Security for Broadcast IT Systems - PowerPoint PPT Presentation


PPT – Security for Broadcast IT Systems PowerPoint presentation | free to view - id: 1a8875-ZDc1Z


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation

Security for Broadcast IT Systems

Description: l/secmod76.asp ... without touching target host. Postcondition: Attacker knows ... – PowerPoint PPT presentation

Number of Views:34
Avg rating:3.0/5.0
Slides: 33
Provided by: willia354


Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Security for Broadcast IT Systems

Security for Broadcast IT Systems
  • William Dixon, V6 Security, Inc.
  • PBS ACE Security Lead
  • April 14, 2005

  • Changes in Broadcast IT environment
  • Security Risk Assessment
  • Threat Modeling
  • Sources of Security Guidance
  • Recommendations for Broadcast IT vendors
  • Recommendations for PBS Stations
  • Note Content Microsoft focused, but generally

Changes in New Broadcast IT Environment
  • Newer technology offers more functionality for
    same or less cost
  • Digital media, electronic files
  • Using general purpose computers
  • Client-server models for computing
  • Software-based integration of systems
  • TCP/IP network component communication
  • Internet connected
  • Lights-out remote management operation
  • Still use physical security for facility and
  • Still trust your people

Microsoft Recommended Practice for Security Risk
  • Microsoft Security Risk Management Process
  • http//
  • New MS Press Book Threat Modeling
  • http//
  • Threat Modeling for Developers
  • http//

Microsoft Recommended Practice Threat Modeling
  • Analyze and document architecture
  • Objects Assets, Applications, Data, People
  • Document Security Profile
  • Trust boundaries
  • Data Flow communications
  • Entry points
  • Privileged operations

Document Security Profile
  • Input Validation
  • Authentication
  • Authorization
  • Configuration Management
  • Sensitive Data
  • Session Management
  • Cryptography
  • Parameter manipulation
  • Exception management
  • Auditing and Logging

Microsoft Recommended Practice Threat Modeling
  • Identify rank threats with S.T.R.I.D.E.(S)
  • Spoofing
  • Tampering
  • Repudiation
  • Information Disclosure
  • Denial of Service
  • Elevation of Privilege
  • (S)ocial Engineering
  • Example Denial of Service possible due to blank
    admin passwords

Microsoft Recommended Practice Threat Modeling
  • Use attack trees to identify how top level attack
    goal is composed of more detailed goals
  • Use attack patterns to help identify techniques
    for detailed goals

Attack Tree Example
  • 5.3. Gain privileged access to ACME Web server
  • AND 1. Identify ACME domain name
  • 2. Identify ACME firewall IP address
  • OR 1. Interrogate domain name server
  • 2. Scan for firewall identification
  • 3. Trace route through firewall to Web server
  • 3. Determine ACME firewall access control (
    see attack pattern)
  • OR 1. Search for specific default listening
  • 2. Scan ports broadly for any listening port
  • 4. Identify ACME Web server operating system
    and type
  • OR 1. Scan OS services banners for OS
  • 2. Probe TCP/IP stack for OS characteristic
  • 5. Exploit ACME Web server vulnerabilities
  • OR 1. Access sensitive shared intranet
    resources directly
  • 2. Access sensitive data from privileged
  • Source Moore et al. http//

Attack Pattern Example
  • Goal Identify firewall access controls
  • Precondition Attacker knows firewall IP address
  • Attack Techniques
  • OR 1. Search for specific default listening ports
  • 2. Scan ports broadly for any listening ports
  • 3. Scan ports stealthily for listening ports
  • OR 1. Randomize target of scan
  • 2. Randomize source of scan
  • 3. Scan without touching target host
  • Postcondition Attacker knows firewall access
  • Source Moore et al. http//

Attack Pattern Example
  • Attack goals Command or code execution
  • Required conditions
  • Weak input validation
  • Code from the attacker has sufficient privileges
    on the server
  • Attack techniques
  • 1. Identify program on target system with an
    input validation vulnerability
  • 2. Create code to inject and run using the
    security context of the target application.
  • 3. Construct input value to insert code into the
    address space of the target application and force
    a stack corruption that causes application
    execution to jump to the injected code.
  • Attack results Code from the attacker runs and
    performs malicious action
  • Source http//

Microsoft Recommended Practice Threat Modeling
  • Evaluate Risk with D.R.E.A.D.
  • Damage Potential ( cost estimate)
  • Reproducibility ( probability as 1-10)
  • Exploitability ( probability as 1-10)
  • Affected Users ( users as 1-10)
  • Discoverability ( probability 1-10)
  • Rank Risks Probability Damage Potential
  • Risk Rating scheme High, Medium, Low

Document Threats
  • Threat Description
  • Attacker obtains authentication credentials by
    monitoring the network
  • Threat target
  • Web application user authentication process
  • Risk rating
  • High (based on DREAD ranking)
  • Attack techniques
  • Use of commonly available network monitoring
  • Countermeasures
  • Use SSL, IPsec end-to-end, or VPN to provide
    stronger authentication, or encrypted channel
    through which weaker authentication methods are
    used (e.g. HTTP Basic, Digest)

