Lecture Security+ Certification: Chapter 9 - Trung tâm Athena

Lecture Security+ Certification: Chapter 9 - System hardening. The main contents of this chapter include all of the following: Disable nonessential systems, harden operating systems, harden applications, harden networks.

Chapter 9 System Hardening

Objectives in this chapter

ATHENA

Disabling Nonessential Systems

 First step in establishing a defense against

computer attacks is to turn off all nonessentialsystems

computer’s random access memory (RAM) untilthe user presses a specific combination of keys(a hot key), such as Ctrl+Shift+P

 First step in establishing a defense against

computer attacks is to turn off all nonessentialsystems

computer’s random access memory (RAM) untilthe user presses a specific combination of keys(a hot key), such as Ctrl+Shift+P

such as Svchostexe, is called a process

system indicated by the service name, such asAppMgmt

such as Svchostexe, is called a process

system indicated by the service name, such asAppMgmt

Disabling Nonessential

Systems (continued)

which gives a detailed description, such asApplication Management

Disabling Nonessential Systems (continued)

ATHENA

Disabling Nonessential Systems (continued)

malicious code to services, disablingnonessential services blocks entries into thesystem

malicious code to services, disablingnonessential services blocks entries into thesystem

Disabling Nonessential

Systems (continued)

a connectionless TCP/IP transfer

number

number by a colon, as in 19814611820:80

a connectionless TCP/IP transfer

number

number by a colon, as in 19814611820:80

Disabling Nonessential Systems (continued)

ATHENA

Hardening Operating Systems

to protect against attacks

hardened:

• Operating systems

• Applications that the operating system runs

• Networks

to protect against attacks

hardened:

• Operating systems

• Applications that the operating system runs

• Networks

Hardening Operating

Systems (continued)

on the local client or the network operatingsystem (NOS) that manages and controls thenetwork, such as Windows Server 2003 orNovell NetWare

ATHENA

on the local client or the network operatingsystem (NOS) that manages and controls thenetwork, such as Windows Server 2003 orNovell NetWare

Applying Updates

dynamic

introduced, and more sophisticated attacksare unleashed, operating systems must beupdated on a regular basis

an operating system every two to four years

different types of updates (listed in Table 4-3

on page 109)

dynamic

introduced, and more sophisticated attacksare unleashed, operating systems must beupdated on a regular basis

an operating system every two to four years

different types of updates (listed in Table 4-3

on page 109)

Applying Updates (continued)

including fixes for problems that have not beenmade available through updates) provides thebroadest and most complete update

issues; instead, it corrects a specific softwareproblem

ATHENA

including fixes for problems that have not beenmade available through updates) provides thebroadest and most complete update

issues; instead, it corrects a specific softwareproblem

Applying Updates (continued)

Applying Updates (continued)

 A patch or a software update fixes a securityflaw or other problem

• May be released on a regular or irregular basis, depending on the vendor or support team

• A good patch management system includes the features listed on pages 111 and 112 of the text

Securing the File System

system is to restrict user access

access folders (also called directories in DOSand UNIX/Linux) and the files contained

within them

system is to restrict user access

access folders (also called directories in DOSand UNIX/Linux) and the files contained

within them

Securing the File System (continued)

method of defining security on the MicrosoftManagement Console (MMC)

• A Windows utility that accepts additional components (snap-ins)

• After you apply a security template to organize security settings, you can import the settings to a group of computers (Group Policy object)

ATHENA

method of defining security on the MicrosoftManagement Console (MMC)

• A Windows utility that accepts additional components (snap-ins)

• After you apply a security template to organize security settings, you can import the settings to a group of computers (Group Policy object)

Securing the File System (continued)

desktop environment that a network systemadministrator needs to manage

setting for all computers (domain-basedsetting)

hardware and software in a database (theregistry)

desktop environment that a network systemadministrator needs to manage

setting for all computers (domain-basedsetting)

hardware and software in a database (theregistry)

Hardening Applications

must also harden the applications that run onthose systems

generally available for most applications;

although, not usually with the same frequency

as for an operating system

ATHENA

must also harden the applications that run onthose systems

generally available for most applications;

although, not usually with the same frequency

as for an operating system

Hardening Servers

breaking through the software

audio, and video to Internet users around theworld

server

breaking through the software

audio, and video to Internet users around theworld

server

Hardening Servers (continued)

electronic messages

organization or set of users

trusted user or received from an outsider andintended for a trusted user

ATHENA

electronic messages

organization or set of users

trusted user or received from an outsider andintended for a trusted user

Hardening Servers (continued)

