Chapter 4: Security Baselines - PowerPoint PPT Presentation

1 / 39
About This Presentation

Chapter 4: Security Baselines


Chapter 4: Security Baselines Security+ Guide to Network Security Fundamentals Second Edition Objectives Disable nonessential systems Harden operating systems Harden ... – PowerPoint PPT presentation

Number of Views:291
Avg rating:3.0/5.0
Slides: 40
Provided by: Preferr939


Transcript and Presenter's Notes

Title: Chapter 4: Security Baselines

Chapter 4 Security Baselines
  • Security Guide to Network Security Fundamentals
  • Second Edition

  • Disable nonessential systems
  • Harden operating systems
  • Harden applications
  • Harden networks

Disabling Nonessential Systems
  • First step in establishing a defense against
    computer attacks is to turn off all nonessential
  • The background program waits in the computers
    random access memory (RAM) until the user presses
    a specific combination of keys (a hot key), such
    as CtrlShiftP
  • Then, the idling program springs to life

Disabling Nonessential Systems (continued)
  • Early terminate-and-stay-resident (TSR) programs
    performed functions such as displaying an instant
    calculator, small notepad, or address book
  • In Microsoft Windows, a background program, such
    as Svchostexe, is called a process
  • The process provides a service to the operating
    system indicated by the service name, such as

Disabling Nonessential Systems (continued)
  • Users can view the display name of a service,
    which gives a detailed description, such as
    Application Management
  • A single process can provide multiple services

Disabling Nonessential Systems (continued)
Disabling Nonessential Systems (continued)
Disabling Nonessential Systems (continued)
  • A service can be set to one of the following
  • Automatic
  • Manual
  • Disabled
  • Besides preventing attackers from attaching
    malicious code to services, disabling
    nonessential services blocks entries into the

Disabling Nonessential Systems (continued)
  • The User Datagram Protocol (UDP) provides for a
    connectionless TCP/IP transfer
  • TCP and UDP are based on port numbers
  • Socket combination of an IP address and a port
  • The IP address is separated from the port number
    by a colon, as in 1981461182080

Disabling Nonessential Systems (continued)
Hardening Operating Systems
  • Hardening process of reducing vulnerabilities
  • A hardened system is configured and updated to
    protect against attacks
  • Three broad categories of items should be
  • Operating systems
  • Applications that the operating system runs
  • Networks

Hardening Operating Systems (continued)
  • You can harden the operating system that runs on
    the local client or the network operating system
    (NOS) that manages and controls the network, such
    as Windows Server 2003 or Novell NetWare

Applying Updates
  • Operating systems are intended to be dynamic
  • As users needs change, new hardware is
    introduced, and more sophisticated attacks are
    unleashed, operating systems must be updated on a
    regular basis
  • However, vendors release a new version of an
    operating system every two to four years
  • Vendors use certain terms to refer to the
    different types of updates (listed in Table 4-3
    on page 109)

Applying Updates (continued)
  • A service pack (a cumulative set of updates
    including fixes for problems that have not been
    made available through updates) provides the
    broadest and most complete update
  • A hotfix does not typically address security
    issues instead, it corrects a specific software

Applying Updates (continued)
Applying Updates (continued)
  • A patch or a software update fixes a security
    flaw or other problem
  • May be released on a regular or irregular basis,
    depending on the vendor or support team
  • A good patch management system includes the
    features listed on pages 111 and 112 of the text

Securing the File System
  • Another means of hardening an operating system is
    to restrict user access
  • Generally, users can be assigned permissions to
    access folders (also called directories in DOS
    and UNIX/Linux) and the files contained within

Securing the File System (continued)
  • Microsoft Windows provides a centralized method
    of defining security on the Microsoft Management
    Console (MMC)
  • A Windows utility that accepts additional
    components (snap-ins)
  • After you apply a security template to organize
    security settings, you can import the settings to
    a group of computers (Group Policy object)

Securing the File System (continued)
  • Group Policy settings components of a users
    desktop environment that a network system
    administrator needs to manage
  • Group Policy settings cannot override a global
    setting for all computers (domain-based setting)
  • Windows stores settings for the computers
    hardware and software in a database (the registry)

