Day1

Network Security
and
Hacking Techniques

DAY 1

 Objectives of Network Security

 Hardening Linux

 Hardening Windows 2000

Network Security and Hacking Techniques – DAY1

Outline – Network Security
 Objectives of Network Security
 Attacks, Services and Mechanisms
 Key Security Attacks/Threats
 Active and Passive Security Threats
 Analysis of Software Vulnerabilities …
 Analysis of Attacking Technique Sophistication …
 Conclusions of Attacks From Past
 Anyone can Launch …
 Model For Network Security
 Network Access Security Model
 Network Security Process Closed Loop Corrective Action
 Elements of a Security Policy


Objectives of Network Security

Confidentiality

Integrity Avaliability


Objectives of Network Security

Confidentiality: only sender, intended receiver can
“understand” msg
 sender encrypts msg
 receiver decrypts msg
Authenticity: sender, receiver want to confirm
identity of each other
Integrity: sender, receiver want to ensure message
not altered (in transit, or afterwards) without
detection
Availability: ensure resource is available
Authorization: access to a resource is authorized


Attacks, Services and Mechanisms
 Security Attack: Any action that compromises
the security of information.

 Security Mechanism: A mechanism that is
designed to detect, prevent, or recover from a
security attack.

 Security Service: A service that enhances the
security of data processing systems and
information transfers. A security service makes
use of one or more security mechanisms.


What Is The Internet?
 Collection of networks that communicate
 with a common set of protocols (TCP/IP)

 Collection of networks with
 no central control
 no central authority
 no common legal oversight or
regulations
 no standard acceptable use policy

 “wild west” atmosphere


Why Is Internet Security a Problem?

 Security not a design consideration
 Implementing change is difficult
 Openness makes machines easy targets
 Increasing complexity


Key Security Attacks/Threats


Key Security Attacks/Threats

 Interruption: This is an attack on
availability
 Interception: This is an attack on
confidentiality
 Modification: This is an attack on integrity
 Fabrication: This is an attack on
authenticity


Active and Passive Security Threats


Analysis 82,094
of Software Vulnerabilities …

52,658
Incident:
The exploitation of a vulnerability: an
occurrence that interrupts normal process
21,756
and procedure.

4129
9859
2573
2412 3734
2437
2134

1090
345 311 417
171 262
1996 1997 1998 1999 2000 2001 2002 2003

Vulnerability:
A defect that violates an
implicit or explicit security policy

Analysis of
Attacking Technique Sophistication …
www attacks/incidents
stealth diagnostics (Tools)
High sniffers
distributed denial
of service
sweepers
denial of service

automated probes/scans
back doors
disabling audits packet spoofing
hijacking
sessions
exploiting known
Attack vulnerabilities
Sophistication password cracking
self-replicating code
password guessing

1980 1985 1990 1995 2002
Network Security and Hacking Techniques – DAY1 Source: CERT/CC

Conclusions of Attacks From Past
Knowledge
Required by stealth diagnostics (Tools)
Attacker High sniffers
distributed denial
of service
sweepers
denial of service

back doors
disabling audits packet spoofing
hijacking
sessions
exploiting known
Low Sophistication password cracking
self-replicating code (Scripts)
password guessing

1980 1985 1990 1995 2002

Anyone can Launch …
Knowledge
Required by stealth diagnostics (Tools)
Attacker High sniffers
distributed denial
of service
s
er
sweepers
c k denial of service
a
tt
fA

ro
back doors
packet spoofing
be
disabling audits

um sessions
hijacking
N
exploiting known
Low Sophistication password cracking
self-replicating code (Scripts)
password guessing

1980 1985 1990 1995 2002

Consider that…
 90% of companies detected computer security
breaches in the last 12 months
 59% cited the Internet as the most frequent
origin of attack
 74% acknowledged financial losses due to
computer breaches
 85% detected computer viruses
Source: Computer Security Institute


WHO ARE THE OPPONENTS?
 49% are inside employees on the
internal network

 17% come from dial-up (still
inside people)

