Submit Search
Upload
Information Security Lesson 4 - Baselines - Eric Vanderburg
•
Download as PPT, PDF
•
1 like
•
593 views
Eric Vanderburg
Follow
Information Security Lesson 4 - Baselines - Eric Vanderburg
Read less
Read more
Technology
Report
Share
Report
Share
1 of 21
Download now
Recommended
501 ch 4 securing your network
501 ch 4 securing your network
gocybersec
Chapter09
Chapter09
Muhammad Ahad
Network Implementation and Support Lesson 14 Security Features - Eric Vande...
Network Implementation and Support Lesson 14 Security Features - Eric Vande...
Eric Vanderburg
University Management System - UMS-X1 Technical Data
University Management System - UMS-X1 Technical Data
Nasser Hassan
Cisco Standard Network Platform (SNP) - Catholic Relief Services Case Study
Cisco Standard Network Platform (SNP) - Catholic Relief Services Case Study
nicholas njoroge
501 ch 5 securing hosts and data
501 ch 5 securing hosts and data
gocybersec
Chapter08
Chapter08
Muhammad Ahad
Defending Applications In the Cloud: Architecting Layered Security Solutions ...
Defending Applications In the Cloud: Architecting Layered Security Solutions ...
EC-Council
Recommended
501 ch 4 securing your network
501 ch 4 securing your network
gocybersec
Chapter09
Chapter09
Muhammad Ahad
Network Implementation and Support Lesson 14 Security Features - Eric Vande...
Network Implementation and Support Lesson 14 Security Features - Eric Vande...
Eric Vanderburg
University Management System - UMS-X1 Technical Data
University Management System - UMS-X1 Technical Data
Nasser Hassan
Cisco Standard Network Platform (SNP) - Catholic Relief Services Case Study
Cisco Standard Network Platform (SNP) - Catholic Relief Services Case Study
nicholas njoroge
501 ch 5 securing hosts and data
501 ch 5 securing hosts and data
gocybersec
Chapter08
Chapter08
Muhammad Ahad
Defending Applications In the Cloud: Architecting Layered Security Solutions ...
Defending Applications In the Cloud: Architecting Layered Security Solutions ...
EC-Council
Secure nets-and-data
Secure nets-and-data
Kevin Mayo
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity Risk
Precisely
Network Management
Network Management
Leo Thiha
What to Do When You Don’t Know What to Do: Control System Patching Problems a...
What to Do When You Don’t Know What to Do: Control System Patching Problems a...
EnergySec
Enterprise Security in Mainframe-Connected Environments
Enterprise Security in Mainframe-Connected Environments
Precisely
01. 03.-introduction-to-infrastructure
01. 03.-introduction-to-infrastructure
Muhammad Ahad
Using Advanced Threat Analytics to Prevent Privilege Escalation Attacks
Using Advanced Threat Analytics to Prevent Privilege Escalation Attacks
BeyondTrust
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Digital Bond
z/OS Authorized Code Scanner
z/OS Authorized Code Scanner
Luigi Perrone
07. datacenters
07. datacenters
Muhammad Ahad
10. compute-part-2
10. compute-part-2
Muhammad Ahad
A+ Chapter 5 Review
A+ Chapter 5 Review
Amy McMullin
Open Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and Education
EnergySec
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
NCCOMMS
Final project
Final project
rippea
Fundamentals of Servers, server storage and server security.
Fundamentals of Servers, server storage and server security.
Aakash Panchal
Security Framework for the IPv6 Era
Security Framework for the IPv6 Era
Shinsuke SUZUKI
Network Security: Protecting SOHO Networks
Network Security: Protecting SOHO Networks
Jim Gilsinn
11. operating-systems-part-1
11. operating-systems-part-1
Muhammad Ahad
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
Byres Security Inc.
Cisco Security Agent - Eric Vanderburg
Cisco Security Agent - Eric Vanderburg
Eric Vanderburg
Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014
Sophos Benelux
More Related Content
What's hot
Secure nets-and-data
Secure nets-and-data
Kevin Mayo
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity Risk
Precisely
Network Management
Network Management
Leo Thiha
What to Do When You Don’t Know What to Do: Control System Patching Problems a...
What to Do When You Don’t Know What to Do: Control System Patching Problems a...
