: Hacking Wireless Networks
Ch 11: Hacking Wireless NetworksCh 11: Hacking Wireless Networks
Ch 11: Hacking Wireless Networks
 
Intel update
Intel updateIntel update
Intel update
 
Docking stations andy_davis_ncc_group_slides
Docking stations andy_davis_ncc_group_slidesDocking stations andy_davis_ncc_group_slides
Docking stations andy_davis_ncc_group_slides
 
Manual Sophos
Manual SophosManual Sophos
Manual Sophos
 
Txt Introduction
Txt IntroductionTxt Introduction
Txt Introduction
 

Viewers also liked

Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgEric Vanderburg
 
Untangled Conference - November 8, 2014 - Security Awareness
Untangled Conference - November 8, 2014 - Security AwarenessUntangled Conference - November 8, 2014 - Security Awareness
Untangled Conference - November 8, 2014 - Security AwarenessEric Vanderburg
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesEric Vanderburg
 
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgCountering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgEric Vanderburg
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemEric Vanderburg
 
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsHacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsEric Vanderburg
 
Computer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVComputer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVEric Vanderburg
 
A Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric VanderburgA Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric VanderburgEric Vanderburg
 
Physical security primer - JURINNOV - Eric Vanderburg
Physical security primer - JURINNOV - Eric VanderburgPhysical security primer - JURINNOV - Eric Vanderburg
Physical security primer - JURINNOV - Eric VanderburgEric Vanderburg
 
Hardening Linux Server Security
Hardening Linux Server SecurityHardening Linux Server Security
Hardening Linux Server SecurityIlham Kurniawan
 
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOVUnderstanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOVEric Vanderburg
 
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...Eric Vanderburg
 
Security Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOVSecurity Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOVEric Vanderburg
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatEric Vanderburg
 
Mise en place d'un serveur de mail complet linux server wiki
Mise en place d'un serveur de mail complet linux server wikiMise en place d'un serveur de mail complet linux server wiki
Mise en place d'un serveur de mail complet linux server wikidebaros
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...Eric Vanderburg
 

Viewers also liked (17)

Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
 
Untangled Conference - November 8, 2014 - Security Awareness
Untangled Conference - November 8, 2014 - Security AwarenessUntangled Conference - November 8, 2014 - Security Awareness
Untangled Conference - November 8, 2014 - Security Awareness
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
 
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgCountering malware threats - Eric Vanderburg
Countering malware threats - Eric Vanderburg
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
 
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsHacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and Threats
 
Computer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOVComputer Security Primer - Eric Vanderburg - JURINNOV
Computer Security Primer - Eric Vanderburg - JURINNOV
 
A Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric VanderburgA Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric Vanderburg
 
Physical security primer - JURINNOV - Eric Vanderburg
Physical security primer - JURINNOV - Eric VanderburgPhysical security primer - JURINNOV - Eric Vanderburg
Physical security primer - JURINNOV - Eric Vanderburg
 
Hardening Linux Server Security
Hardening Linux Server SecurityHardening Linux Server Security
Hardening Linux Server Security
 
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOVUnderstanding computer attacks and attackers - Eric Vanderburg - JURINNOV
Understanding computer attacks and attackers - Eric Vanderburg - JURINNOV
 
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
 
Security Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOVSecurity Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOV
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
 
Mise en place d'un serveur de mail complet linux server wiki
Mise en place d'un serveur de mail complet linux server wikiMise en place d'un serveur de mail complet linux server wiki
Mise en place d'un serveur de mail complet linux server wiki
 
Linux Hardening
Linux HardeningLinux Hardening
Linux Hardening
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
 

Similar to Server Hardening Guide

Introduction to Operating Systems - Mary Margarat
Introduction to Operating Systems - Mary MargaratIntroduction to Operating Systems - Mary Margarat
Introduction to Operating Systems - Mary MargaratMary Margarat
 
The Basics of Network Troubleshooting
The Basics of Network TroubleshootingThe Basics of Network Troubleshooting
The Basics of Network Troubleshootingzaisahil
 