 34% are from Internet or an
external connection to another
company of some sort

HACKERS


HACKER MOTIVATIONS
 Money, profit
 Access to additional resources
 Experimentation and desire to learn
 “Gang” mentality
 Psychological needs
 Self-gratification
 Personal vengeance
 Emotional issues
 Desire to embarrass the target


Internet Security?

sC od e Session H
iou ijacking
M ali c
Viruses Tro
Wor j ans
ms Replay Attack
ows
Scan ning Ove rfl
Port Spoofing Bu ffer
e
Denial of n-in-
the -midd
l
Ma
Service

THE MOST COMMON EXCUSES

 No one could possibly be interested in my
information
 Anti-virus software slows down my processor
speed too much.
 I don't use anti-virus software because I never
open viruses or e-mail attachments from people I
don't know.
 So many people are on the Internet, I'm just a
face in the crowd. No one would pick me out.
 I'm busy. I can't become a security expert--I
don't have time, and it's not important enough


SANS Five Worst Security Mistakes End
Users Make
 Opening unsolicited e-mail attachments without
verifying their source and checking their content
first.
 Failing to install security patches-especially for
Microsoft Office, Microsoft Internet Explorer, and
Netscape.
 Installing screen savers or games from unknown
sources.
 Not making and testing backups.
 Using a modem while connected through a local
area network.


Model For Network Security


Network Access Security Model


Methods of Defense

 Encryption
 Software Controls (access limitations in a data
base, in operating system protect each user from
other users)
 Hardware Controls (smartcard)
 Policies (frequent changes of passwords)
 Physical Controls


Security hmm… ??

“Security is a process,
not a product”


Network Security Process
Closed Loop Corrective Action

Evaluate
• Policies / Processes
• Design
• Vulnerabilities
Implement
• Patches
• New policies & designs
Incident
Improve • Authentication
Response
• Training / Awareness • Firewalls & VPNs
Team
• Adherence • Content security
• Intrusion detection

Monitor &
Measure
• Self
• Service


Elements of a Security Policy
 Build a Security Team
 skills and roles Attacker
 Training and Awareness
 explaining security
 Physical Security
 Monitoring
 logs and analysis Response
 Auditing
 assess security posture Forensics
 Prepare for an Attack
 incident response team Watch Team
 Handling an Attack
 Forensics General Employees
 analyze data


Outline – Network Security

Questions ??


Systems – Linux and Windows 2000

 Hardening Linux

 Hardening Windows 2000


Typical Network- Linux and Windows Host
PC Servers
Visible
IP
Address

We are
here
Internal
Network Linux and
windows
Host
Application Servers
Like IDS,Sniffers


Brief Introduction of Linux
“The Linux has by  Introduction of Linux
8 billion users”
 Installation of Linux Server
 Security and Optimization
 Linux Networking Concepts
 Linux security Software's
 Internet Infrastructure


What is Linux ??
“The Linux Based
Services that
Mean Business  Linux is an operating system, which is same
Securing Internet” as UNIX operating system.

 First created at the University of Helsinki in
Finland by a young student named Linus
Torvalds.

 The Linux operating system is developed
under the GNU General Public License

 Source code is freely available


Some good reasons to use Linux

 There are no royalty or licensing fees for using
Linux

 Linux quite portable. Linux runs on more CPUs
and platforms than any other computer operating
system

 Linux is a true multi-tasking operating system
similar to his brother UNIX

 Benefit of Linux is practically immunized against
all kinds of viruses that we find in other operating
systems


Choosing Linux Vendors
 Redhat Linux
 Suse Linux
 Debian Linux
 Slackware Linux


Installation of Linux Redhat

 www.redhat.com

 Freely available to everyone who downloads it via
the Internet

 ftp://ftp.redhat.com

 The Red Hat Linux CD-ROM at Rs. 10,000/-


Know your Hardware !!
 How many hard drives and what are size ?
 What kind of hard drive e.g IDE, SCSI ?
 How much RAM do you have ?
 Do you have a SCSI adapter ??, what make
 What type of mouse do you have ?
 What is the make and model of your video card ?
 What kind of monitor do you have ?
 Your types of network(s) card(s) (makes and
model)?
 If connected to network, what are IP address,
gateway, subnet mask and DNS servers


Installation Class and Method (Install Type)

Red Hat Linux 9.0 include four different classes, or
type of installation. They are:

 GNOME Workstation
 KDE Workstation
 Server
 Custom


Partition Strategy
A good partition strategy is to create a separate partition for
each major file system

Creating multiple partitions offers you the following
advantages:
 Faster booting.
 Easy backup and upgrade management.
 Limit each file system’s ability to grow.
 Protection against SUID programs.
 Protection against denial of service attack.


