1 host hardening chapter 6 copyright 2003 prentice-hall
TRANSCRIPT
![Page 1: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/1.jpg)
1
Host Hardening
Chapter 6
Copyright 2003 Prentice-Hall
![Page 2: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/2.jpg)
2
Figure 6-1: Hardening Host Computers
The Problem Computers installed out of the box have known
vulnerabilities Not just Windows computers
Hackers can take them over easily
They must be hardened—a complex process that involves many actions
![Page 3: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/3.jpg)
3
Figure 6-1: Hardening Host Computers
Elements of Hardening Physical security (Chapter 2).
Secure installation and configuration
Fix known vulnerabilities
Turn off unnecessary services (applications)
Harden all remaining applications (Chapter 9)
(more on next page)
![Page 4: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/4.jpg)
4
Figure 6-1: Hardening Host Computers
Elements of Hardening (continued) Manage users and groups
Manage access permissions For individual files and directories, assign access
permissions specific users and groups
Back up the server regularly
Advanced protections
![Page 5: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/5.jpg)
5
Figure 6-1: Hardening Host Computers
Security Baselines Guide the Hardening Effort
Specifications for how hardening should be done
Different for different operating systems
Different for different types of servers (webservers, mail servers, etc.)
Needed because it is easy to forget a step
![Page 6: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/6.jpg)
6
Figure 6-1: Hardening Host Computers
Server Administrators Are Called Systems Administrators
![Page 7: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/7.jpg)
7
Figure 6-1: Hardening Host Computers
Windows Computers Microsoft Network Operating Systems (NOSs)
LAN Manager (LANMAN) Windows NT Server Windows 2000 Server Windows 2003 Server (called .NET in the book)
Graphical user interface looks like client versions to ease learning (Figure 6-2)
![Page 8: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/8.jpg)
8
Figure 6-2: Windows 2000 Server User Interface
![Page 9: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/9.jpg)
9
Figure 6-1: Hardening Host Computers
Windows Computers Administrative Tools Group under Programs has
Microsoft Management Consoles (MMCs) (Figure 6-3)
Used to conduct most administrative actions
Can add snap-ins for specific functionality
![Page 10: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/10.jpg)
10
Figure 6-3: Computer Management Microsoft Management Console (MMC)
System Tools snap-in
![Page 11: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/11.jpg)
11
Figure 6-1: Hardening Host Computers
Windows Computers Windows 2000 introduced hierarchical domain
structure with Active Directory
Domain is a collection of resources
Domain contains one or more domain controllers, member servers, client PCs
Group policy objects (GPOs) on a domain controller can implement policies throughout a domain
![Page 12: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/12.jpg)
12
Figure 6-1: Hardening Host Computers
UNIX Many versions of UNIX
LINUX is a set of versions for PCs—there are several different distributions
User can select the user interface—GUI or command-line interface (CLI)
CLIs are called shells (Bourne, BASH, etc.)
CLIs have picky syntax, capitalization, and spacing
![Page 13: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/13.jpg)
13
Figure 6-1: Hardening Host Computers
Internetwork Operating System (IOS) For Cisco Routers, Some Switches, Firewalls
Other Host Operating Systems Macintosh
Novell NetWare
Firewalls
Even cable modems with web-based management interfaces
![Page 14: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/14.jpg)
14
Figure 6-4: Installation and Patching
Installation Offers Many Options, Some of Which Affect Security
For example, in Windows, the NTFS file system is better for security than FAT32
Need a security baseline to guide option choices during installation
![Page 15: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/15.jpg)
15
Figure 6-4: Installation and Patching
Known Vulnerabilities
Most programs have known vulnerabilities
Exploits are programs that take advantage of known vulnerabilities
![Page 16: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/16.jpg)
16
Figure 6-4: Installation and Patching
Known Vulnerabilities
Vulnerability reporters send vulnerability reports to vendors
Vulnerability reporters often say that vendors take too long to fix vulnerabilities
Vendors say that vulnerability reporters do not give them enough time, report too much detail to the press
![Page 17: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/17.jpg)
17
Figure 6-4: Installation and Patching
Fixes
Work-around: A series of actions to be taken; no new software
Patches: New software to be added to the operating system
Upgrades: Newer versions of programs usually fix older vulnerabilities.
