TSM 353 - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

TSM 353

Description:

Firewalls do not protect against OS or Application programming ... is a known but yet unpatched vulnerability, use your other security components to protect. ... – PowerPoint PPT presentation

Number of Views:66
Avg rating:3.0/5.0
Slides: 13
Provided by: johnmc1
Category:
Tags: tsm | unpatched

less

Transcript and Presenter's Notes

Title: TSM 353


1
TSM 353
  • Host Hardening

2
What is "Hardening"?
  • Making modifications to default installation of
    an Operating System to reduce its exposure to
    attack
  • The extent of hardening varies considerably,
    depending on the host's role
  • Firewalls do not protect against OS or
    Application programming flaws (for example -
    buffer overflows), so they are not a substitute
    for hardening.

3
Levels of Hardening
  • Hardening takes time and costs money. As the
    level of hardening increases, so does the
    work/cost associated with that level. Level
    should be carefully selected.
  • Often causes some functions to fail - which
    further adds to time/cost factor.
  • Increased hardening decreases convenience - main
    reason that systems are shipped (default install)
    insecure.

4
Level 1 Hardening Against Local Attacks
  • This defense is fairly straightforward
  • Restrict use of powerful utilities
  • Disk Management
  • User Management
  • Compilers
  • Eliminate powerful utilities that will not be
    used
  • Restrict access to resources with permissions.
    This implies that you must use a file system that
    supports permissions

5
Level 2 Hardening Against Network Attacks
Manage Users Carefully
  • Restrict administrative/root accounts
  • Eliminate, restrict and monitor powerful accounts
  • Eliminate unnecessary accounts. Watch out for the
    'default' accounts and groups - like WinNT/2k
    Guest account.
  • Provide very complex passwords for service
    accounts. These are often created with more
    privileges than they need. Many accounts like
    this are created automatically with the
    installation of some software - such as backup
    programs.

6
Level 2 Hardening Against Network Attacks
Enforce Strong Passwords
  • User accounts with poor passwords are one of the
    most commonly exploited security weaknesses
  • Educate the users to understand their
    responsibility
  • Implement mechanisms that enforce password
    guidelines
  • Use devices, such as RSA's "SecurID". (Something
    you have).
  • Careful when assigning passwords to new accounts.
    In the time before user changes to final
    password, they can be attacked
  • Use password policies length, aging, history,
    and account lockout
  • If possible, require new passwords that differ
    from the previous password by a certain number of
    characters.

7
Level 2 Hardening Against Network Attacks -
Disable Unused Network Services
  • Decreases the likelihood that it will be used as
    a doorway into the system, but might complicate
    remote administration.
  • Be pro-active in checking services running on all
    hosts. Create a script that routinely captures
    the output of netstat -an for example.
  • Change Default SNMP Strings
  • Treat them like you would treat a system password
  • Disable Resource Sharing Services in Windows
  • Null Sessions represent a very big vulnerability
    since such connections are not authenticated by
    default
  • Null sessions can give up usernames, services,
    network shares, and other info.
  • Careful - certain functions might no longer work
    without null sessions.
  • Consider turning off support for NetBIOS
    altogether

8
Level 2 Hardening Against Network Attacks -
Disable Remote Access Services (UNIX)
  • All of the "r-commands", such as "rsh" and
    "rlogin".
  • They do not encrypt
  • Use SSH (Secure Shell) instead.

9
Level 3 Hardening Against Application Attacks
  • Protects the host against application-specific
    attacks that may be unrelated to the OS
    configuration
  • Most common app weaknesses can usually be
    resolved quickly
  • Apply the most recent security patches
  • Communicate on as few ports as possible
  • Common app weaknesses poor default configuration
    and buffer overflows
  • Databases are most attractive targets, since they
    often store valuable data, such as customer
    credit card info.

10
1. Define Access Methods
  • Apps often use internal access control
    mechanisms, such as internal databases, to
    authenticate users. This is completely separate
    from the OS authentication system.
  • When installing an app, carefully review the
    vendor's recommended procedure.

11
2. Application Passwords
  • Often have their own passwords
  • Use the same strict policy for app passwords

12
3. OS and App Patches
  • Patch installation is a critical component for
    hardening hosts against known vulnerabilities
  • When there is a known but yet unpatched
    vulnerability, use your other security components
    to protect. For example, a new virus is running
    about, but your anti-virus software does not yet
    defend against it. Try to set up your firewall to
    catch it as it's entering your network.
  • Install patches with caution - test in isolated
    environment first. They may often cause your
    custom scripts or applications to stop working.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "TSM 353" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!