Security for Broadcast IT Systems - PowerPoint PPT Presentation

Loading...

PPT – Security for Broadcast IT Systems PowerPoint presentation | free to view - id: 1a8875-ZDc1Z



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Security for Broadcast IT Systems

Description:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secmod/htm l/secmod76.asp ... without touching target host. Postcondition: Attacker knows ... – PowerPoint PPT presentation

Number of Views:34
Avg rating:3.0/5.0
Slides: 33
Provided by: willia354
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Security for Broadcast IT Systems


1
Security for Broadcast IT Systems
  • William Dixon, V6 Security, Inc.
  • PBS ACE Security Lead
  • April 14, 2005

2
Agenda
  • Changes in Broadcast IT environment
  • Security Risk Assessment
  • Threat Modeling
  • Sources of Security Guidance
  • Recommendations for Broadcast IT vendors
  • Recommendations for PBS Stations
  • Note Content Microsoft focused, but generally
    applicable

3
Changes in New Broadcast IT Environment
  • Newer technology offers more functionality for
    same or less cost
  • Digital media, electronic files
  • Using general purpose computers
  • Client-server models for computing
  • Software-based integration of systems
  • TCP/IP network component communication
  • Internet connected
  • Lights-out remote management operation
  • Still use physical security for facility and
    equipment
  • Still trust your people

4
Microsoft Recommended Practice for Security Risk
Assessment
  • Microsoft Security Risk Management Process
    15oct04
  • http//www.microsoft.com/technet/security/topics/p
    oliciesandprocedures/secrisk/default.mspx
  • New MS Press Book Threat Modeling
  • http//www.microsoft.com/mspress/books/6892.asp
  • Threat Modeling for Developers
  • http//msdn.microsoft.com/library/default.asp?url
    /library/en-us/secmod/html/secmod76.asp

5
Microsoft Recommended Practice Threat Modeling
  • Analyze and document architecture
  • Objects Assets, Applications, Data, People
  • Document Security Profile
  • Trust boundaries
  • Data Flow communications
  • Entry points
  • Privileged operations

6
Document Security Profile
  • Input Validation
  • Authentication
  • Authorization
  • Configuration Management
  • Sensitive Data
  • Session Management
  • Cryptography
  • Parameter manipulation
  • Exception management
  • Auditing and Logging

7
Microsoft Recommended Practice Threat Modeling
  • Identify rank threats with S.T.R.I.D.E.(S)
    analysis
  • Spoofing
  • Tampering
  • Repudiation
  • Information Disclosure
  • Denial of Service
  • Elevation of Privilege
  • (S)ocial Engineering
  • Example Denial of Service possible due to blank
    admin passwords

8
Microsoft Recommended Practice Threat Modeling
  • Use attack trees to identify how top level attack
    goal is composed of more detailed goals
  • Use attack patterns to help identify techniques
    for detailed goals

9
Attack Tree Example
  • 5.3. Gain privileged access to ACME Web server
  • AND 1. Identify ACME domain name
  • 2. Identify ACME firewall IP address
  • OR 1. Interrogate domain name server
  • 2. Scan for firewall identification
  • 3. Trace route through firewall to Web server
  • 3. Determine ACME firewall access control (
    see attack pattern)
  • OR 1. Search for specific default listening
    ports
  • 2. Scan ports broadly for any listening port
  • 4. Identify ACME Web server operating system
    and type
  • OR 1. Scan OS services banners for OS
    identification
  • 2. Probe TCP/IP stack for OS characteristic
    information
  • 5. Exploit ACME Web server vulnerabilities
  • OR 1. Access sensitive shared intranet
    resources directly
  • 2. Access sensitive data from privileged
    account
  • Source Moore et al. http//www.cert.org/archive/p
    df/01tn001.pdf

10
Attack Pattern Example
  • Goal Identify firewall access controls
  • Precondition Attacker knows firewall IP address
  • Attack Techniques
  • OR 1. Search for specific default listening ports
  • 2. Scan ports broadly for any listening ports
  • 3. Scan ports stealthily for listening ports
  • OR 1. Randomize target of scan
  • 2. Randomize source of scan
  • 3. Scan without touching target host
  • Postcondition Attacker knows firewall access
    controls
  • Source Moore et al. http//www.cert.org/archive/p
    df/01tn001.pdf

11
Attack Pattern Example
  • Attack goals Command or code execution
  • Required conditions
  • Weak input validation
  • Code from the attacker has sufficient privileges
    on the server
  • Attack techniques
  • 1. Identify program on target system with an
    input validation vulnerability
  • 2. Create code to inject and run using the
    security context of the target application.
  • 3. Construct input value to insert code into the
    address space of the target application and force
    a stack corruption that causes application
    execution to jump to the injected code.
  • Attack results Code from the attacker runs and
    performs malicious action
  • Source http//msdn.microsoft.com/library/default.
    asp?url/library/en-us/secmod/html/secmod76.asp

