System and Network Security Practices COEN 351 E-Commerce Security.

Slides:

Advertisements

Similar presentations

Enabling Secure Internet Access with ISA Server

Advertisements

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

Michelle J. Gosselin, Jennifer Schommer Guanzhong Wang.

Current Security Threats WMO CBS ET-CTS Toulouse, France May 2008 Allan Darling, NOAA’s National Weather Service WMO CBS ET-CTS Toulouse, France.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

Chapter 12 Network Security.

Chapter 7 HARDENING SERVERS.

Network Security Testing Techniques Presented By:- Sachin Vador.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Payment Card Industry (PCI) Data Security Standard

COEN 252: Computer Forensics Router Investigation.

Installing and Configuring a Secure Web Server COEN 351 David Papay.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Understanding Active Directory

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Incident Response Updated 03/20/2015

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.

Intranet, Extranet, Firewall. Intranet and Extranet.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

SECURITY BASELINES -Sangita Prabhu.

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

Csci5233 Computer Security1 Bishop: Chapter 27 System Security.

Troubleshooting Windows Vista Security Chapter 4.

Module 14: Configuring Server Security Compliance

SECURITY ZONES. Security Zones  A security zone is a logical grouping of resources, such as systems, networks, or processes, that are similar in the.

Software Security Testing Vinay Srinivasan cell:

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.

1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.

© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

Chapter 12 Operating System Security Strategies The 2010 Australian Signals Directorate (ASD) lists the “Top 35 Mitigation Strategies” Over 85% of.

1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.

Chapter 2 Securing Network Server and User Workstations.

Module 11: Designing Security for Network Perimeters.

Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.

Security fundamentals Topic 2 Establishing and maintaining baseline security.

ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.

Module 7: Implementing Security Using Group Policy.

Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.

Understand Server Protection LESSON Security Fundamentals.

IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

Aaron Corso COSC Spring What is LAMP?  A ‘solution stack’, or package of an OS and software consisting of:  Linux  Apache  MySQL  PHP.

ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.

Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.

Securing Network Servers

Working at a Small-to-Medium Business or ISP – Chapter 8

Critical Security Controls

Chapter 7: Identifying Advanced Attacks

Chapter 6 Application Hardening

Module Overview Installing and Configuring a Network Policy Server

Secure Software Confidentiality Integrity Data Security Authentication

Securing the Network Perimeter with ISA 2004

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

Unit 27: Network Operating Systems

Chapter 27: System Security

PLANNING A SECURE BASELINE INSTALLATION

Designing IIS Security (IIS – Internet Information Service)

Presentation transcript:

System and Network Security Practices COEN 351 E-Commerce Security

Security Practices Harden / Secure Install only minimal OS configurations Install patches Install most secure and up-to-date versions of system applications Remove all privileges and access rights, then grant back access only on an “as needed” base. This could conflict with repeating the previous step. Enable as much system logging as possible. For forensics purposes.

Security Practices Prepare Assume that there are vulnerabilities that are not yet recognized. Administrator needs to recognize when these vulnerabilities are being exploited. Administrator needs to know the baseline state. Hardening solves known problems, preparation solves unknown problems.

Security Practices Detect Respond (includes recovery) Improve: Improve the security process by: Holding post-mortem reviews. Update policies and procedures. Update tool configurations and add new tools. Collect measures of resources required to deal with intrusion and security business case information.

Securing Network Servers and User Workstations Security practices implementation in four areas: Planning and executing the deployment of computers. Configuring computers to help make them less vulnerable to attack. Maintaining the integrity of deployed computers. Improving user awareness of security issues.

Securing Network Servers and User Workstations Security can be improved in three major ways: Securing the configuration of each network server and workstation host. Host security is first line of defense against internal threats. Faster incident detection. Promotion of consistency.

Securing Network Servers and User Workstations Identify the purpose of each computer: Categories of information stored on computer. Categories of information processed on computer. Security requirements of that information. Network services provided by that computer. Security requirements of those services. Users / user groups that have access to the computer. Trust relationships between computers.

Securing Network Servers and User Workstations Identify network services that will be provided. General Rule of Thumb: Servers should be dedicated to a single purpose. Reduces likelihood of configuration errors. Eliminates unsafe interactions between different services. Limits effects of compromise. Identify network service software to be installed. Services bundled with OS might not be the most appropriate. Identify users Determine user privileges Plan authentication Determine access enforcement measures. Some assets might need to be protected with encryption.

Securing Network Servers and User Workstations Develop intrusion detection strategies. Document backup and recovery procedures Backup data needs to be validated because it could have suffered from an undetected intrusion. For web-servers, content is usually created elsewhere and then transferred to the web-server. Determine how network services will be maintained / restored after various kinds of failures. Develop and follow a documented procedure for installing an Operating System. Determine how computer will be connected to the network.

