Presentation is loading. Please wait.

Presentation is loading. Please wait.

SECURITY BASELINES -Sangita Prabhu.

Published byAllyson Caldwell Modified over 9 years ago

Similar presentations

Presentation on theme: "SECURITY BASELINES -Sangita Prabhu."— Presentation transcript:

1 SECURITY BASELINES -Sangita Prabhu

2 Overview OS/NOS vulnerabilities and hardening practices
Operation and security of file systems Common Network Hardening Practices Best practices in securing web services

3 OS/NOS Hardening Making OS more secure to outside threats
Categorization of disrupting actions Attacks Malfunctions Errors

4 Best Practices for System Hardening
Remove unused applications and services Strong Password Policies Limited number of administrators Account lockout Latest security updates and hot fixes Maintain external log Periodic backup System administrator should identify and remove all unused applications and services which might reveal some sensitive system information. Also, remove all unused or unnecessary file shares. Force periodic password changes. Remove or disable all expired or unneeded accounts. Set necessary privileges to ensure that resources are available on as needed basis. Keep track of latest security updates. Apply vendor suggested patches as and when available. Maintain log of all user account and administrative activities in order to conduct forensic analysis if system is compromised. Keeping external log can increase system integrity and make future security related maintenance much simpler. This log should contain information like all the software versions installed on the system. All the group information, Records of all backups and upgrades. When a security patch is recommended then it is easy to reference this manual rather than digging into the live system to find out if the particular patch is applicable.

5 File Systems Hardening
Configuring Access Controls Setting Privileges on files and data objects Creating User Groups Grouping users by common needs File encryption capabilities Resource consuming feature

6 Configuring Access Controls
Common Practices for setting file and data privileges: Disable write and execute permissions for all executables Restrict access to important files Pay close attention to access control inheritance Make all log files “Append Only” if the option is available Prevent users from installing, removing or editing scripts

7 System Updates Minimize gap between release and installation of a security patch. Monitor security-related Information --Mailing lists, security related sites, Hackers sites Evaluate Updates for Applicability --Paper Logs Plan the installation of Updates --unsystematic and haphazard updates could introduce new vulnerabilities to networks Document update plan Deploy new systems with latest software

8 Network Hardening Firmware updates Configuration
Best Practices in configuring Router and Firewall systems Maintain a copy of current configurations Never allow IP-directed broadcasts Configure devices with meaningful names Always use description for each interface Always specify bandwidth on the interfaces Always configure loopback address

9 Network Hardening Best Practices in configuration contd…
Avoid using common words for password and naming schemes Deploy logging throughout the network Restrict data traffic to required ports only

10 Access Control Lists ACL is a set of statements that controls the flow of packets through a device based on certain parameters and information within the packets ACLs implement packet filtering Packet filtering rules can be designed based on intrinsic and extrinsic information pertaining to a data packet

11 Designing filtering rules
Best Practices Deny all packets unless explicit permissions Design antispoofing rules Identify protocols ,ports, and source and destination addresses that need to be serviced on your networks Configure the rule set of ACL by protocol and by port Place “deny all” rules at the end of the rule set

12 Enabling And Disabling Of Services And Protocols
Running unnecessary services on the network devices makes them vulnerable Administrators should identify and remove all unnecessary services Required services should be evaluated and installed in a manner to lower potential risks Example: RPC and SNMP– if needed then should be accomplished via VPN for security

13 Commonly Exploited Services
Some Examples of commonly exploited services on CISCO platforms Service Description Default Note SNMP Protocol Routers can support SNMP remote query and configuration Enabled If not in use, explicitly disable or restrict access Domain name Service Routers can perform DNS name resolution Set the DNS server address explicitly, or disable DNS IP Source Routing IP feature that allows packets to specify their own routes This rarely–used feature can be helpful in attacks; disable it.