12
Microsoft Recommended Practice Threat Modeling
  • Evaluate Risk with D.R.E.A.D.
  • Damage Potential ( cost estimate)
  • Reproducibility ( probability as 1-10)
  • Exploitability ( probability as 1-10)
  • Affected Users ( users as 1-10)
  • Discoverability ( probability 1-10)
  • Rank Risks Probability Damage Potential
  • Risk Rating scheme High, Medium, Low

13
Document Threats
  • Threat Description
  • Attacker obtains authentication credentials by
    monitoring the network
  • Threat target
  • Web application user authentication process
  • Risk rating
  • High (based on DREAD ranking)
  • Attack techniques
  • Use of commonly available network monitoring
    software
  • Countermeasures
  • Use SSL, IPsec end-to-end, or VPN to provide
    stronger authentication, or encrypted channel
    through which weaker authentication methods are
    used (e.g. HTTP Basic, Digest)

14
Conduct Decision Support
  • Define Functional Requirements
  • Identify Control Solutions
  • Review Solution Against Requirements
  • Estimate Risk Reduction
  • Estimate Solution Cost
  • Select Risk Mitigation Strategy

15
Free Microsoft Security Training
  • https//www.microsoftelearning.com/security/
  • Free Security Courses - Updates for XP SP2 and
    Win2k3 SP1 soon.
  • Login w/.NET Passport ID, provide email address
  • Click on link provided in email
  • 180-day subscription activated
  • Clinic 2801 Microsoft Security Guidance
    Training I
  • Clinic 2802 Microsoft Security Guidance
    Training II
  • Clinic 2806 Microsoft Security Guidance
    Training for Developers
  • Hands-On Lab 2811 Applying Microsoft Security
    Guidance Training
  • Choose Content tab. Watch each section, or
    download offline player and course for offline
    viewing

16
Microsoft Security Guidance
  • Microsoft.com/security - guidance for Home, Small
    Business, IT Pro, Developer
  • Technet Security Centers for many products
  • http//www.microsoft.com/technet/Security/prodtech
    /default.mspx
  • Microsoft Security Guides for Win2k, XP and
    Server 2003
  • Expect problems if applying high security
    templates
  • Enterprise client template should not cause too
    many problems
  • Threats and Countermeasures Guide
  • Details on threats and each security setting

17
Microsoft Security Guidance
  • KB 885409 Security configuration guidance
    support - 9nov04
  • Discusses problems with particular settings that
    break applications or Windows services
  • If you use 3rd party templates, contact them for
    support
  • KB 891597 How to apply more restrictive security
    settings on a Windows Server 2003-based cluster
    server 18feb05
  • Provides discussion new security template
    tested for clusters

18
FCC Security Guidance
  • FCC Media Security And Reliability Council
  • http//www.mediasecurity.org/msrcmeetings/index.ht
    ml
  • Note Communications Infrastructure Security,
    Access and Restoration Committee
  • Best Practice Recommendations
  • FCC Network Reliability and Interop Council
  • http//www.nric.org/fg/index.html
  • Note Homeland Security Cybersecurity focus group
  • Best Practice Recommendations

19
IT Best Practices NIST
  • US Government Natl Institute of Standards
    Technology (NIST)
  • Cybersecurity RD Act directed NIST to develop
    checklists and Security Technical Implementation
    Guides (STIG)
  • Operates Computer Security Resource Center (CSRC)
  • http//csrc.nist.gov/itsec/
  • NOTE Windows XP Security Guide 800-68 published
    Jun04
  • Important because it is a collaboration of NIST,
    Microsoft, CIS, DISA and NSA

20
Recent NIST CSRC Guides DISA
  • Application Security Checklist DISA 2/17/05
  • Desktop Application STIG DISA 2/14/05
  • Desktop Application Security Checklist v1r1.7
    DISA 2/17/05
  • Macintosh OS-X STIG v1r1 DISA 11/24/04
  • UNIX Security Checklist DISA 2/17/05
  • Web Server Security Checklist Version 4, Release
    1.4 DISA 2/17/05
  • Windows 2000 Security Checklist DISA 2/17/05
  • Windows NT Security Checklist DISA 2/17/05
  • Windows XP Security Checklist DISA 2/17/05
  • Windows 2003 Addendum Version 4, Release 0.0
    DISA 2/17/05

