Computer Security for Student-Administered Computers.

Slides:



Advertisements
Similar presentations
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Advertisements

Mr C Johnston ICT Teacher
Paula Kiernan Senior Consultant Ward Solutions
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
System and Network Security Practices COEN 351 E-Commerce Security.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Chapter 7 HARDENING SERVERS.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Windows 2003 SP1 Member Server in ASU Active Directory WNUG/CCC February 2, 2006 Sharon Bushart CLAS Information Technology.
Network Security Testing Techniques Presented By:- Sachin Vador.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Operating System Security Chapter 9. Operating System Security Terms and Concepts An operating system manages and controls access to hardware components.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Hardening Small Business Server 2003 Published: July 2005 Dana Epp Computer Security Software Architect Scorpion Software Corp. SBS Security HOWTO.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
Chapter 4: Security Baselines Security+ Guide to Network Security Fundamentals Second Edition.
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software
Securing Microsoft® Exchange Server 2010
Module 14: Configuring Server Security Compliance
CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Setting Up & Using a Site Security Policy Instructor:
Operating System Security. OS manages and controls access to hardware components Older OSs focused on ensuring data confidentiality Modern operating systems.
IIS Security Sridurga Mavram. Contents -Introduction -Security Consideration -Creating a web page -Drawbacks -Security Tools -Conclusion -References.
 Chapter 14 – Security Engineering 1 Chapter 12 Dependability and Security Specification 1.
Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.
Module 6: Designing Security for Network Hosts
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Chapter 2 Securing Network Server and User Workstations.
Small Business Security Keith Slagle April 24, 2007.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.
Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.
Chapter 13 Understanding E-Security. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES Security in Cyberspace Conceptualizing Security.
1 Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise your system.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
NetTech Solutions Protecting the Computer Lesson 10.
IS493 INFORMATION SECURITY TUTORIAL # 1 (S ) ASHRAF YOUSSEF.
Web Technology – Web Server Setup : Chris Uriarte Meeting 4: Advanced Topics, Continued: Securing the Apache Server and Apache Performance Tuning Rutgers.
Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.
Mark Shtern.  Our life depends on computer systems  Traffic control  Banking  Medical equipment  Internet  Social networks  Growing number of.
Mr C Johnston ICT Teacher BTEC IT Unit 09 - Lesson 11 Network Security.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
SMOOTHWALL FIREWALL By Nitheish Kumarr. INTRODUCTION  Smooth wall Express is a Linux based firewall produced by the Smooth wall Open Source Project Team.
NETWORK SECURITY LAB 1170 REHAB ALFALLAJ CT1406. Introduction There are a number of technologies that exist for the sole purpose of ensuring that the.
Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.
.
Working at a Small-to-Medium Business or ISP – Chapter 8
Chapter 6 Application Hardening
Configuring Windows Firewall with Advanced Security
HARDENING CLIENT COMPUTERS
Chapter 4: Security Baselines
Configuring and Troubleshooting Routing and Remote Access
Introduction to SQL Server 2000 Security
Business Risks of Insecure Networks
Security of a Local Area Network
Information Security Session October 24, 2005
Chapter 27: System Security
Operating System Security
Implementing Client Security on Windows 2000 and Windows XP Level 150
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

Computer Security for Student-Administered Computers

Agenda " What's the Problem? " Security Risk " Security Incidents " Defenses " Vigilance

What's the Problem at UW? – " port-scanning: looking for systems to target " buffer-overrun attacks: command execution via coding errors " open account exploits: to login " packet sniffing: to learn login secrets " trojan horse attacks: to fool user into executing infected program " shared/stolen accounts: to login " denial of service attacks: to prevent or hamper use of computers " file storage: to pirate software/music/etc. " forging or other electronic messages: to harass/threaten/fool

Security Goals – Microsoft Prescriptive Guidance: Security Operations Guide for Windows 2000 Server " prodtech/windows/windows2000/staysecure/default.asp " Get secure " Stay secure (over time, amidst changes)

Security Risk " Managing risk to protected resources " Resources: data, applications, servers, etc. – what's its value? " Threat: something that could access/harm resources – natural/physical, unintentional/intentional " Vulnerability: point where resource can be attacked " Exploit: use of a vulnerability by a threat – could result in loss of confidentiality, integrity or availability " Risks need to be ranked: low, medium, high

Security Incidents " physical: earthquake, water leak, power failure, etc. " technical vulnerability exploits: attacks, buffer overflows,... " information gathering exploit: OS identification, wireless leak, social engineering " denial of service exploit: resource removal, physical damage, etc.

