Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword or section
Like this

Table Of Contents

Instructional Objectives
1.1 Instructional Objectives
1.2 Overview
Best Practices for Hardening Host Systems
1.3 Best Practices for Hardening Host Systems
1.3.1 Minimization
1.3.2 Patch Management
1.3.3 Isolation of Services
1.3.4 Redundant Servers
1.3.5 Authentication
1.3.6 Changing Weak Default Settings
1.3.7 Accountability
1.3.8 Controlling Network Traffic
1.3.9 Backing Up Data
1.3.10 Physical Security
Hardening Windows 2000 Systems
1.4 Hardening Windows 2000 Systems
1.4.1 Automated Scanning Tools
1.4.2 Review Online Information About Windows Vulnerabilities
1.4.3 Removing Unnecessary Features and Applications
1.4.4 Patch Management
Hardening Windows Services
1.4.5 Hardening Windows Services
1.4.6 Group Policy and Active Directory
Figure 1: Group Policy Microsoft Management Console (MMC)
1.4.7 Security Configuration Toolset and Security Templates
Harden Internet Information Services (IIS)
1.4.8 Harden Internet Information Services (IIS)
Figure 2: IIS Lockdown Wizard Summary Report
1.4.9 Host-Based Firewalls
Figure 3: Tiny Personal Firewall Log
Hardening Red Hat Linux Systems
1.5 Hardening Red Hat Linux Systems
1.5.1 Vulnerability Scanners Explained
Figure 4: Adding a User in Nessus
Figure 6: Nessus Intro Screen
1.5.2 Minimizing with Red Hat Package Manager
1.5.3 Patch Management for Red Hat Linux Systems with Up2date
Figure 9: Linux Taskbar with up2date Notification
Figure 10: Red Hat Network Update Tool (up2date)
Securing Red Hat Linux Services
1.5.4 Securing Red Hat Linux Services
Figure 11: Contents of rc.d Directory
Figure 12: Contents of init.d Directory
Figure 13: Contents of rc5.d Directory
Figure 14: Output from chkconfig
1.5.5 Bastille-Linux
Figure 15: Bastille Intro Screen
1.5.6 IPtables Firewall
Figure 16: Host-Based IPtables Chains
Figure 17: Webmin IPtables Configuration
Figure 18: The Nmap Run Before Firewalling
Figure 20: Setting the Default Policy for the INPUT Chain
System Availability Monitoring Tools
1.6 System Availability Monitoring Tools
Figure 22: Nagios Web Interface
1.6.1 Nagios
1.6.2 How Nagios Works
Figure 23: Nagios Plug-in Architecture
1.7 Summary
1.8 Review Questions
2 Firewalls and Network Access Controls
Module 2: Firewalls and Network Access Controls
2.1 Instructional Objectives
2.2 Overview
2.3 Purpose of Filtering and Network Access Controls
2.4 Review of Firewalls and Packet Filtering
2.4.1 Stateless and Stateful Packet Filtering
2.4.2 Why Firewalls Are Important
2.4.3 How Firewalls Make Packet Filtering Decisions
2.5 IPTables (Netfilter for Linux)
Table 1: Tables Included in the IPTables Firewall and Their Associated Chains
2.5.1 IPTables Rules
Figure 25: Allowing TCP Port 10000 Inbound from
Figure 27: Creating Implicit “Drop” for Incoming and Outgoing Packets
Figure 29: Telneting to the SSH Port
Figure 30: Telneting to Port 10000
2.6 Demilitarized Zones (DMZs)
2.6.1 Preparation and Implementation for DMZs
2.6.2 Graphical Representation of a DMZ
2.6.3 Recommended DMZ Configurations
Figure 32: ICMP Traffic Destined for the Firewall
Routers as Packet Filters
2.7 Routers
2.7.1 Routers as Packet Filters
2.7.2 Ingress and Egress Filtering
2.8 Application Filtering and Access Controls on Individual Hosts
2.8.1 TCP Wrappers
2.8.3 Configuring Built-In Access Controls in Services
Packet Filtering Above Layer 4
2.9 Packet Filtering Above Layer 4
2.9.1 Snort-Inline
Figure 34: Packet Dropped by Snort Inline System
2.9.2 IPSec Access Controls
Figure 36: Local Security Settings
2.9.3 Proxy Filtering
Figure 37: Squid Proxy Server Icons
Figure 38: Ports and Networking in Squid Proxy Server
Figure 41: Changing Defaults to Allow Outbound Traffic in Squid Proxy Server
Figure 42: Ordering Proxy Restrictions in Squid Proxy Server
2.10 Pros and Cons of Firewall and Network Access Controls
2.10.1 Pros
2.10.2 Cons
2.11 Summary
2.12 Review Questions
3 Intrusion Detection
3.1 Instructional Objectives
3.2 Overview
