🎧 New: AI-Generated Podcasts Turn your study notes into engaging audio conversations. Learn more

L5A 2024S1 Server Security.pdf

Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...

Full Transcript

Official (Closed) and Non-Sensitive Topic 5A: Server Security IT1153 | IT1553 | IT1653 | IT1853 | IT1953 Infocomm Security Infocomm Security SCHOOL OF INFO...

Official (Closed) and Non-Sensitive Topic 5A: Server Security IT1153 | IT1553 | IT1653 | IT1853 | IT1953 Infocomm Security Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 1 Official (Closed) and Non-Sensitive Objectives Describe the functions of an operating system Describe different types of operating systems Explain the server configuration settings to protect a server Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 2 Official (Closed) and Non-Sensitive Servers and Host Computers Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 3 Official (Closed) and Non-Sensitive Servers and Host Computers Servers are software or computers that provides services to other computers or software. The computers and software that utilise these services are called clients. Software servers are usually hosted on the computer servers. For this topic, we will refer to the software servers as servers and the computer servers that host them as host computers. Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 4 Official (Closed) and Non-Sensitive Servers and Host Computers A host computer hosting a database Servers providing server service to clients Email Database Server Server Host Computer Web Host Computer Server Application Server Servers can provide service to other servers too Host Computer Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 5 Official (Closed) and Non-Sensitive Types of Servers Domain Name Server (DNS) Web Server Application Server (e.g. ASP.Net) Email Server Database Server File Server More… Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 6 Official (Closed) and Non-Sensitive Securing the Host Computer Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 7 Official (Closed) and Non-Sensitive Securing the Host Computer Securing the host computer involves: A. Protecting the physical device Physical access to equipment Secure equipment B. Securing the Operating System Five-step process C. Using security-based software Anti-virus, Firewall D. Access Control (Covered in earlier topic) Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 8 Official (Closed) and Non-Sensitive Protecting the Physical Device Prevent unauthorized physical access to equipment – prevent tampering and destruction Secure equipment – prevent removal/theft Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 9 Official (Closed) and Non-Sensitive Dangers of Physical Access What would happen if attacker has physical access to host computer? Risk of denial of service attack shut down, disconnect network, etc. System could be held for ransom Stolen and held for ransom Install Ransomware Reconfigure to boot from a floppy disk and erase the hard drives Copy or steal the hard drives, install on own computer and read it Copy hard drive, install on own computer, boot up and conduct brute-force password guessing Install a keylogger (HW or SW) to spy on login credentials and other information Install malware to provide backdoor access or perform other malicious tasks Install wireless device Physical destruction More… Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 10 Official (Closed) and Non-Sensitive Physical Access Control Secured Doors Fencing Camera Surveillance Access List Only people on the list are allowed to access Mantrap Room with 2 doors, only one can open at a time Each door may require different authentication to open Proximity Tags and Readers Access is allowed only if a shortrange wireless (RFID, Bluetooth) tag is nearby and detected by a reader Only authorized people possess the tags Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 11 Official (Closed) and Non-Sensitive Secure Equipment Portable devices have steel bracket, security slot or cable lock Notebook PCs may be placed in a safe Cable lock Locking cabinets Safe Locking Cabinet Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 12 Official (Closed) and Non-Sensitive Operating Systems Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 13 Official (Closed) and Non-Sensitive What is an Operating System (OS)? A software that functions as an interface between the user and the computer Allows user to use the computer by: Managing Resources: Manage resources of a computer such as the printer, mouse, keyboard, memory, disk drives and monitor. Providing User Interface: Graphical user interface (GUI) makes it very easy to use. Running Applications ability to multitask by running many applications at once. Support for built-in Utility Programs: E.g.: find and fixes errors in the operating system. Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 14 Official (Closed) and Non-Sensitive Types of OS Host Computers Unix Non-proprietary: Many variations, including Linux, by different companies Windows Server Personal Computers Microsoft Windows macOS Chrome OS Mobile Phones Android iOS More… for all kinds of devices, like IOT, network devices, etc. Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 15 Official (Closed) and Non-Sensitive Securing the Operating System Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 16 Official (Closed) and Non-Sensitive Securing the Operating System 1.Develop the security policy 2.Perform host software baselining 3.Configure operating system Five-step process security and settings for protecting 4.Deploy the settings operating system 5.Implement patch management Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 17 Official (Closed) and Non-Sensitive 1. Develop the security policy Most organizations have security policies: Acceptable use Anti-virus Password management E-mail and retention Wireless communication Disposal and destruction Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 18 Official (Closed) and Non-Sensitive 2. Perform host software baselining Baselining is to create a checklist against which an operating system can be evaluated to implement an effective and efficient security infrastructure Microsoft Baseline Security Analyzer (MBSA) performs an audit check on Windows operating system to reveal security vulnerabilities and recommend settings for hardening the operating system. Some of the checks that MBSA performs: Check for missing security updates Check for file system type on hard drives Check if Guest accounts are disabled Check the number of local Administrator accounts Check for blank or simple local user account passwords Check if unnecessary services are running Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 19 Official (Closed) and Non-Sensitive 3. Configure security and settings Change insecure default settings: Restrict permissions on files and directories Remove and disable guest accounts Apply password guidelines Eliminate unnecessary software, devices, services and protocols Enable security features such as a Windows firewall Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 20 Official (Closed) and Non-Sensitive 4. Deploy the settings A security template is created and deployed for all computers Use tools to automate the process to each computer In Microsoft, a security template is a collection of security configuration settings that includes the following: Account policies User rights Event log settings System services File permissions Registry permissions Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 21 Official (Closed) and Non-Sensitive 5. Implement Patch Management To address vulnerability in operating systems that are uncovered after the software has been released, software vendors usually deploy software fixes to address the vulnerabilities. Patch - A broadly released software security update intended to cover vulnerabilities that have been discovered Hotfix - Addresses a specific customer situation; often not distributed outside that customer’s organization Service Pack - A cumulative package of all hotfixes, patches and updates. Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 22 Official (Closed) and Non-Sensitive Security Software Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 23 Official (Closed) and Non-Sensitive Anti-Virus Software that examines a computer for malware infections Scans files and programs for known malware Monitor computer and programs for suspicious behavior or actions For malware that escaped scanning IT2118/IT3506 InfoSecurity Technology 2019S2 Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 24 Official (Closed) and Non-Sensitive How does Anti-virus Work? Scan files and programs for known malware signatures While scanning a file, it refers to a virus definition file The virus definition file is a database of malware signatures Malware signatures are bits of unique code patterns of malware that have been encountered before Anti-virus detects malware by looking for code in the files that match the signatures Virus definition files are regularly updated by anti-virus developers with signatures of newly discovered malware Weakness: Only works for known malware Modern malware defeat scanning by mutating their code or using encryption to hide their code Monitor programs for suspicious behaviour or actions To detect malware that escaped scanning Detect malware by monitoring programs for suspicious behaviour or actions For example, attempting to Delete files Delete events in log files Communicate with unknown internet addresses Install other programs IT2118/IT3506 InfoSecurity Technology 2019S2 Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 25 Official (Closed) and Non-Sensitive Host-based Firewall Host-based Firewalls are software and installed on the Host Computer Designed to prevent malicious packets from entering or leaving a computer Monitors inbound and outbound traffic flowing to/from your computer Allows or blocks traffic based on a set of rules Note: Network-based Firewalls covered in Network Security topic Hardware Firewalls installed on the network Designed to prevent malicious packets from entering or leaving the network Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 26 Official (Closed) and Non-Sensitive Summary Operating Systems Software that interfaces with the user Performs multiple tasks that allow the user to use the computer Servers are software that provides services to other computers (clients) and are hosted on Host Computers Securing the Host Computer involves: Controlling Physical Access Securing the Operating System Security software Access Control Infocomm Security SCHOOL OF INFORMATION TECHNOLOGY, NANYANG POLYTECHNIC 27

Use Quizgecko on...
Browser
Browser