CHAPTER 4

CHAPTER 4

Manage Microsoft Windows security

approaches:

Identify minimum system services

Implement the system policy
System updates and hotfixes
IIS vulnerabilities
Features of Microsoft Security Server (ISA)

Use NTFS on all your partitions.

Disable Simple File Sharing.
Use passwords on all user account.
Use the Administrator Group with care.
Use a firewall if you have a full time internet
connection.
Install antivirus software on all workstations.
Keep up to date with hot fixes and service packs.
Password protect the screensaver.
Secure your wireless network.
Secure your backup tapes.

Password policy
Using your last name or the name of your pets as
your password and never changing it poses a
security risk.
To be strong, it is best if your password contains
characters from three of the following four
categories :

English uppercase characters (A through Z).

English lowercase characters (a through z).
Base 10 digits (0 through 9).
Non-alphabetic characters (for example, !, $, #, %).

You should also change your password

frequently- at least every 30 days.

Account policy
Do not disclose a computers identity until login
is completed successfully.
Set up the operating system so that the system
login screen does not identify the computer
system by name or function until after login is
complete.
Unauthorized personnel do not need to know the
identity of machines unless they need to use
them.

Audit policy
An audit log records an entry whenever users
perform certain specified actions.
For example, the modification of a file can trigger
an audit entry that shows the action that was
performed, the associated user account, and the
date and time of the action.
Success audit or failure audit

User rights
Allow users to perform tasks on a computer. User rights
include log on rights and privileges.
Logon rights control who is authorized to log on to a
computer and how they can log on.
Privileges control access to computer and domain resources
An example of a logon right is the ability to log on to a
computer locally.
An example of a privilege is the ability to edit a document.
Both types of user rights are assigned by administrators to
individual users or groups as part of the security settings
for the computer

A complex operating system does not

immune to its own bugs and security holes.
Hacker use the latest security hole to break
into a system and work backward from
there until they find and open door that
give them full access.
Windows update features or automatic
update keep the system up to date.

A hotfix is a code (sometimes called a

patch) that fixes a bug in a product.
Users of the products may be notified by email or obtain information about current
hotfixes at a software vendor's Web site and
download the hotfixes they wish to apply.
Keeping up with patches as they are
released saves the end-user time and
provides maximum security

PATCH

HOTFIX

Patches require the system

to be shut down before
installing the patches.

Hotfixes are applied

directly while the systems
are still run.

Patches brings many

changes

Hotfixes are usually small

changes to the software
Microsoft usually uses the
term hotfix to refer to a
small update addressing a
very specific issue

a Microsoft web server software application and set

of feature extension modules created by Microsoft
for use with Microsoft Windows
IIS
VULNERABILIT
Y
Invalid URL

SUPPORTED WEB SITES

http://www.microsoft.com/technet/security/b
ulletin
/MS00-063.asp

File Permission http://www.microsoft.com/technet/security/b

Canonicalizati ulletin /MS00-057.asp
on
URL
Redirection
DoS

http://www.microsoft.com/technet/security/b
ulletin
/MS01-044.asp

Unicode .asp
Source Code
Disclosure

http://www.securityfocus.com/vdb/

The successor to Microsoft's Proxy Server 2.0

and is part of Microsoft's .NET support
Further information :
http://www.microsoft.com/forefront/edgesec
urity/isaserver/
zh/tw/features.aspx

CHAPTER
4

Manage Open Source Software security

approaches:
Identify and disabled unnecessary port and
services
Lock identified ports
Carry out system hardening with Bastille
Maintain controlling and auditing of Root Access
using SUDO

When determining which ports to block on your

server, you must first determine which services you
require.
In most cases, block all ports that are not
exclusively required by these services.
This is tricky, because you can easily block yourself
from services you need.
If your server is an exclusive e-mail server running
SMTP and IMAP, you can block all TCP ports except
ports 25 and 143, respectively.
If your server is an exclusive HTTP server, you can
block all ports except TCP port 80.

Hardening is a process of modifying a system

to make it highly secure.
For hardening activities to be most successful
should :
Do hardening activities before the system is
connected to the network to avoid attacks.
Base configuration on the least-privilege model: the
system should grant access only to the degree
necessary for proper functionality. Similarly, users
should be allowed only the minimum set of access
rights they need

Bastille Hardening program "locks down" an

operating system, proactively configuring the
system for increased security and decreasing its
susceptibility to compromise
Bastille currently works with Red Hat, Fedora, SUSE,
Debian, Ubuntu, Gentoo, and Mandriva
distributions, as well as HP-UX.

Superuser Do (SUDO) is an open source security

tool that allows an administrator to give specific
users or groups the ability to run certain
commands as root or as another user.
The program can also log commands and
arguments entered by specified system users.

CHAPTER
4

Manage Linux Based proxy servers:

Explain benefits of Linux based Proxy Servers
implementation
Differentiate between Packet Filter and Proxy server

To speed up access to resources (using caching).

To prevent downloading the same content multiple
times (and save bandwidth).
To log / audit usage, e.g. to provide company
employee Internet usage reporting.
To scan transmitted content for malware before
delivery.
To scan outbound content, e.g., for data loss
prevention.
To keep machines behind it anonymous.

Packet Filters monitor the data packets entering the networks

How it works:
Checks the data header
Conceals the header with the new header
Sends it to the intended location in the network
Rules of packet filters:
Outbound connection on SMTP, HTTP and FTP are accepted
Internet-related traffic can be accessed
Alerts when the hackers try to hack the open ports
Data packets that holds features of the IP header source
routing must be discarded.
Approaches:
Stateless PF: reviews packet headers, allows or block the
packet
Stateful PF: maintains connection status

PROXY SERVER - passes requests and responses

unmodified is usually called a gateway or
sometimes tunneling proxy.
FORWARD PROXY - is an Internet-facing proxy used to
retrieve from a wide range of sources (in most cases
anywhere on the Internet).
REVERSE PROXY - is (usually) an Internet-facing proxy
used as a front-end to control and protect access to a
server on a private network, commonly also performing
tasks such as load-balancing, authentication, decryption
or caching.

Proxy server works as a shield and protects and

hides the computer from the outside networks.
Proxy server can be placed in the user's local
computer or at various points between the user
and the destination servers on the Internet.
The proxy sends and receives the encapsulated
packets from the specific application
Performance of a network can be increased when
there are a group of users
Can also be used for the request filtering
Can use for blocking a websites