EnergySec
Enterprise Security in Mainframe-Connected Environments
Enterprise Security in Mainframe-Connected Environments
Precisely
01. 03.-introduction-to-infrastructure
01. 03.-introduction-to-infrastructure
Muhammad Ahad
Using Advanced Threat Analytics to Prevent Privilege Escalation Attacks
Using Advanced Threat Analytics to Prevent Privilege Escalation Attacks
BeyondTrust
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Digital Bond
z/OS Authorized Code Scanner
z/OS Authorized Code Scanner
Luigi Perrone
07. datacenters
07. datacenters
Muhammad Ahad
10. compute-part-2
10. compute-part-2
Muhammad Ahad
A+ Chapter 5 Review
A+ Chapter 5 Review
Amy McMullin
Open Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and Education
EnergySec
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
NCCOMMS
Final project
Final project
rippea
Fundamentals of Servers, server storage and server security.
Fundamentals of Servers, server storage and server security.
Aakash Panchal
Security Framework for the IPv6 Era
Security Framework for the IPv6 Era
Shinsuke SUZUKI
Network Security: Protecting SOHO Networks
Network Security: Protecting SOHO Networks
Jim Gilsinn
11. operating-systems-part-1
11. operating-systems-part-1
Muhammad Ahad
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
Byres Security Inc.
What's hot
(20)
Secure nets-and-data
Secure nets-and-data
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity Risk
Network Management
Network Management
What to Do When You Don’t Know What to Do: Control System Patching Problems a...
What to Do When You Don’t Know What to Do: Control System Patching Problems a...
Enterprise Security in Mainframe-Connected Environments
Enterprise Security in Mainframe-Connected Environments
01. 03.-introduction-to-infrastructure
01. 03.-introduction-to-infrastructure
Using Advanced Threat Analytics to Prevent Privilege Escalation Attacks
Using Advanced Threat Analytics to Prevent Privilege Escalation Attacks
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
Case Study: Running a DCS in a Highly Virtualized Environment, Chris Hughes o...
z/OS Authorized Code Scanner
z/OS Authorized Code Scanner
07. datacenters
07. datacenters
10. compute-part-2
10. compute-part-2
A+ Chapter 5 Review
A+ Chapter 5 Review
Open Platform for ICS Cybersecurity Research and Education
Open Platform for ICS Cybersecurity Research and Education
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
CSF18 - The Night is Dark and Full of Hackers - Sami Laiho
Final project
Final project
Fundamentals of Servers, server storage and server security.
Fundamentals of Servers, server storage and server security.
Security Framework for the IPv6 Era
Security Framework for the IPv6 Era
Network Security: Protecting SOHO Networks
Network Security: Protecting SOHO Networks
11. operating-systems-part-1
11. operating-systems-part-1
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
ANSI/ISA-99 and Intrinsically Secure Systems (May 2009)
Similar to Information Security Lesson 4 - Baselines - Eric Vanderburg
Cisco Security Agent - Eric Vanderburg
Cisco Security Agent - Eric Vanderburg
Eric Vanderburg
Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014
Sophos Benelux
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
xKinAnx
Ensuring your plant is secure
Ensuring your plant is secure
Schneider Electric
Coud discovery chap 5
Coud discovery chap 5
Alain Charpentier
Operating system security
Operating system security
Ramesh Ogania
Ch 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS Vulnerabilites
Sam Bowne
Secure IOT Gateway
Secure IOT Gateway
LF Events
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
Waqas Ahmed Nawaz
ITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdf
ThangDang53
CNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS Vulnerabilites
Sam Bowne
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Eric Vanderburg
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
Desmond Devendran
Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!
MarketingArrowECS_CZ
Ch 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden Threat
Sam Bowne
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud Infrastructure
CloudPassage
Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2
Srinivasa Addepalli
Networking Concepts Lesson 10 part 1 - Network Admin & Support - Eric Vanderburg
Networking Concepts Lesson 10 part 1 - Network Admin & Support - Eric Vanderburg
Eric Vanderburg
W982 05092004
W982 05092004
Sumit Tambe
CNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS Vulnerabilities
Sam Bowne
Similar to Information Security Lesson 4 - Baselines - Eric Vanderburg
(20)
Cisco Security Agent - Eric Vanderburg
Cisco Security Agent - Eric Vanderburg
Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
Ensuring your plant is secure
Ensuring your plant is secure
Coud discovery chap 5
Coud discovery chap 5
Operating system security
Operating system security
Ch 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS Vulnerabilites
Secure IOT Gateway
Secure IOT Gateway
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
ITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdf
CNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS Vulnerabilites
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Networking Concepts Lesson 10 part 2 - Security Appendix - Eric Vanderburg
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!
