Professional Documents
Culture Documents
Security Policies
& Host Security
Secure Systems
1. Security policy
– What needs to be protected
– Kinds / level of protection 3. Security mechanisms
– Responsibilities – cryptography
– Auditing policy – authentication
– security protocols
Aimed at
standardizing
management
systems – not
necessarily at
standardizing
manager
behavior
• Network structure
– design or functional requirements, geography or building
requirements, network engineering constraints
• Network architecture
– Network segmentation, addressing
– Name resolution, Directories
– Start-up of services and software
• Network policy
– User rights and responsibilities
– Application limits and responsibilities
– Security and privacy
• Segmentation
– Subnet addressing
– Logical to physical address mapping (VLANs?)
– Port Blocking? Different on each subnet?
– Blocking at Firewall or Router?
• Address configuration
– Static /etc/hosts, DHCP
• Name Resolution
– DNS, WINS
• Directory Services
• SMTP
– Name aliases (eg Chris.Freeman@monash.edu.au)
– File size and type limitations for attachments
– SPAM filtering
– Virus checking
• HTTP
– Content & Style guides, plagiarism, authorisation?
– CGI / Modules allowed?
(eg Apache mod_perl, mod_ssl)
– Load Limiting
• File Systems
– Common/Shared directories? Read-only?
• Backups
– Global or Local?
– Image or File?
– Archival or Incremental?
• Printing
– Personal printing? Page count quotas?
– Colour vs Monochrome
• Passwords
– Consistent use of Strong Passwords
– UP, low, Num, # - _ + ~
Try out
– Prevent brute force and dictionary attacks pwgen
• Force users to change their password
– Set an expiration date
– Be sure to send plenty of warnings What are the likely
– Expect complaints! consequences?
(simple, written down)
• Combat Password Sniffing
– telnet, ftp etc use plaintext passwords that
are visible to protocol analysers
– Use SSH/SSL
DMZ Internet
Enterprise Service
Network Provider
IDS Outside:
IDS Inside:
Catches everything
Catches what
the world throws at
was missed by
you – Good for
the Firewall
research
• A system that performs the functions of an IDS but that can also take
action (like a firewall) to block threats.
• Configure the threats that should be handled automatically.
– Passive response still implemented for other incidents.
Traffic dropped!
Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 37
System & Network Administration
snort
Note:
If you want to experiment with Snort, use the TinyNet version rather
than the latest website version, because the attack database has
been cut back to be more understandable. It is easy to get lost in
the thousands of attack signatures in a current Snort database
Tripwire http://www.tripwire.org/
OSSEC http://www.ossec.net/
• performs log analysis, file integrity checking, policy monitoring,
real-time alerting and active response.
• has a log analysis engine that is able to correlate and analyze
logs from multiple devices and formats
Distributed design:
• a central manager stores the file integrity checking databases,
the logs, event rules, system auditing rules and major
configuration options. The manager receives information from
syslog, databases and from agents.
• an agent is a small program installed on the systems you
monitor. It collects information on real time and forwards to the
manager for analysis and correlation.
• 8. Vulnerability Assessment
• 8.1. Thinking Like the Enemy
• 8.2. Defining Assessment and Testing
• 8.3. Evaluating the Tools
• Steps:
– Identify attackers, assets, threats and other
components
– Rank the threats
– Choose mitigation strategies
– Build solutions based on the strategies
Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 48
System & Network Administration
NIST Cybersecurity
Framework
A cycle of
Continuous
Improvement
Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 51
System & Network Administration
• Checklist
– List of Hosts
– List of type and versions of OS used
– List of services provided
– List of patches applied & non-standard software
• Don’t panic
• Determine the appropriate • Pull the plug
level of response • Devise recovery plan
• Gather tracking information • Communicate the recovery
• Assess degree of exposure plan
• Implement the recovery plan
• Report the incident