Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

Published byBernadette Melton Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your."— Presentation transcript:

1 1 Defining System Security Policies

2 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your system from external and internal attack from malicious elements. This module focuses on policies to ensure basic system security in a Network environment. ♦ Lessons covered in this module ► Basic Security Concepts ► Services and Policies

3 3 Defining System Security Policies Lesson 1 - Basic Security Concepts Basic Security Concepts ♦ Introduction There are many types of threats to network security. Specific terms are used to describe them. Preventive measures and technologies protect the network. These are the basic security concepts explain in this lesson. ♦ Topics covered in this lesson ► Security Terms ► Basic System Security

4 4 Defining System Security Policies Topic 1 – Security Terms ♦ Network Security Threats: ► Fraud, vandalism, espionage, defacement, computer viruses, and hackers. Threats can be internal or external. ♦ Threats take the form of specific attacks : ► Virus, Worm, Password cracking, Vandal, Man-in-the-middle, Denial-of- Service, Distributed Denial-of-Service, Mail Bomb, Ping of Death, Broadcast Storm, Spamming, Trojan horse, Resource Stealing, Sniffing, Spoofing, Email hacking, WinNuke. Contd …

5 5 Defining System Security Policies Topic 1 – Security Terms ♦ Preventive Measures: ► Authentication, Access control, Data encryption, Pretty Good Privacy (PGP), Double password encryption scheme, Vulnerability Assessment, Virus scanner, Auditing, Intrusion Detection Systems (IDS), Honey Pots, Securing servers. ♦ Security Technologies: ► Firewall, Virtual Public Network (VPN), Public Key Infrastructure (PKI), Network Address Translation (NAT).

6 6 Defining System Security Policies Topic 2 – Basic System Security ♦ Security Practices ► System security starts with good system administration. ► Adopt routine safe practices while working an a Network. ► There is no 100% security. ► Follow all the preventive actions as a habit. ► Still there can always be a security breach. ► Detect intruders early by checking the system logfiles regularly. ► Check the ownership and permissions of all vital files. ► Monitor use of privileged accounts. Contd …

7 7 Defining System Security Policies Contd … Topic 2 – Basic System Security ♦ System Security ► Be proactive about system security. ► Monitor the mailing lists for updates and fixes. ► Give any service least privilege, when available to the network. ► Disable traits not required for the specified work. ► Set up programs to privileged accounts only when necessary. ► Use tcpd to restrict certain services to users from certain hosts. ► Learn and use methods of restricting access to particular hosts or services.

8 8 Defining System Security Policies Topic 2 – Basic System Security ♦ Software Security ► Be careful with software that enable login or command execution with limited authentication. ► Disable the r commands and use the ssh suite of tools. ► Avoid dangerous software Programs that require special privilege are more dangerous. ► Disable any vulnerable services. ► Only install, run and expose services that are absolutely necessary.

9 9 Defining System Security Policies Lesson 2 – Services and Policies ♦ Introduction Services in Red Hat Linux are programs which can be run on the network. These can be secure or insecure. Policies are the options which decide which of the services are accessible to different users. ♦ Topics covered in this lesson ► Securing Services ► Defining Policies

10 10 Defining System Security Policies Topic 1 - Securing Services ♦ Insecure Services ► Telnet ► File Transfer Protocol (FTP) ► rsync, rsh, rlogin and finger ♦ Secure Services ► Secure Shell Service (SSH) ► Secure Copy (scp) ► Secure File Transfer (sfp) ► Security Enhanced Linux (SELinux)

11 11 Defining System Security Policies Topic 2 - Defining Policies ♦ Best security practice is to have a documented security policy. ♦ Internal attacks are as important as external attacks. ♦ Security policy should define and alert warning signals. ♦ Policy should tell who should do what in response to the signals. ♦ Limit physical access to systems containing sensitive information. ♦ Define system security policy using SELinux. ♦ SELinux is based on Mandatory Access Control (MAC). ♦ SELinux adds another layer of access control permission. ♦ Services governed by SELinux policy are dhcpd, httpd, mysqld, named, nscd, ntpd, portmap, postgres, snmpd, squid, syslogd, and winbindd.

12 12 Defining System Security Policies Lab Exercises ♦ Verifying services as per given security policy, by service detection.

13 13 Defining System Security Policies Conclusion ♦ Summary ► Computers networks can be harmed by security threats. Appropriate preventive measures and adopting security technologies can avoid such threats. Safe practices for security of system, network, and software are essential. ► Insecure services like Telnet, FTP, Rsync, Rsh, rlogin and finger should be replaced by secure services like SSH, scp, sftp and enforce SELinux. System security policies must be clearly defined and understood by all users. SELinux should have proper policies and should be implemented. ♦ Question and Answer Session

Download ppt "1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your."

Similar presentations

Network Security.

Network Security.
Protection of Information Assets I. Joko Dewanto 1.

Protection of Information Assets I. Joko Dewanto 1.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.

Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.

Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.
Web Server Administration TEC 236 Securing the Web Environment.

Web Server Administration TEC 236 Securing the Web Environment.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.

TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.

Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Enterprise Network Security Accessing the WAN Lecture week 4.

Enterprise Network Security Accessing the WAN Lecture week 4.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Similar presentations

Ads by Google