Ch 9: Embedded Operating Systems: The Hidden Threat
Ch 9: Embedded Operating Systems: The Hidden Threat
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud Infrastructure
Acceleration_and_Security_draft_v2
Acceleration_and_Security_draft_v2
Networking Concepts Lesson 10 part 1 - Network Admin & Support - Eric Vanderburg
Networking Concepts Lesson 10 part 1 - Network Admin & Support - Eric Vanderburg
W982 05092004
W982 05092004
CNIT 123 8: Desktop and Server OS Vulnerabilities
CNIT 123 8: Desktop and Server OS Vulnerabilities
More from Eric Vanderburg
GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
Eric Vanderburg
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Eric Vanderburg
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Eric Vanderburg
Mobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
Eric Vanderburg
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
Eric Vanderburg
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
Eric Vanderburg
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s Position
Eric Vanderburg
Principles of technology management
Principles of technology management
Eric Vanderburg
Japanese railway technology
Japanese railway technology
Eric Vanderburg
Evaluating japanese technological competitiveness
Evaluating japanese technological competitiveness
Eric Vanderburg
Japanese current and future technology management challenges
Japanese current and future technology management challenges
Eric Vanderburg
Technology management in Japan: Robotics
Technology management in Japan: Robotics
Eric Vanderburg
Incident response table top exercises
Incident response table top exercises
Eric Vanderburg
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
Eric Vanderburg
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
Eric Vanderburg
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and Threats
Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
Eric Vanderburg
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric Vanderburg
Eric Vanderburg
More from Eric Vanderburg
(20)
GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Mobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s Position
Principles of technology management
Principles of technology management
Japanese railway technology
Japanese railway technology
Evaluating japanese technological competitiveness
Evaluating japanese technological competitiveness
Japanese current and future technology management challenges
Japanese current and future technology management challenges
Technology management in Japan: Robotics
Technology management in Japan: Robotics
Incident response table top exercises
Incident response table top exercises
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and Threats
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric Vanderburg
Recently uploaded
Slack Application Development 101 Slides
Slack Application Development 101 Slides
praypatel2
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
RTylerCroy
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
Pixlogix Infotech
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
naman860154
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Recently uploaded
(20)
Slack Application Development 101 Slides
Slack Application Development 101 Slides
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Information Security Lesson 4 - Baselines - Eric Vanderburg
1.
Information Security Chapter 4 Security
Baselines Information Security © 2006 Eric Vanderburg
2.
Basic Security • TSR
(Terminate and Stay Resident) programs – Applications that are running even when you close them so that they can be loaded faster. • Process – program or program component that runs in the background. Information Security © 2006 Eric Vanderburg
3.
Services • Perform a specific
function for the OS. Each requires a process or processes to function. They run in these modes: – Automatic – Manual – Disabled • Services.msc Information Security © 2006 Eric Vanderburg
4.
Services • Netstat -
Displays active TCP connections, ports on which the computer is listening Information Security © 2006 Eric Vanderburg
5.
Services • Disable unused
services – Difficult because it is hard to find which ones are not used – Processes can be monitored but many services could use a process • Unused services are great for attackers because you do not see their activity and they are always running. • Malicious code could be added to the service to run with it. • Network services have an associated port that must be open for them to function. This is an entry point for an attacker. – Port numbers? Review Information Security © 2006 Eric Vanderburg
6.
TCP/IP • Socket – Protocol,
Address, Port – TCP 13.154.33.61:53 • IP Address review • 65,535 ports, 1000 and lower are most used Information Security © 2006 Eric Vanderburg
7.
Securing the system •
OS Hardening – securing the system against vulnerabilities. (see guides for each system) – Patch management is one component – Patch – fixes an issue and is tested – Hot fix – less tested than a patch – Service Pack – Group of patches together. The entire group is tested together for stability. Information Security © 2006 Eric Vanderburg
8.
Patch Management • SUS
(Software Update Services) or 3rd party tools • Define patches for groups of computers • Update computers on a schedule • Verify that patches have been installed (log) Information Security © 2006 Eric Vanderburg
9.
MMC (Microsoft Management
Console) • Custom MMCs – Saved as .msc in your documents and settings – Can work for local or remote computers – Taskpad – Snap-ins • Security Policy – Security Configuration and Analysis MMC snap-in – Command-line SECEDIT utility Information Security © 2006 Eric Vanderburg
10.
