1 / 29

Security

Security. An Introduction. Security: The 4R Rule. Risk Assessment Define areas of vulnerability Reproachment (Site Hardening) Take steps to isolate and protect site Recovery Have a recovery plan, well tested and practiced Research Stay on top of issues and concerns. Risk Assessment.

jaden
Download Presentation

Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security An Introduction

  2. Security: The 4R Rule • Risk Assessment • Define areas of vulnerability • Reproachment (Site Hardening) • Take steps to isolate and protect site • Recovery • Have a recovery plan, well tested and practiced • Research • Stay on top of issues and concerns Security: Introduction

  3. Risk Assessment • What can be stolen? • Equipment? Information? Services? Services to others? • Who can hurt you? • Experienced Hackers? Why are you a target? • What can or cannot be replaced? • Can: Equipment. People. • Cannot: Time, Effort, Money, Resources, Trust. • What can be recovered? • From where? In how long? • What is the on-going loss. Security: Introduction

  4. Outside - In Model Firewall The "Internet" Network O/S ISP Application/API Security: Introduction

  5. Outside-In Comments • At each arrow and block there is a vulnerability. • Snooping: Information being transmitted being intercepted and diverted or copied. • Hacking: Breaking into a network or system to steal or destroy. • Cracking: Secretly gaining access and then snooping or hacking. Covert or time delayed attacks or intrusions. Security: Introduction

  6. Between Client/ISP • Encryption • Less perfect then one might suppose • Isolation of connection • Connection intrusion detection • Connection staggering (multiplexing) • Continuous authentication • Physical site security Security: Introduction

  7. Across the Internet • Private networks • Intrusion Detection • Hard encryption • Multi-routing • Bypass wires in favor of tight beam connections (microwave or laser) Security: Introduction

  8. At the Firewall • Only allow TCP/IP • Filter available ports (i.e. ports 80, 20/21, 25) • Filter IP addresses • Filter by packet content • Encryption and authentication at the firewall • Route tracing Security: Introduction

  9. At the network • Isolation of external connections from main backbones • Gateways should refuse to pass packets in packets (tunneling) • Hard to guess accounts and passwords • Logging • Route Tracing • Encryption and authentication Security: Introduction

  10. In the O/S • Minimum number of services/protocols • Rid O/S of all spurious accounts • Long seriously hard to crack passwords, rotated frequently • No unneeded service accounts • Keep current on revisions and patches • Physical isolation of the hardware Security: Introduction

  11. Application/API • Functional restrictions by users/groups • Avoid "all in one" privileges • Prevent certain APIs from being called from unregistered services • Support for encryption and authentication at this level • Database security/Change log/No delete rule. Security: Introduction

  12. Recovery • Physical • Equipment, Power, Connectivity • Operating Environment • O/S, Drivers, Services, Patches • Data • Content • Operational • Broadcast of availability, trust recovery Security: Introduction

  13. Recovery preparedness • Backup and then test backup on a different machine. • You should be able to restore 100% functionality if you have compatible hardware. • New "clone" should be taken after every patch or update • No matter how big data is, a complete snapshot should be taken periodically. Security: Introduction

  14. Media Madness • Media frays. Replace it every 1/2 - 3/4 of Manufactures recommendation. • Clean media drives as frequently as manufacturer suggests. • See previous slide about testing backups via recovery. • Off-site a batch of media periodically. • Protect media from environmental factors (humidity, dust, temperature extremes) and particularly magnetism! • Critical data should be written to non-magnetic media as well. • Document recovery process carefully, practice it! Security: Introduction

  15. Research protocols • For every step in the diagram watch the sites that supply the software/hardware for patches and updates. • Invoke an outside testing agency to assess your site hardness (SATAN and its ilk). • Log and document all patches and carefully ready distributions with patches. • Audit your security periodically. Security: Introduction

  16. NT Security • Domains -- a collection of computers that mutually agree to share the same trust level. • Groups -- a collection of users within a domain with the same access privileges to network resources. • Resources -- all resources are based on access to a file or folder (e.g., a share). For instance, a printer spooler file, a web page, or a shared folder. Security: Introduction

  17. Research Sites • http://www.microsoft.com/security/default.asp • http://www.sans.org/ • http://www.verisign.com • http://ciac.llnl.gov/ciac/CIACHome.html • http://www.symantec.com/avcenter/index.html • http://www.nai.com/ • http://web.mit.edu/network/pgp.html • http://csrc.ncsl.nist.gov/ • http://www.cert.org/ Security: Introduction

  18. Users and Groups • Good practice is to right groups to resources and put users in groups rather than granting individual users rights to resources. • Most meaningful security on NT machines enabled only on NTFS partitions. • If greater than group access is required, NT supports access control lists for files and folders (all resources in Windows 2000) Security: Introduction

  19. Special NT Groups • Administrators: aka God. • Domain Admins: God of this universe. • Machine Administrator: god of this machine. Required to admin services. • Domain Users: people who are users of this domain. • Everyone: a domain user or not. Security: Introduction

  20. User Manager for Domains Security: Introduction

  21. Editing a User Security: Introduction

  22. NT Access Rights • Access rights implemented by Access Control Lists (ACLs) on each resource on an NTFS partition. Security: Introduction

  23. Permissions • Read (open or copy) • Write (create, edit) • Execute (run or run script) • Delete (delete) • Can also implement advanced rights via ACLs • Access by time of day • Access by location • Access by password Security: Introduction

  24. NT Security and IIS • In order to administrate IIS you must have operator or administrator privileges. • All users authenticate to some user, IIS creates the anonymous user IUSR_machinename account to allow anyone to access machine resources like web pages. Security: Introduction

  25. IIS Security Screens Security: Introduction

  26. Blocking Bad Visitors From the LOG files you can determine the IP addresses of bad guests and exclude them. Security: Introduction

  27. FrontPage Security • Sits on top of NT security • Rights to root web and child webs assigned by groups (preferred) or users. • FrontPage security manager does “bulk” changes of ACLs. It spins through the files and subfolders propagating the rights changes indicated. • Front page hides many of the details of the ACL mechanism by having “abstract” levels of rights. Security: Introduction

  28. FrontPage Rights • FrontPage has three levels of rights that match up to specific ACLs • browse: r (read) • author: rwd (read, write, delete) • administrator: rwxdpo (read, write, execute, delete, change permissions, take ownership) (NT: full control) • Certain files in FrontPage (the _Underbar files and folders) require special ACL combinations. Security: Introduction

  29. FrontPage Security Dialog Security: Introduction

More Related