14 Application Hardening
Web Servers Isolating Web Servers Configuring web servers for access privileges Identifying and Enabling Web Server-Specific logging tools Considering security Implications Configuring Authentication and Encryption

15 Application Hardening…
Servers Attachments with malicious contents s with abnormal MIME headers Scripts Embedded into HTML-Enabled Mail Defense mechanisms: Latest software updates and patches content filtering using gateway products Deployment of virus-scanning tools on the server Attachment checking mechanisms HTML active Content Removal

16 Application Hardening…
FTP Servers Protecting against Bouncebacks --Using FTP servers to connect to the attacked machine rather than connecting directly --Makes difficult to track the attacker --Configure servers to not open data connections to TCP ports less than 1024 --Use proper file protections --Disable PORT command : It also disables PROXY FTP which might be needed in certain situations

17 FTP Servers… Restricting Areas Protecting Usernames and passwords
Utilize alternate authentication mechanisms to avoid attempts to intercept clear text password Limit number of attempts for a legitimate password Limit the number of control connections Return same response USER command, prompting for the password and then reject the combination of Username and Password Port Stealing : Deploy random port assignments

18 Application Hardening…
DNS Servers Inaccurate Data on IP Address Ownership Without accurate IP ownership data cannot distinguish between innocent users and attackers Customer Registry Communication Use encrypted communication DNS Spoofing and Cache Poisoning Not Updated root.hints files Recursive Queries Denial of service Attacks

19 Application Hardening…
NNTP Servers (Network News Transfer Protocol) Messages are delivered to Newsgroups instead of individual users Newsgroups acts as a storage for the related messages News Client is used to read messages To gain access to new postings users need to access news servers NNTP is designed to store news article in a central database and allow user to choose only the items of their interest

20 NNTP Servers… Typically, NNTP servers run as a background process on one host and accepts connections to other hosts Have similar vulnerabilities as any other network services Proper authentication, disabling of unneeded services and application of relevant software and OS patches are effective methods to prevent attacks

21 Application Hardening
File and Print Servers Offering only essential Network and OS Services on a Server Configuring Servers for User Authentication Configuring Server Operating Systems Managing Logging and other data collection mechanisms Configuring servers for File Backups

22 Application Hardening…
DHCP Servers (Dynamic Host Configuration Protocol) Assignment of dynamic IP Addresses to devices on the network Simplifies network administration Has no security provisions therefore vulnerable to attacks Broadcast-based protocol, therefore, attacker can use a sniffer program to collect critical network information. Spoof official DHCP server : Redundant DHCP servers are allowed Launch DoS attack against the DHCP server

23 DHCP Servers… Certain steps to prevent such attacks
Permanent address assignments with DHCP Allow dynamic addressing and monitor log files for malicious user Force stations with new MAC addresses to register with the DHCP server Intrusion Detection tools can be used Latest software and patches are important

24 Data Repositories Directory Services
Lightweight Directory Access protocol (LDAP) LDAP directory is a special kind of database that stores information Based on simple tree-like hierarchy, called a Directory Information Tree (DIT) Threats to LDAP can be categorized in two groups: Directory Service-oriented threats Non directory Service-oriented threats

25 Directory Service-Oriented Threats
Unauthorized access to data Unauthorized access to resources Unauthorized modification or deletion Spoofing of directory services Excessive use of resources

26 NonDirectory Service Oriented Threats
Common network based attacks to compromise the availability of resources. Attacks against hosts by Physically accessing the resources Attacks against back-end databases

27 Security of LDAP Based on two processes Authentication Authorization
Anonymous—No specific authentication Simple Authentication– Plaintext Passwords Simple Authentication and Security Layer (SASL)—Exchange of encrypted data (Most Secure) Authorization What resources, application and services are accessible by an authenticated client

28 Databases General Principles of Security--
Authentication of users and Applications Ensure use by Legitimate users only Determining access privileges Applications require username/password to use the database Administrative Policies and Procedures Written security policy Initial Configuration Auditing Backup and Recovery Procedures

Download ppt "SECURITY BASELINES -Sangita Prabhu."

Similar presentations

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Web Server Administration TEC 236 Securing the Web Environment.

Web Server Administration TEC 236 Securing the Web Environment.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.

Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.

Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.

Similar presentations

Ads by Google