Transcript CT1406
CT1406
NETWORK SECURITY LAB
REHAB ALFALLAJ
Introduction
There are a number of technologies that exist for the
sole purpose of ensuring that the critical
characteristics of data are maintained in any of its
states. These technologies can be either hardware or
software.
Some of these items include but are not limited to
firewalls, antivirus programs, software updates, and
various forms of encryption. An understanding of
these technologies is essential to enable security
without compromising functionality.
Hardening the Operating System
In computing, hardening is usually the process of
securing a system by reducing its surface of
vulnerability. A system has a larger vulnerability
surface the more functions it fulfills; in principle a
single-function system is more secure than a
multipurpose one.
Reducing available vectors of attack typically
includes the removal of unnecessary software,
unnecessary usernames or logins and the
disabling or removal of unnecessary services.
Hardening the Operating System (Cont.)
Information security :
Confidentiality.
Integrity.
Availability.
This chapter examines some techniques that can assist you in
maintaining the confidentiality and integrity of data on a host
machine. These labs begin with operating system issues and then
move to issues such as antivirus applications and firewalls.
Maintaining the operating system in an up-todate configuration is
the first and most important step of maintaining a proper security
posture. Once the OS is secure, then focus can shift to antivirus
issues as viruses can be direct threats to the data on a machine.
After these specific threats are covered, a firewall acts as a barrier
with a regulated gate to screen traffic to and from the host.
Hardening the Operating System (Cont.)
The operating system is the software that handles
input, output, display, memory management, and
many other important tasks that allow the user to
interact with and operate the computer system.
A network operating system is an operating system
that includes built-in functionality for connecting to
devices and resources on a network. Most operating
systems today, such as Windows, Unix, Linux, and
Mac OS X, have networking built into them.
Hardening the Operating System (Cont.)
Developers of operating systems have a huge challenge to deal with.
There are many different networks with different requirements for
functionality and security.
Designing the operating system to work “out of the box” in a way that
will be the correct balance for every type of network is impossible. End
users’ desire for more features has led to default installations being
more feature rich than security conscious. As a result, default
installations need to be secured.
The process of securing the operating system is called hardening.
Hardening the operating system is intended to reduce the number of
vulnerabilities and protect the computer from threats or attacks.
Hardening the Operating System (Cont.)
While there are many different operating systems,
the general steps in the hardening process are the
same:
1. Install the latest service pack.
2. Apply the latest patches.
3. Disable unnecessary services.
Hardening the Operating System (Cont.)
4. Remove unnecessary user accounts and
rename the admin/root account.
5. Ensure the use of complex passwords.
6. Restrict permissions on files and access to
the registry.
Hardening the Operating System (Cont.)
7. Enable logging of critical events.
8. Remove unnecessary programs.
Cont.
There are some excellent tools available to help in the hardening
process. Microsoft provides snapins to evaluate and configure the
security settings.
Changing all the settings to harden a computer can be quite a task.
Microsoft has a special security feature called security templates. A
security template contains hundreds of possible settings that can be
configured to harden a computer.
The security templates can control areas such as user rights,
permissions, and password policies. While the process of hardening
the computer will help prevent harm to the confidentiality, integrity,
and availability of the data that is stored on the computer, it will
also reduce the functionality or convenience of the computer.
Cont.
The key is to maintain an appropriate level of
functionality while properly securing the system to
maintain confidentiality, integrity, and availability.
Lab Exercise
Learning Objectives from the Lab
At the end of this lab, you’ll be able to:
Install Windows Service Pack.
List the features of Service Pack.
Change the setting of the firewall and the Automatic
Updates feature.
Apply security templates in Windows to harden the
computer.
The firewall has also been enhanced to provide boot-time security—the firewall
starts immediately during the boot process, blocking traffic and closing the
window of opportunity for a malicious attack to get in.
Automatic Updates is an important feature of XP SP3. The time between software
with vulnerabilities being released and attackers releasing malicious code to
exploit them is growing shorter and shorter. Therefore, it is important to patch
your operating system as soon as possible. Automatic Updates will set your
computer to check Microsoft’s web site daily for any security updates. It will
then download and install any that are available.
It is important to note that this can be a double-edged sword. You may not always
want to patch immediately because it is possible that the patch will fix one
vulnerability yet damage another program that may be critical for business
applications. Although XP SP3 does not come with antivirus software, it does
monitor your antivirus program to check whether it is up to date.
Service Pack 3 also enhances the Internet Explorer web browser. One
of the features is the addition of a pop-up blocker. Pop-ups are
pages or windows that pop up either when a link is clicked or some
other condition is met.
Web designers can use pop-ups to enable users to view enlarged
versions of photos, or to open a new window for users to fill in a
form or compose an e-mail message. Unfortunately, this feature is
abused by certain sites and, without a pop-up blocker, you can be
inundated with a large number of undesirable windows opening up.
Advertisers also use pop-ups, which can be rather annoying. You
can configure the pop-up blocker to block pop-ups generally but
allow them on sites that you choose.
In this lab, you will install XP SP3 and look at the Security Center
application.
Materials and Setup
You will need the following:
Windows XP Professional ( can be replaced by
Windows 7)
Windows 2003 Server ( can be replaced by Windows
2008 Server)
BackTrack ( can be replaced by kali)
Lab Steps
Pages 170 – 178
On Windows 7:
Patching.
Set up event monitoring
Setup baselines
Monitor the current threat landscape
Reference
Wiley-Principles of Computer Security 2010
http://hardenwindows7forsecurity.com/Harden%20
Windows%207%20Home%20Premium%2064bit%2
0-%20Standalone.html
http://hardenwindows7forsecurity.com/