Chapter 27: System Security

Slides:

Advertisements

Similar presentations

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

Advertisements

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

System and Network Security Practices COEN 351 E-Commerce Security.

Chapter 7 HARDENING SERVERS.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #24-1 Chapter 24: System Security Introduction Policy Networks Users Authentication.

June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #27-1 Chapter 27: System Security Introduction Policy Networks Users Authentication.

Installing and Configuring a Secure Web Server COEN 351 David Papay.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.

1 Networks, advantages & types of What is a network? Two or more computers that are interconnected so they can exchange data, information & resources.

1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.

Intranet, Extranet, Firewall. Intranet and Extranet.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

Csci5233 Computer Security1 Bishop: Chapter 27 System Security.

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Chapter 3.  Help you understand different types of servers commonly found on a network including: ◦ File Server ◦ Application Server ◦ Mail Server ◦

Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.

CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Setting Up & Using a Site Security Policy Instructor:

INSTALLATION HANDS-ON. Page 2 About the Hands-On This hands-on section is structured in a way, that it allows you to work independently, but still giving.

Types of Electronic Infection

Avira Endpoint Security. Introduction of Avira Management Center (AMC)

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.

Chapter 2 Securing Network Server and User Workstations.

Core 3: Communication Systems. Network software includes the Network Operating Software (NOS) and also network based applications such as those running.

Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.

CERN - European Organization for Nuclear Research Beyond ACB – VPN’s FOCUS June 13 th, 2002 Frédéric Hemmer & Denise Heagerty- IT Division.

Security fundamentals Topic 10 Securing the network perimeter.

Security fundamentals Topic 2 Establishing and maintaining baseline security.

Database Security David Nguyen. Dangers of Internet  Web based applications open up new threats to a corporation security  Protection of information.

Security Discussion IST Retreat June IT Security Statement definition In the context of computer science, security is the prevention of, or protection.

Chapter 14: Representing Identity Dr. Wayne Summers Department of Computer Science Columbus State University

LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►

XXIII HTASC Meeting – CERN March 2003 LIP and the Traveling Physicist Jorge Gomes LIP - Computer Centre.

SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Chapter 26: Network Security Dr. Wayne Summers Department of Computer Science Columbus State University

Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.

Appendix A: Designing an Acceptable Use Policy. Overview Analyzing Risks That Users Introduce Designing Security for Computer Use.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Security fundamentals

Securing Network Servers

Computational Theory Lab.

Chapter 27: System Security

System Security 계산이론연구실 임석재.

Chapter 6 Application Hardening

Enabling Secure Internet Access with TMG

Module Overview Installing and Configuring a Network Policy Server

Secure Software Confidentiality Integrity Data Security Authentication

SUBMITTED BY: NAIMISHYA ATRI(7TH SEM) IT BRANCH

Introduction to Networking

TYPES OF SERVER. TYPES OF SERVER What is a server.

Welcome To : Group 1 VC Presentation

Chapter 27: System Security

Chapter 14: Representing Identity

Chapter 26: Network Security

Ch. 11 – Cipher Techniques Dr. Wayne Summers

Lab 7 - Topics Establishing SSH Connection Install SSH Configure SSH

Lesson 16-Windows NT Security Issues

Chapter 28: User Security

REDCap and Data Governance

LO3 – Understand Business IT Systems

Designing IIS Security (IIS – Internet Information Service)

Preventing Privilege Escalation

6. Application Software Security

Presentation transcript:

Chapter 27: System Security Dr. Wayne Summers Department of Computer Science Columbus State University Summers_wayne@colstate.edu http://csc.colstate.edu/summers

Comparison of Web Server (in DMZ) and Development Systems (internal) Policy Networks Users Authentication Processes Files

Policy for Web Server System in DMZ All incoming Web connections and replies go through the outer firewall All users log in from an internal trusted server running SSH. Web pages not updated locally, but downloaded through SSH tunnel Log messages transmitted to DMZ log server only Web server may query DMZ DNS for IP addresses No other network services provided Web server runs CGI scripts Web server must implement services correctly & restrict access to services Public key of principal who will decipher and process transaction data resides on DMZ Web server

Policy for Development System Only authorized users are allowed to use the devnet systems. All actions / system accesses tied to individual user Workstation sysadmins must be able to access workstations at all times Users on devnet are trusted not to attack devnet systems, other users not trusted All network communications (except email) are confidential and are checked for alteration Base standard configuration cannot be changed Sysadmin must be able to restore system from backup with at most one day’s loss Security officers must perform periodic and ongoing audits of devnet systems

Networks Web Server System in the DMZ External users can reach system only by using Web services connecting through outer firewall Internal users can reach system only by using SSH from trusted admin system All attempts to connect must be monitored Server will not accept requests from other DMZ systems Server requires both host and user to be authenticated (via SSH server) Only web & SSH servers running; all attempts to connect to other ports are logged

Networks Development System Only accept authenticated and encrypted user connections (SSH server) Runs print spooler, logging server, access to file server and user database system No ftp/web servers Simple SMTP server for convenience with mail kept remotely Uses access control wrappers Systems scanned by sysadmin for vulnerabilities

Users Web Server System in the DMZ Two users & one sysadmin One user – read/serve Web pages & write to Web server transaction area Second user – move files from Web transaction area to commerce transaction area Minimize # of accounts vs. minimize privileges of accounts Sysadmin cannot login directly, except from console as root

Users Development System One user account per developer Administrative account Groups based on projects Use consistent naming between development systems (use central repository - NIS) Each developer workstation must have local root account and local account for sysadmin Special accounts, e.g. mail, daemon Development system noot accessible by Internet users

Authentication Web Server System in the DMZ SSH server only allows connections from trusted hosts and requires cryptographic authentication Web Server uses MD-5-based password hashing Development System Physically secure site Passwords (with aging) Use SSH for remote access

Processes Web Server System in the DMZ Run a minimum set of processes Commerce server SSH server Login server OS services Interprocess communications only through well-defined communicaiton channels Development System Servers run with fewest privileges necessary to perform tasks Processes must be logged

Files Web Server System in the DMZ System programs & configuration files – static (keep on CD) CGI programs – keep on CD Web server files kept in separate partition shielded from commerce server Development System Use CD to boot and install system and configuration Forward log messages to separate log server Keep developers files on separate file server