Scribd Logo
Upload

Welcome to Scribd!

  • Chapter 08 CompSec

    Uploaded by

    Berrezeg Mahieddine
    11 views26 pages
    network security

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    network security

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    11 views26 pages

    Chapter 08 CompSec

    Uploaded by

    Berrezeg Mahieddine
    network security

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 26

    Network Defense and

    Countermeasures
    Sir. Ahmad Kamalrulzaman Othman
    FSKM, UiTM Johor

    Chapter 8: Operating System Hardening

    Objectives

    Properly configure a secure Windows system


    Properly configure a secure Linux system
    Apply appropriate operating system patches
    to Windows
    Apply application patches
    Securely configure a Web browser

    2006 by Pearson Education, Inc.

    Chapter 8 Operating System Hardening

    Introduction
    Securely configuring the operating system and
    its software is a critical step in system security
    that is often neglected. This chapter takes you
    through this process for different operating
    systems. It is not enough to just implement
    firewalls and proxy servers, it is also important
    to secure internal machines and the
    applications and information they house.

    2006 by Pearson Education, Inc.

    Chapter 8 Operating System Hardening

    Configuring Windows Properly

    Chapter focuses on Windows 2000 and XP


    Accounts, Users, Groups, and Passwords

    There are default user accounts


    Administrator accounts
    Other accounts

    IUSR_MachineName
    ASP.NET
    Database accounts

    2006 by Pearson Education, Inc.

    Chapter 8 Operating System Hardening

    Configuring Windows Properly cont.

    Accounts, Users, Groups, and Passwords


    (Continued)

    Disable those accounts that are not being used


    Avoid using default accounts if possible
    Restrict user access

    2006 by Pearson Education, Inc.

    Chapter 8 Operating System Hardening

    Configuring Windows Properly cont.

    Setting security policies

    Password policies
    Account lockout policies
    See tables 8.1 8.4 for recommended policies
    Other issues

    Writing passwords down


    Sharing passwords
    Using the least required access rule

    2006 by Pearson Education, Inc.

    Chapter 8 Operating System Hardening

    Default Windows Password Policies

    2006 by Pearson Education, Inc.

    Chapter 8 Operating System Hardening

    Password Setting Recommendations

    2006 by Pearson Education, Inc.

    Chapter 8 Operating System Hardening

    Windows Lockout Policies

    2006 by Pearson Education, Inc.

    Chapter 8 Operating System Hardening

    Recommended Lockout Policies

    2006 by Pearson Education, Inc.

    Chapter 8 Operating System Hardening

    10

    Configuring Windows Properly cont.

    Registry settings

    Registry basics
    Secure registry settings
    Restrict Null session access
    Restrict Null session access over named pipes
    Restrict anonymous access

    2006 by Pearson Education, Inc.

    Chapter 8 Operating System Hardening

    11

    Configuring Windows Properly cont.

    Registry Basics

    Core registry folders in the registry

    HKEY_CLASSES_ROOT
    HKEY_CURRENT_USER
    HKEY_LOCAL_MACHINE
    HKEY_USERS
    HKEY_CURRENT_CONFIG

    2006 by Pearson Education, Inc.

    Chapter 8 Operating System Hardening

    12

    CAUTION: Registry Editing


    Incorrect editing of your registry can render
    parts of your operating system unusable. If you
    are new to registry editing, do not practice on a
    production machine that has critical data.

    2006 by Pearson Education, Inc.

    Chapter 8 Operating System Hardening

    13

    Configuring Windows Properly cont.

    Registry settings (Continued)

    TCP/IP Stack settings


    Default shares
    Remote access to the registry
    Other registry settings

    2006 by Pearson Education, Inc.

    Chapter 8 Operating System Hardening

    14

    Configuring Windows Properly cont.

    2006 by Pearson Education, Inc.

    Chapter 8 Operating System Hardening

    15

    Configuring Windows Properly cont.

    Registry settings (continued)

    Several websites can provide additional


    information concerning securing the registry

    Stanford University
    Tech Republic
    Error Nuker

    2006 by Pearson Education, Inc.

    Chapter 8 Operating System Hardening

    16

    Configuring Windows Properly cont.

    Services

    Shutting down a service in Windows


    Port filtering and firewalls in Windows

    Encrypting File System (EFS)

    User interaction
    Virtually transparent to the user
    Built into Windows and easy to use

    2006 by Pearson Education, Inc.

    Chapter 8 Operating System Hardening

    17

    Configuring Windows Properly cont.

    Security templates

    DC security.inf
    Hisecdc.inf
    Hisecws.inf
    Securedc.inf
    Securews.inf
    Setup security.inf

    2006 by Pearson Education, Inc.

    Chapter 8 Operating System Hardening

    18

    Configuring Linux Properly

    Many security principles apply in Linux as


    they do in Windows
    Commonalities between Windows and Linux

    Default users and policies (names are different)


    All services not in use should be shut down
    Browser must be configured securely
    Routinely patch the system

    2006 by Pearson Education, Inc.

    Chapter 8 Operating System Hardening

    19

    Configuring Linux Properly cont.

    Differences between Linux and Windows

    No application should run as the root user


    Complexity of the root password
    Disable all console-equivalent access for regular
    users
    Hide system information

    2006 by Pearson Education, Inc.

    Chapter 8 Operating System Hardening

    20

    Configuring Linux Properly cont.

    Web sites that provide additional help:

    Linux Security Administrators Guide


    National Security Administration's Secure Linux
    Linux security tips
    Linux.com

    2006 by Pearson Education, Inc.

    Chapter 8 Operating System Hardening

    21

    Patching the Operating System

    Windows has updates on the Microsoft web


    site
    RedHat has a site that also allows updates
    to be made to its OS

    2006 by Pearson Education, Inc.

    Chapter 8 Operating System Hardening

    22

    Configuring Browsers

    Securing browser settings for MS Internet


    Explorer

    Privacy settings

    Block third-party cookies


    Prompt for first-party cookies
    Always allow session cookies

    Security settings

    2006 by Pearson Education, Inc.

    Chapter 8 Operating System Hardening

    23

    Configuring Browsers cont.

    Secure browser settings for Netscape


    Navigator

    Provide additional settings above what IE has


    available.

    What about Firefox?

    2006 by Pearson Education, Inc.

    Chapter 8 Operating System Hardening

    24

    Summary

    Hardening of operating systems is a critical


    part of Network security
    Proper security configuration can make
    hacking more difficult
    Encrypted File System (EFS) can secure
    information on the local computer
    Proper registry settings are also key in a
    Windows environment

    2006 by Pearson Education, Inc.

    Chapter 8 Operating System Hardening

    25

    Summary cont.

    Failure to address registry settings will greatly


    reduce the security of the computer
    Securing the browser can limit exposure to
    malware

    2006 by Pearson Education, Inc.

    Chapter 8 Operating System Hardening

    26

    You might also like