Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.

Published byJeffrey Jackson Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing."— Presentation transcript:

1

2 1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing permissions, starting programs, kernel messages, etc.  Windows 2000 Event Viewer (Figure 6-17)

3 2 Figure 6-17: Windows 2000 Event Viewer for Logging

4 3 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  UNIX has many logging facilities controlled by syslog program (Figure 6-18) Syslog program sends log entries of different types to specific directories on the host or on other hosts The file syslog.config specifies which log entries and which severity levels should go to which directories on which hosts

5 4 Figure 6-18: syslog in UNIX Event From Internal System syslog … Login.Err HostA.. Restart.* /errors/restart.. 3. Host A 2. Login/Err 1. Event. Type=Login, Level=Err syslog.config Host Wishing to Do Remote Logging 4. Remote Logging Host A (Runs syslog)

6 5 Figure 6-16: Advanced Server Hardening Techniques Backup (Chapter 10)  UNIX backup tar command (tape archive) Create tape archive of a file, group of files, directory tree in a.tar file Can use tar to look at table of contents of files in.tar file Can use tar to restore one, some, or all files

7 6 Figure 6-16: Advanced Server Hardening Techniques Backup (Chapter 10)  Windows backup Start, Programs, Accessories, System Tools, Backup  Note that Backup is under Accessories rather than under Administrative Tools like most MMCs GUI to create backups, restore backups

8 7 Figure 6-16: Advanced Server Hardening Techniques File Encryption  Protects files even if attacker breaks in  Key escrow: Copy of encryption key is kept elsewhere to protect in case of key loss  Windows Encrypting File System (EFS) Select file in Windows Explorer, select Properties Click on General tab’s Advanced button Click on the box Encrypt contents to secure data

9 8 Figure 6-16: Advanced Server Hardening Techniques File Encryption  Windows Encrypting File System (EFS) Encryption is transparent: Save, retrieve, copy files as usual Encrypted files generally cannot be sent over the network There is a Recovery agent (usually on the domain controller) for key escrow

10 9 Figure 6-16: Advanced Server Hardening Techniques File Integrity Checker  Creates snapshot of files: a hashed signature (message digest) for each file  After an attack, compares post-hack signature with snapshot  This allows systems administrator to determine which files were changed  Tripwire is the usual file integrity checker for UNIX (Figure 6-19)

11 10 Figure 6-19: Tripwire File Integrity Checker File 1 File 2 … Other Files in Policy List File 1 File 2 … Other Files in Policy List File 1 Signature File 2 Signature … File 1 Signature File 2 Signature … Tripwire 1. Earlier Time 2. After Attack Post-Attack Signatures 3. Comparison to Find Changed Files Reference Base

12 11 Figure 6-16: Advanced Server Hardening Techniques File Integrity Checker  If applied to too many files, too many false alarms will occur  Must be selective—core programs likely to be Trojanized during attacks Server Host Firewalls  Rules can be specific to the server’s role (e-mail, etc.)

13 12 Figure 6-20: Types of UNIX Vulnerability Assessment Tools External Audit Tool Host Assessment Tool Network Monitoring Tool Attack Packet Network Traffic Auditing Computer

14 13 Figure 6-21: Hardening Clients Importance of Clients  Contain important information  If taken over, can get in as user, passing through firewalls and other protections

15 14 Figure 6-21: Hardening Clients Enforcing Good Practice  Patching  Antivirus software  Firewall software  Limiting client software to an approved list (e.g., forbidding P2P file exchange products)  Save passwords  File encryption

16 15 Figure 6-21: Hardening Clients Central Control is Desirable for Clients  For example, Microsoft Group Policy Objects (GPOs) for home clients  Require certain programs (antivirus, etc.), forbid programs not on list  Even lock down desktop so use cannot add new software or even change the interface  Central vulnerability scanning  Difficult to enforce on personally owned home computers

Download ppt "1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing."

Similar presentations

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.

Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.
Host Hardening (March 21, 2011) © Abdou Illia – Spring 2011.

Host Hardening (March 21, 2011) © Abdou Illia – Spring 2011.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
MIS 431 Chapter 71 Ch. 7: Advanced File Management System MIS 431 Created Spring 2006.

MIS 431 Chapter 71 Ch. 7: Advanced File Management System MIS 431 Created Spring 2006.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.
1 Chapter Overview Managing Compression Managing Disk Quotas Increasing Security with EFS Using Disk Defragmenter, Check Disk, and Disk Cleanup.

1 Chapter Overview Managing Compression Managing Disk Quotas Increasing Security with EFS Using Disk Defragmenter, Check Disk, and Disk Cleanup.

Similar presentations

Ads by Google