Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Information Security
Chapter 4
Security Baselines

Information Security © 2006 Eric Vanderburg
Basic Security
• TSR (Terminate and Stay Resident)
programs – Applications that are running
even when you close them so th...
Services
•

Perform a specific function for the OS. Each requires a process or
processes to function. They run in these mo...
Services
• Netstat - Displays active TCP connections,
ports on which the computer is listening

Information Security © 200...
Services
• Disable unused services
– Difficult because it is hard to find which ones are not
used
– Processes can be monit...
TCP/IP
• Socket
– Protocol, Address, Port
– TCP 13.154.33.61:53

• IP Address review
• 65,535 ports, 1000 and lower are mo...
Securing the system
• OS Hardening – securing
the system against
vulnerabilities. (see
guides for each system)
– Patch man...
Patch Management
• SUS (Software Update Services) or 3rd
party tools
• Define patches for groups of computers
• Update com...
MMC (Microsoft Management Console)
• Custom MMCs
– Saved as .msc in your documents and
settings
– Can work for local or re...
Security Templates (Windows)
• Security Templates
– Setup Security - default security settings.
– Compatible (compatws.inf...
Group Policy
• Make environmental changes to groups of
clients or servers
• Change policies such as password length
or com...
Default GPOs
• Default Domain Policy
– Applied to domain
– Password policy, account policy, & kerberos
can only be set her...
Hardening
• Application Hardening
– Patch
– MBSA (Microsoft Baseline Security Analyzer) can check for
patch compliance wit...
Hardening
• Mail Server Hardening
– Use a single purpose machine
– Require authentication for mail protocols to protect
ag...
Hardening
• NNTP (Network News Transfer Protocol)
Hardening
– ACLs
– Authentication
– Patch

• FTP Server Hardening
–
–
–
...
Hardening Data Repositories
• Directory Services
– Windows
•
•
•
•
•

–
–
–
–

AD (Active Directory)
SAM (Security Account...
Hardening Data Repositories
• DBMS (Database Management System)
– Oracle, SQL Server, Informix, Sybase, DB2
– Buffer Overf...
Hardening Networks
• Update firmware on network devices
– EEPROM (Electrically Erasable Programmable Read
Only Memory)

• ...
Hardening Networks

• ACLs and Rule bases are used in filtering
– Keep rule bases small to increase efficiency in
filterin...
Acronyms
•
•
•
•
•
•
•
•

BDC, Backup Domain Controller
DNS, Domain Name Service
DHCP, Dynamic Host Configuration Protocol...
Acronyms
•
•
•
•
•
•
•
•

NOS, Network Operating System
PDC, Primary Domain Controller
ROM, Read Only Memory
SAM, Security...
Upcoming SlideShare
Loading in …5
×

