secure system setup coen 250. system administration lifecycle harden / secure install only minimal...
TRANSCRIPT
Secure System Setup
COEN 250
System Administration Lifecycle
Harden / Secure Install only minimal essential OS configuration Install patches to known deficiencies Install most secure / up-to-date versions of system
applications Remove all privilege and access and grant them back
only as needed “Deny first, then allow”
Enable as much system logging as possible
System Administration Lifecycle
Prepare Running system contains a collection of
vulnerabilities that are yet to be identified
Administrator needs to know system in a production setting
Collect baseline state
Install monitoring tools for detecting and responding to intrusions
System Administration Lifecycle
DetectMonitoring reveals unusual, unexpected, or
suspicious behavior.External stimulus reveals unusual,
unexpected, or suspicious behavior. User report Call from other organization security advisory / bulletin
System Administration Lifecycle
ResponseAnalyze effects of, scope of, and damage
caused by an intrusionContain these effectsEliminate further intruder accessReturn information asset to a known,
operational state
System Administration Lifecycle
Improve Triggered by detection and response
Holding a post mortem conferenceUpdate policies and proceduresCollect measures of resources required to
deal with the intrusion an dother security business case information
Definitions
Assets includes information, hardware, software, people
Threat Anything that can compromise an asset
Attack Action conducted by an adversary on a victim system
Incident Collection of data representing one or more related attacks
Intrusion Actual illegal or undesired entry into an information system
Securing Network Servers and User Workstations
Default hardware and software configurations are set by vendors to emphasize features and functions over security
Critical data stored on network servers and user workstations
Securing Network Servers and User Workstations
Confidentiality Some information on asset is sensitive or proprietary. Access to data limited to authorized users. Access to services limited to authorized users.
Integrity Integrity of this information is critical.
Availability Information must be readily available to authorized
users. Authorized users need to access services quickly
Securing Network Servers and User Workstations
Four StagesPlanning and Executing deployment of
computersConfiguring computers to make them less
vulnerable to attacks.Maintaining the integrity of deployed
computers Improving user awareness of security issues
Securing Network Servers and User Workstations
Address security issues in computer deployment plan Identify the purpose of each computer Identify network services that will be provided Identify network service software to be
installed Identify users
Securing Network Servers and User Workstations
Address security issues in computer deployment plan Determine user privileges Plan authentication
Network servers: OS authentication, Network service authentication
Determine access enforcement measures OS access control Encryption
Develop Intrusion Detection Strategies
Securing Network Servers and User Workstations
Address security issues in computer deployment plan Document Backup and Recovery Procedures Determine modus of network service restoration Develop and follow a documented procedure for
Installing an OS Determine how the computer will be connected to
your network
Securing Network Servers and User Workstations
Address security issues in computer deployment plan Identify security concerns related to day-to-
day administrationProtect information contained on hardware no
longer in useKeep computer development plan current
Securing Network Servers and User Workstations
Policy Considerations A detailed computer deployment plan will be developed,
implemented, and maintained Access to deployment plan will be given only to those who
require the information to perform their jobs All new and updated computers will be installed, configured, and
tested in a stand-alone mode or within test networks. All computers will present a warning banner to all users
indicating that they are legally accountable for their actions implying consent through use of computer
All computers will be configured securely prior to deployment.
Securing Network ServersAddressing Security Requirements
Server Selection is based on Organization’s requirements
range of services response time throughput ability to remotely administer software
Security Requirements Availability of experienced staff Absence of known vulnerabilities Ability to restrict administrative activities to authorized users Ability to deny access Ability to disable unnecessary network services Ability to control access to various forms of executable programs
(CGI…) Ability to log
Securing Network ServersAddressing Security Requirements
Identify Functionality and Performance RequirementsDocument OS features needed
Aside: An infrastructure made up of inhomogeneous systems is more resilient
Document the applications software to runDerive hardware requirementsDocument hardware configuration and secure
configuration of software
Securing Network ServersAddressing Security Requirements
Review Server Product FeaturesReview recommended practicesNote type of security problems If available, look at sample installations Identify specific security-related featuresCheck incident data to determine likelihood of
incidents and vulnerability of servers
Securing Network ServersAddressing Security Requirements
Estimate Differences in Operating Costs for different solutions
Securing Network ServersAddressing Security Requirements
Policy ConsiderationSecurity Policy should require a security
evaluation as part of computing and network technology selection process
Securing Network Servers and User WorkstationsKeep OS and Apps up to date
Keep informed about security-related patchesTime lag between discovery of vulnerability,
exploit, and patch
Securing Network Servers and User WorkstationsKeep OS and Apps up to date
Evaluate and Install Updates Installing an update can cause security
problems During update, computer can be in a more
vulnerable state Update schedule might render computer
unavailable when needed Non-synchronous update in a large network leads
to a situation with different software versions, which might loose data
Update might introduce new vulnerabilities.
