Download - Chapter 4 - Operating System and Security
7/30/2019 Chapter 4 - Operating System and Security
http://slidepdf.com/reader/full/chapter-4-operating-system-and-security 1/18
CHAPTER 4OPERATING SYSTEM
AND SECURITY
7/30/2019 Chapter 4 - Operating System and Security
http://slidepdf.com/reader/full/chapter-4-operating-system-and-security 2/18
Identify basic security levels
Implement the system policy
Password
Account
Audit
User rights
System updates and hotfixes
OBJECTIVES
7/30/2019 Chapter 4 - Operating System and Security
http://slidepdf.com/reader/full/chapter-4-operating-system-and-security 3/18
Use NTFS on all your partitions.
Disable Simple File Sharing.
Use passwords on all user account.
Use the Administrator Group with care.
Use a firewall if you have a full time internet connection.
Install antivirus software on all workstations.
Keep up to date with hot fixes and service packs.
Password protect the screensaver.
Secure your wireless network.
Secure your backup tapes.
BASIC SECURITY LEVEL (XP)
7/30/2019 Chapter 4 - Operating System and Security
http://slidepdf.com/reader/full/chapter-4-operating-system-and-security 4/18
Password policy
Using your last name or the name of your pets as your password and
never changing it poses a security risk.
First of all, many pieces of information about you can be learned by
diligent hackers. Items such as your name, the names of yourchildren and other personal information should not be used.
To be strong, it is best if your password contains characters from
three of the following four categories :
English uppercase characters (a through z).
English lowercase characters (a through z).
Base 10 digits (0 through 9).
Non-alphabetic characters (for example, !, $, #, %).
You should also change your password frequently - at least every 30
days.
IMPLEMENTING SYSTEM POLICY
7/30/2019 Chapter 4 - Operating System and Security
http://slidepdf.com/reader/full/chapter-4-operating-system-and-security 5/18
Account policy
Do not disclose a computer’s identity until login is completed
successfully.
Set up the operating system so that the system login screen does not
identify the computer system by name or function until after login iscomplete.
Unauthorized personnel do not need to know the identity of machines
unless they need to use them.
IMPLEMENTING SYSTEM POLICY
7/30/2019 Chapter 4 - Operating System and Security
http://slidepdf.com/reader/full/chapter-4-operating-system-and-security 6/18
Audit policy
An audit log records an entry whenever users perform certain
specified actions.
For example, the modification of a file can trigger an audit entry that
shows the action that was performed, the associated user account,and the date and time of the action.
Success audit or failure audit
IMPLEMENTING SYSTEM POLICY
7/30/2019 Chapter 4 - Operating System and Security
http://slidepdf.com/reader/full/chapter-4-operating-system-and-security 7/18
User rights
Allow users to perform tasks on a computer. User rights include log
on rights and privileges.
Logon rights control who is authorized to log on to a computer and
how they can log on. Privileges control access to computer and domain resources
An example of a logon right is the ability to log on to a computer
locally.
An example of a privilege is the ability to edit a document.
Both types of user rights are assigned by administrators to individualusers or groups as part of the security settings for the computer
IMPLEMENTING SYSTEM POLICY
7/30/2019 Chapter 4 - Operating System and Security
http://slidepdf.com/reader/full/chapter-4-operating-system-and-security 8/18
A complex operating system does not immune to its own bugs
and security holes.
Hacker use the latest security hole to break into a sys tem and
work backward from there until they find and open door that
give them full access. Windows update features or automatic update keep the
system up to date.
CARRY OUT SYSTEM UPDATES
7/30/2019 Chapter 4 - Operating System and Security
http://slidepdf.com/reader/full/chapter-4-operating-system-and-security 9/18
A hotfix is a code (sometimes called a patch) that fixes a bug
in a product.
Users of the products may be notified by e-mail or obtain
information about current hotfixes at a software vendor's Web
site and download the hotfixes they wish to apply. Keeping up with patches as they are released saves the end-
user time and provides maximum security
HOTFIXES
7/30/2019 Chapter 4 - Operating System and Security
http://slidepdf.com/reader/full/chapter-4-operating-system-and-security 10/18
Patches require the system to be shut
down, then you must download the
patch before re-entering the system.
Hotfixes are applied directly while the
system’s are still alive.
Patches brings many changes Hotfixes are usually small changes to
the software
PATCHES VS HOTFIXES
7/30/2019 Chapter 4 - Operating System and Security
http://slidepdf.com/reader/full/chapter-4-operating-system-and-security 11/18
CHAPTER 4LINUX SECURITY
APPROACHES
7/30/2019 Chapter 4 - Operating System and Security
http://slidepdf.com/reader/full/chapter-4-operating-system-and-security 12/18
Identify and disabled unnecessary port and services
Lock identified ports
Carry out system hardening with Bastille
Maintain controlling and auditing of Root Access using SUDO
OBJECTIVES
7/30/2019 Chapter 4 - Operating System and Security
http://slidepdf.com/reader/full/chapter-4-operating-system-and-security 13/18
When determining which ports to block on your ser ver, you
must first determine which services you require.
In most cases, block all ports that are not exclusively required
by these services. This is tricky, because you can easily block
yourself from services you need. If your server is an exclusive e-mail ser ver running SMTP and
IMAP, you can block all TCP ports except ports 25 and 143,
respectively.
If your server is an exclusive HTTP server, you can block all
ports except TCP port 80.
DETERMINING PORT TO BLOCK
7/30/2019 Chapter 4 - Operating System and Security
http://slidepdf.com/reader/full/chapter-4-operating-system-and-security 14/18
Hardening is a process of modifying a system to make it
highly secure.
For hardening activities to be most successful should :
Do hardening activities before the system is connected to the
network to avoid attacks. Base configuration on the least-privilege model: the system should
grant access only to the degree necessary for proper functionality.
Similarly, users should be allowed only the minimum set of access
rights they need
CARRY OUT SYSTEM HARDENING
7/30/2019 Chapter 4 - Operating System and Security
http://slidepdf.com/reader/full/chapter-4-operating-system-and-security 15/18
Bastille is a software tool that eases the process of hardening
a Linux system, giving you the choice of what to lock down
and what not to, depending on your security requirements.
Bastille is a set of Perl scripts that run as an interactive
program, asking questions for each step of the hardeningprocess.
The scripts explain each step well, enabling you to unders tand
what security measures will be introduced by any changes you
make and why.
Bastille currently works with Red Hat, Fedora, SUSE, Debian,Ubuntu, Gentoo, and Mandriva distributions, as well as HP-UX.
CARRY OUT SYSTEM HARDENING
7/30/2019 Chapter 4 - Operating System and Security
http://slidepdf.com/reader/full/chapter-4-operating-system-and-security 16/18
CARRY OUT SYSTEM HARDENING
7/30/2019 Chapter 4 - Operating System and Security
http://slidepdf.com/reader/full/chapter-4-operating-system-and-security 17/18
Superuser Do (SUDO) is an open source security tool that
allows an administrator to give specific users or groups the
ability to run certain commands as root or as another user.
The program can also log commands and arguments entered
by specified system users. Sudo was first released to the public in the summer of 1986,
and Todd Miller of Courtesan Consulting currently maintains
the program and distributes it freely under a BSD-style
license.
CONTROLLING AND AUDITING ROOT ACCESS
WITH SUDO
7/30/2019 Chapter 4 - Operating System and Security
http://slidepdf.com/reader/full/chapter-4-operating-system-and-security 18/18
CONTROLLING AND AUDITING ROOT ACCESS
WITH SUDO