Aud5_Chapter-26.pptx
Aud5_Chapter-26.pptxAud5_Chapter-26.pptx
Aud5_Chapter-26.pptxJayLloyd8
 
window configuration & Administration.pptx
window configuration & Administration.pptxwindow configuration & Administration.pptx
window configuration & Administration.pptxTadeseBeyene
 
Chapter 5-IT infrastructure(REV 2.0).pptx
Chapter 5-IT infrastructure(REV 2.0).pptxChapter 5-IT infrastructure(REV 2.0).pptx
Chapter 5-IT infrastructure(REV 2.0).pptxMohdSyaifuadJasemi
 
UNIT 4 - UNDERSTANDING THE NETWORK ARCHITECTURE.pptx
UNIT 4 - UNDERSTANDING THE NETWORK ARCHITECTURE.pptxUNIT 4 - UNDERSTANDING THE NETWORK ARCHITECTURE.pptx
UNIT 4 - UNDERSTANDING THE NETWORK ARCHITECTURE.pptxLeahRachael
 
Lecture 1- Introduction to Operating Systems.pdf
Lecture 1- Introduction to Operating Systems.pdfLecture 1- Introduction to Operating Systems.pdf
Lecture 1- Introduction to Operating Systems.pdfAmanuelmergia
 
Overview of computer
Overview of computerOverview of computer
Overview of computerSunny Pavan
 
UNIT 5-UNDERSTANDING THE OPERATION OF A NETWORK.pptx
UNIT 5-UNDERSTANDING THE OPERATION OF A NETWORK.pptxUNIT 5-UNDERSTANDING THE OPERATION OF A NETWORK.pptx
UNIT 5-UNDERSTANDING THE OPERATION OF A NETWORK.pptxLeahRachael
 
RPASS - Ricoh Proactive ServiceS for Remote Monitoring & Backup
RPASS - Ricoh Proactive ServiceS for Remote Monitoring & Backup RPASS - Ricoh Proactive ServiceS for Remote Monitoring & Backup
RPASS - Ricoh Proactive ServiceS for Remote Monitoring & Backup Ricoh India Limited
 
Introduction to computer systems. Architecture of computer systems.
Introduction to computer systems. Architecture of computer systems.Introduction to computer systems. Architecture of computer systems.
Introduction to computer systems. Architecture of computer systems.TazhikDukenov
 
Dc lec- (network models)
Dc lec- (network models)Dc lec- (network models)
Dc lec- (network models)diaryinc
 
pdf to ppt window configuration .pptx
pdf to ppt window configuration .pptxpdf to ppt window configuration .pptx
pdf to ppt window configuration .pptxTadeseBeyene
 
Configuring and administrate server
Configuring and administrate serverConfiguring and administrate server
Configuring and administrate serverGera Paulos
 

Similar to Server Hardening Guide (20)

Introduction to Operating Systems - Mary Margarat
Introduction to Operating Systems - Mary MargaratIntroduction to Operating Systems - Mary Margarat
Introduction to Operating Systems - Mary Margarat
 
Chromatography Data System: Expand to the Enterprise
Chromatography Data System: Expand to the Enterprise Chromatography Data System: Expand to the Enterprise
Chromatography Data System: Expand to the Enterprise
 
The Basics of Network Troubleshooting
The Basics of Network TroubleshootingThe Basics of Network Troubleshooting
The Basics of Network Troubleshooting
 
Aud5_Chapter-26.pptx
Aud5_Chapter-26.pptxAud5_Chapter-26.pptx
Aud5_Chapter-26.pptx
 
window configuration & Administration.pptx
window configuration & Administration.pptxwindow configuration & Administration.pptx
window configuration & Administration.pptx
 
OS chapter 1.pptx
OS chapter 1.pptxOS chapter 1.pptx
OS chapter 1.pptx
 
OS chapter 1.pptx
OS chapter 1.pptxOS chapter 1.pptx
OS chapter 1.pptx
 
Chapter 5-IT infrastructure(REV 2.0).pptx
Chapter 5-IT infrastructure(REV 2.0).pptxChapter 5-IT infrastructure(REV 2.0).pptx
Chapter 5-IT infrastructure(REV 2.0).pptx
 
