1 / 10

CS 591 Term Project

CS 591 Term Project. Popular OS Hardening by Dennis Ippoliti. Project Scope. Original work : Donovan Thorpe, Samarpita Hurkute, Kunal Bele, Allen Liu, Michael Baswell Manually completed hardening tasks in VM environment Used scoring tool to compare OS

marcelob
Download Presentation

CS 591 Term Project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CS 591 Term Project Popular OS Hardening by Dennis Ippoliti dpippoli/PopularOSHardening

  2. Project Scope • Original work :Donovan Thorpe, Samarpita Hurkute, Kunal Bele, Allen Liu, Michael Baswell • Manually completed hardening tasks in VM environment • Used scoring tool to compare OS • Primarily windows OS (Server, XP, Vista, Longhorn) • This work builds on previous work • Examine Windows, Solaris and Red Hat • Automate the process • Document Findings dpippoli/PopularOSHardening

  3. Project Goals • Research OS Hardening Techniques • CIS Baseline • Microsoft Security Bulletins • Solaris “BigAdmin” • Defense Information Systems Agency • Security Template Implementation Guide • (DISA STIG) dpippoli/PopularOSHardening

  4. Project Goals Cont… • Create new or enhance existing templates • Automate process as much as possible • Provide scripts and tools • Document results • Discuss Pros and Cons dpippoli/PopularOSHardening

  5. Automation Tools • Microsoft Management Console • Group Policy Objects • Bastille • Scripts • Checklists dpippoli/PopularOSHardening

  6. Basic Security Measures • Software Patches • Unnecessary Services • Password policies • File Security • Packet Filtering • Vigilance • Disaster Recovery dpippoli/PopularOSHardening

  7. Updating Patches • Methods • Linux = yum or up2date • Solaris = BigAdmin automated rc script • Windows = Windows Update Server • For enterprise environment use local update server dpippoli/PopularOSHardening

  8. Disable Unused Services • Windows Server • IIS • Windows XP • NetBIOS over TCP • File and Print sharing • Solaris / Linux • FTP, Telnet, rlogon • Compilers, scripting tools dpippoli/PopularOSHardening

  9. Password Policies • Enforce Password Policies • Change every 90 days • Must be 8 characters • No dictionary words • Windows • Rename/disable Administrator • Create/disable dummy administrator • Use passdrop to enforce policy on Admin account • Use 15 character accounts for elevated privilege accounts (Windows does not store LM Hash) • Unix • Disable login for well known accounts that do not need direct login access (bin,daemon,sys,uucp,lp,adm) dpippoli/PopularOSHardening

  10. References • CIS Benchmarks: http://www.cisecurity.org/ • Bastille: http://www.bastille-linux.org/ • Microsoft security pages: http://www.microsoft.com/technet/security/ • Solaris BigAdmin: http://sun.com/bigadmin/ • DISA STIGs: http://iase.disa.mil/stigs/checklist/ dpippoli/PopularOSHardening

More Related