Information Security Lesson 4 - Baselines - Eric Vanderburg

527 views

Published on

Information Security Lesson 4 - Baselines - Eric Vanderburg

Published in: Technology
  • Be the first to comment

Information Security Lesson 4 - Baselines - Eric Vanderburg

  1. 1. Information Security Chapter 4 Security Baselines Information Security © 2006 Eric Vanderburg
  2. 2. Basic Security • TSR (Terminate and Stay Resident) programs – Applications that are running even when you close them so that they can be loaded faster. • Process – program or program component that runs in the background. Information Security © 2006 Eric Vanderburg
  3. 3. Services • Perform a specific function for the OS. Each requires a process or processes to function. They run in these modes: – Automatic – Manual – Disabled • Services.msc Information Security © 2006 Eric Vanderburg
  4. 4. Services • Netstat - Displays active TCP connections, ports on which the computer is listening Information Security © 2006 Eric Vanderburg
  5. 5. Services • Disable unused services – Difficult because it is hard to find which ones are not used – Processes can be monitored but many services could use a process • Unused services are great for attackers because you do not see their activity and they are always running. • Malicious code could be added to the service to run with it. • Network services have an associated port that must be open for them to function. This is an entry point for an attacker. – Port numbers? Review Information Security © 2006 Eric Vanderburg
  6. 6. TCP/IP • Socket – Protocol, Address, Port – TCP 13.154.33.61:53 • IP Address review • 65,535 ports, 1000 and lower are most used Information Security © 2006 Eric Vanderburg
  7. 7. Securing the system • OS Hardening – securing the system against vulnerabilities. (see guides for each system) – Patch management is one component – Patch – fixes an issue and is tested – Hot fix – less tested than a patch – Service Pack – Group of patches together. The entire group is tested together for stability. Information Security © 2006 Eric Vanderburg
  8. 8. Patch Management • SUS (Software Update Services) or 3rd party tools • Define patches for groups of computers • Update computers on a schedule • Verify that patches have been installed (log) Information Security © 2006 Eric Vanderburg
  9. 9. MMC (Microsoft Management Console) • Custom MMCs – Saved as .msc in your documents and settings – Can work for local or remote computers – Taskpad – Snap-ins • Security Policy – Security Configuration and Analysis MMC snap-in – Command-line SECEDIT utility Information Security © 2006 Eric Vanderburg
  10. 10. Security Templates (Windows) • Security Templates – Setup Security - default security settings. – Compatible (compatws.inf) - members of the Users group can run applications that are not a part of the Designed for Windows Logo Program. – Secure (securedc.inf / securews.inf) - modifies security settings that impact the operating system and network protocols such as the password policy, account policy, and various Registry settings. It also removes all members from the Power Users group. – Highly Secure (hisecdc.inf / hisecws.inf) - This template increases the security of the parameters defined within the secure template. This template also removes all members from the Power Users group. – Internet Explorer (lesacls.inf) – locks down IE – Reset file permissions (rootsec.inf) – reset permissions starting from the root. Information Security © 2006 Eric Vanderburg
  11. 11. Group Policy • Make environmental changes to groups of clients or servers • Change policies such as password length or complexity for a domain • Enforce restrictions on users or computers • Restrict available software Information Security © 2006 Eric Vanderburg
  12. 12. Default GPOs • Default Domain Policy – Applied to domain – Password policy, account policy, & kerberos can only be set here • Default Domain Controllers Policy – Applied to DC container • Create others in the Group Policy Object Editor MMC or from AD Users & Computers Information Security © 2006 Eric Vanderburg
  13. 13. Hardening • Application Hardening – Patch – MBSA (Microsoft Baseline Security Analyzer) can check for patch compliance with Microsoft applications – Cisco Security Agent can restrict the abilities of certain applications • Web Server Hardening – – – – ACLs Patch Delete sample web pages Put the web server in a separate area of the network DMZ (Demilitarized Zone) – Delete scripts and applications that are not used – Enable encryption for sensitive data Information Security © 2006 Eric Vanderburg
  14. 14. Hardening • Mail Server Hardening – Use a single purpose machine – Require authentication for mail protocols to protect against open mail relay (bouncing messages from your mail server to another). – Set an ACL for those who can send messages – Enable logging for defense and legal purposes. • File Servers Hardening – Set appropriate permissions – Log access to sensitive files – Keep behind the firewall Information Security © 2006 Eric Vanderburg
  15. 15. Hardening • NNTP (Network News Transfer Protocol) Hardening – ACLs – Authentication – Patch • FTP Server Hardening – – – – Disable anonymous logon Use an ACL Set appropriate privileges Set account logon restrictions such as time-outs, lockouts for failed logon, and auditing. Information Security © 2006 Eric Vanderburg
  16. 16. Hardening Data Repositories • Directory Services – Windows • • • • • – – – – AD (Active Directory) SAM (Security Accounts Manager) – Local database DC (Domain Controller) PDC (Primary Domain Controller) BDC (Backup Domain Controller) Novell (eDirectory) LDAP (Lightweight Directory Access Protocol) Use ACLs Restrict the right to log on locally to domain controllers Information Security © 2006 Eric Vanderburg
  17. 17. Hardening Data Repositories • DBMS (Database Management System) – Oracle, SQL Server, Informix, Sybase, DB2 – Buffer Overflow – SQL (Structured Query Language) Injection – send a malformed SQL query • • • • • Utilize user views Segment the database Keep the database tables behind the firewall Utilize authentication Stored procedures and web forms should use proper coding techniques to protect against buffer overflow, SQL injection, and other attacks. Information Security © 2006 Eric Vanderburg
  18. 18. Hardening Networks • Update firmware on network devices – EEPROM (Electrically Erasable Programmable Read Only Memory) • Filter data at the edge of the network (Firewalls) • Filter by: – – – – – – Address (IP or MAC) Domain name Protocol Port Message content Session Information Security © 2006 Eric Vanderburg
  19. 19. Hardening Networks • ACLs and Rule bases are used in filtering – Keep rule bases small to increase efficiency in filtering (max: 40 rules) Information Security © 2006 Eric Vanderburg
  20. 20. Acronyms • • • • • • • • BDC, Backup Domain Controller DNS, Domain Name Service DHCP, Dynamic Host Configuration Protocol EEPROM, Electrically Erasable Programmable Read Only Memory EPROM, Erasable Programmable Read Only Memory FTP, File Transfer Protocol MMC, Microsoft Management Console NNTP, Network News Transfer Protocol Information Security © 2006 Eric Vanderburg
  21. 21. Acronyms • • • • • • • • NOS, Network Operating System PDC, Primary Domain Controller ROM, Read Only Memory SAM, Security Accounts Manager TSR, Terminate and Stay Resident DBMS, Database Management System AD, Active Directory LDAP, Lightweight Directory Access Protocol • SQL, Structured Query Language Information Security © 2006 Eric Vanderburg

×