Transcript Secure System Setup

Secure System
Setup
COEN 250
System Administration Lifecycle

Harden / Secure
 Install
only minimal essential OS configuration
 Install patches to known deficiencies
 Install most secure / up-to-date versions of system
applications
 Remove all privilege and access and grant them back
only as needed

“Deny first, then allow”
 Enable
as much system logging as possible
System Administration Lifecycle

Prepare

Running system contains a collection of
vulnerabilities that are yet to be identified
 Administrator
needs to know system in a
production setting

Collect baseline state
 Install
monitoring tools for detecting and
responding to intrusions
System Administration Lifecycle

Detect
 Monitoring
reveals unusual, unexpected, or
suspicious behavior.
 External stimulus reveals unusual,
unexpected, or suspicious behavior.
User report
 Call from other organization
 security advisory / bulletin

System Administration Lifecycle

Response
 Analyze
effects of, scope of, and damage
caused by an intrusion
 Contain these effects
 Eliminate further intruder access
 Return information asset to a known,
operational state
System Administration Lifecycle

Improve

Triggered by detection and response
 Holding
a post mortem conference
 Update policies and procedures
 Collect measures of resources required to
deal with the intrusion an dother security
business case information
Definitions

Assets


Threat


Action conducted by an adversary on a victim system
Incident


Anything that can compromise an asset
Attack


includes information, hardware, software, people
Collection of data representing one or more related attacks
Intrusion

Actual illegal or undesired entry into an information system
Securing Network Servers and
User Workstations
Default hardware and software
configurations are set by vendors to
emphasize features and functions over
security
 Critical data stored on network servers
and user workstations

Securing Network Servers and
User Workstations

Confidentiality
 Some information on asset is sensitive or proprietary.
 Access to data limited to authorized users.
 Access to services limited to authorized users.

Integrity
 Integrity

of this information is critical.
Availability
 Information
must be readily available to authorized
users.
 Authorized users need to access services quickly
Securing Network Servers and
User Workstations

Four Stages
 Planning
and Executing deployment of
computers
 Configuring computers to make them less
vulnerable to attacks.
 Maintaining the integrity of deployed
computers
 Improving user awareness of security issues
Securing Network Servers and
User Workstations

Address security issues in computer
deployment plan
 Identify
the purpose of each computer
 Identify network services that will be provided
 Identify network service software to be
installed
 Identify users
Securing Network Servers and
User Workstations

Address security issues in computer deployment
plan
 Determine
user privileges
 Plan authentication

Network servers: OS authentication, Network service
authentication
 Determine access enforcement
 OS access control
 Encryption
 Develop
measures
Intrusion Detection Strategies
Securing Network Servers and
User Workstations

Address security issues in computer deployment
plan
 Document
Backup and Recovery Procedures
 Determine modus of network service restoration
 Develop and follow a documented procedure for
Installing an OS
 Determine how the computer will be connected to
your network
Securing Network Servers and
User Workstations

Address security issues in computer
deployment plan
 Identify
security concerns related to day-today administration
 Protect information contained on hardware no
longer in use
 Keep computer development plan current
Securing Network Servers and
User Workstations

Policy Considerations




A detailed computer deployment plan will be developed,
implemented, and maintained
Access to deployment plan will be given only to those who
require the information to perform their jobs
All new and updated computers will be installed, configured, and
tested in a stand-alone mode or within test networks.
All computers will present a warning banner to all users



indicating that they are legally accountable for their actions
implying consent through use of computer
All computers will be configured securely prior to deployment.
Securing Network Servers
Addressing Security Requirements

Server Selection is based on

Organization’s requirements





range of services
response time
throughput
ability to remotely administer software
Security Requirements







Availability of experienced staff
Absence of known vulnerabilities
Ability to restrict administrative activities to authorized users
Ability to deny access
Ability to disable unnecessary network services
Ability to control access to various forms of executable programs
(CGI…)
Ability to log
Securing Network Servers
Addressing Security Requirements

Identify Functionality and Performance
Requirements
 Document

OS features needed
Aside: An infrastructure made up of inhomogeneous
systems is more resilient
 Document
the applications software to run
 Derive hardware requirements
 Document hardware configuration and secure
configuration of software
Securing Network Servers
Addressing Security Requirements

Review Server Product Features
 Review
recommended practices
 Note type of security problems
 If available, look at sample installations
 Identify specific security-related features
 Check incident data to determine likelihood of
incidents and vulnerability of servers
Securing Network Servers
Addressing Security Requirements

Estimate Differences in Operating Costs
for different solutions
Securing Network Servers
Addressing Security Requirements

Policy Consideration
 Security
Policy should require a security
evaluation as part of computing and network
technology selection process
Securing Network Servers and User
Workstations
Keep OS and Apps up to date

Keep informed about security-related
patches
 Time
lag between discovery of vulnerability,
exploit, and patch
Securing Network Servers and User
Workstations
Keep OS and Apps up to date

Evaluate and Install Updates
 Installing
an update can cause security
problems
During update, computer can be in a more
vulnerable state
 Update schedule might render computer
unavailable when needed
 Non-synchronous update in a large network leads
to a situation with different software versions,
which might loose data
 Update might introduce new vulnerabilities.

