Presentation on theme: "1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your."— Presentation transcript:
2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your system from external and internal attack from malicious elements. This module focuses on policies to ensure basic system security in a Network environment. ♦ Lessons covered in this module ► Basic Security Concepts ► Services and Policies
3 Defining System Security Policies Lesson 1 - Basic Security Concepts Basic Security Concepts ♦ Introduction There are many types of threats to network security. Specific terms are used to describe them. Preventive measures and technologies protect the network. These are the basic security concepts explain in this lesson. ♦ Topics covered in this lesson ► Security Terms ► Basic System Security
4 Defining System Security Policies Topic 1 – Security Terms ♦ Network Security Threats: ► Fraud, vandalism, espionage, defacement, computer viruses, and hackers. Threats can be internal or external. ♦ Threats take the form of specific attacks : ► Virus, Worm, Password cracking, Vandal, Man-in-the-middle, Denial-of- Service, Distributed Denial-of-Service, Mail Bomb, Ping of Death, Broadcast Storm, Spamming, Trojan horse, Resource Stealing, Sniffing, Spoofing, Email hacking, WinNuke. Contd …
5 Defining System Security Policies Topic 1 – Security Terms ♦ Preventive Measures: ► Authentication, Access control, Data encryption, Pretty Good Privacy (PGP), Double password encryption scheme, Vulnerability Assessment, Virus scanner, Auditing, Intrusion Detection Systems (IDS), Honey Pots, Securing servers. ♦ Security Technologies: ► Firewall, Virtual Public Network (VPN), Public Key Infrastructure (PKI), Network Address Translation (NAT).
6 Defining System Security Policies Topic 2 – Basic System Security ♦ Security Practices ► System security starts with good system administration. ► Adopt routine safe practices while working an a Network. ► There is no 100% security. ► Follow all the preventive actions as a habit. ► Still there can always be a security breach. ► Detect intruders early by checking the system logfiles regularly. ► Check the ownership and permissions of all vital files. ► Monitor use of privileged accounts. Contd …
7 Defining System Security Policies Contd … Topic 2 – Basic System Security ♦ System Security ► Be proactive about system security. ► Monitor the mailing lists for updates and fixes. ► Give any service least privilege, when available to the network. ► Disable traits not required for the specified work. ► Set up programs to privileged accounts only when necessary. ► Use tcpd to restrict certain services to users from certain hosts. ► Learn and use methods of restricting access to particular hosts or services.
8 Defining System Security Policies Topic 2 – Basic System Security ♦ Software Security ► Be careful with software that enable login or command execution with limited authentication. ► Disable the r commands and use the ssh suite of tools. ► Avoid dangerous software Programs that require special privilege are more dangerous. ► Disable any vulnerable services. ► Only install, run and expose services that are absolutely necessary.
9 Defining System Security Policies Lesson 2 – Services and Policies ♦ Introduction Services in Red Hat Linux are programs which can be run on the network. These can be secure or insecure. Policies are the options which decide which of the services are accessible to different users. ♦ Topics covered in this lesson ► Securing Services ► Defining Policies
10 Defining System Security Policies Topic 1 - Securing Services ♦ Insecure Services ► Telnet ► File Transfer Protocol (FTP) ► rsync, rsh, rlogin and finger ♦ Secure Services ► Secure Shell Service (SSH) ► Secure Copy (scp) ► Secure File Transfer (sfp) ► Security Enhanced Linux (SELinux)
11 Defining System Security Policies Topic 2 - Defining Policies ♦ Best security practice is to have a documented security policy. ♦ Internal attacks are as important as external attacks. ♦ Security policy should define and alert warning signals. ♦ Policy should tell who should do what in response to the signals. ♦ Limit physical access to systems containing sensitive information. ♦ Define system security policy using SELinux. ♦ SELinux is based on Mandatory Access Control (MAC). ♦ SELinux adds another layer of access control permission. ♦ Services governed by SELinux policy are dhcpd, httpd, mysqld, named, nscd, ntpd, portmap, postgres, snmpd, squid, syslogd, and winbindd.
12 Defining System Security Policies Lab Exercises ♦ Verifying services as per given security policy, by service detection.
13 Defining System Security Policies Conclusion ♦ Summary ► Computers networks can be harmed by security threats. Appropriate preventive measures and adopting security technologies can avoid such threats. Safe practices for security of system, network, and software are essential. ► Insecure services like Telnet, FTP, Rsync, Rsh, rlogin and finger should be replaced by secure services like SSH, scp, sftp and enforce SELinux. System security policies must be clearly defined and understood by all users. SELinux should have proper policies and should be implemented. ♦ Question and Answer Session