Partition Example
Partitions that must be created on your system:

/boot 5MB All Kernel images are kept
here.
/usr 512MB Must be large, since all Linux
binaries programs are
installed here.
/home 1146MB Proportional to the number of
users you intend to host (i.e.
10MB per users * by the
number of users 114 =
1140MB).
/chroot 256MB If you want to install
programs in chroot jail
environment (i.e. DNS).
/cache 256MB This is the cache partition of a
proxy server (i.e. Squid).
/var 256MB Contains files that change
when the system run
normally (i.e. Log f
iles). <Swap> 128MB Our
swap partition. The virtual
memory of the Linux
operating system.
/tmp 256MB Our temporary files partition.
/ 256MB Our root partition.

Tools to Partition the Hard Drives

 Disk Druid

 Fdisk


Components to Install (Package Group
Selection)

 The host can be configured to better suit the
requirements of the particular service.
 By reducing services, the number of logs and log
entries is reduced so detecting unexpected
behavior becomes easier.
 Different individuals may administer different
services. By isolating services so each host and
service has a single administrator you will
minimize the possibility of conflicts between
administrators.
 Other services cannot be used to attack the host
and impair or remove desired network services.


Unwanted Packages
Applications/File: git
Applications/Internet: finger, ftp, fwhois, ncftp, rsh,
rsync, talk, telnet
Applications/Publishing: ghostscript, ghostscript-fonts,
groff-perl, mpage,
pnm2ppa, rhsprintfilters
Applications/System: arpwatch, bind-utils, rdate,
rdist, screen, ucd-
snmp-utils
Documentation: indexhtml
System Environment/Base: chkfontpath, yp-tools
System Daemons: XFree86-xfs, finger-server,
lpr, nfs-utils,
pidentd,
portmap, rsh-server, rusers,
rusers-server, rwall-server,
rwho, talk-server,
telnet- server,tftp-server,
ucd-snmp,
Network Security and Hacking Techniques – DAY1 ypbind, ypserv
System Environment/Libraries:XFree86-libs, libpng

How to use RPM Commands

• To install a RPM package, use the command:
[root@testing /]# rpm -ivh foo-1.0-2.i386.rpm
• To uninstall a RPM package, use the command:
[root@testing /]# rpm -e foo
• To upgrade a RPM package, use the command:
[root@testing /]# rpm -Uvh foo-1.0-2.i386.rpm
• To query a RPM package, use the command:
[root@testing /]# rpm -q foo
• To check a RPM signature package, use the
command:
[root@testing /]# rpm --checksig foo


Starting and stopping daemon services

• To start the httpd Web Server manually under Linux.
[root@testing /]# /etc/rc.d/init.d/httpd start
Starting httpd: [ OK ]

• To stop the httpd Web Server manually under Linux.
[root@testing /]# /etc/rc.d/init.d/httpd stop
Shutting down http: [ OK ]

• To restart the httpd Web Server manually under
Linux.
[root@testing /]# /etc/rc.d/init.d/httpd restart
Shutting down http: [ OK ]
Starting httpd: [ OK ]


Securing and Optimization of Linux

 Basic Linux System Administration

 General System Security

 General System Optimization

 Configuring and Building Kernels


Basic Linux System Administration
 Creating general users
root# useradd testing
root# passwd testing
 Getting Help
root# man man
 Walking around the Linux Directories
root# pwd
Output: /root
root# cd /home/testing
root# pwd
Output: /home/testing
 Looking Around
root# ls –l
where -l – listing the files
-a--- listing all the files


