Download
1 / 28
E N D
1. Security Baselines Security+ Guide to Network Security Fundamentals
Second Edition
2. 2
3. 3 Disabling Nonessential Systems First step in establishing a defense against computer attacks is to turn off all nonessential systems
The background program waits in the computers random access memory (RAM) until the user presses a specific combination of keys (a hot key), such as Ctrl+Shift+P
Then, the idling program springs to life
Early terminate-and-stay-resident (TSR) programs performed functions such as displaying an instant calculator, small notepad, or address book
In Microsoft Windows, a background program, such as Svchostexe, is called a process
4. 4 Disabling Nonessential Systems (cont) The process provides a service to the operating system indicated by the service name, such as AppMgmt
Users can view the display name of a service, which gives a detailed description, such as Application Management
A single process can provide multiple services
A service can be set to one of the following modes:
Automatic
Manual
Disabled
Besides preventing attackers from attaching malicious code to services, disabling nonessential services blocks entries into the system
5. 5 Disabling Nonessential Systems (cont)
6. 6 Disabling Nonessential Systems (cont)
7. 7 Disabling Nonessential Systems (cont) The User Datagram Protocol (UDP) provides for a connectionless TCP/IP transfer
TCP and UDP are based on port numbers
Socket: combination of an IP address and a port number
The IP address is separated from the port number by a colon, as in 19814611820:80
The User Datagram Protocol (UDP) provides for a connectionless TCP/IP transfer
TCP and UDP are based on port numbers
Socket: combination of an IP address and a port number
The IP address is separated from the port number by a colon, as in 19814611820:80
8. 8 Disabling Nonessential Systems (cont)
9. 9 Hardening Operating Systems Hardening: process of reducing vulnerabilities
A hardened system is configured and updated to protect against attacks
Three broad categories of items should be hardened:
Operating systems
Applications that the operating system runs
Networks
You can harden the operating system that runs on the local client or the network operating system (NOS) that manages and controls the network, such as Windows Server 2003 or Novell NetWare
10. 10 Applying Updates Operating systems are intended to be dynamic
As users needs change, new hardware is introduced, and more sophisticated attacks are unleashed, operating systems must be updated on a regular basis
However, vendors release a new version of an operating system every two to four years
Vendors use certain terms to refer to the different types of updates (listed in Table 4-3 on page 109)
A service pack (a cumulative set of updates including fixes for problems that have not been made available through updates) provides the broadest and most complete update
11. 11 Applying Updates (continued) A hotfix does not typically address security issues; instead, it corrects a specific software problem
A patch or a software update fixes a security flaw or other problem
May be released on a regular or irregular basis, depending on the vendor or support team
A good patch management system includes the features listed on pages 111 and 112 of the text
12. 12 Applying Updates (continued)
13. 13 Securing the File System Another means of hardening an operating system is to restrict user access
Generally, users can be assigned permissions to access folders (also called directories in DOS and UNIX/Linux) and the files contained within them
Microsoft Windows provides a centralized method of defining security on the Microsoft Management Console (MMC)
A Windows utility that accepts additional components (snap-ins)
After you apply a security template to organize security settings, you can import the settings to a group of computers (Group Policy object)
14. 14 Securing the File System (continued) Group Policy settings: components of a users desktop environment that a network system administrator needs to manage
Group Policy settings cannot override a global setting for all computers (domain-based setting)
Windows stores settings for the computers hardware and software in a database (the registry)
15. 15 Hardening Applications Just as you must harden operating systems, you must also harden the applications that run on those systems
Hotfixes, service packs, and patches are generally available for most applications; although, not usually with the same frequency as for an operating system
16. 16 Hardening Servers Harden servers to prevent attackers from breaking through the software
Web server delivers text, graphics, animation, audio, and video to Internet users around the world
Refer to the steps on page 115 to harden a Web server
Mail server is used to send and receive electronic messages
In a normal setting, a mail server serves an organization or set of users
All e-mail is sent through the mail server from a trusted user or received from an outsider and intended for a trusted user
17. 17 Hardening Servers (continued)
18. 18 Hardening Servers (continued) In an open mail relay, a mail server processes e-mail messages not sent by or intended for a local user
File Transfer Protocol (FTP) server is used to store and access files through the Internet
Typically used to accommodate users who want to download or upload files
19. 19 Hardening Servers (continued)
20. 20 Hardening Servers (continued) FTP servers can be set to accept anonymous logons using a window similar that shown in Figure 4-8
A Domain Name Service (DNS) server makes the Internet available to ordinary users
DNS servers frequently update each other by transmitting all domains and IP addresses of which they are aware (zone transfer)
21. 21 Hardening Servers (continued)
22. 22 Hardening Servers (continued) IP addresses and other information can be used in an attack
USENET is a worldwide bulletin board system that can be accessed through the Internet or many online services
The Network News Transfer Protocol (NNTP) is the protocol used to send, distribute, and retrieve USENET messages through NNTP servers
23. 23 Hardening Servers (continued) Print/file servers on a local area network (LAN) allow users to share documents on a central server or to share printers
Hardening a print/file server involves the tasks listed on page 119 of the text
A DHCP server allocates IP addresses using the Dynamic Host Configuration Protocol (DHCP)
DHCP servers lease IP addresses to clients
24. 24 Hardening Data Repositories Data repository: container that holds electronic information
Two major data repositories: directory services and company databases
Directory service: database stored on the network that contains all information about users and network devices along with privileges to those resources
Active Directory is the directory service for Windows
Active Directory is stored in the Security Accounts Manager (SAM) database
The primary domain controller (PDC) houses the SAM database
25. 25 Hardening Networks Two-fold process for keeping a network secure:
Secure the network with necessary updates
Properly configure it
26. 26 Firmware Updates RAM is volatile?interrupting the power source causes RAM to lose its entire contents
Read-only memory (ROM) is different from RAM in two ways:
Contents of ROM are fixed
ROM is nonvolatile?disabling the power source does not erase its contents
ROM, Erasable Programmable Read-Only Memory (EPROM), and Electrically Erasable Programmable Read-Only Memory (EEPROM) are firmware
To erase an EPROM chip, hold the chip under ultraviolet light so the light passes through its crystal window
The contents of EEPROM chips can also be erased using electrical signals applied to specific pins