Security Templates (Windows) •
Security Templates – Setup Security - default security settings. – Compatible (compatws.inf) - members of the Users group can run applications that are not a part of the Designed for Windows Logo Program. – Secure (securedc.inf / securews.inf) - modifies security settings that impact the operating system and network protocols such as the password policy, account policy, and various Registry settings. It also removes all members from the Power Users group. – Highly Secure (hisecdc.inf / hisecws.inf) - This template increases the security of the parameters defined within the secure template. This template also removes all members from the Power Users group. – Internet Explorer (lesacls.inf) – locks down IE – Reset file permissions (rootsec.inf) – reset permissions starting from the root. Information Security © 2006 Eric Vanderburg
11.
Group Policy • Make
environmental changes to groups of clients or servers • Change policies such as password length or complexity for a domain • Enforce restrictions on users or computers • Restrict available software Information Security © 2006 Eric Vanderburg
12.
Default GPOs • Default
Domain Policy – Applied to domain – Password policy, account policy, & kerberos can only be set here • Default Domain Controllers Policy – Applied to DC container • Create others in the Group Policy Object Editor MMC or from AD Users & Computers Information Security © 2006 Eric Vanderburg
13.
Hardening • Application Hardening –
Patch – MBSA (Microsoft Baseline Security Analyzer) can check for patch compliance with Microsoft applications – Cisco Security Agent can restrict the abilities of certain applications • Web Server Hardening – – – – ACLs Patch Delete sample web pages Put the web server in a separate area of the network DMZ (Demilitarized Zone) – Delete scripts and applications that are not used – Enable encryption for sensitive data Information Security © 2006 Eric Vanderburg
14.
Hardening • Mail Server
Hardening – Use a single purpose machine – Require authentication for mail protocols to protect against open mail relay (bouncing messages from your mail server to another). – Set an ACL for those who can send messages – Enable logging for defense and legal purposes. • File Servers Hardening – Set appropriate permissions – Log access to sensitive files – Keep behind the firewall Information Security © 2006 Eric Vanderburg
15.
Hardening • NNTP (Network
News Transfer Protocol) Hardening – ACLs – Authentication – Patch • FTP Server Hardening – – – – Disable anonymous logon Use an ACL Set appropriate privileges Set account logon restrictions such as time-outs, lockouts for failed logon, and auditing. Information Security © 2006 Eric Vanderburg
16.
Hardening Data Repositories •
Directory Services – Windows • • • • • – – – – AD (Active Directory) SAM (Security Accounts Manager) – Local database DC (Domain Controller) PDC (Primary Domain Controller) BDC (Backup Domain Controller) Novell (eDirectory) LDAP (Lightweight Directory Access Protocol) Use ACLs Restrict the right to log on locally to domain controllers Information Security © 2006 Eric Vanderburg
17.
Hardening Data Repositories •
DBMS (Database Management System) – Oracle, SQL Server, Informix, Sybase, DB2 – Buffer Overflow – SQL (Structured Query Language) Injection – send a malformed SQL query • • • • • Utilize user views Segment the database Keep the database tables behind the firewall Utilize authentication Stored procedures and web forms should use proper coding techniques to protect against buffer overflow, SQL injection, and other attacks. Information Security © 2006 Eric Vanderburg
18.
Hardening Networks • Update
firmware on network devices – EEPROM (Electrically Erasable Programmable Read Only Memory) • Filter data at the edge of the network (Firewalls) • Filter by: – – – – – – Address (IP or MAC) Domain name Protocol Port Message content Session Information Security © 2006 Eric Vanderburg
19.
Hardening Networks • ACLs
and Rule bases are used in filtering – Keep rule bases small to increase efficiency in filtering (max: 40 rules) Information Security © 2006 Eric Vanderburg
20.
Acronyms • • • • • • • • BDC, Backup Domain
Controller DNS, Domain Name Service DHCP, Dynamic Host Configuration Protocol EEPROM, Electrically Erasable Programmable Read Only Memory EPROM, Erasable Programmable Read Only Memory FTP, File Transfer Protocol MMC, Microsoft Management Console NNTP, Network News Transfer Protocol Information Security © 2006 Eric Vanderburg
21.
Acronyms • • • • • • • • NOS, Network Operating
System PDC, Primary Domain Controller ROM, Read Only Memory SAM, Security Accounts Manager TSR, Terminate and Stay Resident DBMS, Database Management System AD, Active Directory LDAP, Lightweight Directory Access Protocol • SQL, Structured Query Language Information Security © 2006 Eric Vanderburg
Download now