Lecture Security+ Certification: Chapter 9 - System hardening. The main contents of this chapter include all of the following: Disable nonessential systems, harden operating systems, harden applications, harden networks.
Chapter System Hardening Objectives in this chapter ATHENA Disable nonessential systems Harden operating systems Harden applications Harden networks Disabling Nonessential Systems ATHENA First step in establishing a defense against computer attacks is to turn off all nonessential systems The background program waits in the computer’s random access memory (RAM) until the user presses a specific combination of keys (a hot key), such as Ctrl+Shift+P Then, the idling program springs to life Disabling Nonessential Systems (continued) ATHENA Early terminate-and-stay-resident (TSR) programs performed functions such as displaying an instant calculator, small notepad, or address book In Microsoft Windows, a background program, such as Svchostexe, is called a process The process provides a service to the operating system indicated by the service name, such as AppMgmt Disabling Nonessential Systems (continued) ATHENA Users can view the display name of a service, which gives a detailed description, such as Application Management A single process can provide multiple services Disabling Nonessential Systems (continued) ATHENA Disabling Nonessential Systems (continued) ATHENA Disabling Nonessential Systems (continued) A service can be set to one of the following modes: • Automatic • Manual • Disabled ATHENA Besides preventing attackers from attaching malicious code to services, disabling nonessential services blocks entries into the system Disabling Nonessential Systems (continued) The User Datagram Protocol (UDP) provides for a connectionless TCP/IP transfer TCP and UDP are based on port numbers Socket: combination number of an IP address and a port • The IP address is separated from the port number by a colon, as in 19814611820:80 ATHENA Disabling Nonessential Systems (continued) ATHENA Hardening Servers (continued) ATHENA Hardening Servers (continued) FTP servers can be set to accept anonymous logons using a window similar that shown in Figure 4-8 A Domain Name Service (DNS) server makes the Internet available to ordinary users • DNS servers frequently update each other by transmitting all domains and IP addresses of which they are aware (zone transfer) ATHENA Hardening Servers (continued) ATHENA Hardening Servers (continued) ATHENA IP addresses and other information can be used in an attack USENET is a worldwide bulletin board system that can be accessed through the Internet or many online services The Network News Transfer Protocol (NNTP) is the protocol used to send, distribute, and retrieve USENET messages through NNTP servers Hardening Servers (continued) ATHENA Print/file servers on a local area network (LAN) allow users to share documents on a central server or to share printers Hardening a print/file server involves the tasks listed on page 119 of the text A DHCP server allocates IP addresses using the Dynamic Host Configuration Protocol (DHCP) DHCP servers “lease” IP addresses to clients Hardening Data Repositories ATHENA Data repository: container that holds electronic information Two major data repositories: directory services and company databases Directory service: database stored on the network that contains all information about users and network devices along with privileges to those resources Hardening Data Repositories (continued) ATHENA Active Directory is the directory service for Windows Active Directory is stored in the Security Accounts Manager (SAM) database The primary domain controller (PDC) houses the SAM database Hardening Networks Two-fold process for keeping a network secure: • Secure the network with necessary updates • Properly configure it ATHENA Firmware Updates RAM is volatile―interrupting the power source causes RAM to lose its entire contents Read-only memory (ROM) is different from RAM in two ways: • Contents of ROM are fixed • ROM is nonvolatile―disabling the power source does not erase its contents ATHENA Firmware Updates (continued) ATHENA ROM, Erasable Programmable Read-Only Memory (EPROM), and Electrically Erasable Programmable Read-Only Memory (EEPROM) are firmware To erase an EPROM chip, hold the chip under ultraviolet light so the light passes through its crystal window The contents of EEPROM chips can also be erased using electrical signals applied to specific pins Network Configuration ATHENA You must properly configure network equipment to resist attacks The primary method of resisting attacks is to filter data packets as they arrive at the perimeter of the network Network Configuration (continued) ATHENA Rule base or access control list (ACL): rules a network device uses to permit or deny a packet (not to be confused with ACLs used in securing a file system) Rules are composed of several settings (listed on pages 122 and 123 of the text) Observe the basic guidelines on page 124 of the text when creating rules Network Configuration (continued) ATHENA Summary ATHENA Establishing a security baseline creates a basis for information security Hardening the operating system involves applying the necessary updates to the software Securing the file system is another step in hardening a system Summary (continued) ATHENA Applications and operating systems must be hardened by installing the latest patches and updates Servers, such as Web servers, mail servers, FTP servers, DNS servers, NNTP servers, print/file servers, and DHCP servers, must be hardened to prevent attackers from corrupting them or using the server to launch other attacks ... Then, the idling program springs to life Disabling Nonessential Systems (continued) ATHENA Early terminate-and-stay-resident (TSR) programs performed functions such as displaying an instant calculator,...Objectives in this chapter ATHENA Disable nonessential systems Harden operating systems Harden applications Harden networks Disabling Nonessential Systems ATHENA First step in establishing... (continued) ATHENA Disabling Nonessential Systems (continued) ATHENA Disabling Nonessential Systems (continued) A service can be set to one of the following modes: • Automatic • Manual • Disabled ATHENA