21
IT Best Practices NSA
  • OS Security guides for Windows 2000, Windows XP
  • None for Windows Server 2003 Use Microsofts
  • The "High" security settings in Microsoft's
    "Windows Server 2003 Security Guide" track
    closely with the security level historically
    represented in the NSA guidelines. It is our
    belief that this guide establishes the latest
    best practices for securing the product and
    recommend that traditional customers of our
    security recommendations use the Microsoft guide
    when securing Windows Server 2003
  • Microsoft .NET Framework Security Guide (Oct 04)
  • Microsoft Office XP/2003 Executable Content
    Security Risks and Countermeasures Guide (Oct 04)
  • Apple Mac OS Security Configuration Guide
  • Linux Security Configuration Guide
  • Solaris Security Configuration Guide
  • Online at
  • http//www.nsa.gov/snac/index.cfm?MenuIDscg10.3.1

22
Call to Action for Broadcast IT Vendors
  • Use current, commercially supported platforms
  • Red Hat Enterprise Linux 3.0
  • Windows XP Pro or Embedded version
  • Windows Server 2003 or Embedded version
  • Plan on testing patch updates within 7 days of
    patch availability
  • Plan to test on beta or release candidates of
    service packs
  • Write applications as a background
    process/service, not a user application

23
Call to Action for Broadcast IT Vendors
  • Review improve security of products
  • Analyze security attack surface, threat model
    for your product
  • Document security profile for customers
  • Practice secure design implementation
  • Writing Secure Code 2nd Edition, Michael Howard,
    David LeBlanc
  • Require authentication for all network access
  • Strong protection for passwords in network
    traffic
  • Evaluate/adopt a baseline security for standard
    product release
  • Apply OS hardening, minimize services
  • Use system security vulnerability assessment
    tools (e.g. MBSA)
  • Use secure remote administration connections
  • Admin level access protected to higher degree
  • Every packet signed encrypted
  • 2-factor auth capable protocols where possible
  • Use SSL/TLS, SSH, PPTP/L2TP/IPsec VPN, Windows
    Terminal Services
  • Change embedded passwords during
    installation/setup, at least per site

24
Call to Action for PBS Member Stations
  • Understand that internal systems might be
    infected via TCP/IP network connections
  • Must secure internal, external clients and
    servers
  • Secure external communications
  • IPsec or VPN tunnel for all access into secure
    area
  • Use strong passwords !
  • Protect passwords from theft !
  • Prevent laptops from directly connecting inside
    secure area
  • Very careful trained configuration and change
    control of core security devices (e.g. firewall,
    VPN server)
  • Request security information from vendors
  • Try Microsoft Security Risk Management Process
  • Designate someone to learn security
    administration
  • Train users operators for security awareness

25
Backup Details
26
Windows Client Security Summary
  • Member of an Active Directory domain - for better
    management through Group Policy
  • User not administrator if possible, uses strong
    password
  • Automatic updates enabled - either through
    Windows Update, Update Services or Systems
    Management Server (SMS)
  • Anti-virus - set for autoupdate of definitions
    daily and periodic full scans
  • Anti-spyware - set for autoupdate of definitions
    and periodic full scans
  • Windows Firewall on - exceptions disabled by
    default
  • Enterprise client security template applied for
    hardening (update with new XP SP2 settings)
  • Additional settings administrative template
    settings should be developed
  • Software restriction policies should be
    configured
  • NTFS and Encrypting File System used to protect
    confidential data after theft
  • Centralized monitoring with MACS, MOM, SMS,
    Systems Center or 3rd party
  • System backup - Automatic System Restore enabled
    in XP, full disk remote backup, remote backups
    daily for user data
  • Domain startup script run to check status of
    these daily or weekly
  • http//www.microsoft.com/technet/security/prodtech
    /windowsxp/secwinxp/default.mspx

27
Additional Microsoft Security Help
  • Technet IT Pro Security Community Page
  • http//www.microsoft.com/technet/community/en-us/s
    ecurity/default.mspx
  • Lots of news groups
  • MS IT Security Papers
  • http//www.microsoft.com/technet/itsolutions/msit/
    default.mspxEDBAAA
  • PSS Support Webcasts
  • TCP/IP port and process auditing Tuesday,
    December 14, 2004
  • TechNet Support WebCast How to isolate servers
    and applications, March 22 2005 10am Pacific
  • See http//support.microsoft.com/pwebcasts

