Chapter 4: Security Baselines

1
Chapter 4 Security Baselines

• Security Guide to Network Security Fundamentals
• Second Edition

2
Objectives

• Disable nonessential systems
• Harden operating systems
• Harden applications
• Harden networks

3
Disabling Nonessential Systems

• First step in establishing a defense against
  computer attacks is to turn off all nonessential
  systems
• The background program waits in the computers
  random access memory (RAM) until the user presses
  a specific combination of keys (a hot key), such
  as CtrlShiftP
• Then, the idling program springs to life

4
Disabling Nonessential Systems (continued)

• Early terminate-and-stay-resident (TSR) programs
  performed functions such as displaying an instant
  calculator, small notepad, or address book
• In Microsoft Windows, a background program, such
  as Svchostexe, is called a process
• The process provides a service to the operating
  system indicated by the service name, such as
  AppMgmt

5
Disabling Nonessential Systems (continued)

• Users can view the display name of a service,
  which gives a detailed description, such as
  Application Management
• A single process can provide multiple services

6
Disabling Nonessential Systems (continued)
7
Disabling Nonessential Systems (continued)
8
Disabling Nonessential Systems (continued)

• A service can be set to one of the following
  modes
• Automatic
• Manual
• Disabled
• Besides preventing attackers from attaching
  malicious code to services, disabling
  nonessential services blocks entries into the
  system

9
Disabling Nonessential Systems (continued)

• The User Datagram Protocol (UDP) provides for a
  connectionless TCP/IP transfer
• TCP and UDP are based on port numbers
• Socket combination of an IP address and a port
  number
• The IP address is separated from the port number
  by a colon, as in 1981461182080

10
Disabling Nonessential Systems (continued)
11
Hardening Operating Systems

• Hardening process of reducing vulnerabilities
• A hardened system is configured and updated to
  protect against attacks
• Three broad categories of items should be
  hardened
• Operating systems
• Applications that the operating system runs
• Networks

12
Hardening Operating Systems (continued)

• You can harden the operating system that runs on
  the local client or the network operating system
  (NOS) that manages and controls the network, such
  as Windows Server 2003 or Novell NetWare

13
Applying Updates

• Operating systems are intended to be dynamic
• As users needs change, new hardware is
  introduced, and more sophisticated attacks are
  unleashed, operating systems must be updated on a
  regular basis
• However, vendors release a new version of an
  operating system every two to four years
• Vendors use certain terms to refer to the
  different types of updates (listed in Table 4-3
  on page 109)

14
Applying Updates (continued)

• A service pack (a cumulative set of updates
  including fixes for problems that have not been
  made available through updates) provides the
  broadest and most complete update
• A hotfix does not typically address security
  issues instead, it corrects a specific software
  problem

15
Applying Updates (continued)
16
Applying Updates (continued)

• A patch or a software update fixes a security
  flaw or other problem
• May be released on a regular or irregular basis,
  depending on the vendor or support team
• A good patch management system includes the
  features listed on pages 111 and 112 of the text

17
Securing the File System

• Another means of hardening an operating system is
  to restrict user access
• Generally, users can be assigned permissions to
  access folders (also called directories in DOS
  and UNIX/Linux) and the files contained within
  them

18
Securing the File System (continued)

• Microsoft Windows provides a centralized method
  of defining security on the Microsoft Management
  Console (MMC)
• A Windows utility that accepts additional
  components (snap-ins)
• After you apply a security template to organize
  security settings, you can import the settings to
  a group of computers (Group Policy object)

19
Securing the File System (continued)

• Group Policy settings components of a users
  desktop environment that a network system
  administrator needs to manage
• Group Policy settings cannot override a global
  setting for all computers (domain-based setting)
• Windows stores settings for the computers
  hardware and software in a database (the registry)

20
Hardening Applications

• Just as you must harden operating systems, you
  must also harden the applications that run on
  those systems
• Hotfixes, service packs, and patches are
  generally available for most applications
  although, not usually with the same frequency as
  for an operating system

