secure system setup coen 250. system administration lifecycle harden / secure install only minimal...

Secure System Setup

COEN 250

System Administration Lifecycle

Harden / Secure Install only minimal essential OS configuration Install patches to known deficiencies Install most secure / up-to-date versions of system

applications Remove all privilege and access and grant them back

only as needed “Deny first, then allow”

Enable as much system logging as possible


Prepare Running system contains a collection of

vulnerabilities that are yet to be identified

Administrator needs to know system in a production setting

Collect baseline state

Install monitoring tools for detecting and responding to intrusions


DetectMonitoring reveals unusual, unexpected, or

suspicious behavior.External stimulus reveals unusual,

unexpected, or suspicious behavior. User report Call from other organization security advisory / bulletin


ResponseAnalyze effects of, scope of, and damage

caused by an intrusionContain these effectsEliminate further intruder accessReturn information asset to a known,

operational state


Improve Triggered by detection and response

Holding a post mortem conferenceUpdate policies and proceduresCollect measures of resources required to

deal with the intrusion an dother security business case information

Definitions

Assets includes information, hardware, software, people

Threat Anything that can compromise an asset

Attack Action conducted by an adversary on a victim system

Incident Collection of data representing one or more related attacks

Intrusion Actual illegal or undesired entry into an information system

Securing Network Servers and User Workstations

Default hardware and software configurations are set by vendors to emphasize features and functions over security

Critical data stored on network servers and user workstations


Confidentiality Some information on asset is sensitive or proprietary. Access to data limited to authorized users. Access to services limited to authorized users.

Integrity Integrity of this information is critical.

Availability Information must be readily available to authorized

users. Authorized users need to access services quickly


Four StagesPlanning and Executing deployment of

computersConfiguring computers to make them less

vulnerable to attacks.Maintaining the integrity of deployed

computers Improving user awareness of security issues


Address security issues in computer deployment plan Identify the purpose of each computer Identify network services that will be provided Identify network service software to be

installed Identify users


Address security issues in computer deployment plan Determine user privileges Plan authentication

Network servers: OS authentication, Network service authentication

Determine access enforcement measures OS access control Encryption

Develop Intrusion Detection Strategies


Address security issues in computer deployment plan Document Backup and Recovery Procedures Determine modus of network service restoration Develop and follow a documented procedure for

Installing an OS Determine how the computer will be connected to

your network


Address security issues in computer deployment plan Identify security concerns related to day-to-

day administrationProtect information contained on hardware no

longer in useKeep computer development plan current


Policy Considerations A detailed computer deployment plan will be developed,

implemented, and maintained Access to deployment plan will be given only to those who

require the information to perform their jobs All new and updated computers will be installed, configured, and

tested in a stand-alone mode or within test networks. All computers will present a warning banner to all users

indicating that they are legally accountable for their actions implying consent through use of computer

All computers will be configured securely prior to deployment.

Securing Network ServersAddressing Security Requirements

Server Selection is based on Organization’s requirements

range of services response time throughput ability to remotely administer software

Security Requirements Availability of experienced staff Absence of known vulnerabilities Ability to restrict administrative activities to authorized users Ability to deny access Ability to disable unnecessary network services Ability to control access to various forms of executable programs

(CGI…) Ability to log


Identify Functionality and Performance RequirementsDocument OS features needed

Aside: An infrastructure made up of inhomogeneous systems is more resilient

Document the applications software to runDerive hardware requirementsDocument hardware configuration and secure

configuration of software


Review Server Product FeaturesReview recommended practicesNote type of security problems If available, look at sample installations Identify specific security-related featuresCheck incident data to determine likelihood of

incidents and vulnerability of servers


Estimate Differences in Operating Costs for different solutions


Policy ConsiderationSecurity Policy should require a security

evaluation as part of computing and network technology selection process

Securing Network Servers and User WorkstationsKeep OS and Apps up to date

Keep informed about security-related patchesTime lag between discovery of vulnerability,

exploit, and patch


Evaluate and Install Updates Installing an update can cause security

problems During update, computer can be in a more

vulnerable state Update schedule might render computer

unavailable when needed Non-synchronous update in a large network leads

to a situation with different software versions, which might loose data

Update might introduce new vulnerabilities.