3.3 Review of Intrusion Detection Systems
3.3.1 What Is an Intrusion Detection System?
3.3.2 Intrusion Analysis Architecture
3.3.3 Types of IDS: Signature and Anomaly
3.4 Snort
3.4.1 Snort Features
3.4.2 Snort Sensor Architecture
3.4.3 Snort Advantages
Figure 44: Sample Snort Rule File
Figure 48: IDScenter Preprocessor Wizard
Figure 49: IDScenter Output Plugin Wizard
Figure 51: IDScenter Online Update Wizard
3.5.3 PureSecure
3.5.4 Tripwire50
Table 3: Files and Directories to Monitor
IDS: LANguardSystem Integrity Monitor (SIM)
3.5.5 LANguard System Integrity Monitor (SIM)
Table 4: Files/Directories to Monitor with an IDS
Figure 53: LANguard Scan Job Settings
Figure 54: LANguard Scheduler
3.6 Deploying the IDS
3.6.1 IDS Deployment Problem 1
3.6.2 IDS Deployment Problem 2
Figure 55: Selecting Snort Rulesets in IDScenter
3.6.3 IDS Deployment Problem 3
3.6.4 IDS Deployment Problem 4
Figure 57: Registry Editor
3.7 Summary
3.8 Review Questions
4 Synchronization and Remote Logging
Module 4: Synchronization and Remote Logging
4.1 Instructional Objectives
4.2 Overview
Computer Forensics
4.3 Computer Forensics
4.4 Logging
Determine What Data Is Most Useful to Collect
Table 5: Data Categories and Types of Data to Collect
4.4.2 For All Data Categories, Capture Alerts and Any Reported Errors
Systems Sufficiently Capture the Required Information
4.4.4 Review the Logs
4.4.5 Store and Secure Logged Data
4.5 Remote Logging
4.5.1 Decide How Actively to Monitor the Various Kinds of Logged Data
4.5.2 Protect Logs to Ensure That They Are Reliable60
4.5.3 Document a Management Plan for Handling Log Files
That They Are Reliable
What Is Abnormal
Required to Preserve Data as Evidence
4.5.7 Consider Policy Issues
4.5.8 Syslog Alert and Message Configurations
4.5.9 Linux/UNIX Syslogd Client
4.5.10 Syslog-ng Vs. Syslogd
Figure 59: Sample Config File
4.5.11 NTsyslog Daemon for Windows
Figure 60: NTsyslog Service Control Manager (Main Control Panel)
Figure 61: NTsyslog Service Control Manager (Enter the Client Hosting NTsyslog)
Figure 62: NTsyslog (Syslog Server Settings)
4.5.12 Kiwi Syslog Daemon for Windows
Computer Time Synchronization
4.6 Computer Time Synchronization
4.7 Network Time Protocol (NTP)
4.7.1 Configuring the NTPd Daemon (the ntp.conf File)
4.7.2 Creating an SNTP Client in Windows 2000
4.7.3 Establishing an SNTP Server in Windows 2000
Figure 65: NetTime Interface (NetTime Options)
Figure 66: NetTime Interface (Find a Time Server)
4.7.4 Establishing an SNTP Server in a Windows Domain
Interacting with Log Files
4.8 Interacting with Log Files
4.8.1 Analyzing IIS Log File Format
Table 6: IIS Log Fields
4.8.2 Analyzing Tiny Personal Firewall Log File Format
4.8.3 Exporting Data from Log Files
Figure 67: Microsoft Notepad
4.8.4 Reviewing Log Files
4.9 Freeware Log and Forensic Tools and Applications
Table 7: Freeware Log and Forensic Tools and Applications
4.10 Identifying Attackers on Your Intranet
Identifying Attackers’ IP Addresses
4.11 Identifying Attackers’ IP Addresses
4.11.1 Investigating the IP Address’s History on Your Network
4.11.2 Enumerating the Target with Network Tools
Figure 69: A "Whois" Search on the Domain CMU.EDU
4.12 Summary
4.13 Review Questions
Answers to Review Questions
0 of .
Results for:
No results containing your search query
P. 1
Advanced Information Assurance Handbook

Advanced Information Assurance Handbook

Ratings: (0)|Views: 1 |Likes:
Published by alpac

More info:

Published by: alpac on Apr 22, 2014
Copyright:Traditional Copyright: All rights reserved


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





You're Reading a Free Preview
Pages 6 to 148 are not shown in this preview.
You're Reading a Free Preview
Page 154 is not shown in this preview.
You're Reading a Free Preview
Pages 160 to 249 are not shown in this preview.
You're Reading a Free Preview
Pages 255 to 265 are not shown in this preview.
You're Reading a Free Preview
Pages 271 to 283 are not shown in this preview.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->