Presentation on theme: "1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of."— Presentation transcript:
2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of use Explore preventive system security controls Understand available detective system security controls Learn effective backup strategies that can be used as corrective security controls
3 Trade-offs Security vs. –Network communication speed –System resources usage –Security application ease of use QoSS – Quality of Security Service –Security services vs. performance
4 Preventive System Security Physical security –No unauthorized individuals should access systems –No one should be able to indirectly harm IT systems –Physical access should be tracked
5 Preventive System Security Vulnerability management –Receive security advisories from trusted source –Apply patches or workarounds in a timely manner –Test systems to ensure patches are applied
7 Preventive System Security Software development tools allow for building malicious tools on the fly –Compilers (e.g., C) –Interpreters (e.g., Java) –Limit the use of software development tools and strictly forbid those tools on systems connected to the Internet
8 Preventive System Security Users –Remove or disable guest accounts –Rename administrator and other default accounts –Review users periodically to ensure: User is still an employee User still needs access –Group management
9 Preventive System Security Passwords should: Be 8 characters or more in length Contain both uppercase and lowercase characters Contain numbers and symbols Not contain the user name Not contain words commonly found in the dictionary Not contain more than two repeating characters
10 Preventive System Security Passwords policies should: Require passwords be changed every 90 days Require 10 different passwords before any can be reused Lock accounts after 5 invalid login attempts Disable user accounts indefinitely when lock out occurs
13 Preventive System Security Access control Rights management Principle of least privilege Access control list (ACL) Execution control list (ECL)
14 Preventive System Security Web server Isolate within DMZ Restrict script execution CGI scripts Restrict scripts to one directory Allow only authorized users Review client-side vs. server-side scripts
15 Preventive System Security Web server Use nonprivileged accounts Protect files with OS permissions Disable directory listings Require the use of SSL
16 Preventive System Security Remote administration tools Restrict access to authorized users Use encryption: SSH, SCP, etc.
17 Preventive System Security Testing Test servers prior to placing them in production Test security patches and workarounds Ensure security controls are applied to testing environments Disconnect network Segregate test lab via firewalls Deploy security controls
18 Detective System Security Antivirus Use active malware checking Schedule regular AV scans Update AV signatures regularly
19 Detective System Security Auditing and Logging Audit system events: Logs cleared Logon failures and successes System restarts and shutdowns Rights changes or group membership changes Object access
20 Detective System Security Auditing and Logging Use log analysis tools Baseline activity Store logs for 90 days
21 Detective System Security Firewalls Block unwanted traffic at system level Log network traffic HIDS Detect malicious activity at system level Alert on specific events
22 Detective System Security Policy verification Ensure passwords have been changed Ensure password policies are followed Check file permissions on critical OS files Check that auditing facilities are enabled Check to make sure AV products are up-to- date
23 Corrective System Security Backups Keep original installation media Schedule regular backups Choose backup device to hold all pertinent data Schedule backups to capture all changes Choose backup type: full, incremental, or differential Properly store backup media
24 Summary System security may come at the price of performance or usability. It is important to consider the pros of the security offered against the cons of reduced resources or increased system complexity. Physical security ensures that attackers do not gain access by physically manipulating systems. Effective vulnerability management can greatly improve the overall security of systems without an enormous cost to the organization. Minimizing the software available on systems reduces the doors available to abusers.
25 Summary Strict user and password controls ensure that the “keys” to systems do not fall into the wrong hands. Access control lists (ACLs) and execution control lists (ECLs) allow administrators to manage the rights assigned to users. Web server applications present a large security exposure to a company’s IT environment. Preventive controls must be applied to secure all Web servers. Remote administration tools should be tightly controlled to prevent abusers from using these tools for malicious purposes.
26 Summary Systems that are used for development and testing generally do not adequately enforce security controls and should be “quarantined” from the normal production systems. Antivirus software protects systems against dangerous software code. Firewalls can be employed at the system level to further protect systems from malicious network traffic. Host intrusion detection offers real-time detection of malicious activities occurring on systems. An effective backup strategy helps organizations recover whenever malicious activity damages the environment.