Application, Data and Host Security

4.
0 Application, Data
and Host Security
Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
4.1 Explain the importance of application security
Fuzzing
Secure coding concepts
Error and exception handling
Input validation
Cross-site scripting prevention
Cross-site Request Forgery (XSRF) prevention
Application configuration baseline (proper settings)
Application hardening
Application patch management
Fuzzing
Most applications that are written to accept input expect a particular type of data to be
givenstring values, numerical values, and so on. Sometimes, it is possible to enter
unexpected values and cause the application to crash. When that happens, it may be
possible for the user to be left with elevated privileges or access to values they should not
have. Fuzzing is the technique of providing unexpected values as input to an application
to try to make it crash. Those values can be random, invalid, or just unexpected, and a
common method is to flood the input with a stream of random bits.
The best way to prevent fuzzing from being an exploit possible on your systems is to do
fuzz testing to find and fix the problems first.

Error and exception handling
The purpose of code review is to look at all custom written code for holes that
may exist. The review needs to also examine changes that the codemost
likely in the form of a finished applicationmay make: configuration files,
libraries, and the like. During this examination, look for threats such as
opportunities for injection to occur (SQL, LDAP, code, etc.), cross-site request
forgery, and authentication.

Input validation
Anytime a user must supply values in a session, the data entered should be
validated. Many vendors, however, have fallen prey to input validation
vulnerabilities within their code. In some instances, empty values have been
accepted, while others have allowed privilege escalation if certain backdoor
passwords were used.
The best protection against input-validation vulnerabilities is for developers to
follow best practices and always validate all values entered. As an
administrator, when you learn of an input-validation vulnerability with any
application on your system, you should immediately stop using it until a patch
has been released and installed
Cross-Site Scripting
Using a client-side scripting language, it is possible for a ne'er-do-well to trick a
user into visiting their site and have code then execute locally. When this is
done, it is known as cross-site scripting (XSS).
The best protection against cross-site scripting is to disable the running of
scripts.
Cross-site Request Forgery

Cross-Site Request Forgery,
Also known as XSRF, session riding, and one-click attack, involves unauthorized
commands coming from a trusted user to the website. This is often done
without the user's knowledge and employs some type of social networking to
pull it off.
Facebook is but an example of where this could happen. With the increased
usage of Internet Relay Chat (IRC), this type of attack can happen anywhere
one user can talk and interact with other users. Characteristics common to
these attacks include ascertaining a user's identity, exploiting their trust (often
by trickery), and using HTTP requests.
XSRF attacks can be easily confused with other types of attacks, such as
phishing, but the key is that they always involve a site that relies on a user's
identity and take advantage of the fact that the user being tricked is a trusted
user on that site. The major limitation of this attack is that the victim must be
lured in; header checking can stop it cold.
Application configuration baseline

Baselining
Always involves comparing performance to a metric. That metric is a historical
measurement that you can point to and identify as being before a
configuration change, before the site became busy, before you added new
services, and so on. Baselining can be done with any metric, such as network
performance or CPU usage, as well as with applications.
It is advisable to do baselining with key applications prior to major
configuration changes. Make certain that applications have proper settings to
work at their optimal values and provide security protection as well.
Application hardening
Application hardening helps ensure that vulnerabilities are minimized. Make
sure you run only the applications and services that are needed to support
your environment. Attackers can target application protocols. Many of the
newer systems offer a rich environment for end users, and each protocol
increases your risk.
Application patch management

Just as you need to keep the operating system patches current, because they
often fix security problems that are discovered with the OS, you need to do the
same with application patches for the same purpose. Once an exploit in an
application becomes known, an attacker can take advantage of it to enter or
harm a system. Most vendors post patches on a regular basis, and you should
routinely scan for any that are available.
A large number of attacks today are targeted at client systems for the simple
reason that clients do not always manage application patching well. When you
couple that with the fact that most clients have many applications running, you
increase the odds of being able to find a weakness to exploit
10
4.2 Carry out appropriate procedures

to establish host security
Operating system security and settings
Anti-malware
Anti-virus
Anti-spam
Anti-spyware
Pop-up blockers
Host-based firewalls
Patch management
Hardware security
Cable locks
Safe
Locking cabinets
Host software baselining

Mobile devices
Screen lock
Strong password
Device encryption
Remote wipe/sanitation
Voice encryption
GPS tracking
Virtualization
11
Operating system security and settings