Conduct Decision Support
  • Define Functional Requirements
  • Identify Control Solutions
  • Review Solution Against Requirements
  • Estimate Risk Reduction
  • Estimate Solution Cost
  • Select Risk Mitigation Strategy

Free Microsoft Security Training
  • https//
  • Free Security Courses - Updates for XP SP2 and
    Win2k3 SP1 soon.
  • Login w/.NET Passport ID, provide email address
  • Click on link provided in email
  • 180-day subscription activated
  • Clinic 2801 Microsoft Security Guidance
    Training I
  • Clinic 2802 Microsoft Security Guidance
    Training II
  • Clinic 2806 Microsoft Security Guidance
    Training for Developers
  • Hands-On Lab 2811 Applying Microsoft Security
    Guidance Training
  • Choose Content tab. Watch each section, or
    download offline player and course for offline

Microsoft Security Guidance
  • - guidance for Home, Small
    Business, IT Pro, Developer
  • Technet Security Centers for many products
  • http//
  • Microsoft Security Guides for Win2k, XP and
    Server 2003
  • Expect problems if applying high security
  • Enterprise client template should not cause too
    many problems
  • Threats and Countermeasures Guide
  • Details on threats and each security setting

Microsoft Security Guidance
  • KB 885409 Security configuration guidance
    support - 9nov04
  • Discusses problems with particular settings that
    break applications or Windows services
  • If you use 3rd party templates, contact them for
  • KB 891597 How to apply more restrictive security
    settings on a Windows Server 2003-based cluster
    server 18feb05
  • Provides discussion new security template
    tested for clusters

FCC Security Guidance
  • FCC Media Security And Reliability Council
  • http//
  • Note Communications Infrastructure Security,
    Access and Restoration Committee
  • Best Practice Recommendations
  • FCC Network Reliability and Interop Council
  • http//
  • Note Homeland Security Cybersecurity focus group
  • Best Practice Recommendations

IT Best Practices NIST
  • US Government Natl Institute of Standards
    Technology (NIST)
  • Cybersecurity RD Act directed NIST to develop
    checklists and Security Technical Implementation
    Guides (STIG)
  • Operates Computer Security Resource Center (CSRC)
  • http//
  • NOTE Windows XP Security Guide 800-68 published
  • Important because it is a collaboration of NIST,
    Microsoft, CIS, DISA and NSA

Recent NIST CSRC Guides DISA
  • Application Security Checklist DISA 2/17/05
  • Desktop Application STIG DISA 2/14/05
  • Desktop Application Security Checklist v1r1.7
    DISA 2/17/05
  • Macintosh OS-X STIG v1r1 DISA 11/24/04
  • UNIX Security Checklist DISA 2/17/05
  • Web Server Security Checklist Version 4, Release
    1.4 DISA 2/17/05
  • Windows 2000 Security Checklist DISA 2/17/05
  • Windows NT Security Checklist DISA 2/17/05
  • Windows XP Security Checklist DISA 2/17/05
  • Windows 2003 Addendum Version 4, Release 0.0
    DISA 2/17/05

IT Best Practices NSA
  • OS Security guides for Windows 2000, Windows XP
  • None for Windows Server 2003 Use Microsofts
  • The "High" security settings in Microsoft's
    "Windows Server 2003 Security Guide" track
    closely with the security level historically
    represented in the NSA guidelines. It is our
    belief that this guide establishes the latest
    best practices for securing the product and
    recommend that traditional customers of our
    security recommendations use the Microsoft guide
    when securing Windows Server 2003
  • Microsoft .NET Framework Security Guide (Oct 04)
  • Microsoft Office XP/2003 Executable Content
    Security Risks and Countermeasures Guide (Oct 04)
  • Apple Mac OS Security Configuration Guide
  • Linux Security Configuration Guide
  • Solaris Security Configuration Guide
  • Online at
  • http//

Call to Action for Broadcast IT Vendors
  • Use current, commercially supported platforms
  • Red Hat Enterprise Linux 3.0
  • Windows XP Pro or Embedded version
  • Windows Server 2003 or Embedded version
  • Plan on testing patch updates within 7 days of
    patch availability
  • Plan to test on beta or release candidates of
    service packs
  • Write applications as a background
    process/service, not a user application

Call to Action for Broadcast IT Vendors
  • Review improve security of products
  • Analyze security attack surface, threat model
    for your product
  • Document security profile for customers
  • Practice secure design implementation
  • Writing Secure Code 2nd Edition, Michael Howard,
    David LeBlanc
  • Require authentication for all network access
  • Strong protection for passwords in network
  • Evaluate/adopt a baseline security for standard
    product release
  • Apply OS hardening, minimize services
  • Use system security vulnerability assessment
    tools (e.g. MBSA)
  • Use secure remote administration connections
  • Admin level access protected to higher degree
  • Every packet signed encrypted
  • 2-factor auth capable protocols where possible
  • Use SSL/TLS, SSH, PPTP/L2TP/IPsec VPN, Windows
    Terminal Services
  • Change embedded passwords during
    installation/setup, at least per site