(cont..)
Working with Files and Directories
 To create a directory under the current directory
root# mkdir testing
root# mkdir /home/testing/test
 To create a file, using text editor
root# vi ya.txt
 To copy a file,
root# cp ya.txt yah.txt
root# cp ya.txt /home/testing/yah.txt
 To move and rename a file
root# mv ya.txt /home/testing/yah.txt
root# mv l.txt /home/testing/l.txt
 To delete a directory and file
root# rm –r /home/testing
root# rm y.txt


(cont..)
 Pipes
root# ls –la /etc | less
root# ls –la /etc | grep hosts
 Putting Commands Together
root# ls ; cp /home/testing/h.txt /root/h.txt
 To check the process
root# ps –aux
 To kill the process
root# kill –9 pid
root# killall –9 xinetd
 To check loadaverage
root# uptime


Linux General Security
 BIOS Security set a boot password
 Security Policy
 Choose a right Password
 The password length
Edit file /etc/login.defs and Change the following line
PASS_MIN_LEN 5
To read:
PASS_MIN_LEN 8

 The root account
Set login time out for the root account
Edit file profile (/etc/profile) and the change the
following line
TMOUT=7200


Linux General Security (Cont…)
 TCP_WRAPPERS
TCP_WRAPPERS is controlled from two files and
the search stops at the first match.
vi /etc/hosts.allow
vi /etc/hosts.deny

For Example
Add ALL:ALL in hosts.deny file, then the access will be
denied
Add following line in hosts.allow
sshd: 192.128.9.13 home.secureindia.com
this will allow to access to above IP and Hostnames



Xinetd
xinetd is a secure replacement for inetd, the internet
services daemon

Features:
 Access control
 Prevent denial of service attacks!
 Extensive logging abilities!
 Offload services to a remote host


Xinetd (Cont..)
Xinetd files are /etc/xinetd.conf and
directories are stored at
/etc/xinetd.d/
Simple Configuration
defaults
{
instances = 60
log_type = SYSLOG authpriv
log_on_success = HOST PID
log_on_failure = HOST
cps = 25 30
}
includedir /etc/xinetd.d


Xinetd (cont..)
Sample Configuration of telnet services
service telnet
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
}


Linux General Security (Conts…)
 Password protect the boot loader
Edit vi /etc/lilo.conf
add the following line
password = xxxxx

 Special accounts
DISABLE ALL default vendor accounts
root# userdel adm
root# userdel lp
root# userdel sync
root# userdel shutdown
root# userdel halt
root# userdel news
root# userdel operator
root# userdel games



 Enable TCP SYN Cookie Protection
Edit /etc/sysctl.conf and add
net.ipv4.tcp_syscookies = 1
OR
echo 1 > /proc/sys/net/ipv4/tcp_syncookies

 Prevent your system from responding to
ping request
Edit /etc/sysctl.conf
net.ipv4.icmp_echo_ignore_all = 1
OR
echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all


Linux Optimization
 The “inode-max” parameter
Value roughly 3 to 4 times (8192*4=32768) the number of
opened files
fs.inode-max = 32768
OR
echo "32768" >/proc/sys/fs/inode-max

 The “file-max” parameter
256 for every 4M of RAM we have: i.e. for a machine with 128 MB
of RAM, set it to 8192 (128/4=32 32*256=8192). The default
setup for the “file-max” parameter under Red Hat Linux
is:"4096“
fs.file-max = 8192
OR
echo 8192 > /proc/sys/fs/file-max


Linux Optimization (cont…)
 The “ulimit’ parameter
Linux itself has a "Max Processes" per user limit.

Edit the .bashrc file (vi /root/.bashrc) and add the following line:
ulimit -u unlimited

root# ulimit -a
core file size (blocks) 1000000
data seg size (kbytes) unlimited
file size (blocks) unlimited
max memory size (kbytes) unlimited
stack size (kbytes) 8192
cpu time (seconds) unlimited
max user processes unlimited _ this line.
pipe size (512 bytes) 8
open files 1024
virtual memory (kbytes) 2105343


 The “atime” attribute
Linux records information about when files were created and last
modified as well as when it was last accessed.