Hardening an operating system (OS) refers to the process of
making the environment more secure from attacks and
intruders.
Disabling unnecessary services
Protecting the management interface (and applications)
Adhering to solid authentication protection
Disabling unnecessary accounts
12
Anti-malware
Install Antivirus Software Antivirus software should be installed and definitions kept
current on all hosts. Antivirus software should run on the server as well as on every
workstation. In addition to active monitoring of incoming files, scans should be conducted
regularly to catch any infections that have slipped through.
Install Antispam Filters It is estimated that over 98 percent of all email is now spam.
Spam filters are needed to keep the majority of this unwanted email from reaching the
users.
Install Antispyware Software Some antispyware software is combined with antivirus
packages, while other programs are available as standalones. Regardless of the type you
use, you must regularly look for spyware (often identified by the presence of tracking
cookies) on hosts and remove those that get installed.
Utilize Pop-up Blockers Pop-ups are not only irritating but also a security threat. Pop-ups
(including pop-unders) represent unwanted programs running on the system and can
jeopardize well-being.
Employ Host-Based Firewalls A firewall is the first line of defense against attackers and
malware. Almost every current operating system includes a firewall, and most are turned
on by default.
13
Patch management
Updates help keep operating systems up to the most current revision level. Researching
updates is important to stay protected from newly discovered threats; when possible, so
is getting feedback from other users before you install an update so you can learn form
their experiences what difficulties may be encountered.
Hotfixes
Hotfixes are used to make repairs to a system during normal operation, even though they
might require a reboot
Service Pack
A service pack or support pack (depending upon the vendor) is a comprehensive set of
fixes consolidated into a single product.
Patches
A patch is a temporary or quick fix to a program. Patches may be used to temporarily
bypass a set of instructions that have malfunctioned. Several OS manufacturers issue
patches that can either be manually applied or applied using a disk file to fix a program.
14
Hardware security
Cable locks
15
Safe
Locking cabinets
Host software baselining

One of the first steps in developing a secure environment is to develop a baseline of the
minimum security needs of your organization. A security baseline defines the level of
security that will be implemented and maintained. You can choose to set a low baseline
by implementing next to no security or a high baseline that doesn't allow users to make
any changes at all to the network or their systems. In practice, most implementations fall
between the two extremes; you must determine what is best for your organization.
16
Mobile devices
Screen lock
Strong password
Device encryption
Remote wipe/sanitation
Voice encryption
17
Virtualization
Virtualization technology allows you to take any single physical device and hide its
characteristics from usersin essence allowing you to run multiple items on one device
and make them appear as if they are stand-alone entities.
Breaking Out of the Virtual Machine If a malcontent could break out of the
virtualization layer and be able to access the other virtual machines, they could access
data they should never have access to.
Network and Security Controls Can Intermingle The tools used to administer the
virtual machine may not have the same granularity as those used to manage the network.
This could lead to privilege escalation and a compromise of security.
18
4.3 Explain the importance of data security
Data Loss Prevention (DLP)

Data encryption
Full disk
Database
Individual files
Removable media
Mobile devices
Hardware based encryption devices

TPM
HSM
USB encryption
Hard drive
19

systems monitor the contents of systems

(workstations, servers, and networks) to make sure key content is not deleted or
removed.
One of the best-known DLP systems is MyDLP, an open source solution that runs on most
Windows platforms .There are also a large number of commercial programs available for
purchase, including Microsoft Forefront
20
Data encryption
Full disk
Database
Individual files
Removable media
Mobile devices
21
Hardware based encryption devices

TPM :
The Trusted Platform Module offers facilities for the secure generation of
cryptographic keys, and limitation of their use, in addition to a random number
generator. It also includes capabilities such as remote attestation and sealed
storage.
Software can use a Trusted Platform Module to authenticate hardware devices.
Since each TPM chip has a unique and secret RSA key burned in as it is
produced, it is capable of performing platform authentication.
HSM:
Hardware security module (HSM) is a physical computing device that
safeguards and manages digital keys for strong authentication and provides
crypto processing without revealing decrypted data. These modules
traditionally come in the form of a plug-in card or an external security device
that can be attached directly to a server or general purpose computer through
a network or universal serial bus (USB) connection.
USB encryption
Hard drive
22
Questions??
24

Application, Data and Host Security

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Application, Data and Host Security

Hochgeladen von

Copyright:

Verfügbare Formate

4.

4.1 Explain the importance of application security

Secure coding concepts

Secure coding concepts

Cross-site Request Forgery

Application configuration baseline

Application patch management

4.2 Carry out appropriate procedures

Host software baselining

Operating system security and settings

Host software baselining

4.3 Explain the importance of data security

Data Loss Prevention (DLP)

Hardware based encryption devices

Data Loss Prevention (DLP)

systems monitor the contents of systems

Hardware based encryption devices

Das könnte Ihnen auch gefallen