![Page 18: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/18.jpg)
18
Figure 6-4: Installation and Patching
Upgrades
Often, security vulnerabilities are fixed in new versions
If a version is too old, the vendor might stop offering fixes
It might be good to wait to upgrade until after the first round of bug and security fixes
![Page 19: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/19.jpg)
19
Figure 6-4: Installation and Patching
Mechanics of Patching
Microsoft Windows: Apply Patches on Start menu (Figure 6-2)
LINUX distributions often use rpm
![Page 20: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/20.jpg)
20
Patching
![Page 21: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/21.jpg)
21
Figure 6-4: Installation and Patching
Patches Often Are Not Applied
Companies get overwhelmed by number of patches
Use many products, vendors release many patches per product
Especially a problem for application programs
![Page 22: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/22.jpg)
22
Figure 6-4: Installation and Patching
Patches Often Are Not Applied
Cost of Patch installation
Mitigated by patch servers that distribute patches to general servers
More easy-to-use vendor tools are needed
Might simply lack the resources to apply all; might be selective
![Page 23: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/23.jpg)
23
Figure 6-4: Installation and Patching
Patches Often Are Not Applied Risks of Patch installation
Reduced functionality
Freeze machines, do other damage—sometimes with no Uninstall possible
Should test patch on a test system before deployment
Special problem for mission-critical production systems that must work
![Page 24: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/24.jpg)
24
Figure 6-5: Turning Off Unnecessary Services
Unnecessary Services
Operating system vendors used to install many services by default
This made them easier to use. When use changes, services do not have to be turned on.
Attackers have found flaws in many of these rare services
![Page 25: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/25.jpg)
25
Figure 6-5: Turning Off Unnecessary Services
Unnecessary Services
Vendors now install fewer services by default—lock down mode
Turn to security baseline to see what services to turn on and off
Easier to install too few and add than to install too many and remove unwanted services
![Page 26: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/26.jpg)
26
Figure 6-5: Turning Off Unnecessary Services
Turning Off Services In Windows
Go to the Computer Management MMC
On the tree, select Services and Applications (Figure 6-6) Status tells whether the service is active Startup tells how the service is started
(automatic, manual, disabled, etc.)
Right click on a service or select and choose Action to stop a service, start it, disable it, etc.
![Page 27: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/27.jpg)
27
Figure 6-6: Services and Applications in Windows
![Page 28: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/28.jpg)
28
Figure 6-5: Turning Off Unnecessary Services
Turning Off Services In UNIX Three ways to start services
inetd to start services when requests come in from users (Figure 6-7)
rc scripts to start services automatically at book up (Figure 6-8)
Start a service manually by typing its name or executing a batch file that does so
![Page 29: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/29.jpg)
29
Figure 6-7: UNIX inetd Daemon for Responding to Client Requests
Program A
Program B
Program C
Program D
inetd
Port 23 Program APort 80 Program BPort 123 Program CPort 1510 Program D
1. Client RequestTo Port 804. Start and
ProcessThis Request
3. Program B 2. Port 80
inetd.config
![Page 30: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/30.jpg)
30
Figure 6-8 The UNIX rc.d Method of Automatically Starting Services
/etc/rc.d1. Script for Service A2. Script for Service B3. Script for Service F4. Script for Service H
rc0.d [scripts to run during System Mode 0-shutdown]K2 . . . [Run the Kill portion of Script 2: Kills Service B]K3 . . . [Run the Kill portion of Script 3: Kills Service F]. . .
rc.d directory
Scripts for services. Contain scripts to start or kill services.