Hardening Servers (continued)

e-mail messages not sent by or intended for alocal user

store and access files through the Internet

• Typically used to accommodate users who want to download or upload files

ATHENA

e-mail messages not sent by or intended for alocal user

store and access files through the Internet

• Typically used to accommodate users who want to download or upload files

Hardening Servers (continued)

Hardening Servers (continued)

logons using a window similar that shown inFigure 4-8

the Internet available to ordinary users

• DNS servers frequently update each other by transmitting all domains and IP addresses of which they are aware (zone transfer)

ATHENA

logons using a window similar that shown inFigure 4-8

the Internet available to ordinary users

• DNS servers frequently update each other by transmitting all domains and IP addresses of which they are aware (zone transfer)

Hardening Servers (continued)

Hardening Servers (continued)

in an attack

that can be accessed through the Internet ormany online services

the protocol used to send, distribute, andretrieve USENET messages through NNTPservers

ATHENA

in an attack

that can be accessed through the Internet ormany online services

the protocol used to send, distribute, andretrieve USENET messages through NNTPservers

Hardening Servers (continued)

allow users to share documents on a centralserver or to share printers

listed on page 119 of the text

Dynamic Host Configuration Protocol (DHCP)

allow users to share documents on a centralserver or to share printers

listed on page 119 of the text

Dynamic Host Configuration Protocol (DHCP)

Hardening Data Repositories

information

and company databases

network that contains all information aboutusers and network devices along with privileges

to those resources

ATHENA

information

and company databases

network that contains all information aboutusers and network devices along with privileges

to those resources

Hardening Data

Repositories (continued)

 Active Directory is the directory service forWindows

 Active Directory is stored in the Security

Accounts Manager (SAM) database

the SAM database

 Active Directory is the directory service forWindows

 Active Directory is stored in the Security

Accounts Manager (SAM) database

the SAM database

Hardening Networks

• Secure the network with necessary updates

• Properly configure it

ATHENA

Firmware Updates

causes RAM to lose its entire contents

RAM in two ways:

• Contents of ROM are fixed

• ROM is nonvolatile―disabling the power source does not erase its contents

causes RAM to lose its entire contents

RAM in two ways:

• Contents of ROM are fixed

• ROM is nonvolatile―disabling the power source does not erase its contents

Firmware Updates (continued)

Memory (EPROM), and Electrically ErasableProgrammable Read-Only Memory (EEPROM)are firmware

ultraviolet light so the light passes through itscrystal window

erased using electrical signals applied tospecific pins

ATHENA

Memory (EPROM), and Electrically ErasableProgrammable Read-Only Memory (EEPROM)are firmware

ultraviolet light so the light passes through itscrystal window

erased using electrical signals applied tospecific pins

Network Configuration

equipment to resist attacks

filter data packets as they arrive at theperimeter of the network

equipment to resist attacks

filter data packets as they arrive at theperimeter of the network

Network Configuration (continued)

 Rule base or access control list (ACL): rules anetwork device uses to permit or deny a packet(not to be confused with ACLs used in securinga

file system)

on pages 122 and 123 of the text)

text when creating rules

ATHENA

 Rule base or access control list (ACL): rules anetwork device uses to permit or deny a packet(not to be confused with ACLs used in securinga

file system)

on pages 122 and 123 of the text)

text when creating rules

Network Configuration (continued)

 Establishing a security baseline creates a basisfor information security

applying the necessary updates to the software

 Securing the file system is another step in

hardening a system

ATHENA

 Establishing a security baseline creates a basisfor information security

applying the necessary updates to the software

 Securing the file system is another step in

hardening a system

Summary (continued)

hardened by installing the latest patches andupdates

servers, DNS servers, NNTP servers, print/fileservers, and DHCP servers, must be hardened

to prevent attackers from corrupting them orusing the server to launch other attacks

hardened by installing the latest patches andupdates

servers, DNS servers, NNTP servers, print/fileservers, and DHCP servers, must be hardened

to prevent attackers from corrupting them orusing the server to launch other attacks