Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Network Servers

Published byMary Evans Modified over 6 years ago

Similar presentations

Presentation on theme: "Securing Network Servers"— Presentation transcript:

1 Securing Network Servers
By: Kevin Arnold

2 Outline Need For Networked Servers Types Need For Secure Servers
Major Issues Activities Performed In Securing Servers Summary Questions

3 Need For Networked Servers
Server – In Theory, Any Computerized Process That Shares A Resource To One Or More Client Processes Started Out As Just Normal Computers, Industrial Sized Businesses Made It What It Is Today Need For Centralized Access To Information And Resources

4 Types Of Servers Inward-Facing: Only Available To The Organization That Owns And Runs The Server And Are Managed Via A Firewall Outward-Facing: Available To The Public Database, File, Mail, Print, And Web Servers

5 Need For Secure Servers
With Centralized Information, It Makes File And Database Servers The Most Useful To An Attacker Security Breaches On A Network Can Result In The Disclosure Of Critical Information That Can Affect The Entire Organization

6 4 Major Issues In Network Security
Confidentiality Refers To Protecting Information From Being Accessed By Unauthorized Parties Integrity Refers To Ensuring The Authenticity Of Information, That Information Is Not Altered, And That The Source Of The Information Is Genuine Availability Means That Information Is Accessible By Authorized Users Mutual Authentication Ensures That The User Is Who He Claims To Be And That The Network Server Host Is Who It Claims To Be

7 3 Part Approach Many Security Problems Can Be Avoided If Servers And Networks Are Appropriately Configured 1. Planning And Executing The Deployment Of Servers (2 Steps) 2. Configure The Server To Help Make Them Less Vulnerable To Attacks (5 Steps) 3. Maintaining The Integrity Of The Deployed Servers (3 Steps)

8 Planning And Executing The Deployment Of Servers - Step 1
Identify The Purpose Of The Server What Information Categories Will Be Stored On This Server? What Are The Security Requirements For This Information? Which Users Or Categories Will Be Able To Access The Server, Along With How They Will Authenticate Themselves And The Privileges They Are Allotted?

9 Planning And Executing The Deployment Of Servers - Step 2
Include Explicit Security Requirements When Selecting A Server 3 Steps To Accomplishing These Goals Identify Your Functionality And Performance Requirements Review The Recommended Practices That Address The Configuration And Operation Of The Server Product Identify Specific Security-Related Features, Such As Types Of Authentication, Level Of Access Control, Support For Remote Administration And Logging Features Absence Of Vulnerabilities Used By Known Forms Of Attacks Ability To Restrict Administrative Activities To Authorized Users Only Log Certain Activities

10 Configure The Server - Step 1
Keeping Operating Systems And Applications Software Up-to-date Minimize The Gap In Time Between The Vulnerability And The Fix Can Be Done By Developing And Maintaining A List Of Sources Of Information About Problems That Apply To Your System

11 Configure The Server - Step 2
Offer Only Essential Network Services And Operating System Services By Isolating Hosts It Allows For Each Host To Have Only One Administrator And Implements What Is Known As Separation Of Duties Reduce The Number Of Logs For Each Individual Host By Reducing Services On A Host, Making It Easier To Identify A Problem Create And Record Cryptographic Check- sums And Baselines For The System

12 Configure The Server - Step 3
Configure The Server For User Authentication Adding User’s Information To The Authentication Server Setting Up Authentication Hardware Such As Tokens, One- time Password Devices, Or Biometric Devices Remove Unneeded Default Accounts And Groups Hardware Based Password Computer’s Firmware Offers The Feature Of Requiring A Password When The System Is Turned On; This Is Known As A BIOS Or EEPROM Password

13 Configure The Server - Step 4
Identify And Enable System And Network Logging Mechanisms Collecting Data Generated By System, Network, Application, And User Activates Is Essential For Analyzing The Security Of These Assets And Detecting Intrusion *One Big No-No In Logs Is Logging Passwords, Correct Or Incorrect User’s Logs Logging Login/Logout Information, Location And Time Of Failed Attempt, And Changes In Authentication Status System Logs Status Or Errors Reported By Hardware Or Software Subsystems, Along With Changes In System Status, Including Shutdowns And Restarts Network Logs Service Initiation Requests Along With The Names Of Users/Hosts Requesting A Service

14 Configure The Server - Step 5
Setting Up A Backup System For Each Server Without A Backup, You May Be Unable To Restore A Computer’s Data After System Failures And Security Breaches Create A Plan With The Following Guidelines Specify That The Data Is Encrypted Before It Is Sent Over The Network Or To A Storage Medium Data Should Remain Encrypted While On The Backup Storage Medium Storage Media Should Be Kept In A Physically Secure Facility That Is Secure From Man-Made And Natural Disasters

15 Maintain The Integrity Of Deployed Servers - Step 1
Protect The Server From Viruses And Similar Threats Virus Is A Code Fragment That Reproduces By Attaching To Another Program. It Can Damage Data Directly Or Degrade System Performance By Consuming System Resources Trojan Horse Is An Independent Program That Appears To Perform A Useful Function But Hides Another Unauthorized Program Inside Of It Worm Is An Independent Program That Reproduces By Coping Itself From One System To Another, Usually Over A Network

16 Maintain The Integrity Of Deployed Servers - Step 2
Distribute Anti-Virus Programs Train Users To Use And Monitor These Anti-Virus Programs To Spot Any Suspicious Activity Check For Updates To Anti-Virus Programs Venders Usually Release Updates Weekly Or Monthly

17 Maintain The Integrity Of Deployed Servers - Step 3
Only Allow Appropriate Physical Access To The Servers, Monitors And Keyboards Servers Should Not Be Placed In An Individual’s Office Protect The Wiring And Other Network Connection Components Away From Physical Access Should Be A List Of Who Is Allowed To Access The Server, Monitor And Keyboard In Order To Install Hardware And Modify Existing Hardware Or Software

18 Summary Need For Networked Servers Types Need For Secure Servers
Major Issues Activities Performed In Securing Servers

19 Sources Scarfone, Karen, Wayne Jansen, Miles Tracy “Guide To General Server Security” National Institute Of Technology And Standards, July 2008 Allen, Julie, Gary Ford, Klaus-Peter Kossakowski “Securing Network Servers” CMU/SEI-SIM-010, April 2000

20 Questions?

Download ppt "Securing Network Servers"

Similar presentations

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Database Administration and Security Transparencies 1.

Database Administration and Security Transparencies 1.
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Cambodia-India Entrepreneurship Development Centre - : :.... :-:-

Cambodia-India Entrepreneurship Development Centre - : :.... :-:-
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Network security policy: best practices

Network security policy: best practices
Security Guidelines and Management

Security Guidelines and Management
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Prepared by:Nahed AlSalah Data Security 2 Unit 19.

Prepared by:Nahed AlSalah Data Security 2 Unit 19.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
1 Kyung Hee University Prof. Choong Seon HONG Network Control.

1 Kyung Hee University Prof. Choong Seon HONG Network Control.

Similar presentations

Ads by Google