To set the attribute to a file, use:
root# chattr +A filename _ For a specific file

For a whole directory tree, do something like:
root# chattr -R +A /var/spool/ _ For a news and mail
root# chattr -R +A /cache/ _ For a proxy caches
root# chattr -R +A /home/httpd/ona/ _ For a web pages


 Handled more connections by time with your TCP/
IP

Edit the “/etc/sysctl.conf” file and add the following lines:
# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 30
# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 1800
# Turn off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 0
# Turn off the tcp_sack
net.ipv4.tcp_sack = 0
# Turn off the tcp_timestamps
net.ipv4.tcp_timestamps = 0


Securing and Building Linux kernel

 Kernel is the core of Operating System

 Kernel plays important role in performance of Linux
Server
 Role of Kernel
 Memory Management
 Hardware Management
 Process Management
 www.kernel.org
 http://www.openwall.com/linux/


(Cont…)
 Untar the kernel Source
root# cp kernel_version.tar.gz /usr/src
root# cd /usr/src
root# tar –zxvf kernel_version.tar.gz

 Increase the Tasks (optimization)
To increase the number of tasks allowed (the maximum number
of processes per user), you may need to edit the
“/usr/src/linux/include/linux/tasks.h” file and change the following
parameters.
Edit the tasks.h file
(vi +14 usr/src/linux/include/linux/tasks.h) and change the
following parameters:
NR_TASKS from 512 to 3072
MIN_TASKS_LEFT_FOR_ROOT from 4 to 24

 Untar the kernel security patch
root#tar –zxvf linux-2_2_14-ow2_tar.gz

(Cont…)
 Securing the kernel
Features:
Non-executable user stack area
Restricted links in /tmp
Restricted FIFOs in /tmp
Restricted /proc
Special handling of fd 0, 1, and 2
Enforce RLIMIT_NPROC on execve(2)


(Cont…)
 Applying the Patch
root# cd /usr/src/kernel_version
root# patch -p0 < linux-2.2.14-ow2.diff
 Compilation
root# make config
Choose options in menu .
root# make dep ; make bzImage
Compile the Modules
root# make modules; make modules_install

 Installation of Kernel
root# cp /usr/src/linux/arch/i386/boot/bzImage /
boot/vmlinuz_kernel_version.number


(Cont…)
 Linux Loader (lilo)
Edit file /etc/lilo.conf and add the following lines
mage=/boot/vmlinuz-2.5.1
label=linux-5
initrd=/boot/initrd-2.5.1
read-only
root=/dev/sda1
and change default to linux-5
default=linux
to
default=linux-5
running following command lilo –v to recognize new
kernel
root# /sbin/lilo –v


(Cont…)
 Make a new rescue floppy
root# mkbootdisk -devise /dev/fd0 old-version
example
root# mkbootdisk –devise /dev/fd0 2.4.18
Now Reboot the system
root# reboot

 After booting you see new kernel


Linux Network Management

 TCP/IP Network Management

 Networking Firewall


TCP/IP Linux Network Management

Files related to networking functionality

 The “/etc/HOSTNAME” file
This file stores your system’s host name—your system’s fully
qualified domain name (FQDN), such as testing.secureindia.net.
Following is a sample “/etc/HOSTNAME” file:
testing.secureindia.com

 The “/etc/resolv.conf” file
This file is another text file, used by the resolver—a library that
determines the IP address for a host name.
Following is a sample “/etc/resolv.conf” file:
search secureindia.net
nameserver 202.71.129.33
nameserver 202.71.129.37


TCP/IP Linux Network Management(Cont..)

 The “/etc/sysconfig/network-scripts/ifcfg-ethN”
files
File configurations for each network device
Following is a sample “/etc/sysconfig/network-
scripts/ifcfg-eth0” file:

DEVICE=eth0
IPADDR=202.71.129.252
NETMASK=255.255.255.0
NETWORK=202.71.129.0
BROADCAST=202.71.129.255
ONBOOT=yes
BOOTPROTO=none
USERCTL=no



 The “/etc/host.conf” file
This file specifies how names are resolved. Linux uses a
resolver library to obtain the IP address corresponding
to a host name.
Following is a sample “/etc/host.conf” file:
# Lookup names via DNS first then fall back to
/etc/hosts.
order bind,hosts
# We have machines with multiple addresses.
multi on
# Check for IP address spoofing.
nospoof on