UNIT 4 - UNDERSTANDING THE NETWORK ARCHITECTURE.pptx
UNIT 4 - UNDERSTANDING THE NETWORK ARCHITECTURE.pptxUNIT 4 - UNDERSTANDING THE NETWORK ARCHITECTURE.pptx
UNIT 4 - UNDERSTANDING THE NETWORK ARCHITECTURE.pptx
 
Lecture 1- Introduction to Operating Systems.pdf
Lecture 1- Introduction to Operating Systems.pdfLecture 1- Introduction to Operating Systems.pdf
Lecture 1- Introduction to Operating Systems.pdf
 
Overview of computer
Overview of computerOverview of computer
Overview of computer
 
UNIT 5-UNDERSTANDING THE OPERATION OF A NETWORK.pptx
UNIT 5-UNDERSTANDING THE OPERATION OF A NETWORK.pptxUNIT 5-UNDERSTANDING THE OPERATION OF A NETWORK.pptx
UNIT 5-UNDERSTANDING THE OPERATION OF A NETWORK.pptx
 
Systems Administration
Systems AdministrationSystems Administration
Systems Administration
 
RPASS - Ricoh Proactive ServiceS for Remote Monitoring & Backup
RPASS - Ricoh Proactive ServiceS for Remote Monitoring & Backup RPASS - Ricoh Proactive ServiceS for Remote Monitoring & Backup
RPASS - Ricoh Proactive ServiceS for Remote Monitoring & Backup
 
Introduction to computer systems. Architecture of computer systems.
Introduction to computer systems. Architecture of computer systems.Introduction to computer systems. Architecture of computer systems.
Introduction to computer systems. Architecture of computer systems.
 
Dc lec- (network models)
Dc lec- (network models)Dc lec- (network models)
Dc lec- (network models)
 
pdf to ppt window configuration .pptx
pdf to ppt window configuration .pptxpdf to ppt window configuration .pptx
pdf to ppt window configuration .pptx
 
Networks Intro.ppt
Networks Intro.pptNetworks Intro.ppt
Networks Intro.ppt
 
Configuring and administrate server
Configuring and administrate serverConfiguring and administrate server
Configuring and administrate server
 
Platform-Technology.pdf
Platform-Technology.pdfPlatform-Technology.pdf
Platform-Technology.pdf
 

More from Eric Vanderburg

GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumEric Vanderburg
 
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveModern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveEric Vanderburg
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgEric Vanderburg
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Eric Vanderburg
 
Mobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityMobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityEric Vanderburg
 
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEmerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEric Vanderburg
 
Principles of technology management
Principles of technology managementPrinciples of technology management
Principles of technology managementEric Vanderburg
 
Japanese railway technology
Japanese railway technologyJapanese railway technology
Japanese railway technologyEric Vanderburg
 
Evaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEvaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEric Vanderburg
 
Japanese current and future technology management challenges
Japanese current and future technology management challengesJapanese current and future technology management challenges
Japanese current and future technology management challengesEric Vanderburg
 
Technology management in Japan: Robotics
Technology management in Japan: RoboticsTechnology management in Japan: Robotics
Technology management in Japan: RoboticsEric Vanderburg
 
Incident response table top exercises
Incident response table top exercisesIncident response table top exercises
Incident response table top exercisesEric Vanderburg
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgEric Vanderburg
 
The security professional's guide to programming - Eric Vanderburg
The security professional's guide to programming - Eric VanderburgThe security professional's guide to programming - Eric Vanderburg
The security professional's guide to programming - Eric VanderburgEric Vanderburg
 
Guide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric VanderburgGuide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric VanderburgEric Vanderburg
 
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric VanderburgEthical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric VanderburgEric Vanderburg
 

More from Eric Vanderburg (16)

GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
 
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveModern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
 
Mobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityMobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
 
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEmerging Technologies: Japan’s Position
Emerging Technologies: Japan’s Position
 
Principles of technology management
Principles of technology managementPrinciples of technology management
Principles of technology management
 
Japanese railway technology
Japanese railway technologyJapanese railway technology
Japanese railway technology
 
Evaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEvaluating japanese technological competitiveness
Evaluating japanese technological competitiveness
 
Japanese current and future technology management challenges
Japanese current and future technology management challengesJapanese current and future technology management challenges
Japanese current and future technology management challenges
 