Directory rc0.d. Subdirectory of rc.d. Contains scripts to run start or kill portions of scripts in rc.d directory. These scripts are executed if run mode 0 occurs—system shutdown
![Page 31: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/31.jpg)
31
Figure 6-8 The UNIX rc.d Method of Automatically Starting Services
rc1.drc2.drc3.drc4.drc5.drc6.d [scripts to run during System Mode 6-startup]
S1 . . . [Run the Start portion of Script 1: Starts Service A]S2 . . . [Run the Start portion of Script 2: Starts Service B]. . .
rcs.d [scripts to run during System Mode s—single-user mode]
Other subdirectories of rc.d for scripts to execute in different run modes, such as run mode 6—startup
![Page 32: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/32.jpg)
32
Figure 6-5: Turning Off Unnecessary Services
Turning Off Services In UNIX
Identifying services that are running at any moment
ps (processor status), usually with –aux parameters, lists running programs
Shows process name and process ID (PID)
netstat tells what services are running on what ports
![Page 33: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/33.jpg)
33
Figure 6-5: Turning Off Unnecessary Services
Turning Off Services In UNIX kill PID to kill a particular process
kill 47 (If PID=47)
Add parameters –SIGTERM, -SIGHUP, -SIGKILL in order of increasing urgency
kill 47 –SIGTERM (PID = 47)
Only kills for now.
Must search inetd.config, rc scripts, batch files to see where it is being started automatically. Difficult to do.
![Page 34: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/34.jpg)
34
Figure 6-9: Managing Users and Groups
Introduction
Every user must have an account
There can also be groups
Can assign security measures to groups
These measures apply to the individual group members automatically
Faster and easier than assigning security measures to individuals
![Page 35: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/35.jpg)
35
Figure 6-9: Managing Users and Groups
Creating and Managing Groups in Windows Computer Management: Local Users and Groups
snap-in (Figure 6-10)
Select Users
Select user from list Right click on user and select Properties:
password restrictions, disable box Or select Action: change password, etc. Add, delete users
![Page 36: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/36.jpg)
36
Figure 6-10: Users and Groups in Windows
![Page 37: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/37.jpg)
37
Figure 6-11: Windows User Account Properties
To get this screen, right click on user account in Figure 6-10, select Properties
![Page 38: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/38.jpg)
38
Figure 6-12: Creating a New User in Windows
![Page 39: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/39.jpg)
39
Figure 6-9: Managing Users and Groups Creating and Managing Groups in Windows
Select user from list Administrator is the super account
Change its name and create a new Administrator account with no permissions
Administrators should not log in as Administrators; log in as their own account, use RunAs to get temporary Administrator status when needed
Guest account should be disabled (the default during installation)
![Page 40: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/40.jpg)
40
Figure 6-9: Managing Users and Groups
Creating and Managing Groups in Windows Select Groups
Assign rights to groups
Standard groups: Administrators, Power Users, Backup Operators, etc.