Securing Network Servers and User WorkstationsKeep OS and Apps up to date
Evaluate and Install Updates Vendors might not use proper authentication methods
to distinguish patches from Trojans Test updates before using them
Use isolated test environment to measure performance Update less mission critical computers first
Back-up data before updating Automatize updating
Use secure connectivity tools such as SSH Use isolated network segments to propagate updates
Because update process makes computers more vulnerable Use documented procedure to install updates
Securing Network Servers and User WorkstationsKeep OS and App up to date
Deploy new computers with up-to-date software Installation media might be out of date
Securing Network Servers and User WorkstationsKeep OS and App up to date
Create new Integrity-Checking InformationProtect OS files, Application files by storing
crypto-hashes on a secure mediumPeriodically verify integrity
Securing Network Servers and User WorkstationsKeep OS and App up to date
Policy ConsiderationPolicy should require system administrators to
monitor need for necessary software updates install them in a timely manner
Securing Network Servers:Stick to Essentials on the Server Host Machine
Offering only essential network services on a particular host Lowers vulnerability profile
Each additional service installed increases likelihood that host is vulnerable
Different services may be administered by different staff Less likelihood of conflict Separation of duties
Host can be better configured for one / few services Less logs / log entries
Easier to spot problems
Securing Network Servers:Stick to Essentials on the Server Host Machine
Determine functions host provides Select Most Secure Alternative
Example: Do not choose RSH or other r-services in favor of SSH Choose TCP wrapper
A small program that listens on the port where the service is provided
Whenever a connection is made, wrapper records name of the remote host and then run the original network server program
Which has been moved to a different place. Can provide additional access control
Securing Network Servers:Stick to Essentials on the Server Host Machine
Install only the minimal set of services and applications
Create and record cryptographic checksums (tripwire)
Securing Network Servers:Stick to Essentials on the Server Host Machine
Policy Considerations Individual network servers, including public
servers should be configured to offer only essential services.
Each network service should be on a dedicated, single-purpose host wherever possible.
Securing Network Servers:Stick to Essentials on the Workstation Host System
A new workstation is enabled by default to provide the following roles: A personal workstation that uses network services
only as a client A personal workstation that in addition provides
services and also uses services from other workstations.
A workstation that serves as a public server. This role comes with considerable risks.
Securing Network Servers:Stick to Essentials on the Workstation Host System
Determine Functionality Applications to be used File systems Default settings for small services
web access FTP File sharing
System maintenance remotely or by console
Network configuration Offered protocols
Securing Network Servers:Stick to Essentials on the Workstation Host System
Install only essential software Create and record cryptographic
checksums
Securing Network Servers:Stick to Essentials on the Workstation Host System
Policy ConsiderationAll user workstations should only be
configured with essential softwareAll other software should be removed.
Securing Network Servers:Configure network service clients to enhance security
Users need to access several network services from their workstation file servers electronic mail bulletin boards file transfer remote access to other workstations
Configure client software that accesses those services to operate securely
Securing Network Servers:Configure network service clients to enhance security
Identify behaviors that may lead to security problems Can the client be used to store and transmit confidential information?
If yes, provide cryptography. Does client software require increased user privilege?
If yes, misuse can result in dangerous operations at a higher security level. Can the client be used to download and execute software?
Maybe Active X, Java, JavaScript is enabled in the browser. Can the client corrupt data? Can the client disclose confidential information about the client’s host
system configuration, network, user? When can users download and execute code from external sites? Are there private cryptographic keys on the client? Does the client have turst relationships with other users and computers? If the client is multi-homed, can it be used to bridge or route to other
computers?
Securing Network Servers:Configure network service clients to enhance security
Push vendor updates
Securing Network Servers:Configure network service clients to enhance security
Configure the client to maintain security Determine what is configurable. Determine the likely threats to security presented by
the software. Turn off all unnecessary software features. Use access controls to inhibit the enabling of
restricted settings Establish user policies to maintain security where
features are lacking
Securing Network Servers:Stick to Essentials on the Workstation Host System
Policy ConsiderationProvide users with clear explanations of
Precautions necessary when using a web browser Circumstances – if any – in which users can
download and execute software from other hosts Limitations on information that may be included in
Securing Workstations
Configure Computers for User Authentication
Only authorized users may access the computers and the data and services they provide
Computers need to be configured to allow identification and authentication
Deployment plan documents the users or user categories and the approach to authenticating users
Securing Workstations
Configure Computers for User Authentication
Configure hardware based access controls Handle accounts and groups
Change default accounts Disable accounts that need to exist but do not require
an interactive login UNIX: Provide a login shell with NULL functionality: /bin/false
Check password policy and ensure compliance Require reauthentication after idle period. Deny logins after a small number of false
attempts Consider better authentication mechanisms
Securing Workstations
Configure Computers for User Authentication
Policy Considerations Describe life cycle of accounts
Includes triggers for actions such as deletion, disabling, transfer, …
Require appropriate authentication of all users on all computers that can access information assets
Appropriate password policy Prohibiting users from recording or storing passwords in
places that could be discovered by intruders
Acceptable use policy for workstations Require users to shut down or lock unattended workstations.
