1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.

Slides:



Advertisements
Similar presentations
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
Advertisements

Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.
Host Hardening (March 21, 2011) © Abdou Illia – Spring 2011.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Chapter 7 HARDENING SERVERS.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
MIS 431 Chapter 71 Ch. 7: Advanced File Management System MIS 431 Created Spring 2006.
70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
Lesson 19: Configuring Windows Firewall
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.
1 Chapter Overview Managing Compression Managing Disk Quotas Increasing Security with EFS Using Disk Defragmenter, Check Disk, and Disk Cleanup.
Hands-On Microsoft Windows Server Connecting Through Terminal Services Terminal server – Enables clients to run services and software applications.
1 Using Compressed Files and Folders Applications and operating systems read and write to compressed files. NTFS uncompresses the file before making it.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Guide to MCSE , Enhanced 1 Activity 10-1: Restarting Windows Server 2003 Objective: to restart Windows Server 2003 Start  Shut Down  Restart Configure.
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
How to access office computer from home Presented by Mingyang Wang 11/20/2007 Updated by Raja Karkutla 07/10/2009 To use SSL VPN instead of VPN Client.
Hands-On Microsoft Windows Server 2008
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.
CIM6400 CTNW (04/05) 1 CIM6400 CTNW Lesson 6 – More on Windows 2000.
Chapter Fourteen Windows XP Professional Fault Tolerance.
1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall.
1 Objectives Audit Policies Update and maintain your clients using Windows Server Update Service Microsoft Baseline Security Analyzer Windows Firewalls.
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 UNDERSTANDING USER ACCOUNTS  Local user accounts  stored in the Security.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Four Windows Server 2008 Remote Desktop Services,
Host Hardening Chapter 6 Panko, Corporate Computer and Network Security Copyright 2005 Prentice-Hall.
1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.
Module 15 Managing Windows Server® 2008 Backup and Restore.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 11: Monitoring Server Performance.
Unix Security.  Security architecture  File system and user accounts  Integrity management  Auditing and intrusion detection.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 6 Implementing Infrastructure Controls.
Administering Microsoft Windows Server 2003 Chapter 2.
Managing Applications, Services, Folders, and Libraries Lesson 4.
Microsoft Windows XP Professional MCSE Exam
The world leader in serving science Overview of Thermo 21 CFR Part 11 tools Overview of software used by multiple business units within the Spectroscopy.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Chapter 4 Sharing Files. FIGURE 4.0.F01: Sharing files for reading on Microsoft Windows 8.1. Used with permission from Microsoft.
Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.
Joe Budzyn Jeff Goeke-Smith Jeff Utter. Risk Analysis  Match the technologies used with the security need  Spend time and resources covering the most.
IDS And Tripwire Rayhan Mir COSC 356. What is IDS IDS - Intrusion detection system Primary function – To monitor network or host resources to detect intrusions.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.
Working at a Small-to-Medium Business or ISP – Chapter 8
Chapter 6 Application Hardening
Chapter 5 : Designing Windows Server-Level Security Processes
IS3440 Linux Security Unit 6 Using Layered Security for Access Control
Figure 1-7: Eavesdropping on a Dialog
Administering Your Network
Operating System Security
Bethesda Cybersecurity Club
Setting up home folders and roaming profiles
Presentation transcript:

1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing permissions, starting programs, kernel messages, etc.  Windows 2000 Event Viewer (Figure 6-17)

2 Figure 6-17: Windows 2000 Event Viewer for Logging

3 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  UNIX has many logging facilities controlled by syslog program (Figure 6-18) Syslog program sends log entries of different types to specific directories on the host or on other hosts The file syslog.config specifies which log entries and which severity levels should go to which directories on which hosts

4 Figure 6-18: syslog in UNIX Event From Internal System syslog … Login.Err HostA.. Restart.* /errors/restart.. 3. Host A 2. Login/Err 1. Event. Type=Login, Level=Err syslog.config Host Wishing to Do Remote Logging 4. Remote Logging Host A (Runs syslog)

5 Figure 6-16: Advanced Server Hardening Techniques Backup (Chapter 10)  UNIX backup tar command (tape archive) Create tape archive of a file, group of files, directory tree in a.tar file Can use tar to look at table of contents of files in.tar file Can use tar to restore one, some, or all files

6 Figure 6-16: Advanced Server Hardening Techniques Backup (Chapter 10)  Windows backup Start, Programs, Accessories, System Tools, Backup  Note that Backup is under Accessories rather than under Administrative Tools like most MMCs GUI to create backups, restore backups

7 Figure 6-16: Advanced Server Hardening Techniques File Encryption  Protects files even if attacker breaks in  Key escrow: Copy of encryption key is kept elsewhere to protect in case of key loss  Windows Encrypting File System (EFS) Select file in Windows Explorer, select Properties Click on General tab’s Advanced button Click on the box Encrypt contents to secure data

8 Figure 6-16: Advanced Server Hardening Techniques File Encryption  Windows Encrypting File System (EFS) Encryption is transparent: Save, retrieve, copy files as usual Encrypted files generally cannot be sent over the network There is a Recovery agent (usually on the domain controller) for key escrow

9 Figure 6-16: Advanced Server Hardening Techniques File Integrity Checker  Creates snapshot of files: a hashed signature (message digest) for each file  After an attack, compares post-hack signature with snapshot  This allows systems administrator to determine which files were changed  Tripwire is the usual file integrity checker for UNIX (Figure 6-19)

10 Figure 6-19: Tripwire File Integrity Checker File 1 File 2 … Other Files in Policy List File 1 File 2 … Other Files in Policy List File 1 Signature File 2 Signature … File 1 Signature File 2 Signature … Tripwire 1. Earlier Time 2. After Attack Post-Attack Signatures 3. Comparison to Find Changed Files Reference Base

11 Figure 6-16: Advanced Server Hardening Techniques File Integrity Checker  If applied to too many files, too many false alarms will occur  Must be selective—core programs likely to be Trojanized during attacks Server Host Firewalls  Rules can be specific to the server’s role ( , etc.)

12 Figure 6-20: Types of UNIX Vulnerability Assessment Tools External Audit Tool Host Assessment Tool Network Monitoring Tool Attack Packet Network Traffic Auditing Computer

13 Figure 6-21: Hardening Clients Importance of Clients  Contain important information  If taken over, can get in as user, passing through firewalls and other protections

14 Figure 6-21: Hardening Clients Enforcing Good Practice  Patching  Antivirus software  Firewall software  Limiting client software to an approved list (e.g., forbidding P2P file exchange products)  Save passwords  File encryption

15 Figure 6-21: Hardening Clients Central Control is Desirable for Clients  For example, Microsoft Group Policy Objects (GPOs) for home clients  Require certain programs (antivirus, etc.), forbid programs not on list  Even lock down desktop so use cannot add new software or even change the interface  Central vulnerability scanning  Difficult to enforce on personally owned home computers

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.