Technology management in Japan: Robotics
Technology management in Japan: RoboticsTechnology management in Japan: Robotics
Technology management in Japan: Robotics
 
Incident response table top exercises
Incident response table top exercisesIncident response table top exercises
Incident response table top exercises
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
 
The security professional's guide to programming - Eric Vanderburg
The security professional's guide to programming - Eric VanderburgThe security professional's guide to programming - Eric Vanderburg
The security professional's guide to programming - Eric Vanderburg
 
Guide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric VanderburgGuide to protecting networks - Eric Vanderburg
Guide to protecting networks - Eric Vanderburg
 
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric VanderburgEthical hacking Chapter 12 - Encryption - Eric Vanderburg
Ethical hacking Chapter 12 - Encryption - Eric Vanderburg
 

Recently uploaded

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Recently uploaded (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Server Hardening Guide

  • 1. Server Hardening Primer Dr. Eric Vanderburg Director, Information Systems and Security Computer Forensic and Investigation Services JURINNOV LTD John Tsai, CEH, CISSP Security Engineer JURINNOV LTD
  • 2. Objectives •Disable nonessential systems •Harden operating systems •Harden applications •Harden networks 2
  • 3. Disabling Nonessential Systems • First step in establishing a defense against computer attacks is to turn off all nonessential systems • The background program waits in the computer’s random access memory (RAM) until the user presses a specific combination of keys (a hot key), such as Ctrl+Shift+P • Then, the idling program springs to life 3
  • 4. Disabling Nonessential Systems (continued) • Early terminate-and-stay-resident (TSR) programs performed functions such as displaying an instant calculator, small notepad, or address book • In Microsoft Windows, a background program, such as Svchostexe, is called a process • The process provides a service to the operating system indicated by the service name, such as AppMgmt 4
  • 5. Disabling Nonessential Systems (continued) • Users can view the display name of a service, which gives a detailed description, such as Application Management • A single process can provide multiple services 5
  • 6. Disabling Nonessential Systems (continued) • A service can be set to one of the following modes: 6 • Automatic • Manual • Disabled • Besides preventing attackers from attaching malicious code to services, disabling nonessential services blocks entries into the system
  • 7. Disabling Nonessential Systems (continued) • The User Datagram Protocol (UDP) provides for a connectionless TCP/IP transfer • TCP and UDP are based on port numbers • Socket: combination of an IP address and a port number 7 • The IP address is separated from the port number by a colon, as in 19814611820:80
  • 8. Hardening Operating Systems • Hardening: process of reducing vulnerabilities • A hardened system is configured and updated to protect against attacks • Three broad categories of items should be hardened: 8 • Operating systems • Applications that the operating system runs • Networks
  • 9. Hardening Operating Systems (continued) • You can harden the operating system that runs on the local client or the network operating system (NOS) that manages and controls the network, such as Windows Server 2008 R2 or Linux 9
  • 10. Applying Updates 10 • Operating systems are intended to be dynamic • As users’ needs change, new hardware is introduced, and more sophisticated attacks are unleashed, operating systems must be updated on a regular basis • However, vendors release a new version of an operating system every two to four years • Vendors use certain terms to refer to the different types of updates
  • 11. Applying Updates (continued) • A service pack (a cumulative set of updates including fixes for problems that have not been made available through updates) provides the broadest and most complete update • A hotfix does not typically address security issues; instead, it corrects a specific software problem 11
  • 12. Applying Updates (continued) • A patch or a software update fixes a security flaw or other problem 12 • May be released on a regular or irregular basis, depending on the vendor or support team • A good patch management system includes documentation and consistent implementation
  • 13. Securing the File System • Another means of hardening an operating system is to restrict user access • Generally, users can be assigned permissions to access folders (also called directories in the command shell and UNIX/Linux) and the files contained within them 13
  • 14. Securing the File System (continued) • Microsoft Windows provides a centralized method of defining security on the Microsoft Management Console (MMC) 14 • A Windows utility that accepts additional components (snap-ins) • After you apply a security template to organize security settings, you can import the settings to a group of computers (Group Policy object)