28
Windows Server SP1 Released
  • Top reasons to use SP1
  • Reduced attack surface higher default security
    for RPCs and DCOM
  • New Security Configuration Wizard (SCW)-
    whitepapers coming soon
  • More secure new installations by Post-Setup
    Security Update to block incoming traffic while
    and until latest patches are installed
  • Windows Firewall replaces Internet Connection
    Firewall
  • Group policy for Windows Firewall added in Active
    Directory
  • RRAS VPN Server Quarantine capabilities, see
    http//www.microsoft.com/vpn
  • IIS 6.0 auditing for XML configuration metabase
  • Additional IE hardening
  • http//www.microsoft.com/technet/prodtechnol/windo
    wsserver2003/servicepack/default.mspx

29
Technet webcast for Security Configuration Wizard
available
  • Join this session as we walk you through the
    Wizard end-to-end, focusing on role-based server
    configuration, security configuration template
    design and development, and security
    configuration deployment. We will demonstrate the
    technologies as well as go in depth on
    customization of SCW and how to customize the
    database to support non-Microsoft applications
  • http//msevents.microsoft.com/cui/WebCastEventDeta
    ils.aspx?EventID1032268013EventCategory5cultur
    een-USCountryCodeUS

30
Active Directory Security Links
  • AD Security Center
  • http//www.microsoft.com/technet/security/prodtech
    /ActiveDirectory.mspx
  • Best Practice Guides for Securing Active
    Directory
  • Windows Server 2003 Best Practice Guide for
    Securing Windows Server Active Directory
    Installations http//www.microsoft.com/windowsserv
    er2003/techinfo/overview/adsecurity.mspx (Jan 8
    2004)
  • Windows 2000 Best Practice Guide for Securing
    Active Directory Installations and Day-to-Day
    Operations http//www.microsoft.com/technet/prodt
    echnol/windows2000serv/technologies/activedirector
    y/maintain/bpguide/default.mspx (Feb 28 2004)
  • Securing DNS Zone transfers in Windows Server
    2003
  • http//www.microsoft.com/resources/documentation/W
    indowsServ/2003/all/deployguide/en-us/Default.asp?
    url/resources/documentation/WindowsServ/2003/all/
    deployguide/en-us/dnsbd_dns_wzwd.asp
  • Active Directory in Segmented Networks
  • http//www.microsoft.com/downloads/details.aspx?Fa
    milyIDc2ef3846-43f0-4caf-9767-a9166368434eDispla
    yLangen
  • Provides detail for how to use Ipsec to secure
    all traffic between AD servers
  • TCP/IP Exploits and Countermeasures
  • http//www.microsoft.com/technet/security/prodtech
    /windows2000/secmod150.mspx

31
Windows tools for investigating problems with
hardening
  • Full System Backup with ASR Diskette/CD
  • Many changes can not be undone by SCE or SCW
    rollback, such as registry and file ACLs
  • System Restore could try checkpoint prior to
    hardening. Not sure if it can undo everything
  • Backup Windows event logs to baseline behaviors
    prior to hardening. Make logs bigger.
  • Network Sniffers
  • Windows Netmon light version in Win2k or Win2k3
    as optional install networking component. Full
    version in Systems Management Server
  • Ethereal open source http//www.ethereal.com/
  • Dependency Walker (depends.exe, XP or Win2k3
    Resource Kit)
  • Portqry.exe v2.0 port scanning tool - see KB
    832919
  • Port Reporter installs as service to monitor
    app port usage - see KB 837243
  • If Windows Firewall or IPsec filters are blocking
    UDP ports, watch out for false port open
    messages from remote port scanning tools. Some
    scan tools expect ICMP destination port
    unreachable packet in response. Sniff to confirm
    what tool reports
  • Group Policy Resultant Set of Policy (RSoP) MMC
    snapin shows where setting is being defined
  • Set auditing for failure on registry keys look
    for errors in Security Log
  • Tlist.exe process viewer (DDK debugging tools)
  • File Monitor (sysinternals.com)
  • Registry Monitor (sysinternals.com)
  • Process Explorer (sysinternals.com)

32
Developer References
  • Creating a simple Win32 service in C
  • http//msdn.microsoft.com/library/default.asp?url
    /library/en-us/dndllpro/html/msdn_ntservic.asp
  • MSDN About Services development help
  • http//msdn.microsoft.com/library/default.asp?url
    /library/en-us/dllproc/base/about_services.asp
  • Example of installing an application as a
    service
  • http//msdn.microsoft.com/library/default.asp?url
    /library/en-us/exchserv/html/example_0001.asp
  • Microsoft Security Risk Management Process
    15oct04
  • http//www.microsoft.com/technet/security/topics/p
    oliciesandprocedures/secrisk/default.mspx
  • New MS Press Book Threat Modeling
  • http//www.microsoft.com/mspress/books/6892.asp
  • Threat Modeling for Developers
  • http//msdn.microsoft.com/library/default.asp?url
    /library/en-us/secmod/html/secmod76.asp
About PowerShow.com