Host and Information Security.


74 views
Uploaded on:
Category: Music / Dance
Description
Section 7 spotlights on host working framework and information insurance. Part 8 spotlights on ... Appointing Permissions in Windows (Fig. 7-15) Right tap on record or index. Select ...
Transcripts
Slide 1

Host and Data Security Chapter 7

Slide 2

Copyright Pearson Prentice-Hall 2010; altered by Yue Zhang, CSU-Northridge Inevitably, some assaults will traverse system shields and achieve singular hosts Host solidifying is a progression of moves made to make has more hard to assume control Chapter 7 concentrates on host working framework and information assurance Chapter 8 concentrates on application insurance Orientation 2

Slide 3

Copyright Pearson Prentice-Hall 2010; altered by Yue Zhang, CSU-Northridge The Problem Some assaults definitely achieve host PCs So servers and different hosts must be solidified—an intricate procedure that requires a various arrangement of securities to be executed on every host 7-1: Threats to Hosts 3

Slide 4

Copyright Pearson Prentice-Hall 2010; altered by Yue Zhang, CSU-Northridge What Is a Host? Anything with an IP location is a host (since it can be assaulted) Servers Clients (counting cell phones) Routers (counting home access switches) and once in a while switches Firewalls 7-1: Threats to Hosts 4

Slide 5

Copyright Pearson Prentice-Hall 2010; altered by Yue Zhang, CSU-Northridge Backup Restrict physical access to hosts (see Chapter 5) Install the working framework with secure arrangement alternatives Change all default passwords, and so forth 7-2: Elements of Host Hardening 5

Slide 6

Copyright Pearson Prentice-Hall 2010; altered by Yue Zhang, CSU-Northridge Minimize the applications that keep running on the host Harden every single remaining application on the host (see Chapter 8) Download and introduce patches for working vulnerabilities Manage clients and gatherings safely Add, change, erase Manage access authorizations for clients and gatherings safely 7-2: Elements of Host Hardening 6

Slide 7

Copyright Pearson Prentice-Hall 2010; altered by Yue Zhang, CSU-Northridge Encrypt information if suitable Add a host firewall Read working framework log records consistently for suspicious exercises Run powerlessness tests much of the time 7-2: Elements of Host Hardening 7

Slide 8

Copyright Pearson Prentice-Hall 2010; altered by Yue Zhang, CSU-Northridge Security Baselines Guide the Hardening Effort Specifications for how solidifying ought to be done Needed in light of the fact that it is anything but difficult to overlook a stage Different baselines for various working frameworks and adaptations Different baselines for servers with various capacities (webservers, mail servers, and so on.) Used by frameworks heads (server executives) Usually don\'t deal with the system 7-3: Security Baselines and Systems Administrators 8

Slide 9

Copyright Pearson Prentice-Hall 2010; altered by Yue Zhang, CSU-Northridge Security Baselines Guide the Hardening Effort Disk Images Can likewise make an all around tried secure usage for each working framework renditions and server capacity Save as a plate picture Load the new circle picture on new servers Add for next slide: concentrate on servers – regularly focuses of assaults; OS – continuous assault vectors for server programmers 7-3: Security Baselines and Systems Administrators 9

Slide 10

Copyright Pearson Prentice-Hall 2010; altered by Yue Zhang, CSU-Northridge Windows Server The Microsoft Windows Server working framework Windows NT, 2003, and 2008 Windows Server Security Intelligently minimize the quantity of running projects and utilities by making inquiries amid establishment Simple (and normally programmed) to get overhauls Still numerous patches to apply, yet this is valid for other working frameworks 7-4: Windows Server Operating Systems 10

Slide 11

Copyright Pearson Prentice-Hall 2010; altered by Yue Zhang, CSU-Northridge 7-5: Windows 2008 Server User Interface Looks like customer forms of Windows Ease of learning and utilize Choose Administrative Tools for most projects Tools are called Microsoft Management Consoles (MMCs) 11 Copyright Pearson Prentice-Hall 2009

Slide 12

Copyright Pearson Prentice-Hall 2010; altered by Yue Zhang, CSU-Northridge 7-6: Computer Management Microsoft Management Console (MMC) MMCs have standard client interfaces 12

Slide 13

Copyright Pearson Prentice-Hall 2010; altered by Yue Zhang, CSU-Northridge Many Versions of UNIX There are numerous business variants of UNIX for huge servers Compatible in the portion (center part) of the working framework Can for the most part run the same applications But may run a wide range of administration utilities, making cross-learning troublesome 7-7: UNIX Operating Systems 13

Slide 14

Copyright Pearson Prentice-Hall 2010; altered by Yue Zhang, CSU-Northridge Many Versions of UNIX LINUX is a variant of UNIX made for PCs Many diverse LINUX dispersions Distributions incorporate the LINUX bit in addition to application and projects, as a rule from the GNU extend Each conveyance and form needs an alternate benchmark to guide solidifying 7-7: UNIX Operating Systems 14

