![Page 1: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/1.jpg)
Security Baselines
Chapter 13
![Page 2: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/2.jpg)
Learning Objectives
Gain an understanding of OS/NOS vulnerabilities and hardening practices
Understand the operation of a file system and how to secure a file system
Explore common network hardening practices, including firmware updates and configuration best practices
continued…
![Page 3: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/3.jpg)
Learning Objectives
Identify network services commonly exploited by attackers and learn best practices for writing access control lists
Explore vulnerabilities regarding network services such as Web, FTP, DNS, DHCP, Mail, File/Print Servers and Data Repositories as well as best practices in securing such services
![Page 4: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/4.jpg)
Operating System (OS)
Performs basic tasks Recognizes input from keyboard Sends output to display screen Keeps track of files and directories on the disk Controls peripheral devices (disk drives,
printers)
![Page 5: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/5.jpg)
Network Operating System (NOS)
Includes special functions for connecting computers and devices into a LAN
Some have built-in networking functions
![Page 6: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/6.jpg)
OS/NOS Hardening
Process of modifying an OS’s default configuration to make it more secure to outside threats
May include removal of unnecessary programs and services
May include application of patches to system kernel to limit vulnerability
![Page 7: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/7.jpg)
OS/NOS Hardening
![Page 8: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/8.jpg)
Actions that Can DisruptFunctionality of a System
Attacks Malfunctions Errors
![Page 9: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/9.jpg)
Best Practices for System Hardening
Remove unused applications, services, and unused or unnecessary file shares
Implement and enforce strong password policies; remove or disable expired or unneeded accounts
Limit number of administrative accounts Set account lockout policies to discourage
password cracking
continued…
![Page 10: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/10.jpg)
Best Practices for System Hardening
Keep track of latest security updates and hot fixes
Maintain logging of all user account and administrative activity
Back up the system periodically Keep external log of each critical system Maintain records of backups and upgrades
![Page 11: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/11.jpg)
File Systems
Store data that enable communication between an application and its supporting disk drives
Setting privileges and access controls protect information stored on the computer
Common privileges: read, write (modify), lock, append, and execute
Group users by common needs Additional rights can be granted to a single user in a
group Principle of least privilege
![Page 12: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/12.jpg)
Creating Needed User Groups
System administrator configures operating system to recognize certain user groups
Individual users are assigned to appropriate groups
![Page 13: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/13.jpg)
Configuring Access Controls
System administrator configures access controls for all protected files, directories, devices, and other objects
![Page 14: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/14.jpg)
Common Practices for Setting File and Data Privileges
Disable write and execute privileges for all executable and binary files
Restrict access of OS source files, configuration files, and their directories
For UNIX systems: No world-writable files unless specifically
required Mount files systems as read only and nosuid
continued…
![Page 15: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/15.jpg)
Common Practices for Setting File and Data Privileges
For NT systems No permissions allowing “Everyone” group to modify
files Assign access permission of immutable to all
kernel files Establish all log files as “append only” Prevent users from installing, removing, or
editing scripts Pay attention to access control inheritance when
defining categories of files and users
![Page 16: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/16.jpg)
Installing and Configuring File Encryption Capabilities
File encryption is useful if the OS Lacks adequate access controls to maintain
confidentiality Does not support access control lists
Encryption is resource-consuming; carefully weigh benefits
![Page 17: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/17.jpg)
Systematic Approach forAddressing Updates
Establish procedures for monitoring security-related information
Evaluate updates for applicability Plan installation of applicable updates Install updates using a documented plan Deploy new systems with latest software
![Page 18: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/18.jpg)
Network Hardening
Crucial to have a network with availability as well as adequate security
![Page 19: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/19.jpg)
Firmware Updates
Made available by vendors as vulnerabilities and malfunctions are discovered with previous versions
![Page 20: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/20.jpg)
Configuration
Routing functions Designed to route packets efficiently and
reliably, but not securely Not to be used to implement a security policy
Firewall systems Should govern security of information flow in
and out of the network Provide a policy enforcement mechanism at a
security domain boundary
![Page 21: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/21.jpg)
Assigning Network Addresses for Interfaces on a Firewall Device
For the Internet Obtain IP addresses from ISP that connects to