OS Configuration for Access Control
Identify the protection neededGenerate access matrix with groups of users
and groups of data This might lead to refinements on user groups. Be aware that some programs change privilege
levels
OS Configuration for Access Control
Configure access control for all protected files, directories, devices …
Each change / decision should be documented
OS Configuration for Access Control
Consider Disable write/modify permissions for all binaries /
executable files Restrict access to system directories to administrators Unix: mount file systems as read only and nosuid Linux, BSD: use access permission “immutable” to all
kernel files Make all log files “append only” Educate users to not run scripts without administrative
review
OS Configuration for Access Control
Pay attention to access control inheritance for new files
OS Configuration for Access Control
Install and configure file encryption capabilities for sensitive data
Securing Network Servers and User Workstations
Security Policy should specify: Access privileges and controls for data stored on a
computer How to access files that have been encrypted Access privileges and controls for administrative
users: Authority and condition for reading other user’s email Access to protected programs of files Disruption of service under specific conditions Ban on sharing accounts Ban on unauthorized creation of user accounts Authority and conditions for use of vulnerability tools
Configure for File Backup
Develop a file backup and restoration plan Plan needs to cover all deployed workstations and
servers Cost / Benefit analysis necessary to decide
Speed of backup / storage need / restoration effort Local backup vs. centralized backup of user workstations
With cryptographic checksums, restore system files from proven backup
Otherwise: use distribution media Install and configure backup tools Test the ability to recover
Configure for File Backup
Policy considerationsPolicy should require the creation of a file
backup and restoration plan Inform users of their responsibilities
Use a tested model configuration and a secure replication procedure
Configure one workstation appropriately Test workstation Propagate configuration
Record steps to create model configuration and then repeat them
Secure Prone to human error Does not scale
Save configuration on a write-protected storage medium and use this as a master copy
Almost as secure Less prone to human error Does not scale well
Use network to transfer configuration Least secure Least prone to human error Scales well
Malware Protection
Develop a malware protection planspecifies responsibility and authority of users
and system administrators Install and execute anti-virus tools Train users Update detection tools
Malware Protection
PolicyDefines rights of users to install softwareDefines responsibility for running anti-virus
scansProhibit users from running, looking at, … un-
trusted email attachments
Configure for Secure Remote Administration
Local administration is more secure, but does not scale. Computers can become vulnerable during
administration. Insure that remote administration only comes from
authorized servers: SSH
Insure minimum privilege level for all administration tasks Protect sensitive data against reading
Encryption E.g. encrypt log data before transmission to reading computer
Configure for Secure Remote Administration
Policy ConsiderationsRequire use of secure procedures for
administration of network servers and workstations
Specify circumstances (if any) under which third parties are permitted to administer systems and the modes of such administration.
Allow only appropriate physical access to computers
Physical access is at least as dangerous as network access Details of security plan depend very much on
organization Prevent installation of unauthorized hardware
key-loggers modems removable media boot devices
Deploy computers in a secure facility
Allow only appropriate physical access to computers
Policy considerations Permissions to install or modify hardware Circumstances in which users are allowed to use
storage devices with removable media Circumstances in which users may take removable
media or printed information from site Need for network servers to be deployed in a
physically secure location Access list for such location
Circumstances in which third parties are permitted to physically access the system
Acceptable Use Policy for Users
Elements: Workstations a user may or may not use Hardware changes a user may make Software installation or removal by user What kind of work a user may perform on a given system
Manipulation of sensitive / classified data Network services the user may or may not use Information the user may or may not transmit across a network and under what
circumstances User responsibilities in administering a workstation Configuration changes a user might make Ban on sharing accounts Need to comply with password policy Guidelines for accessing unprotected programs or files Ban on breaking into accounts and systems Ban on cracking passwords Ban on disruption of service Consequences of noncompliance
Acceptable Use Policy for Users
User Training Provide explicit reminders at each login