 The “/etc/sysconfig/network” file
The “/etc/sysconfig/network” file is used to specify information
about the desired network configuration on your server.
Following is a sample “/etc/sysconfig/network” file:
NETWORKING=yes
FORWARD_IPV4=yes
HOSTNAME=deep. secureindia.com
GATEWAY=0.0.0.0
GATEWAYDEV=eth1

 The “/etc/sysctl.conf” file
In Red Hat Linux 9.0, many kernel options related to networking
security such as dropping packets that come in over interfaces
they shouldn't or ignoring ping/broadcasts request, etc can be set
in the new “/etc/sysctl.conf” file instead of the “/etc/rc.d/rc.local”
file.
Edit the “/etc/sysctl.conf” file and add the following line:
# Enable packet forwarding
net.ipv4.ip_forward = 1



 Configuring TCP/IP Networking manually with the
command line

ifconfig utility is the tool used to set up and configure
your network card
To assign the eth0 interface the IP-address of
202.71.128.252 use the command:

root# ifconfig eth0 202.71.128.252 netmask 255.255.255.0
root# ifconfig eth0

The output should look something like this:

eth0 Link encap:Ethernet HWaddr 00:E0:18:90:1B:56
inet addr:202.71.128.252 Bcast:202.71.128.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1295 errors:0 dropped:0 overruns:0 frame:0
TX packets:1163 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:11 Base address:0xa800


 To assign the default gateway

root# route add default gw 202.71.128.1

To verify that you can reach your hosts, use the
command:
root# ping 202.71.128.1
PING 202.71.128.1 (202.71.128.1) from 202.71.128.252:
56 data bytes
64 bytes from 202.71.128.252: icmp_seq=0 ttl=128 time=1.0 ms
64 bytes from 202.71.128.252: icmp_seq=1 ttl=128 time=1.0 ms



 To display the routing information

root# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
202.71.128.252 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
202.71.128.0 202.71.128.252 255.255.255.0 UG 0 0 0 eth0
208.164.186.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo



 To see all active TCP connections

root# netstat -t

Active Internet connections (w/o servers)

Proto Recv-Q Send-Q Local Address Foreign Address State
Tcp 0 0 deep.openar:netbios-ssn gate.openna.com:1045 ESTABLISHED
Tcp 0 0 localhost:1032 localhost:1033 ESTABLISHED


Introduction to netfilter/iptables

 Linux security and netfilter/iptables

 Inbuilt capability is firewall configuration for Linux
systems on a network

 Firewalls to stop unauthorized sources from
accessing their Linux systems by using telnet, for
example.

 Free up the bandwidth by blocking unnecessary
traffic coming from sources like advertisement
sites


Netfilter/IPtables

packet filtering process


Building rules and chains

Root# iptables [-t table] command [match] [target]

Tables: INPUT,OUTPUT,PREROUTING,POSTROUTING

Command: -A or –append
$ iptables -A INPUT -s 205.168.0.1 -j ACCEPT

-D or --delete
$ iptables -D INPUT --dport 80 -j DROP

-F or –flush
$ iptables -F

-L or --list
$ iptables -L


Building rules and chains (cont…)

Match: -p or --protocol
$ iptables -A INPUT -p TCP, UDP
-s or –source
$ iptables -A OUTPUT -s 192.168.1.1
-d or --destination
$ iptables -A INPUT -d 192.168.1.1

Target : ACCEPT,DROP and REJECT

$ iptables -A FORWARD -p TCP --dport 22 -j REJECT


Securing Windows 2000
 OS Installation
 Installing Service Packs and Hotfixes
 Secure Server Settings
 Miscellaneous settings
 Network Settings
 Enabling /Disabling Services
 System Policies
 Registry Settings


Windows2000 Server operating system
requires…

Introduction
 Careful planning and preparation.
 Default installation Server is vulnerable to security
attacks
 Disconnected from the network until both the Windows
2000 Service Pack 3 and the Security hotfixes are
installed.
Disk Configuration
 Ensure that all the drives on the server have NTFS
partitions
 If the drives are not on NTFS then use the
“Convert.exe” tool to convert the partition to NTFS and
retain the data also
 Ensure that the disk is partitioned into at least two
separate partitions
 One for the system and OS files, and the other for data
files


