Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 27: System Security

Published bySiegfried Rothbauer Modified over 6 years ago

Similar presentations

Presentation on theme: "Chapter 27: System Security"— Presentation transcript:

1 Chapter 27: System Security
Dr. Wayne Summers Department of Computer Science Columbus State University

2 Comparison of Web Server (in DMZ) and Development Systems (internal)
Policy Networks Users Authentication Processes Files

3 Policy for Web Server System in DMZ
All incoming Web connections and replies go through the outer firewall All users log in from an internal trusted server running SSH. Web pages not updated locally, but downloaded through SSH tunnel Log messages transmitted to DMZ log server only Web server may query DMZ DNS for IP addresses No other network services provided Web server runs CGI scripts Web server must implement services correctly & restrict access to services Public key of principal who will decipher and process transaction data resides on DMZ Web server

4 Policy for Development System
Only authorized users are allowed to use the devnet systems. All actions / system accesses tied to individual user Workstation sysadmins must be able to access workstations at all times Users on devnet are trusted not to attack devnet systems, other users not trusted All network communications (except ) are confidential and are checked for alteration Base standard configuration cannot be changed Sysadmin must be able to restore system from backup with at most one day’s loss Security officers must perform periodic and ongoing audits of devnet systems

5 Networks Web Server System in the DMZ
External users can reach system only by using Web services connecting through outer firewall Internal users can reach system only by using SSH from trusted admin system All attempts to connect must be monitored Server will not accept requests from other DMZ systems Server requires both host and user to be authenticated (via SSH server) Only web & SSH servers running; all attempts to connect to other ports are logged

6 Networks Development System
Only accept authenticated and encrypted user connections (SSH server) Runs print spooler, logging server, access to file server and user database system No ftp/web servers Simple SMTP server for convenience with mail kept remotely Uses access control wrappers Systems scanned by sysadmin for vulnerabilities

7 Users Web Server System in the DMZ Two users & one sysadmin
One user – read/serve Web pages & write to Web server transaction area Second user – move files from Web transaction area to commerce transaction area Minimize # of accounts vs. minimize privileges of accounts Sysadmin cannot login directly, except from console as root

8 Users Development System One user account per developer
Administrative account Groups based on projects Use consistent naming between development systems (use central repository - NIS) Each developer workstation must have local root account and local account for sysadmin Special accounts, e.g. mail, daemon Development system noot accessible by Internet users

9 Authentication Web Server System in the DMZ
SSH server only allows connections from trusted hosts and requires cryptographic authentication Web Server uses MD-5-based password hashing Development System Physically secure site Passwords (with aging) Use SSH for remote access

10 Processes Web Server System in the DMZ Run a minimum set of processes
Commerce server SSH server Login server OS services Interprocess communications only through well-defined communicaiton channels Development System Servers run with fewest privileges necessary to perform tasks Processes must be logged

11 Files Web Server System in the DMZ
System programs & configuration files – static (keep on CD) CGI programs – keep on CD Web server files kept in separate partition shielded from commerce server Development System Use CD to boot and install system and configuration Forward log messages to separate log server Keep developers files on separate file server

Download ppt "Chapter 27: System Security"

Similar presentations

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #24-1 Chapter 24: System Security Introduction Policy Networks Users Authentication.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #24-1 Chapter 24: System Security Introduction Policy Networks Users Authentication.
June 1, 2004Computer Security: Art and Science ©2002-2004 Matt Bishop Slide #27-1 Chapter 27: System Security Introduction Policy Networks Users Authentication.

June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #27-1 Chapter 27: System Security Introduction Policy Networks Users Authentication.
Installing and Configuring a Secure Web Server COEN 351 David Papay.

Installing and Configuring a Secure Web Server COEN 351 David Papay.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.

4-1 PSe_4Konf.503 EAGLE Getting Started and Configuration.
1 Networks, advantages & types of What is a network? Two or more computers that are interconnected so they can exchange data, information & resources.

1 Networks, advantages & types of What is a network? Two or more computers that are interconnected so they can exchange data, information & resources.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.

1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
Intranet, Extranet, Firewall. Intranet and Extranet.

Intranet, Extranet, Firewall. Intranet and Extranet.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.

Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
Hands-On Microsoft Windows Server 20081 Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Chapter 3.  Help you understand different types of servers commonly found on a network including: ◦ File Server ◦ Application Server ◦ Mail Server ◦

Chapter 3.  Help you understand different types of servers commonly found on a network including: ◦ File Server ◦ Application Server ◦ Mail Server ◦
Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.

Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.
CSU - DCE 0735 - Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Setting Up & Using a Site Security Policy Instructor:

CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Setting Up & Using a Site Security Policy Instructor:

Similar presentations

Ads by Google