21
Hardening Servers

• Harden servers to prevent attackers from breaking
  through the software
• Web server delivers text, graphics, animation,
  audio, and video to Internet users around the
  world
• Refer to the steps on page 115 to harden a Web
  server

22
Hardening Servers (continued)

• Mail server is used to send and receive
  electronic messages
• In a normal setting, a mail server serves an
  organization or set of users
• All e-mail is sent through the mail server from a
  trusted user or received from an outsider and
  intended for a trusted user

23
Hardening Servers (continued)
24
Hardening Servers (continued)

• In an open mail relay, a mail server processes
  e-mail messages not sent by or intended for a
  local user
• File Transfer Protocol (FTP) server is used to
  store and access files through the Internet
• Typically used to accommodate users who want to
  download or upload files

25
Hardening Servers (continued)
26
Hardening Servers (continued)

• FTP servers can be set to accept anonymous logons
  using a window similar that shown in Figure 4-8
• A Domain Name Service (DNS) server makes the
  Internet available to ordinary users
• DNS servers frequently update each other by
  transmitting all domains and IP addresses of
  which they are aware (zone transfer)

27
Hardening Servers (continued)
28
Hardening Servers (continued)

• IP addresses and other information can be used in
  an attack
• USENET is a worldwide bulletin board system that
  can be accessed through the Internet or many
  online services
• The Network News Transfer Protocol (NNTP) is the
  protocol used to send, distribute, and retrieve
  USENET messages through NNTP servers

29
Hardening Servers (continued)

• Print/file servers on a local area network (LAN)
  allow users to share documents on a central
  server or to share printers
• Hardening a print/file server involves the tasks
  listed on page 119 of the text
• A DHCP server allocates IP addresses using the
  Dynamic Host Configuration Protocol (DHCP)
• DHCP servers lease IP addresses to clients

30
Hardening Data Repositories

• Data repository container that holds electronic
  information
• Two major data repositories directory services
  and company databases
• Directory service database stored on the network
  that contains all information about users and
  network devices along with privileges to those
  resources

31
Hardening Data Repositories (continued)

• Active Directory is the directory service for
  Windows
• Active Directory is stored in the Security
  Accounts Manager (SAM) database
• The primary domain controller (PDC) houses the
  SAM database

32
Hardening Networks

• Two-fold process for keeping a network secure
• Secure the network with necessary updates
• Properly configure it

33
Firmware Updates

• RAM is volatile?interrupting the power source
  causes RAM to lose its entire contents
• Read-only memory (ROM) is different from RAM in
  two ways
• Contents of ROM are fixed
• ROM is nonvolatile?disabling the power source
  does not erase its contents

34
Firmware Updates (continued)

• ROM, Erasable Programmable Read-Only Memory
  (EPROM), and Electrically Erasable Programmable
  Read-Only Memory (EEPROM) are firmware
• To erase an EPROM chip, hold the chip under
  ultraviolet light so the light passes through its
  crystal window
• The contents of EEPROM chips can also be erased
  using electrical signals applied to specific pins

35
Network Configuration

• You must properly configure network equipment to
  resist attacks
• The primary method of resisting attacks is to
  filter data packets as they arrive at the
  perimeter of the network

36
Network Configuration (continued)

• Rule base or access control list (ACL) rules a
  network device uses to permit or deny a packet
  (not to be confused with ACLs used in securing a
  file system)
• Rules are composed of several settings (listed on
  pages 122 and 123 of the text)
• Observe the basic guidelines on page 124 of the
  text when creating rules

37
Network Configuration (continued)
38
Summary

• Establishing a security baseline creates a basis
  for information security
• Hardening the operating system involves applying
  the necessary updates to the software
• Securing the file system is another step in
  hardening a system

39
Summary (continued)

• Applications and operating systems must be
  hardened by installing the latest patches and
  updates
• Servers, such as Web servers, mail servers, FTP
  servers, DNS servers, NNTP servers, print/file
  servers, and DHCP servers, must be hardened to
  prevent attackers from corrupting them or using
  the server to launch other attacks