Defenses " Data: encryption and backups; antivirus software " Application: developer needs to enforce " Host: limit server to specific roles " Network: blocking and/or encrypting traffic " Perimeter: firewalls; authorized PCs are clean before connecting " Physical: removable media, locks, redundancy, restricted areas " Policies and Procedures: raise awareness and prevent abuse

Windows 2000 Defenses " Planning " Isolation " Installation and Upgrades " Antivirus software " Group Policy/Registry Changes " IPSec/Filtering " Application Lockdown

Windows 2000 Defenses: Planning " What kind? – server: member or domain controller? – workstation? " What role? – basic? web server? cluster? " What’s required for other services? – need to think about this

Windows 2000 Defenses: Isolation " On Internet-connected computer: – gather all upgrades, antivirus software " " download – Network Associates/McAfee Netshield (server) – McAfee VirusScan (workstation) – upgrades and updates – burn on CD " Connect to a hub not connected to Internet – Use static, non-routable IP addresses: xxx.xxx

Windows 2000 Defenses: Installation and Upgrades " Install Windows 2000 – don’t do it blindly -- read and think about it " Install latest service packs " Install security patches/hotfixes to service packs " Switch to non-privileged account – use RUNAS whenever elevated privileges needed " Watch logs (use EventViewer)

Windows 2000 Defenses: Antivirus " Install Netshield " Install latest upgrades/updates – don’t schedule to update/upgrade (not connected)

Windows 2000 Defenses: Group Policy/Registry Changes – %SystemRoot%\security\templates " Basic – Basicwk.inf (workstation) – Basicsv.inf (member server) – Basicdc.inf (domain controller) " Incremental – securedc.inf (domain controller) – securews.inf (workstations or member servers) – IIS Incremental.inf (IIS only)

Windows 2000 Defenses: Apply AD Group Policy " Active Directory Users and Computers/Domain Controllers/Properties/Group Policy/New – type “BaselineDC Policy” " press enter, then right-click on BaselineDC Policy " select “No Override " Edit/Windows Settings (expand)/Security Settings/Import Policy – locate template BaselineDC.inf and place name in “Import Policy From” box – close Group Policy and then click Close " replicate to other domain controllers and reboot

Windows 2000 Defenses: Apply Member Group Policy " Active Directory Users and Computers/Member Servers/Properties/Group Policy/New – type “Baseline Policy” " Edit/Windows Settings (expand)/Security Settings/Import Policy – locate template Baseline.inf and place name in “Import Policy From” box – close Group Policy and then click Close " repeat above for Incremental template files " replicate to other domain controllers and reboot

Windows 2000 Defenses: Verify Group Policy " Verify with secedit (compare with existing template) " secedit /analyze /db secedit.sdb /cfg xxxxx.inf " look at log file " Test!

Windows 2000 Defenses: Registry Changes (in Baseline) " HKLM\System\CurrentControlSet\Services\Tcpip\Parameters – EnableICMPRedirect=0 – SynAttackProtect=2 – DisableIPSourceRouting=2 – PerformRouterDiscovery=0 " HKLM\System\CurrentControlSet\Services\AFD\Parameters – DynamicBacklogGrowthDelta=10 – EnableDynamicBacklog=1 – MinimumSynamicBacklog=20 – MaximumDynamicBacklog=20000

Windows 2000 Defenses: IP Filtering " Block all ports not needed for servers

Windows 2000 Defenses: Application Lockdown – Read application’s notes on security " IIS – IS Incremental.inf – follow guidelines " SQL Server – change default system DBA passwords – protect DBs with access rights/file permissions

Linux Defenses " Planning " Isolation " Installation and Upgrades " Antivirus software??? " IP Filtering " Application Lockdown

Linux Defenses: Planning " What kind? – workstation? – server? " What servers? – web server? insecure servers? " What apps are required? " What services are required?

Linux Defenses: Isolation " On Internet-connected computer: – gather all upgrades – burn on CD " Connect to a hub not connected to Internet – Use static, non-routable IP addresses: xxx.xxx

Linux Defenses: Installation and Upgrades " Install Linux – don’t do it blindly -- read and think about it – put /tmp, /home and /var/log in separate partitions " Install latest upgrades " Switch to non-privileged account – use “su -” whenever elevated privileges needed " Watch logs (usually in /var/log)

Linux Defenses: IP Filtering " tcp wrappers – /etc/hosts.deny " ALL:ALL – /etc/hosts.allow " ALL: 10. LOCAL " sshd: ALL – /etc/xinetd.d " disable=yes for undesired services – killall -USR2 xinetd

Linux Defenses: Apache Lockdown " Apache -- start by restricting everything Options None AllowOverride None Order deny,allow Deny from all – then allow by specific directories " want to disable CGI, includes

Linux Defenses: FTP Lockdown " should not use -- sends passwords in plain text – use ssh/scp/sftp instead " /etc/ftpusers " should NOT include root or other privileged accounts " disallow anonymous FTP – should read: class all real *

References – – Microsoft Baseline Security Analyzer " for 2000/XP " requires Internet access to run " =/technet/security/tools/Tools/mbsahome.asp – SANS Institute Bookstore (Windows 2000 & Linux) " SANS = System Administration, Networking and Security) " es/sans/sw/access.html

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.