Securing Network Servers and User Workstations Identify the security concerns related to day-to-day administration. Servers and workstations are physically distant from the offices of administration. Protect information contained on hardware no longer in use. Keep computer deployment plan current.

Securing Public Web Servers Security objectives: To maintain the integrity of all information resident on the web-site. To prevent the use of the web-host as a staging area for intrusions. Into our own network. Into somebody else’s network.

Securing Public Web Servers Step 1: Install a secure server. Step 2: Configure web server software and underlying web server host OS. Step 3: Maintain the web server’s integrity.

Securing Public Web Servers Isolate the web server After compromise, the web server cannot be used to gain access to other internal hosts observe and capture network traffic between internal hosts Place the web server on an isolated subnet This allows better monitoring of network traffic. Makes attack detection easier. Use firewalls to restrict traffic Web server needs to accept traffic on port 80/tcp and possible to port 443/tcp (https). Web server does not need to initiate TCP connections. All UDP and ICMP traffic can be blocked. Possible exception: DNS traffic (port 53/udp) Only allow traffic from web-server to internal DNS server

Securing Public Web Servers Isolate the web server webserver internal network internet firewall public web traffic internal traffic

Securing Public Web Servers Place server hosts providing supporting services on another isolated subnet Web-site might use , directory (LDAP), database services. Place these servers on protected networks. Only allow service specific data to flow between web server and other service providers.

Securing Public Web Servers Isolate the web server webserver internal network internet firewall SQL serverfirewall Only SQL Protocol permitted

Securing Public Web Servers Disable Source Routing and IP Forwarding Source routing is not really needed, but can be exploited for man-in-the-middle attacks, IP spoofing in general and scanning. IP forwarding can be used for scanning and for IP spoofing.

Securing Public Web Servers Alternative Approaches Place web server on internal network and then: use smart hubs, switches to separate web server from internal traffic. or: encrypt all internal traffic. Use ISP to host web-server.

Securing Public Web Servers Placement policies: Public servers should be placed on subnets separate from external public networks and from your internal network. Servers providing supporting services for your public servers should be placed on subnets separate from external public networks, from your public servers, and from your internal networks. Routers and firewalls should be configured to restrict traffic between external public networks and your public servers, and between your public servers and internal networks. Routers and firewalls should be configured to restrict traffic between servers providing supporting services for your public server and external public networks, your public server, and your internal networks.

Securing Public Web Servers Configure the web server with appropriate object, device, and file access controls. Perspectives: How to limit the access to your web server software. How to apply access controls for: server log files system software and configuration files application software and configuration files password files …

Securing Public Web Servers Establish new user and group identities. Server might have to run originally with root privileges in order to connect to server 80. Server should not continue to run in this mode.

Securing Public Web Servers Identify the protection needed: Public web content can be read but not written by web service processes. Directories in which public content is stored cannot be written by web service processes. Public web content files can be written only by processes authorized for web server administration. Web server log files can be written by service processes, but log files cannot be read or served as web contents. Web server log files can be read only by administration processes. Any temporary files created by web service processes are restricted to a specified and appropriately protected subdirectory. Access to temporary files created by web service processes is limited to the service processes that created these files.

Securing Public Web Servers Mitigate the effect of DoS Attacks. DoS attacks can involve: Gobbling up all network connections so that no new users can gain access. Filling primary memory with unnecessary processes to slow down the system. Filling file systems with extraneous and incorrect information. The following mitigates these attacks: Network connection time-outs. Assign priorities to web service processes. Separate directories for log files from system directories and user information.

Securing Public Web Servers Protect sensitive and restricted information: Run web server in its own partition under Windows. Avoid links to files not belonging to the web server. In more detail: Define a single directory for web server content files (excluding cgi scripts). Define a single directory for all external programs executed as part of the web server content. Disable the execution of CGI scripts that are not exclusively under the control of administrative accounts. Disable the use of hard or symbolic links as ordinary files and directories. Define a complete web content access matrix. (Which pages are accessible by whom?)

Securing Public Web Servers Disable the serving of web server file directory listings

Securing Public Web Servers Enable Logging Transfer log (access log) Error log Agent log: user client software used in accessing your web content. Referrer log: collects information relevant to HTTP access, including the URL of the page containing the link that the user client software followed to initiate the access to your web-page.

Securing Public Web Servers Configure the web server to minimize the functionality of programs, scripts, and plug-ins. Verify that acquired copy of external program is authentic. Use an isolated test machine to test all acquired programs. Run vulnerability checking tools. Mitigate the risk of distributing malicious code. Disable Server Side Include Functionality In particular, disable the execution of external programs. Check default configuration: Disable example scripts and other instances where external programs get executed.

Securing Public Web Servers Use authentication and encryption technology Do not trust address-based authentication. Do not trust HTTP basic authentication.

Securing Public Web Servers Maintain authoritative copy of web site content on a secure host. Establish normal protection mechanisms for these contents. Establish procedures for web-site content transferal.