the firewall For internal networks
Obtain IP addresses from within the organization, typically from RFC 1918 specification
![Page 22: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/22.jpg)
Establishing Routing Configuration
Should be performed in an environment isolated from the production network
Should specify what connectivity is to be permitted with the specific statements and deny all other connectivity
Derived from network topology; should not be used to implement aspects of a security policy
![Page 23: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/23.jpg)
Best Practices for Configuring Router and Firewall Systems
Keep copy of current configurations of network devices in safe location
Never allow IP-directed broadcasts through the system
Configure devices with meaningful names Use a description for each interface Specify bandwidth on the interfaces
continued…
![Page 24: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/24.jpg)
Best Practices for Configuring Router and Firewall Systems
Configure a loopback address Handle SNMP with care Avoid common names for password and
naming schemes Deploy logging about interface status,
events, and debugging Restrict data traffic to required ports and
protocols only
![Page 25: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/25.jpg)
Access Control List (ACL)
Set of data that informs a computer’s OS which permissions (access rights) each user or group has to a specific system object
Control flow of packets through a device based on certain parameters and information contained within a packet
Implement a certain type of security policy, but not considered a policy by themselves
Implement packet filtering
![Page 26: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/26.jpg)
Packet Filtering
Process of deciding disposition of each packet that can pass through a router
Provides basic protection mechanism for a routing firewall device through inspection of packet contents
Can be based on intrinsic or extrinsic information pertaining to a data packet
![Page 27: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/27.jpg)
Best Practices for Designing Filtering Rules for New Networks
Add “deny all” rule to articulate the security policy more completely
Design antispoofing rules and place them at top of the ACL
Identify protocols, ports, and source and destination addresses that need to be serviced
continued…
![Page 28: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/28.jpg)
Best Practices for Designing Filtering Rules for New Networks
Configure filtering rule set of the ACL by protocol and by port
Collapse matching protocols rows and consecutive ports rows together into one new row that specifies a range
Place all permission rules between antispoofing rules and “deny all” rule at the end of the rule set
![Page 29: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/29.jpg)
Enabling and Disabling of Services and Protocols
Many services can be easily targeted by attackers unless disabled by system administrators
Evaluate every service for need and risks; remove unnecessary ones
Evaluate and install required services in a manner to lower potential risk
![Page 30: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/30.jpg)
Commonly Exploited Services
Remote Procedure Call (RPC) Network File System (NFS) Web services Simple Mail Transfer Protocol (SMTP) Bootstrap Protocol DoS attacks are successful when
unnecessary services are running on network devices
![Page 31: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/31.jpg)
Commonly Exploited Services on Cisco Platforms
Cisco Discovery Protocol (CDP) TCP small servers UDPT small servers Finger HTTP server Bootp server Configuration autoloading IP source Proxy ARP
continued…
![Page 32: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/32.jpg)
Commonly Exploited Services on Cisco Platforms
IP-directed broadcast Classless routing behavior IP unreachable notifications IP mask relay IP redirects NTP service Simple Network Management Protocol Domain Name Service
![Page 33: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/33.jpg)
Application Hardening
Process of making applications software secure by ensuring that the software contains security enabling technology: Sign in capabilities for authenticated network
connections Ability to run properly in secured
configurations
![Page 34: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/34.jpg)
Applications that Need Hardening
Web servers E-mail servers FTP servers DNS servers NNTP servers
File and print servers
DHCP servers Data repositories Directory services
![Page 35: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/35.jpg)
Web Servers
Associated with more attacks and vulnerabilities than any type of server
Designed to make information accessible, rather than to protect it
![Page 36: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/36.jpg)
High Level Best Practices for Securing Web Servers
Isolate a Web server on a DMZ Configure a Web server for access
privileges Identify and enable Web server-specific
logging tools Consider security implications Configure authentication and encryption
![Page 37: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/37.jpg)
Isolating a Web Server on a DMZ
![Page 38: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/38.jpg)
E-mail Servers
Serious risks associated with ability to receive e-mail from the outside world Attachments with malicious contents E-mails with abnormal MIME headers Scripts embedded into HTML-enabled mail
![Page 39: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/39.jpg)
Protecting Against E-mail Vulnerabilities
Use latest software updates and patches on e-mail server
Deploy dedicated e-mail relay (gateway) server between internal network and Internet
Deploy virus-scanning tools on the server Use attachment-checking mechanisms on the