Evaluate and Install Updates Vendors might not use proper authentication methods

to distinguish patches from Trojans Test updates before using them

Use isolated test environment to measure performance Update less mission critical computers first

Back-up data before updating Automatize updating

Use secure connectivity tools such as SSH Use isolated network segments to propagate updates

Because update process makes computers more vulnerable Use documented procedure to install updates

Securing Network Servers and User WorkstationsKeep OS and App up to date

Deploy new computers with up-to-date software Installation media might be out of date


Create new Integrity-Checking InformationProtect OS files, Application files by storing

crypto-hashes on a secure mediumPeriodically verify integrity


Policy ConsiderationPolicy should require system administrators to

monitor need for necessary software updates install them in a timely manner

Securing Network Servers:Stick to Essentials on the Server Host Machine

Offering only essential network services on a particular host Lowers vulnerability profile

Each additional service installed increases likelihood that host is vulnerable

Different services may be administered by different staff Less likelihood of conflict Separation of duties

Host can be better configured for one / few services Less logs / log entries

Easier to spot problems


Determine functions host provides Select Most Secure Alternative

Example: Do not choose RSH or other r-services in favor of SSH Choose TCP wrapper

A small program that listens on the port where the service is provided

Whenever a connection is made, wrapper records name of the remote host and then run the original network server program

Which has been moved to a different place. Can provide additional access control


Install only the minimal set of services and applications

Create and record cryptographic checksums (tripwire)


Policy Considerations Individual network servers, including public

servers should be configured to offer only essential services.

Each network service should be on a dedicated, single-purpose host wherever possible.

Securing Network Servers:Stick to Essentials on the Workstation Host System

A new workstation is enabled by default to provide the following roles: A personal workstation that uses network services

only as a client A personal workstation that in addition provides

services and also uses services from other workstations.

A workstation that serves as a public server. This role comes with considerable risks.


Determine Functionality Applications to be used File systems Default settings for small services

web access FTP File sharing

System maintenance remotely or by console

Network configuration Offered protocols


Install only essential software Create and record cryptographic

checksums


Policy ConsiderationAll user workstations should only be

configured with essential softwareAll other software should be removed.

Securing Network Servers:Configure network service clients to enhance security

Users need to access several network services from their workstation file servers electronic mail bulletin boards file transfer remote access to other workstations

Configure client software that accesses those services to operate securely


Identify behaviors that may lead to security problems Can the client be used to store and transmit confidential information?

If yes, provide cryptography. Does client software require increased user privilege?

If yes, misuse can result in dangerous operations at a higher security level. Can the client be used to download and execute software?

Maybe Active X, Java, JavaScript is enabled in the browser. Can the client corrupt data? Can the client disclose confidential information about the client’s host

system configuration, network, user? When can users download and execute code from external sites? Are there private cryptographic keys on the client? Does the client have turst relationships with other users and computers? If the client is multi-homed, can it be used to bridge or route to other

computers?


Push vendor updates


Configure the client to maintain security Determine what is configurable. Determine the likely threats to security presented by

the software. Turn off all unnecessary software features. Use access controls to inhibit the enabling of

restricted settings Establish user policies to maintain security where

features are lacking


Policy ConsiderationProvide users with clear explanations of

Precautions necessary when using a web browser Circumstances – if any – in which users can

download and execute software from other hosts Limitations on information that may be included in

e-mail

Securing Workstations

Configure Computers for User Authentication

Only authorized users may access the computers and the data and services they provide

Computers need to be configured to allow identification and authentication

Deployment plan documents the users or user categories and the approach to authenticating users



Configure hardware based access controls Handle accounts and groups

Change default accounts Disable accounts that need to exist but do not require

an interactive login UNIX: Provide a login shell with NULL functionality: /bin/false

Check password policy and ensure compliance Require reauthentication after idle period. Deny logins after a small number of false

attempts Consider better authentication mechanisms



Policy Considerations Describe life cycle of accounts

Includes triggers for actions such as deletion, disabling, transfer, …

Require appropriate authentication of all users on all computers that can access information assets

Appropriate password policy Prohibiting users from recording or storing passwords in

places that could be discovered by intruders

Acceptable use policy for workstations Require users to shut down or lock unattended workstations.