Securing Network Servers and User
Workstations
Keep OS and Apps up to date

Evaluate and Install Updates
 Vendors
might not use proper authentication methods
to distinguish patches from Trojans
 Test updates before using them


Use isolated test environment to measure performance
Update less mission critical computers first
 Back-up data before updating
 Automatize updating
 Use secure connectivity tools such as SSH
 Use isolated network segments to propagate updates

 Use
Because update process makes computers more vulnerable
documented procedure to install updates
Securing Network Servers and User
Workstations
Keep OS and App up to date

Deploy new computers with up-to-date
software
 Installation
media might be out of date
Securing Network Servers and User
Workstations
Keep OS and App up to date

Create new Integrity-Checking Information
 Protect
OS files, Application files by storing
crypto-hashes on a secure medium
 Periodically verify integrity
Securing Network Servers and User
Workstations
Keep OS and App up to date

Policy Consideration
 Policy
should require system administrators to
monitor need for necessary software updates
 install them in a timely manner

Securing Network Servers:
Stick to Essentials on the Server Host
Machine

Offering only essential network services on a particular
host

Lowers vulnerability profile


Different services may be administered by different staff




Each additional service installed increases likelihood that host is
vulnerable
Less likelihood of conflict
Separation of duties
Host can be better configured for one / few services
Less logs / log entries

Easier to spot problems
Securing Network Servers:
Stick to Essentials on the Server Host
Machine


Determine functions host provides
Select Most Secure Alternative
 Example:
 Do not choose RSH or other r-services in favor of SSH
 Choose TCP wrapper



A small program that listens on the port where the service is
provided
Whenever a connection is made, wrapper records name of the
remote host and then run the original network server program
 Which has been moved to a different place.
Can provide additional access control
Securing Network Servers:
Stick to Essentials on the Server Host
Machine
Install only the minimal set of services and
applications
 Create and record cryptographic
checksums (tripwire)

Securing Network Servers:
Stick to Essentials on the Server Host
Machine

Policy Considerations
 Individual
network servers, including public
servers should be configured to offer only
essential services.
 Each network service should be on a
dedicated, single-purpose host wherever
possible.
Securing Network Servers:
Stick to Essentials on the Workstation Host
System

A new workstation is enabled by default to
provide the following roles:
 A personal
workstation that uses network services
only as a client
 A personal workstation that in addition provides
services and also uses services from other
workstations.
 A workstation that serves as a public server.

This role comes with considerable risks.
Securing Network Servers:
Stick to Essentials on the Workstation Host
System

Determine Functionality
 Applications
to be used
 File systems
 Default settings for small
 web access
 FTP
 File sharing
 System maintenance
 remotely or by console
 Network configuration
 Offered protocols
services
Securing Network Servers:
Stick to Essentials on the Workstation
Host System
Install only essential software
 Create and record cryptographic
checksums

Securing Network Servers:
Stick to Essentials on the Workstation
Host System

Policy Consideration
 All
user workstations should only be
configured with essential software
 All other software should be removed.
Securing Network Servers:
Configure network service clients to
enhance security

Users need to access several network services
from their workstation
 file
servers
 electronic mail
 bulletin boards
 file transfer
 remote access to other workstations

Configure client software that accesses those
services to operate securely
Securing Network Servers:
Configure network service clients to
enhance security

Identify behaviors that may lead to security problems

Can the client be used to store and transmit confidential information?


Does client software require increased user privilege?






If yes, misuse can result in dangerous operations at a higher security level.
Can the client be used to download and execute software?



If yes, provide cryptography.
Maybe Active X, Java, JavaScript is enabled in the browser.
Can the client corrupt data?
Can the client disclose confidential information about the client’s host
system configuration, network, user?
When can users download and execute code from external sites?
Are there private cryptographic keys on the client?
Does the client have turst relationships with other users and computers?
If the client is multi-homed, can it be used to bridge or route to other
computers?
Securing Network Servers:
Configure network service clients to
enhance security

Push vendor updates
Securing Network Servers:
Configure network service clients to
enhance security

Configure the client to maintain security
 Determine
what is configurable.
 Determine the likely threats to security presented by
the software.
 Turn off all unnecessary software features.
 Use access controls to inhibit the enabling of
restricted settings
 Establish user policies to maintain security where
features are lacking
Securing Network Servers:
Stick to Essentials on the Workstation
Host System

Policy Consideration
 Provide
users with clear explanations of
Precautions necessary when using a web browser
 Circumstances – if any – in which users can
download and execute software from other hosts
 Limitations on information that may be included in
e-mail

Securing Workstations
Configure Computers for User
Authentication
Only authorized users may access the
computers and the data and services they
provide
 Computers need to be configured to allow
identification and authentication
 Deployment plan documents the users or
user categories and the approach to
authenticating users

