Title: Secure Build Best Practices Jordan Wiensjwiensnersp.nerdc.ufl.edu
1Secure Build Best PracticesJordan
Wiens jwiens_at_nersp.nerdc.ufl.edu
- What's the big deal? (1)
- General Goals (2-8)
- Vendor Specifics
- Microsoft OSs (9-11)
- Linux (12-14)
- Others (15-17)
- Questions? (18)
http//net-services.ufl.edu/security/admins/build.
shtml
1/18
2Secure Build Best PracticesJordan
Wiens jwiens_at_nersp.nerdc.ufl.edu
- What's the big deal?
- Computers are often compromised minutes from
being connected to the Internet. - ANY machine can and will be used as an attack
platform. - Security is a chain. It's only as good as the
weakest link. - Secure builds are an ongoing process, not a one
time event.
http//net-services.ufl.edu/security/admins/build.
shtml
1/18
3Secure Build Best PracticesJordan
Wiens jwiens_at_nersp.nerdc.ufl.edu
- General Goals
- Secure the installation process
- Machine should be network disconnected until
secure - Use private IP, filtering device, campus proxy,
etc. - Use local file repositories, or local media.
- For multiple machine roll-outs, consider
disk-imaging software.
http//net-services.ufl.edu/security/admins/build.
shtml
1/18
4Secure Build Best PracticesJordan
Wiens jwiens_at_nersp.nerdc.ufl.edu
- Change passwords
- Change default passwords and accounts to
non-default settings. - Password generators
- http//www.adel.nursat.kz/apg/
- http//www.winguides.com/security/password.php
- Password policy
- Are you sure you got them all?
- MS-SQL
http//net-services.ufl.edu/security/admins/build.
shtml
1/18
5Secure Build Best PracticesJordan
Wiens jwiens_at_nersp.nerdc.ufl.edu
- Disable unnecessary services
- If in doubt, shut it down.
- If something breaks, open back up only what you
need to. - Double check with a port scan or netstat.
- Campus self-scanner
- https//net-services.ufl.edu/security/cgi-bin/secu
rity-gl-info-new.cgi - Nmap http//www.insecure.org/nmap/
- Netstat -a
http//net-services.ufl.edu/security/admins/build.
shtml
1/18
6Secure Build Best PracticesJordan
Wiens jwiens_at_nersp.nerdc.ufl.edu
- Patch OS and installed products
- Again, host should still be off the Internet.
Use a proxy, mirror, local resource, etc. - Visit OS security or patch page
- Any specialized software installed on the machine
should be the newest, or most secure, version.
Double check with the official source for the
program if in doubt.
http//net-services.ufl.edu/security/admins/build.
shtml
1/18
7Secure Build Best PracticesJordan
Wiens jwiens_at_nersp.nerdc.ufl.edu
- Preventative Measures
- Host based firewalls
- Host based IDS
- Log monitoring
- File system security and monitoring
- Anti-virus
http//net-services.ufl.edu/security/admins/build.
shtml
1/18
8Secure Build Best PracticesJordan
Wiens jwiens_at_nersp.nerdc.ufl.edu
- Regular Maintenance
- Subscribe to the appropriate announcement lists.
- Subscribe to relevant security lists.
- Use automated or semi-automated updates,
especially for antiviral software. - Schedule regular security checkups such as
security scans, process audits, or port scans.
http//net-services.ufl.edu/security/admins/build.
shtml
1/18
9Secure Build Best PracticesJordan
Wiens jwiens_at_nersp.nerdc.ufl.edu
- Vendor Specifics
- Microsoft
- Relevant lists
- http//microsoft.com/technet/security/bulletin/not
ify.asp - http//www.ntbugtraq.com/
- Whatever lists are relevant to your setup
http//net-services.ufl.edu/security/admins/build.
shtml
1/18
10Secure Build Best PracticesJordan
Wiens jwiens_at_nersp.nerdc.ufl.edu
- Microsoft
- Relevant sites
- http//microsoft.com/technet/security/default.asp
- http//microsoft.com/technet/security/lockdown.asp
- http//www.counterpane.com/log-windows.html
- http//windowsupdate.microsoft.com/
- http//net-services.ufl.edu/security/public/firewa
lls.shtml - Firewalls as IDS (net send)
http//net-services.ufl.edu/security/admins/build.
shtml
1/18
11Secure Build Best PracticesJordan
Wiens jwiens_at_nersp.nerdc.ufl.edu
- Microsoft
- Additional software
- http//ntsecurity.nu/toolbox/
- http//www.software.ufl.edu/mcafee
- http//www.software.ufl.edu/ghost/
- Snort, and useful setup info
- http//www.tripwire.com/
- http//microsoft.com/technet/security/tools/tools/
hfnetchk.asp
http//net-services.ufl.edu/security/admins/build.
shtml
1/18
12Secure Build Best PracticesJordan
Wiens jwiens_at_nersp.nerdc.ufl.edu
- Linux
- Relevant lists
- Bugtraq
- http//www.debian.org/MailingLists/subscribe
- http//www.redhat.com/mailing-lists/
- http//www.suse.com/us/private/support/mailinglist
s/index.html - http//www.mandrakesecure.net/en/mlist.php
- Find your own...
http//net-services.ufl.edu/security/admins/build.
shtml
1/18
13Secure Build Best PracticesJordan
Wiens jwiens_at_nersp.nerdc.ufl.edu
- Linux
- Relevant security sites
- PAM Password Guide
- http//www.nsa.gov/selinux/
- http//www.lids.org/
- http//www.linux-sec.net/
- http//www.linuxguruz.org/iptables/howto/iptables-
HOWTO.html
http//net-services.ufl.edu/security/admins/build.
shtml
1/18
14Secure Build Best PracticesJordan
Wiens jwiens_at_nersp.nerdc.ufl.edu
- Linux
- Additional software
- http//www.openwall.com/scanlogd/
- http//www.cs.tut.fi/rammer/aide.html
- http//osiris.shmoo.com/
- http//www.stanford.edu/atkins/swatch/
- http//snort.org/
- http//www.autorpm.org/
- http//www.ximian.com/products/redcarpet/
http//net-services.ufl.edu/security/admins/build.
shtml
1/18
15Secure Build Best PracticesJordan
Wiens jwiens_at_nersp.nerdc.ufl.edu
- Others
- Relevant lists
- Bugtraq
- Solaris Security Bulletins
- http//lists.apple.com/mailman/listinfo/security-a
nnounce - Appropriate vendor lists
http//net-services.ufl.edu/security/admins/build.
shtml
1/18
16Secure Build Best PracticesJordan
Wiens jwiens_at_nersp.nerdc.ufl.edu
- Others
- Relevant security sites
- http//www.securityfocus.com/
- Sans Solaris recommendations
- Apple security updates
- http//www.securemac.com/
http//net-services.ufl.edu/security/admins/build.
shtml
1/18
17Secure Build Best PracticesJordan
Wiens jwiens_at_nersp.nerdc.ufl.edu
- Others
- Additional software
- JASS solaris security hardnening
http//net-services.ufl.edu/security/admins/build.
shtml
1/18
18Secure Build Best PracticesJordan
Wiens jwiens_at_nersp.nerdc.ufl.edu
http//net-services.ufl.edu/security/admins/build.
shtml
1/18