Have appropriate permissions by default for their tasks
![Page 41: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/41.jpg)
41
Figure 6-9: Managing Users and Groups
Managing Users and Groups in UNIX
Different versions of UNIX do this differently, so it is difficult to talk in general terms
The super account is root
su (switch user) allows administrators to log in as regular accounts, su to get root privileges when desired
Guest account should be disabled
![Page 42: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/42.jpg)
42
Figure 6-13: Managing Permissions
Principle of Least Permissions: Give Users the Minimum Permissions Needed for Their Job
More feasible to add permissions selectively than to start with many, reduce for security
![Page 43: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/43.jpg)
43
Figure 6-13: Managing Permissions
Assigning Permissions in Windows (Figure 6-14)
Right click on file or directory in My Computer
Select Properties, then Security tab
Select a user or group
NOT done through the start menu, selecting Administrative Tools
![Page 44: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/44.jpg)
44
Figure 6-14: Assigning Permissions in Windows
To bring up this screen, right click on a folder, select Properties. Click on Security tab
![Page 45: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/45.jpg)
45
Figure 6-13: Managing Permissions Assigning Permissions in Windows (Figure 6-14)
Click on or off the 6 standard policies (permit or deny)
List Folder Contents (see what is in a directory)
Read (read only)
Read and Execute (for programs)
Write (change files)
Modify (Write plus delete)
Full control: all permissions
For more fine-grained control, 13 special permissions collectively give the standard 6
This gives highly granular access controls, especially compared to UNIX (next)
![Page 46: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/46.jpg)
46
Figure 6-13: Managing Permissions
Assigning Permissions in UNIX ls -l shows details of files and directories in long format
First character is - for a file, d for a directory Ends with name of file or directory
-rwxr-x---1 root . . . purple.exedrw-r---- 1 brows . . . reports-rw-rw-r--1 lighter . . . bronze.txt
Note: purple.exe is a file; reports is a directory.What is bronze.txt?
![Page 47: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/47.jpg)
47
Figure 6-13: Managing Permissions
Assigning Permissions in UNIX ls -l shows files in a directory in long format
Only three permissions: read (only), write (change), and execute (run program)
Format is rwx for all or various combinations (r-x is read and execute but not write)
-rwxr-x---1 root . . . purple.exedrw-r---- 1 brows . . . reports-rw-rw-r--1 lighter . . . bronze.txt
rwx
![Page 48: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/48.jpg)
48
Figure 6-13: Managing Permissions
Assigning Permissions in UNIX ls -l shows files in a directory in long format
Next three characters are permissions (rwx possible) for the file owner
-rwxr-x---1 root . . . purple.exedrw-r---- 1 brows . . . reports-rw-rw-r--1 lighter . . . bronze.txt
purple.exe’s owner has all three permissionsreports’ owner has only read and write permissions
![Page 49: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/49.jpg)
49
Figure 6-13: Managing Permissions
Assigning Permissions in UNIX Next three are permissions (rwx possible) for the
group Next three are permissions for the rest of the
world
-rwxr-x---1 root . . . purple.exedrw-r---- 1 brows . . . reports-rw-rw-r--1 lighter . . . bronze.txt
purple’s group has read and execute permissions.purple has no permissions for the rest of the world.
![Page 50: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/50.jpg)
50
Figure 6-13: Managing Permissions
Assigning Permissions in UNIX Next comes the number of links Next comes the name of the owner Group might be shown (not here)
-rwxr-x---1 root . . . purple.exedrw-r---- 1 brows . . . reports-rw-rw-r--1 lighter . . . bronze.txt
![Page 51: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/51.jpg)
51
Figure 6-13: Managing Permissions
Assigning Permissions in UNIX Changing permissions
umask (user mask) command sets the default permissions for future assignments
chmod (change mode) changes permissions for the file
chown (change owner) changes the ownership of a file
![Page 52: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/52.jpg)
52
Figure 6-16: Advanced Server Hardening Techniques
Reading Event Logs (Chapter 10)
The importance of logging to diagnose problems
Failed logins, changing permissions, starting programs, kernel messages, etc.
Windows 2000 Event Viewer (Figure 6-17)
![Page 53: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/53.jpg)
53
Figure 6-17: Windows 2000 Event Viewer for Logging
![Page 54: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/54.jpg)
54
Figure 6-16: Advanced Server Hardening Techniques
Reading Event Logs (Chapter 10)
UNIX has many logging facilities controlled by syslog program (Figure 6-18)
Syslog program sends log entries of different types to specific directories on the host or on other hosts
The file syslog.config specifies which log entries and which severity levels should go to which directories on which hosts
![Page 55: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/55.jpg)
55
Figure 6-18: syslog in UNIX
EventFrom
InternalSystem
syslog
…Login.Err HostA..Restart.* /errors/restart..