  • 15. Securing the File System (continued) • Group Policy settings: components of a user’s desktop environment that a network system administrator needs to manage • Group Policy settings cannot override a global setting for all computers (domain-based setting) • Windows stores settings for the computer’s hardware and software in a database (the registry) 15
  • 16. Hardening Applications • Just as you must harden operating systems, you must also harden the applications that run on those systems • Hotfixes, service packs, and patches are generally available for most applications; although, not usually with the same frequency as for an operating system 16
  • 17. Hardening Servers • Harden servers to prevent attackers from breaking through the software •Web server delivers text, graphics, animation, audio, and video to Internet users around the world 17
  • 18. Hardening Servers (continued) • Mail server is used to send and receive electronic messages • In a normal setting, a mail server serves an organization or set of users • All e-mail is sent through the mail server from a trusted user or received from an outsider and intended for a trusted user 18
  • 19. Hardening Servers (continued) • In an open mail relay, a mail server processes e-mail 19 messages not sent by or intended for a local user • File Transfer Protocol (FTP) server is used to store and access files through the Internet • Typically used to accommodate users who want to download or upload files
  • 20. Hardening Servers (continued) • FTP servers can be set to accept anonymous logons using • A Domain Name Service (DNS) server makes the Internet available to ordinary users 20 • DNS servers frequently update each other by transmitting all domains and IP addresses of which they are aware (zone transfer)
  • 21. Hardening Servers (continued) • IP addresses and other information can be used in an attack • USENET is a worldwide bulletin board system that can be accessed through the Internet or many online services • The Network News Transfer Protocol (NNTP) is the protocol used to send, distribute, and retrieve USENET messages through NNTP servers 21
  • 22. Hardening Servers (continued) • Print/file servers on a local area network (LAN) allow users to share documents on a central server or to share printers • Hardening a print/file server • A DHCP server allocates IP addresses using the Dynamic Host Configuration Protocol (DHCP) • DHCP servers “lease” IP addresses to clients 22
  • 23. Hardening Data Repositories • Data repository: container that holds electronic information • Two major data repositories: directory services and company databases • Directory service: database stored on the network that contains all information about users and network devices along with privileges to those resources 23
  • 24. Hardening Data Repositories (continued) • Active Directory is the directory service for Windows • Active Directory is stored in the Security Accounts Manager (SAM) database • The primary domain controller (PDC) houses the SAM database 24
  • 25. Hardening Networks • Two-fold process for keeping a network secure: 25 • Secure the network with necessary updates • Properly configure it
  • 26. Firmware Updates • RAM is volatile―interrupting the power source causes RAM to lose its entire contents • Read-only memory (ROM) is different from RAM in two ways: 26 • Contents of ROM are fixed • ROM is nonvolatile―disabling the power source does not erase its contents
  • 27. Firmware Updates (continued) • ROM, Erasable Programmable Read-Only Memory (EPROM), and Electrically Erasable Programmable Read-Only Memory (EEPROM) are firmware • To erase an EPROM chip, hold the chip under ultraviolet light so the light passes through its crystal window • The contents of EEPROM chips can also be erased using electrical signals applied to specific pins 27
  • 28. Network Configuration • You must properly configure network equipment to resist attacks • The primary method of resisting attacks is to filter data packets as they arrive at the perimeter of the network 28
  • 29. Network Configuration (continued) • Rule base or access control list (ACL): rules a network device uses to permit or deny a packet (not to be confused with ACLs used in securing a file system) • Rules are composed of several settings 29
  • 30. Summary • Establishing a security baseline creates a basis for information security • Hardening the operating system involves applying the necessary updates to the software • Securing the file system is another step in hardening a system 30
  • 31. Summary (continued) • Applications and operating systems must be hardened by installing the latest patches and updates • Servers, such as Web servers, mail servers, FTP servers, DNS servers, NNTP servers, print/file servers, and DHCP servers, must be hardened to prevent attackers from corrupting them or using the server to launch other attacks 31
  • 32. For assistance or additional information • Phone: 216-664-1100 • Web: www.jurinnov.com • Email: Eric.Vanderburg@jurinnov.com John.Tsai@jurinnov.com JurInnov Ltd. The Idea Center 1375 Euclid Avenue, Suite 400 Cleveland, Ohio 44115 32