Securing Workstations
Configure Computers for User
Authentication


Configure hardware based access controls
Handle accounts and groups
 Change default accounts
 Disable accounts that need
to exist but do not require
an interactive login





UNIX: Provide a login shell with NULL functionality: /bin/false
Check password policy and ensure compliance
Require reauthentication after idle period.
Deny logins after a small number of false
attempts
Consider better authentication mechanisms
Securing Workstations
Configure Computers for
User Authentication

Policy Considerations
 Describe

life cycle of accounts
Includes triggers for actions such as deletion, disabling,
transfer, …
 Require
appropriate authentication of all users on all
computers that can access information assets
 Appropriate password policy

Prohibiting users from recording or storing passwords in
places that could be discovered by intruders
 Acceptable

use policy for workstations
Require users to shut down or lock unattended workstations.
OS Configuration for Access
Control

Identify the protection needed
 Generate
access matrix with groups of users
and groups of data
This might lead to refinements on user groups.
 Be aware that some programs change privilege
levels

OS Configuration for Access
Control
Configure access control for all protected
files, directories, devices …
 Each change / decision should be
documented

OS Configuration for Access
Control

Consider
 Disable
write/modify permissions for all binaries /
executable files
 Restrict access to system directories to administrators
 Unix: mount file systems as read only and nosuid
 Linux, BSD: use access permission “immutable” to all
kernel files
 Make all log files “append only”
 Educate users to not run scripts without
administrative review
OS Configuration for Access
Control

Pay attention to access control inheritance
for new files
OS Configuration for Access
Control

Install and configure file encryption
capabilities for sensitive data
Securing Network Servers and
User Workstations

Security Policy should specify:
 Access
privileges and controls for data stored on a
computer
 How to access files that have been encrypted
 Access privileges and controls for administrative
users:






Authority and condition for reading other user’s email
Access to protected programs of files
Disruption of service under specific conditions
Ban on sharing accounts
Ban on unauthorized creation of user accounts
Authority and conditions for use of vulnerability tools
Configure for File Backup

Develop a file backup and restoration plan
 Plan
needs to cover all deployed workstations and
servers
 Cost / Benefit analysis necessary to decide


Speed of backup / storage need / restoration effort
Local backup vs. centralized backup of user workstations
 With
cryptographic checksums, restore system files
from proven backup



Otherwise: use distribution media
Install and configure backup tools
Test the ability to recover
Configure for File Backup

Policy considerations
 Policy
should require the creation of a file
backup and restoration plan
 Inform users of their responsibilities
Use a tested model configuration
and a secure replication procedure



Configure one workstation appropriately
Test workstation
Propagate configuration

Record steps to create model configuration and then repeat
them




Save configuration on a write-protected storage medium and use
this as a master copy




Secure
Prone to human error
Does not scale
Almost as secure
Less prone to human error
Does not scale well
Use network to transfer configuration



Least secure
Least prone to human error
Scales well
Malware Protection

Develop a malware protection plan
 specifies
responsibility and authority of users
and system administrators
Install and execute anti-virus tools
 Train users
 Update detection tools

Malware Protection

Policy
 Defines
rights of users to install software
 Defines responsibility for running anti-virus
scans
 Prohibit users from running, looking at, … untrusted email attachments
Configure for Secure Remote
Administration



Local administration is more secure, but does not scale.
Computers can become vulnerable during
administration.
Insure that remote administration only comes from
authorized servers:



SSH
Insure minimum privilege level for all administration
tasks
Protect sensitive data against reading

Encryption

E.g. encrypt log data before transmission to reading computer
Configure for Secure Remote
Administration

Policy Considerations
 Require
use of secure procedures for
administration of network servers and
workstations
 Specify circumstances (if any) under which
third parties are permitted to administer
systems and the modes of such
administration.
Allow only appropriate physical
access to computers

Physical access is at least as dangerous as
network access
 Details
of security plan depend very much on
organization

Prevent installation of unauthorized hardware





key-loggers
modems
removable media
boot devices
Deploy computers in a secure facility
Allow only appropriate physical
access to computers

Policy considerations
 Permissions to install or modify hardware
 Circumstances in which users are allowed
to use
storage devices with removable media
 Circumstances in which users may take removable
media or printed information from site
 Need for network servers to be deployed in a
physically secure location

Access list for such location
 Circumstances
in which third parties are permitted to
physically access the system
Acceptable Use Policy for Users

Elements:




Workstations a user may or may not use
Hardware changes a user may make
Software installation or removal by user
What kind of work a user may perform on a given system












Manipulation of sensitive / classified data
Network services the user may or may not use
Information the user may or may not transmit across a network and under what
circumstances
User responsibilities in administering a workstation
Configuration changes a user might make
Ban on sharing accounts
Need to comply with password policy
Guidelines for accessing unprotected programs or files
Ban on breaking into accounts and systems
Ban on cracking passwords
Ban on disruption of service
Consequences of noncompliance
Acceptable Use Policy for
Users
User Training
 Provide explicit reminders at each login