server Use HTML Active Content removal
![Page 40: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/40.jpg)
FTP Servers
File Transfer Protocol Used to transfer files between a workstation
and an FTP server
![Page 41: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/41.jpg)
Vulnerabilities Associated with FTP
Protecting against bouncebacks Restricting areas Protecting usernames and passwords Port stealing Other documented vulnerabilities
![Page 42: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/42.jpg)
DNS Servers
Domain Name Service (DNS) Collective name for system of servers that
translate names into addresses in a process transparent to the end user
![Page 43: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/43.jpg)
Vulnerabilities Associated with DNS
Inaccurate data on IP address ownership Customer registry communication DNS spoofing and cache poisoning Out-of-date root.hints file Recursive queries Denial-of-service attacks
![Page 44: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/44.jpg)
![Page 45: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/45.jpg)
![Page 46: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/46.jpg)
NNTP Servers
Network News Transfer Protocol (NNTP) Delivers news articles to users on the Internet Stores articles in a central database; users choose only
items of interest Makes few demands on structure, content, or storage
of news articles NNTP servers can index and cross reference
messages, and allow for notification of expiration
![Page 47: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/47.jpg)
NNTP Servers
Similar vulnerabilities to other network services
Effective methods of preventing attacks Use proper authentication mechanisms Disable unneeded services Apply relevant software and OS patches
![Page 48: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/48.jpg)
File and Print Servers
Store many of an organization’s most valuable and confidential information resources
![Page 49: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/49.jpg)
Protecting Against File and Print Server Vulnerabilities
Offer only essential network and OS services on a server
Configure servers for user authentication Configure server operating systems Manage logging and other data collection
mechanisms Configure servers for file backups
![Page 50: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/50.jpg)
DHCP Servers
Dynamic Host Configuration Protocol (DHCP) Software that assigns dynamic IP addresses to
devices on a network Reduces administrative burden No security provisions
![Page 51: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/51.jpg)
Preventing Attacks on DHCP Servers
Assign permanent addresses Collect Media Access Control (MAC)
addresses of all computers on network and bind them to corresponding IP addresses
Use dynamic addressing, but monitor log files
Use intrusion detection tools
continued…
![Page 52: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/52.jpg)
Preventing Attacks on DHCP Servers
Configure DHCP server to force stations with new MAC addresses on the network to register with the DHCP server
Implement latest software and patches
![Page 53: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/53.jpg)
Data Repositories
Store data for archiving and user access Contain an organization’s most valuable
assets in terms of information Should be carefully protected
![Page 54: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/54.jpg)
Directory Services
Lightweight Directory Access Protocol (LDAP) Industry standard protocol for providing
networking directory services for the TCP/IP model
Can store and locate information about entities and other network resources
Based on simple, treelike hierarchy called a Directory Information Tree (DIT)
![Page 55: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/55.jpg)
![Page 56: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/56.jpg)
Directory Service-Oriented Threats
Unauthorized access to data by monitoring or spoofing authorized users’ operations
Unauthorized access to resources by physically taking over authenticated connections and sessions
Unauthorized modification or deletion of data or configuration parameters
Spoofing of directory services Excessive use of resources
![Page 57: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/57.jpg)
Nondirectory Service-Oriented Threats
Common network-based attacks against LDAP servers to compromise availability of resources
Attacks against hosts by physically accessing the resources
Attacks against back-end databases that provide directory services
![Page 58: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/58.jpg)
Security of LDAP Is Dependent on…
Authentication Anonymous Simple Simple Authentication and Security Layer
(SASL) for LDAPv3 Authorization
![Page 59: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/59.jpg)
Principles of Securityto Protect Databases
Authentication of users and applications Administration policies and procedures Initial configuration Auditing Backup and recovery procedures
![Page 60: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/60.jpg)
Chapter Summary
Role of operating and file systems as they relate to security of information resources stored on computer systems
Operating system vulnerabilities Use of OS hardening practices to prevent
attacks and system failures
continued…
![Page 61: Security Baselines Chapter 13. Learning Objectives Gain an understanding of OS/NOS vulnerabilities and hardening practices Understand the operation of](https://reader035.vdocuments.net/reader035/viewer/2022081514/56649e025503460f94aed0d5/html5/thumbnails/61.jpg)
Chapter Summary
Vulnerabilities associated with common services installed on computer systems (WWW services, FTP, DNS) and best practices in protecting against threats to these services
Maintenance and upgrade of computer systems