Transcript CT1406
CT1406 NETWORK SECURITY LAB REHAB ALFALLAJ Introduction There are a number of technologies that exist for the sole purpose of ensuring that the critical characteristics of data are maintained in any of its states. These technologies can be either hardware or software. Some of these items include but are not limited to firewalls, antivirus programs, software updates, and various forms of encryption. An understanding of these technologies is essential to enable security without compromising functionality. Hardening the Operating System In computing, hardening is usually the process of securing a system by reducing its surface of vulnerability. A system has a larger vulnerability surface the more functions it fulfills; in principle a single-function system is more secure than a multipurpose one. Reducing available vectors of attack typically includes the removal of unnecessary software, unnecessary usernames or logins and the disabling or removal of unnecessary services. Hardening the Operating System (Cont.) Information security : Confidentiality. Integrity. Availability. This chapter examines some techniques that can assist you in maintaining the confidentiality and integrity of data on a host machine. These labs begin with operating system issues and then move to issues such as antivirus applications and firewalls. Maintaining the operating system in an up-todate configuration is the first and most important step of maintaining a proper security posture. Once the OS is secure, then focus can shift to antivirus issues as viruses can be direct threats to the data on a machine. After these specific threats are covered, a firewall acts as a barrier with a regulated gate to screen traffic to and from the host. Hardening the Operating System (Cont.) The operating system is the software that handles input, output, display, memory management, and many other important tasks that allow the user to interact with and operate the computer system. A network operating system is an operating system that includes built-in functionality for connecting to devices and resources on a network. Most operating systems today, such as Windows, Unix, Linux, and Mac OS X, have networking built into them. Hardening the Operating System (Cont.) Developers of operating systems have a huge challenge to deal with. There are many different networks with different requirements for functionality and security. Designing the operating system to work “out of the box” in a way that will be the correct balance for every type of network is impossible. End users’ desire for more features has led to default installations being more feature rich than security conscious. As a result, default installations need to be secured. The process of securing the operating system is called hardening. Hardening the operating system is intended to reduce the number of vulnerabilities and protect the computer from threats or attacks. Hardening the Operating System (Cont.) While there are many different operating systems, the general steps in the hardening process are the same: 1. Install the latest service pack. 2. Apply the latest patches. 3. Disable unnecessary services. Hardening the Operating System (Cont.) 4. Remove unnecessary user accounts and rename the admin/root account. 5. Ensure the use of complex passwords. 6. Restrict permissions on files and access to the registry. Hardening the Operating System (Cont.) 7. Enable logging of critical events. 8. Remove unnecessary programs. Cont. There are some excellent tools available to help in the hardening process. Microsoft provides snapins to evaluate and configure the security settings. Changing all the settings to harden a computer can be quite a task. Microsoft has a special security feature called security templates. A security template contains hundreds of possible settings that can be configured to harden a computer. The security templates can control areas such as user rights, permissions, and password policies. While the process of hardening the computer will help prevent harm to the confidentiality, integrity, and availability of the data that is stored on the computer, it will also reduce the functionality or convenience of the computer. Cont. The key is to maintain an appropriate level of functionality while properly securing the system to maintain confidentiality, integrity, and availability. Lab Exercise Learning Objectives from the Lab At the end of this lab, you’ll be able to: Install Windows Service Pack. List the features of Service Pack. Change the setting of the firewall and the Automatic Updates feature. Apply security templates in Windows to harden the computer. The firewall has also been enhanced to provide boot-time security—the firewall starts immediately during the boot process, blocking traffic and closing the window of opportunity for a malicious attack to get in. Automatic Updates is an important feature of XP SP3. The time between software with vulnerabilities being released and attackers releasing malicious code to exploit them is growing shorter and shorter. Therefore, it is important to patch your operating system as soon as possible. Automatic Updates will set your computer to check Microsoft’s web site daily for any security updates. It will then download and install any that are available. It is important to note that this can be a double-edged sword. You may not always want to patch immediately because it is possible that the patch will fix one vulnerability yet damage another program that may be critical for business applications. Although XP SP3 does not come with antivirus software, it does monitor your antivirus program to check whether it is up to date. Service Pack 3 also enhances the Internet Explorer web browser. One of the features is the addition of a pop-up blocker. Pop-ups are pages or windows that pop up either when a link is clicked or some other condition is met. Web designers can use pop-ups to enable users to view enlarged versions of photos, or to open a new window for users to fill in a form or compose an e-mail message. Unfortunately, this feature is abused by certain sites and, without a pop-up blocker, you can be inundated with a large number of undesirable windows opening up. Advertisers also use pop-ups, which can be rather annoying. You can configure the pop-up blocker to block pop-ups generally but allow them on sites that you choose. In this lab, you will install XP SP3 and look at the Security Center application. Materials and Setup You will need the following: Windows XP Professional ( can be replaced by Windows 7) Windows 2003 Server ( can be replaced by Windows 2008 Server) BackTrack ( can be replaced by kali) Lab Steps Pages 170 – 178 On Windows 7: Patching. Set up event monitoring Setup baselines Monitor the current threat landscape Reference Wiley-Principles of Computer Security 2010 http://hardenwindows7forsecurity.com/Harden%20 Windows%207%20Home%20Premium%2064bit%2 0-%20Standalone.html http://hardenwindows7forsecurity.com/