3. Host A2. Login/Err
1. Event.Type=Login,
Level=Err
syslog.config
Host Wishingto Do Remote
Logging
4.RemoteLogging
Host A(Runs syslog)
![Page 56: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/56.jpg)
56
Figure 6-16: Advanced Server Hardening Techniques
Backup (Chapter 10) UNIX backup
tar command (tape archive)
Create tape archive of a file, group of files, directory tree in a .tar file
Can use tar to look at table of contents of files in .tar file
Can use tar to restore one, some, or all files
![Page 57: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/57.jpg)
57
Figure 6-16: Advanced Server Hardening Techniques
Backup (Chapter 10)
Windows backup
Start, Programs, Accessories, System Tools, Backup
Note that Backup is under Accessories rather than under Administrative Tools like most MMCs
GUI to create backups, restore backups
![Page 58: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/58.jpg)
58
Figure 6-16: Advanced Server Hardening Techniques
File Encryption Protects files even if attacker breaks in
Key escrow: Copy of encryption key is kept elsewhere to protect in case of key loss
Windows Encrypting File System (EFS) Select file in Windows Explorer, select
Properties Click on General tab’s Advanced button Click on the box Encrypt contents to secure data
![Page 59: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/59.jpg)
59
Figure 6-16: Advanced Server Hardening Techniques
File Encryption Windows Encrypting File System (EFS)
Encryption is transparent: Save, retrieve, copy files as usual
Encrypted files generally cannot be sent over the network
There is a Recovery agent (usually on the domain controller) for key escrow
![Page 60: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/60.jpg)
60
Figure 6-16: Advanced Server Hardening Techniques
File Integrity Checker
Creates snapshot of files: a hashed signature (message digest) for each file
After an attack, compares post-hack signature with snapshot
This allows systems administrator to determine which files were changed
Tripwire is the usual file integrity checker for UNIX (Figure 6-19)
![Page 61: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/61.jpg)
61
Figure 6-19: Tripwire File Integrity Checker
File 1File 2…Other Files inPolicy List
File 1File 2…Other Files inPolicy List
File 1 SignatureFile 2 Signature……
File 1 SignatureFile 2 Signature……
Tripwire
Tripwire
1.EarlierTime
2.After
Attack
Post-Attack Signatures
3. Comparison to Find Changed Files
Reference Base
![Page 62: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/62.jpg)
62
Figure 6-16: Advanced Server Hardening Techniques
File Integrity Checker If applied to too many files, too many false alarms
will occur
Must be selective—core programs likely to be Trojanized during attacks
Server Host Firewalls Rules can be specific to the server’s role (e-mail,
etc.)
![Page 63: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/63.jpg)
63
Figure 6-20: Types of UNIX Vulnerability Assessment Tools
ExternalAuditTool
HostAssessment
Tool
NetworkMonitoring
ToolAttackPacket
NetworkTraffic
AuditingComputer
![Page 64: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/64.jpg)
64
Figure 6-21: Hardening Clients
Importance of Clients
Contain important information
If taken over, can get in as user, passing through firewalls and other protections
![Page 65: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/65.jpg)
65
Figure 6-21: Hardening Clients
Enforcing Good Practice Patching
Antivirus software
Firewall software
Limiting client software to an approved list (e.g., forbidding P2P file exchange products)
Save passwords
File encryption
![Page 66: 1 Host Hardening Chapter 6 Copyright 2003 Prentice-Hall](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e725503460f94b71a55/html5/thumbnails/66.jpg)
66
Figure 6-21: Hardening Clients
Central Control is Desirable for Clients For example, Microsoft Group Policy Objects
(GPOs) for home clients
Require certain programs (antivirus, etc.), forbid programs not on list
Even lock down desktop so use cannot add new software or even change the interface
Central vulnerability scanning
Difficult to enforce on personally owned home computers