Weekly summary 5

Nikunj Nayak

easttom_netd_ppt_08F.pdf

Home >Information Systems homework help >Weekly summary 5

Network Defense and

Countermeasures

by Chuck Easttom

Chapter 8: Operating System Hardening

Objectives

 Properly configure a secure Windows system

 Properly configure a secure Linux system

 Apply appropriate operating system patches

to Windows

 Apply application patches

 Securely configure a Web browser

Introduction

Securely configuring the operating system and

its software is a critical step in system security

that is often neglected. This chapter takes you

through this process for different operating

systems. It is not enough to just implement

firewalls and proxy servers, it is also important

to secure internal machines and the

applications and information they house.

Configuring Windows Properly

 This chapter focuses on Windows 2000 and

 Accounts, Users, Groups, and Passwords

 There are default user accounts

 Administrator accounts

 Other accounts

 IUSR_MachineName

 ASP.NET

 Database accounts

Configuring Windows Properly cont.

 Accounts, Users, Groups, and Passwords

(Continued)

 Disable those accounts that are not being used

 Avoid using default accounts if possible

 Restrict user access

Configuring Windows Properly cont.

 Setting security policies

 Password policies

 Account lockout policies

 See Tables 8.1–8.4 for recommended policies

 Other issues

 Writing passwords down

 Sharing passwords

 Using the least required access rule

Default Windows Password Policies

Password Setting Recommendations

Windows Lockout Policies

Recommended Lockout Policies

Configuring Windows Properly cont.

 Registry settings

 Registry basics

 Secure registry settings

 Restrict Null session access

 Restrict Null session access over named pipes

 Restrict anonymous access

Configuring Windows Properly cont.

 Registry Basics

 Core registry folders in the registry

 HKEY_CLASSES_ROOT

 HKEY_CURRENT_USER

 HKEY_LOCAL_MACHINE

 HKEY_USERS

 HKEY_CURRENT_CONFIG

CAUTION: Registry Editing

Incorrect editing of your registry can render

parts of your operating system unusable. If you

are new to registry editing, do not practice on a

production machine that has critical data.

Configuring Windows Properly cont.

 Registry settings (Continued)

 TCP/IP Stack settings

 Default shares

 Remote access to the registry

 Other registry settings

Configuring Windows Properly cont.

 Registry settings (continued)

 Several web sites can provide additional

information concerning securing the registry

 Stanford University

 Tech Republic

 Error Nuker

http://windows.stanford.edu/docs/security2000.html#regsec

http://techrepublic.com.com/5100-6329-1051224.html

Configuring Windows Properly cont.

 Services

 Shutting down a service in Windows

 Port filtering and firewalls in Windows

 Encrypting File System (EFS)

 User interaction

 Virtually transparent to the user

 Built into Windows and easy to use

Configuring Windows Properly cont.

 Security templates

 DC security.inf

 Hisecdc.inf

 Hisecws.inf

 Securedc.inf

 Securews.inf

 Setup security.inf

Configuring Linux Properly

 Many security principles apply in Linux as

they do in Windows

 Commonalities between Windows and Linux

 Default users and policies (names are different)

 All services not in use should be shut down

 Browser must be configured securely

 Routinely patch the system

Configuring Linux Properly cont.

 Differences between Linux and Windows

 No application should run as the root user

 Complexity of the root password

 Disable all console-equivalent access for regular

users

 Hide system information

Configuring Linux Properly cont.

 Web sites that provide additional help:

 Linux Security Administrators Guide

 National Security Administration's Secure Linux

 Linux security tips

 Linux.com

http://www.linuxsecurity.com/docs/SecurityAdminGuide/SecurityAdminGuide.html

http://www.nsa.gov/selinux/

http://www.linuxgazette.com/issue58/sharma.html

http://www.linux.com/

Patching the Operating System

 Windows has updates on the Microsoft web

site

 Red Hat has a site that also allows updates

to be made to its OS

Configuring Browsers

 Securing browser settings for MS Internet

Explorer

 Privacy settings

 Block third-party cookies

 Prompt for first-party cookies

 Always allow session cookies

 Security settings

Configuring Browsers cont.

 Secure browser settings for Netscape

Navigator

 Provide additional settings above what IE has

available.

 What about Firefox?

Summary

 Hardening of operating systems is a critical

part of Network security

 Proper security configuration can make

hacking more difficult

 Encrypted File System (EFS) can secure

information on the local computer

 Proper registry settings are also key in a

Windows environment

Summary cont.

 Failure to address registry settings will greatly

reduce the security of the computer

 Securing the browser can limit exposure to

malware