Hardening Applications
  • Just as you must harden operating systems, you
    must also harden the applications that run on
    those systems
  • Hotfixes, service packs, and patches are
    generally available for most applications
    although, not usually with the same frequency as
    for an operating system

Hardening Servers
  • Harden servers to prevent attackers from breaking
    through the software
  • Web server delivers text, graphics, animation,
    audio, and video to Internet users around the
  • Refer to the steps on page 115 to harden a Web

Hardening Servers (continued)
  • Mail server is used to send and receive
    electronic messages
  • In a normal setting, a mail server serves an
    organization or set of users
  • All e-mail is sent through the mail server from a
    trusted user or received from an outsider and
    intended for a trusted user

Hardening Servers (continued)
Hardening Servers (continued)
  • In an open mail relay, a mail server processes
    e-mail messages not sent by or intended for a
    local user
  • File Transfer Protocol (FTP) server is used to
    store and access files through the Internet
  • Typically used to accommodate users who want to
    download or upload files

Hardening Servers (continued)
Hardening Servers (continued)
  • FTP servers can be set to accept anonymous logons
    using a window similar that shown in Figure 4-8
  • A Domain Name Service (DNS) server makes the
    Internet available to ordinary users
  • DNS servers frequently update each other by
    transmitting all domains and IP addresses of
    which they are aware (zone transfer)

Hardening Servers (continued)
Hardening Servers (continued)
  • IP addresses and other information can be used in
    an attack
  • USENET is a worldwide bulletin board system that
    can be accessed through the Internet or many
    online services
  • The Network News Transfer Protocol (NNTP) is the
    protocol used to send, distribute, and retrieve
    USENET messages through NNTP servers

Hardening Servers (continued)
  • Print/file servers on a local area network (LAN)
    allow users to share documents on a central
    server or to share printers
  • Hardening a print/file server involves the tasks
    listed on page 119 of the text
  • A DHCP server allocates IP addresses using the
    Dynamic Host Configuration Protocol (DHCP)
  • DHCP servers lease IP addresses to clients

Hardening Data Repositories
  • Data repository container that holds electronic
  • Two major data repositories directory services
    and company databases
  • Directory service database stored on the network
    that contains all information about users and
    network devices along with privileges to those

Hardening Data Repositories (continued)
  • Active Directory is the directory service for
  • Active Directory is stored in the Security
    Accounts Manager (SAM) database
  • The primary domain controller (PDC) houses the
    SAM database

Hardening Networks
  • Two-fold process for keeping a network secure
  • Secure the network with necessary updates
  • Properly configure it

Firmware Updates
  • RAM is volatile?interrupting the power source
    causes RAM to lose its entire contents
  • Read-only memory (ROM) is different from RAM in
    two ways
  • Contents of ROM are fixed
  • ROM is nonvolatile?disabling the power source
    does not erase its contents

Firmware Updates (continued)
  • ROM, Erasable Programmable Read-Only Memory
    (EPROM), and Electrically Erasable Programmable
    Read-Only Memory (EEPROM) are firmware
  • To erase an EPROM chip, hold the chip under
    ultraviolet light so the light passes through its
    crystal window
  • The contents of EEPROM chips can also be erased
    using electrical signals applied to specific pins

Network Configuration
  • You must properly configure network equipment to
    resist attacks
  • The primary method of resisting attacks is to
    filter data packets as they arrive at the
    perimeter of the network

Network Configuration (continued)
  • Rule base or access control list (ACL) rules a
    network device uses to permit or deny a packet
    (not to be confused with ACLs used in securing a
    file system)
  • Rules are composed of several settings (listed on
    pages 122 and 123 of the text)
  • Observe the basic guidelines on page 124 of the
    text when creating rules

Network Configuration (continued)
  • Establishing a security baseline creates a basis
    for information security
  • Hardening the operating system involves applying
    the necessary updates to the software
  • Securing the file system is another step in
    hardening a system

Summary (continued)
  • Applications and operating systems must be
    hardened by installing the latest patches and
  • Servers, such as Web servers, mail servers, FTP
    servers, DNS servers, NNTP servers, print/file
    servers, and DHCP servers, must be hardened to
    prevent attackers from corrupting them or using
    the server to launch other attacks
Write a Comment
User Comments (0)