OS Configuration for Access Control

Identify the protection neededGenerate access matrix with groups of users

and groups of data This might lead to refinements on user groups. Be aware that some programs change privilege

levels


Configure access control for all protected files, directories, devices …

Each change / decision should be documented


Consider Disable write/modify permissions for all binaries /

executable files Restrict access to system directories to administrators Unix: mount file systems as read only and nosuid Linux, BSD: use access permission “immutable” to all

kernel files Make all log files “append only” Educate users to not run scripts without administrative

review


Pay attention to access control inheritance for new files


Install and configure file encryption capabilities for sensitive data


Security Policy should specify: Access privileges and controls for data stored on a

computer How to access files that have been encrypted Access privileges and controls for administrative

users: Authority and condition for reading other user’s email Access to protected programs of files Disruption of service under specific conditions Ban on sharing accounts Ban on unauthorized creation of user accounts Authority and conditions for use of vulnerability tools

Configure for File Backup

Develop a file backup and restoration plan Plan needs to cover all deployed workstations and

servers Cost / Benefit analysis necessary to decide

Speed of backup / storage need / restoration effort Local backup vs. centralized backup of user workstations

With cryptographic checksums, restore system files from proven backup

Otherwise: use distribution media Install and configure backup tools Test the ability to recover

Configure for File Backup

Policy considerationsPolicy should require the creation of a file

backup and restoration plan Inform users of their responsibilities

Use a tested model configuration and a secure replication procedure

Configure one workstation appropriately Test workstation Propagate configuration

Record steps to create model configuration and then repeat them

Secure Prone to human error Does not scale

Save configuration on a write-protected storage medium and use this as a master copy

Almost as secure Less prone to human error Does not scale well

Use network to transfer configuration Least secure Least prone to human error Scales well

Malware Protection

Develop a malware protection planspecifies responsibility and authority of users

and system administrators Install and execute anti-virus tools Train users Update detection tools

Malware Protection

PolicyDefines rights of users to install softwareDefines responsibility for running anti-virus

scansProhibit users from running, looking at, … un-

trusted email attachments

Configure for Secure Remote Administration

Local administration is more secure, but does not scale. Computers can become vulnerable during

administration. Insure that remote administration only comes from

authorized servers: SSH

Insure minimum privilege level for all administration tasks Protect sensitive data against reading

Encryption E.g. encrypt log data before transmission to reading computer

Configure for Secure Remote Administration

Policy ConsiderationsRequire use of secure procedures for

administration of network servers and workstations

Specify circumstances (if any) under which third parties are permitted to administer systems and the modes of such administration.

Allow only appropriate physical access to computers

Physical access is at least as dangerous as network access Details of security plan depend very much on

organization Prevent installation of unauthorized hardware

key-loggers modems removable media boot devices

Deploy computers in a secure facility

Allow only appropriate physical access to computers

Policy considerations Permissions to install or modify hardware Circumstances in which users are allowed to use

storage devices with removable media Circumstances in which users may take removable

media or printed information from site Need for network servers to be deployed in a

physically secure location Access list for such location

Circumstances in which third parties are permitted to physically access the system

Acceptable Use Policy for Users

Elements: Workstations a user may or may not use Hardware changes a user may make Software installation or removal by user What kind of work a user may perform on a given system

Manipulation of sensitive / classified data Network services the user may or may not use Information the user may or may not transmit across a network and under what

circumstances User responsibilities in administering a workstation Configuration changes a user might make Ban on sharing accounts Need to comply with password policy Guidelines for accessing unprotected programs or files Ban on breaking into accounts and systems Ban on cracking passwords Ban on disruption of service Consequences of noncompliance

Acceptable Use Policy for Users

User Training Provide explicit reminders at each login

secure system setup coen 250. system administration lifecycle harden / secure install only minimal...

Documents

user reportcall

authorized users

secure system setupcoen

suspicious behavior

software configurations

securitycritical data

os authentication

undesired entry