OPERATING SYSTEM AND SECURITY

CHAPTER 4

OBJECTIVES
Identify basic security levels Implement the system policy
Password Account Audit User rights

System updates and hotfixes

BASIC SECURIT Y LEVEL (XP)

Use NTFS on all your partitions. Disable Simple File Sharing. Use passwords on all user account. Use the Administrator Group with care. Use a firewall if you have a full time internet connection. Install antivirus software on all workstations. Keep up to date with hot fixes and service packs. Password protect the screensaver. Secure your wireless network. Secure your backup tapes.

IMPLEMENTING SYSTEM POLICY

Password policy
Using your last name or the name of your pets as your password and never changing it poses a security risk. First of all, many pieces of information about you can be learned by diligent hackers. Items such as your name, the names of your children and other personal information should not be used. To be strong, it is best if your password contains characters from three of the following four categories :
English uppercase characters (a through z). English lowercase characters (a through z). Base 10 digits (0 through 9). Non-alphabetic characters (for example, !, $, #, %).

You should also change your password frequently - at least every 30 days.

IMPLEMENTING SYSTEM POLICY

Account policy
Do not disclose a computers identity until login is completed successfully. Set up the operating system so that the system login screen does not identify the computer system by name or function until after login is complete. Unauthorized personnel do not need to know the identity of machines unless they need to use them.

IMPLEMENTING SYSTEM POLICY

Audit policy
An audit log records an entry whenever users perform certain specified actions. For example, the modification of a file can trigger an audit entry that shows the action that was performed, the associated user account, and the date and time of the action. Success audit or failure audit

IMPLEMENTING SYSTEM POLICY

User rights
Allow users to perform tasks on a computer. User rights include log on rights and privileges. Logon rights control who is authorized to log on to a computer and how they can log on. Privileges control access to computer and domain resources An example of a logon right is the ability to log on to a computer locally. An example of a privilege is the ability to edit a document. Both types of user rights are assigned by administrators to individual users or groups as part of the security settings for the computer

CARRY OUT SYSTEM UPDATES

A complex operating system does not immune to its own bugs and security holes. Hacker use the latest security hole to break into a system and work backward from there until they find and open door that give them full access. Windows update features or automatic update keep the system up to date.

HOTFIXES
A hotfix is a code (sometimes called a patch) that fixes a bug in a product. Users of the products may be notified by e-mail or obtain information about current hotfixes at a software vendor's Web site and download the hotfixes they wish to apply. Keeping up with patches as they are released saves the enduser time and provides maximum security

PATCHES VS HOTFIXES

PATCH

HOTFIX

Patches require the system to be shut Hotfixes are applied directly while the down, then you must download the systems are still alive. patch before re-entering the system. Patches brings many changes Hotfixes are usually small changes to the software

LINUX SECURITY APPROACHES

CHAPTER 4

OBJECTIVES
Identify and disabled unnecessary port and services Lock identified ports Carry out system hardening with Bastille Maintain controlling and auditing of Root Access using SUDO

DETERMINING PORT TO BLOCK

When determining which ports to block on your server, you must first determine which services you require. In most cases, block all ports that are not exclusively required by these services. This is tricky, because you can easily block yourself from services you need. If your server is an exclusive e -mail server running SMTP and IMAP, you can block all TCP ports except ports 25 and 143, respectively. If your server is an exclusive HTTP server, you can block all ports except TCP port 80.

CARRY OUT SYSTEM HARDENING

Hardening is a process of modifying a system to make it highly secure. For hardening activities to be most successful should :
Do hardening activities before the system is connected to the network to avoid attacks. Base configuration on the least-privilege model: the system should grant access only to the degree necessary for proper functionality. Similarly, users should be allowed only the minimum set of access rights they need

CARRY OUT SYSTEM HARDENING

Bastille is a software tool that eases the process of hardening a Linux system, giving you the choice of what to lock down and what not to, depending on your security requirements. Bastille is a set of Perl scripts that run as an interactive program, asking questions for each step of the hardening process. The scripts explain each step well, enabling you to understand what security measures will be introduced by any changes you make and why. Bastille currently works with Red Hat, Fedora, SUSE, Debian, Ubuntu, Gentoo, and Mandriva distributions, as well as HP -UX.

CARRY OUT SYSTEM HARDENING

CONTROLLING AND AUDITING ROOT ACCESS WITH SUDO

Superuser Do (SUDO) is an open source security tool that allows an administrator to give specific users or groups the ability to run certain commands as root or as another user. The program can also log commands and arguments entered by specified system users. Sudo was first released to the public in the summer of 1986, and Todd Miller of Courtesan Consulting currently maintains the program and distributes it freely under a BSD -style license.

CONTROLLING AND AUDITING ROOT ACCESS WITH SUDO