1 / 26

Chapter 8

Chapter 8. Fundamentals of System Security. Objectives. In this chapter, you will: Understand the trade-offs among security, performance, and ease of use Explore preventive system security controls Understand available detective system security controls

golda
Télécharger la présentation

Chapter 8

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 8 Fundamentals of System Security

  2. Objectives In this chapter, you will: • Understand the trade-offs among security, performance, and ease of use • Explore preventive system security controls • Understand available detective system security controls • Learn effective backup strategies that can be used as corrective security controls

  3. Trade-offs • Security vs. • Network communication speed • System resources usage • Security application ease of use • QoSS – Quality of Security Service • Security services vs. performance

  4. Preventive System Security • Physical security • No unauthorized individuals should access systems • No one should be able to indirectly harm IT systems • Physical access should be tracked

  5. Preventive System Security • Vulnerability management • Receive security advisories from trusted source • Apply patches or workarounds in a timely manner • Test systems to ensure patches are applied

  6. Preventive System Security • Minimize unneeded software • Uninstall unused applications • Disable unnecessary services • Uninstall unnecessary drivers

  7. Preventive System Security • Software development tools allow for building malicious tools on the fly • Compilers (e.g., C) • Interpreters (e.g., Java) • Limit the use of software development tools and strictly forbid those tools on systems connected to the Internet

  8. Preventive System Security • Users • Remove or disable guest accounts • Rename administrator and other default accounts • Review users periodically to ensure: • User is still an employee • User still needs access • Group management

  9. Preventive System Security • Passwords should: • Be 8 characters or more in length • Contain both uppercase and lowercase characters • Contain numbers and symbols • Not contain the user name • Not contain words commonly found in the dictionary • Not contain more than two repeating characters

  10. Preventive System Security • Passwords policies should: • Require passwords be changed every 90 days • Require 10 different passwords before any can be reused • Lock accounts after 5 invalid login attempts • Disable user accounts indefinitely when lock out occurs

  11. Preventive System Security • Authentication alternatives: • Biometrics • Hardware-based keys • Certificates • Smart Cards

  12. Preventive System Security

  13. Preventive System Security • Access control • Rights management • Principle of least privilege • Access control list (ACL) • Execution control list (ECL)

  14. Preventive System Security • Web server • Isolate within DMZ • Restrict script execution • CGI scripts • Restrict scripts to one directory • Allow only authorized users • Review client-side vs. server-side scripts

  15. Preventive System Security • Web server • Use nonprivileged accounts • Protect files with OS permissions • Disable directory listings • Require the use of SSL

  16. Preventive System Security • Remote administration tools • Restrict access to authorized users • Use encryption: SSH, SCP, etc.

  17. Preventive System Security • Testing • Test servers prior to placing them in production • Test security patches and workarounds • Ensure security controls are applied to testing environments • Disconnect network • Segregate test lab via firewalls • Deploy security controls

  18. Detective System Security • Antivirus • Use active malware checking • Schedule regular AV scans • Update AV signatures regularly

  19. Detective System Security • Auditing and Logging • Audit system events: • Logs cleared • Logon failures and successes • System restarts and shutdowns • Rights changes or group membership changes • Object access

  20. Detective System Security • Auditing and Logging • Use log analysis tools • Baseline activity • Store logs for 90 days

  21. Detective System Security • Firewalls • Block unwanted traffic at system level • Log network traffic • HIDS • Detect malicious activity at system level • Alert on specific events

  22. Detective System Security • Policy verification • Ensure passwords have been changed • Ensure password policies are followed • Check file permissions on critical OS files • Check that auditing facilities are enabled • Check to make sure AV products are up-to-date

  23. Corrective System Security • Backups • Keep original installation media • Schedule regular backups • Choose backup device to hold all pertinent data • Schedule backups to capture all changes • Choose backup type: full, incremental, or differential • Properly store backup media

  24. Summary • System security may come at the price of performance or usability. It is important to consider the pros of the security offered against the cons of reduced resources or increased system complexity. • Physical security ensures that attackers do not gain access by physically manipulating systems. • Effective vulnerability management can greatly improve the overall security of systems without an enormous cost to the organization. • Minimizing the software available on systems reduces the doors available to abusers.

  25. Summary • Strict user and password controls ensure that the “keys” to systems do not fall into the wrong hands. • Access control lists (ACLs) and execution control lists (ECLs) allow administrators to manage the rights assigned to users. • Web server applications present a large security exposure to a company’s IT environment. Preventive controls must be applied to secure all Web servers. • Remote administration tools should be tightly controlled to prevent abusers from using these tools for malicious purposes.

  26. Summary • Systems that are used for development and testing generally do not adequately enforce security controls and should be “quarantined” from the normal production systems. • Antivirus software protects systems against dangerous software code. • Firewalls can be employed at the system level to further protect systems from malicious network traffic. • Host intrusion detection offers real-time detection of malicious activities occurring on systems. • An effective backup strategy helps organizations recover whenever malicious activity damages the environment.

More Related