Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Baselines Chapter 14
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Objectives Harden operating systems and network operating systems. Harden applications. Establish group policies.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Key Terms Application hardening Baseline Baselining Firmware update Globally unique identifier (GUID) Group policy Group policy object (GPO) Hardening Hotfix Network operating system (NOS)
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Key Terms (continued) Operating system (OS) Patch Patch management Pluggable Authentication Modules (PAM) Process identifier (PID) Run levels Security template Service pack Shadow file TCP wrappers
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Overview of Baselines The process of establishing a system’s security state is called baselining. The resulting product is a security baseline that allows the system to run safely and securely. Once the process has been completed, any similar systems can be configured with the same baseline to achieve the same level of security and protection. Uniform baselines are critical in large-scale operations.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Password Selection The heart of the problem is that most systems today are protected only by a simple user ID and password. Selecting a good password for all user accounts is critical to protecting information systems. This is especially true for servers. Compromise of a server can mean access to multiple user passwords.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Operating System and Network Operating System Hardening Common hardening tasks: ‐Disabling unnecessary services ‐Restricting permissions on files and directories ‐Removing unnecessary software ‐Applying patches ‐Removing unnecessary users ‐Applying password guidelines
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Hardening Windows Server 2003 IIS 6 isolates individual web applications. 19 services running under Windows 2000 by default were disabled under Server Two new service accounts with lower privilege levels introduced. Security Configuration Wizard (SCW). Software Restriction Policy (SRP). Enhanced audit capabilities were provided. Network Access Quarantine Control was introduced.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Hardening Windows Vista User Account Control allows users to operate the system without requiring administrative privileges. An outbound filtering capability was added to Windows Firewall. BitLocker allows encryption of all data on a server, including any data volumes. Vista clients work with Network Access Protection (NAP). Windows Defender is a built-in malware detection and removal tool. A new, more-secure version of Internet Explorer.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Vista’s User Access Control in Action
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Hardening Windows Server 2008 BitLocker allows encryption of all data on server. Role-based installation of functions and capabilities minimizes server footprint. Network Access Protection (NAP). Read-only domain controllers. More granular password policies. IIS 7 administration of web sites and web applications.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Windows 2008 Initial Configuration Tasks
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Hardening UNIX- or Linux-based Operating Systems General UNIX hardening is the same as hardening for Windows OS Disable unnecessary services Restrict permissions on files and directories Remove unnecessary software Apply patches etc.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Hardening UNIX- or Linux-based Operating Systems (continued) ps command run on a Fedora 10 system
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Hardening UNIX- or Linux-based Operating Systems (continued) Service configuration utility from a Fedora 10 system
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Hardening Solaris Define the system’s purpose. Install the operating system. Install the software. –pkgadd –pkgrm Patch the system. –patchadd –patchrm –smpatch –pkgparam
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Solaris Product Registry Tool
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Sun Update Manager
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Solaris Management Console
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Hardening Solaris TCP wrappers are filters that compare incoming connection requests to lists of authorized and unauthorized connections. Controlled by two files: –hosts.allow –hosts.deny Other commands: –chmod, chown, chgrp, useradd, passwd Pluggable Authentication Modules (PAM).
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Hardening Linux Fedora Add/Remove Software utility
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Hardening Linux (continued) Fedora User Manager
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Hardening Linux (continued) Fedora Firewall Configuration GUI
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Hardening Mac OS X Apple’s operating system is essentially a new variant of the UNIX operating system. The same rough guidelines for all UNIX systems apply to Mac OS X. –Mandatory access controls for system resources –Tagged downloads –Execute disable –Library randomization –FileVault –Application-aware firewall
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Hardening Mac OS X (continued) Firewall utility in Mac OS X 10.5
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Hardening Mac OS X (continued) Setting file permissions in Mac OS X
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Updates Hotfix –Small software update to address a specific problem Patch –More formal larger update –Addresses several problems –Developed over longer period of time Service pack –Collection of patches and hotfixes in on large package
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition XP Automatic Updates
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Windows Update Utility in Vista
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Fedora Software Package Update Utility
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Network Hardening Securing network infrastructure components typically involves the following activities: ‐ Software updates ‐ Device configuration
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Software Updates Maintaining current vendor patch levels for your infrastructure is one of the most important things you can do to maintain security. The different vendors for the different software and hardware must be tracked. Software and firmware for each device must be kept current.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Device Configuration Properly configured network devices are an important part of network hardening: –Routers, switches, firewalls, servers, proxies, etc Some general steps: –Limit access. –Choose good passwords. –Turn off unnecessary services. –Change SNMP community strings.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Application Hardening Securing an application against local and Internet-based attacks Securing applications typically involves the following activities: ‐ Application patches ‐ Hotfixes, patches, upgrades ‐ Patch management
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Patch Management A disciplined approach to the acquisition, testing, and implementation of patches. Ability to inventory applications and operating systems in use –Notification of patches –Continual scanning of systems patch status –Select which patches to apply –Push patches to systems –Ability to report patch success or failure –Ability to report patch status on any or all systems in the environment
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Windows Update Utility in Vista
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Patch Management Windows Server Update Services
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Group Policies Group policy Group policy object (GPO) Globally unique identifier (GUID) Microsoft’s new group policy capabilities: –Network location awareness –Ability to process without ICMP –VPN compatibility –Power management –Device access blocking –Location-based printing
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Group Policy Object Editor
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Security Templates A collection of security settings that can be applied to a system. They configure the following areas: Account policies Event log settings File permissions Registry permissions Restricted groups System services User rights
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition The MMC with Security Templates Snap-in
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Chapter Summary Harden operating systems and network operating systems. Harden applications. Establish group policies.