Installing Service Packs and Hotfixes

Hotfixes and security packs

 Hotfixes are code patches for products that are provided

 While applying the service pack you will be asked whether you
want to back up the existing setup

Secure Server Settings
Anti-virus
• Ensure that an anti-virus is installed on the server
• Latest updates as provided by the Anti-Virus vendor.
Emergency repair disk (ERD)


Miscellaneous Settings
 File permissions
list the permissions to be granted on critical files
Example
Repeat the process for the following directories and files.
Temp directories like c:temp, %systemroot%tmp.
Audit logs (%systemroot%system32config*.evt)
Registry files (%systemroot%system32config, %systemroot%repair)
All shared directories
Boot files on the system partition (Boot.ini, NTLDR, NTDETECT.COM, NTBOOTDD.SYS,
BOOTSECT.DOS)

 Administrator password length
 Rename Administrator Account
 Rename Guest Account


Network Settings
 Microsoft provides two categories of networking services
Microsoft’s File and Print services (Installed Default)
 The General TCP/IP and Internet services
• DNS and WINS settings
• Unbinding Microsoft networking services


Network Settings
 Enabling/Disabling services

• Default windows start a few services over
which we do not have any control, during
the installation phase


System Policies
 Password Policies

Password policies help
administrators dictate the
strength of passwords that
users can set

 Account Lockout
Policies

Account lockout policy options
disable accounts after a set
number of failed logon attempts


System Policies (Conts…)
 Audit policy
Audit policies help administrators
monitor logon activity in
Windows 2000 Server in a very
detailed way by enabling success-
and-failure auditing in the system's
Audit policy


 Audit log settings
Changing parameters like
1. Maximum log size
2. Do not overwrite events


 User rights
User rights are typically
assigned on the basis of the
security groups to which a
user belongs

The policy settings in this
category are typically used
to allow or deny users
permission to access to
their computer based on the
method of access and their
security group memberships


 Security options

The settings provided under
this heading help define the
behavior of the system for the
settings configured above
and the way the system
interacts with other machines
on the network.


Registry Settings
 This section address specific settings that have to be
done manually in the system registry
 It’s highly recommended to take to take a full back of
the registry before any changes have been made

SYN attack protection
Procedure
Right click on the right hand pane
Syn attack protection involves reducing the Choose New→ DWORD Value
amount of retransmissions for the SYN-ACKS Name it “SynAttackProtect”.
Double click on the “SynAttackProtect” key
Reduce the time for which resources have to Enter the value as “2”
remain allocated


Registry Settings (Conts…)
 TcpMaxHalfOpen
 This parameter controls the number of connections in the
SYN-RCVD state allowed before SYN-ATTACK protection
begins to operate.
 If SynAttackProtect is set to 1, ensure that this value is
lower than the AFD listen backlog on the port you want to
protect. See the SynAttackProtect parameter for more
details.

 TcpMaxHalfOpenRetried
 This parameter controls the number of connections in the
SYN-RCVD state for which there has been at least one
retransmission of the SYN sent, before SYN-ATTACK
attack protection begins to operate.
 The default values are 80 for Win2K Pro and Server and
400 for Advanced Server. See the SynAttackProtect
parameter for more details.


Registry Settings (Conts…)
 Perform router discovery
 This parameter controls whether Windows 2000 will try to
perform router discovery (RFC 1256). This is on a per-
interface basis
 It is located in Interfaces<interface> and is a REG_DWORD,
with a range of 0–2, (default is 2 and recommended is 0).
Value of 0 is disabled; 1 is enabled; and 2 DHCP controls the
setting.

 Enable ICMP redirects
 This controls whether Windows 2000 will alter its route table
in response to ICMP redirect messages that are sent to it by
network devices such as a routers.
 It is a REG_DWORD, with 0,1 (False, True). Default value is
1, recommended value is 0.


Registry Settings (Conts..)
 Restrict network access to the registry


Day1

More Related Content

What's hot

Viewers also liked

Similar to Day1

Recently uploaded

Day1