1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

Slides:



Advertisements
Similar presentations
Network Security.
Advertisements

Protection of Information Assets I. Joko Dewanto 1.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.
Web Server Administration TEC 236 Securing the Web Environment.
1 Telstra in Confidence Managing Security for our Mobile Technology.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Enterprise Network Security Accessing the WAN Lecture week 4.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Chapter 2 Information Security Overview The Executive Guide to Information Security manual.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Copyright © 2002 ProsoftTraining. All rights reserved. Security Auditing, Attacks, and Threat Analysis.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
Managing User Accounts. Module 2 – Creating and Managing Users ♦ Overview ► One should log into a Linux system with a valid user name and password granted.
Chapter 6 of the Executive Guide manual Technology.
1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.
INTRODUCTION. The security system is used as in various fields, particularly the internet, communications data storage, identification and authentication.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Linux Networking Security Sunil Manhapra & Ling Wang Project Report for CS691X July 15, 1998.
 Focus on various part of the operating system can achieve the security and protection according to the organization’s requirement.  External and internal.
Note1 (Admi1) Overview of administering security.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.
Secure Wired Local Area Network( LAN ) By Sentuya Francis Derrick ID Module code:CT3P50N BSc Computer Networking London Metropolitan University.
Small Business Security Keith Slagle April 24, 2007.
Module 11: Designing Security for Network Perimeters.
Introduction to Information Security
Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.
1 Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise your system.
Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.
Database Security David Nguyen. Dangers of Internet  Web based applications open up new threats to a corporation security  Protection of information.
Computer Security Status Update FOCUS Meeting, 28 March 2002 Denise Heagerty, CERN Computer Security Officer.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Mark Shtern.  Our life depends on computer systems  Traffic control  Banking  Medical equipment  Internet  Social networks  Growing number of.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
Module 7: Designing Security for Accounts and Services.
SECURE SHELL MONIKA GUPTA COT OUTLINE What is SSH ? What is SSH ? History History Functions of Secure Shell ? Functions of Secure Shell ? Elements.
Syo-401 Question Answer. QUESTION 1 An achievement in providing worldwide Internet security was the signing of certificates associated with which of the.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
Working at a Small-to-Medium Business or ISP – Chapter 8
Systems Security Keywords Protecting Systems
Answer the questions to reveal the blocks and guess the picture.
Security of a Local Area Network
Security in Networking
IS3440 Linux Security Unit 6 Using Layered Security for Access Control
Computer Security Distributed System Security
Lesson 16-Windows NT Security Issues
SECURITY IN THE LINUX OPERATING SYSTEM
Operating System Security
Linux Security.
Chapter # 3 COMPUTER AND INTERNET CRIME
Convergence IT Services Pvt. Ltd
Presentation transcript:

1 Defining System Security Policies

2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your system from external and internal attack from malicious elements. This module focuses on policies to ensure basic system security in a Network environment. ♦ Lessons covered in this module ► Basic Security Concepts ► Services and Policies

3 Defining System Security Policies Lesson 1 - Basic Security Concepts Basic Security Concepts ♦ Introduction There are many types of threats to network security. Specific terms are used to describe them. Preventive measures and technologies protect the network. These are the basic security concepts explain in this lesson. ♦ Topics covered in this lesson ► Security Terms ► Basic System Security

4 Defining System Security Policies Topic 1 – Security Terms ♦ Network Security Threats: ► Fraud, vandalism, espionage, defacement, computer viruses, and hackers. Threats can be internal or external. ♦ Threats take the form of specific attacks : ► Virus, Worm, Password cracking, Vandal, Man-in-the-middle, Denial-of- Service, Distributed Denial-of-Service, Mail Bomb, Ping of Death, Broadcast Storm, Spamming, Trojan horse, Resource Stealing, Sniffing, Spoofing, hacking, WinNuke. Contd …

5 Defining System Security Policies Topic 1 – Security Terms ♦ Preventive Measures: ► Authentication, Access control, Data encryption, Pretty Good Privacy (PGP), Double password encryption scheme, Vulnerability Assessment, Virus scanner, Auditing, Intrusion Detection Systems (IDS), Honey Pots, Securing servers. ♦ Security Technologies: ► Firewall, Virtual Public Network (VPN), Public Key Infrastructure (PKI), Network Address Translation (NAT).

6 Defining System Security Policies Topic 2 – Basic System Security ♦ Security Practices ► System security starts with good system administration. ► Adopt routine safe practices while working an a Network. ► There is no 100% security. ► Follow all the preventive actions as a habit. ► Still there can always be a security breach. ► Detect intruders early by checking the system logfiles regularly. ► Check the ownership and permissions of all vital files. ► Monitor use of privileged accounts. Contd …

7 Defining System Security Policies Contd … Topic 2 – Basic System Security ♦ System Security ► Be proactive about system security. ► Monitor the mailing lists for updates and fixes. ► Give any service least privilege, when available to the network. ► Disable traits not required for the specified work. ► Set up programs to privileged accounts only when necessary. ► Use tcpd to restrict certain services to users from certain hosts. ► Learn and use methods of restricting access to particular hosts or services.

8 Defining System Security Policies Topic 2 – Basic System Security ♦ Software Security ► Be careful with software that enable login or command execution with limited authentication. ► Disable the r commands and use the ssh suite of tools. ► Avoid dangerous software Programs that require special privilege are more dangerous. ► Disable any vulnerable services. ► Only install, run and expose services that are absolutely necessary.

9 Defining System Security Policies Lesson 2 – Services and Policies ♦ Introduction Services in Red Hat Linux are programs which can be run on the network. These can be secure or insecure. Policies are the options which decide which of the services are accessible to different users. ♦ Topics covered in this lesson ► Securing Services ► Defining Policies

10 Defining System Security Policies Topic 1 - Securing Services ♦ Insecure Services ► Telnet ► File Transfer Protocol (FTP) ► rsync, rsh, rlogin and finger ♦ Secure Services ► Secure Shell Service (SSH) ► Secure Copy (scp) ► Secure File Transfer (sfp) ► Security Enhanced Linux (SELinux)

11 Defining System Security Policies Topic 2 - Defining Policies ♦ Best security practice is to have a documented security policy. ♦ Internal attacks are as important as external attacks. ♦ Security policy should define and alert warning signals. ♦ Policy should tell who should do what in response to the signals. ♦ Limit physical access to systems containing sensitive information. ♦ Define system security policy using SELinux. ♦ SELinux is based on Mandatory Access Control (MAC). ♦ SELinux adds another layer of access control permission. ♦ Services governed by SELinux policy are dhcpd, httpd, mysqld, named, nscd, ntpd, portmap, postgres, snmpd, squid, syslogd, and winbindd.

12 Defining System Security Policies Lab Exercises ♦ Verifying services as per given security policy, by service detection.

13 Defining System Security Policies Conclusion ♦ Summary ► Computers networks can be harmed by security threats. Appropriate preventive measures and adopting security technologies can avoid such threats. Safe practices for security of system, network, and software are essential. ► Insecure services like Telnet, FTP, Rsync, Rsh, rlogin and finger should be replaced by secure services like SSH, scp, sftp and enforce SELinux. System security policies must be clearly defined and understood by all users. SELinux should have proper policies and should be implemented. ♦ Question and Answer Session