Call to Action for PBS Member Stations
  • Understand that internal systems might be
    infected via TCP/IP network connections
  • Must secure internal, external clients and
  • Secure external communications
  • IPsec or VPN tunnel for all access into secure
  • Use strong passwords !
  • Protect passwords from theft !
  • Prevent laptops from directly connecting inside
    secure area
  • Very careful trained configuration and change
    control of core security devices (e.g. firewall,
    VPN server)
  • Request security information from vendors
  • Try Microsoft Security Risk Management Process
  • Designate someone to learn security
  • Train users operators for security awareness

Backup Details
Windows Client Security Summary
  • Member of an Active Directory domain - for better
    management through Group Policy
  • User not administrator if possible, uses strong
  • Automatic updates enabled - either through
    Windows Update, Update Services or Systems
    Management Server (SMS)
  • Anti-virus - set for autoupdate of definitions
    daily and periodic full scans
  • Anti-spyware - set for autoupdate of definitions
    and periodic full scans
  • Windows Firewall on - exceptions disabled by
  • Enterprise client security template applied for
    hardening (update with new XP SP2 settings)
  • Additional settings administrative template
    settings should be developed
  • Software restriction policies should be
  • NTFS and Encrypting File System used to protect
    confidential data after theft
  • Centralized monitoring with MACS, MOM, SMS,
    Systems Center or 3rd party
  • System backup - Automatic System Restore enabled
    in XP, full disk remote backup, remote backups
    daily for user data
  • Domain startup script run to check status of
    these daily or weekly
  • http//

Additional Microsoft Security Help
  • Technet IT Pro Security Community Page
  • http//
  • Lots of news groups
  • MS IT Security Papers
  • http//
  • PSS Support Webcasts
  • TCP/IP port and process auditing Tuesday,
    December 14, 2004
  • TechNet Support WebCast How to isolate servers
    and applications, March 22 2005 10am Pacific
  • See http//

Windows Server SP1 Released
  • Top reasons to use SP1
  • Reduced attack surface higher default security
    for RPCs and DCOM
  • New Security Configuration Wizard (SCW)-
    whitepapers coming soon
  • More secure new installations by Post-Setup
    Security Update to block incoming traffic while
    and until latest patches are installed
  • Windows Firewall replaces Internet Connection
  • Group policy for Windows Firewall added in Active
  • RRAS VPN Server Quarantine capabilities, see
  • IIS 6.0 auditing for XML configuration metabase
  • Additional IE hardening
  • http//

Technet webcast for Security Configuration Wizard
  • Join this session as we walk you through the
    Wizard end-to-end, focusing on role-based server
    configuration, security configuration template
    design and development, and security
    configuration deployment. We will demonstrate the
    technologies as well as go in depth on
    customization of SCW and how to customize the
    database to support non-Microsoft applications
  • http//

Active Directory Security Links
  • AD Security Center
  • http//
  • Best Practice Guides for Securing Active
  • Windows Server 2003 Best Practice Guide for
    Securing Windows Server Active Directory
    Installations http//
    er2003/techinfo/overview/adsecurity.mspx (Jan 8
  • Windows 2000 Best Practice Guide for Securing
    Active Directory Installations and Day-to-Day
    Operations http//
    y/maintain/bpguide/default.mspx (Feb 28 2004)
  • Securing DNS Zone transfers in Windows Server
  • http//
  • Active Directory in Segmented Networks
  • http//
  • Provides detail for how to use Ipsec to secure
    all traffic between AD servers
  • TCP/IP Exploits and Countermeasures
  • http//

Windows tools for investigating problems with
  • Full System Backup with ASR Diskette/CD
  • Many changes can not be undone by SCE or SCW
    rollback, such as registry and file ACLs
  • System Restore could try checkpoint prior to
    hardening. Not sure if it can undo everything
  • Backup Windows event logs to baseline behaviors
    prior to hardening. Make logs bigger.
  • Network Sniffers
  • Windows Netmon light version in Win2k or Win2k3
    as optional install networking component. Full
    version in Systems Management Server
  • Ethereal open source http//
  • Dependency Walker (depends.exe, XP or Win2k3
    Resource Kit)
  • Portqry.exe v2.0 port scanning tool - see KB
  • Port Reporter installs as service to monitor
    app port usage - see KB 837243
  • If Windows Firewall or IPsec filters are blocking
    UDP ports, watch out for false port open
    messages from remote port scanning tools. Some
    scan tools expect ICMP destination port
    unreachable packet in response. Sniff to confirm
    what tool reports
  • Group Policy Resultant Set of Policy (RSoP) MMC
    snapin shows where setting is being defined
  • Set auditing for failure on registry keys look
    for errors in Security Log
  • Tlist.exe process viewer (DDK debugging tools)
  • File Monitor (
  • Registry Monitor (
  • Process Explorer (

Developer References
  • Creating a simple Win32 service in C
  • http//
  • MSDN About Services development help
  • http//
  • Example of installing an application as a
  • http//
  • Microsoft Security Risk Management Process
  • http//
  • New MS Press Book Threat Modeling
  • http//
  • Threat Modeling for Developers
  • http//