Slide 15

Copyright Pearson Prentice-Hall 2010; altered by Yue Zhang, CSU-Northridge Many Versions of UNIX LINUX is an adaptation of UNIX made for PCs Free or modest to purchase But may take more work to control Has moved past PC, to use on servers and a few desktops 7-7: UNIX Operating Systems 15

Slide 16

Copyright Pearson Prentice-Hall 2010; altered by Yue Zhang, CSU-Northridge User Can Select the User Interface Multiple client interfaces are accessible (dissimilar to Windows) Graphical client interfaces (GUIs) Command line interfaces (CLIs) At prompts, clients sort summons Unix CLIs are called shells (Bourne, BASH, and so on.) 7-7: UNIX Operating Systems > ls - 1 … 16

Slide 17

Copyright Pearson Prentice-Hall 2010; altered by Yue Zhang, CSU-Northridge Vulnerabilities Security shortcomings that open a project to assault An endeavor exploits a defenselessness Vendors create fixes Zero-day misuses: abuses that happen before fixes are discharged Exploits frequently take after the merchant arrival of fixes inside days or even hours Companies must apply settles rapidly 7-8: Vulnerabilities and Exploits 17

Slide 18

Copyright Pearson Prentice-Hall 2010; altered by Yue Zhang, CSU-Northridge Fixes Work-arounds Manual moves to be made Labor-serious so costly and mistake inclined Patches: Small projects that settle vulnerabilities Usually simple to download and introduce Service packs (gatherings of fixes in Windows) Version redesigns 7-8: Vulnerabilities and Exploits 18

Slide 19

Copyright Pearson Prentice-Hall 2010; altered by Yue Zhang, CSU-Northridge Problems with Patching Must discover working framework patches Windows Server does this consequently LINUX forms frequently utilize rpm … Companies get overpowered by number of patches Use numerous projects; sellers discharge numerous patches per item Especially an issue for an association\'s numerous application programs P.313 - # patches 7-9: Applying Patching 19

Slide 20

Copyright Pearson Prentice-Hall 2010; altered by Yue Zhang, CSU-Northridge Problems with Patching Cost of patch establishment Each patch takes some time and work costs Usually do not have the assets to apply all Prioritization Prioritize patches by criticality May not make a difference all patches, if hazard examination does not legitimize them 7-9: Applying Patching 20

Slide 21

Copyright Pearson Prentice-Hall 2010; altered by Yue Zhang, CSU-Northridge Problems with Patching Risks of patch establishment Reduced usefulness Freeze machines, do other harm—now and then with no uninstall conceivable Should test on a test framework before sending on servers 7-9: Applying Patching 21

Slide 22

Copyright Pearson Prentice-Hall 2010; altered by Yue Zhang, CSU-Northridge Accounts Every client must have a record Groups Individual records can be united into gatherings Can allocate efforts to establish safety to bunches Inherited by every gathering\'s individual individuals Reduces cost contrasted with appointing to people Reduces blunders 7-10: Managing Users and Groups ABC XYZ 22

Slide 23

Copyright Pearson Prentice-Hall 2010; altered by Yue Zhang, CSU-Northridge 7-11: Users and Groups in Windows 2. Select a specific client 1. Select Users or Groups Right-click. Select properties. Change chose properties. 23

Slide 24

Copyright Pearson Prentice-Hall 2010; altered by Yue Zhang, CSU-Northridge 7-13: Windows User Account Properties Administrator Account chose 24

Slide 25

Copyright Pearson Prentice-Hall 2010; altered by Yue Zhang, CSU-Northridge Super User Account Every working framework has a super client account The proprietor of this record can do anything Called Administrator in Windows Called root in UNIX Hacking Root Goal is to assume control over the super client record Will then "possess the container" Generically called hacking root 7-12: The Super User Account 25

Slide 26

Copyright Pearson Prentice-Hall 2010; altered by Yue Zhang, CSU-Northridge Appropriate Use of a Super User Account Log in as a standard client Switch to super client just when required In Windows, the summon is RunAs In UNIX, the charge is su (switch client) Quickly return to common record when super client benefits are no more required 7-12: The Super User Account 26

Slide 27

Copyright Pearson Prentice-Hall 2010; altered by Yue Zhang, CSU-Northridge Permissions Specify what the client or gathering can do to documents, catalogs, and subdirectories Assigning Permissions in Windows (Fig. 7-15) Right tap on document or catalog Select Properties, then Security tab Select a client or gathering Select the 6 standard authorizations (allow or deny) For all the more fine-grained control, 13 extraordinary consents 7-14: Managing Permissions in Windows 27

Slide 28

Copyright Pearson Prentice-Hall 2010; altered by Yue Zhang, CSU-Northridge 7-15: Assigning Permissions in Windows 28

Slide 29

Copyright Pearson Prentice-Hall 2010; altered by Yue Zhang, CSU-Northridge Inheritance If the Allow inheritable consents from guardian to proliferate to this item box is checked in the security tab, the registry gets the authorizations of the guardian index. This crate is checked as a matter of course, so legacy from the guardian is the default 7-16: The Inheritance of Permission 29

Slide 30

Copyright Pearson Prentice-Hall 2010; altered by Yu

Recommended
View more...