Security Baselines - Network Security - Lecture Slides, Slides of Cryptography and System Security

During the studies,their is a network security program offered in our university, this course is very helpful. The main points discuss in these lecture slides are:Security Baselines, Nonessential Systems, Operating Systems, Harden Applications, Harden Networks, Random Access Memory, Application Management, Malicious Code, User Datagram Protocol, Port Numbers, Windows Server

Typology: Slides

2012/2013

Uploaded on 04/24/2013

ballari
ballari 🇮🇳

4.6

(10)

117 documents

1 / 39

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Chapter 4: Security Baselines
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27

Partial preview of the text

Download Security Baselines - Network Security - Lecture Slides and more Slides Cryptography and System Security in PDF only on Docsity!

Chapter 4: Security Baselines

Objectives

  • Disable nonessential systems
  • Harden operating systems
  • Harden applications
  • Harden networks

Disabling Nonessential

Systems (continued)

  • Early terminate-and-stay-resident (TSR) programs performed functions such as displaying an instant calculator, small notepad, or address book
  • In Microsoft Windows, a background program, such as Svchostexe, is called a process
  • The process provides a service to the operating system indicated by the service name, such as AppMgmt

Disabling Nonessential

Systems (continued)

  • Users can view the display name of a service, which gives a detailed description, such as Application Management
  • A single process can provide multiple services

Disabling Nonessential

Systems (continued)

Disabling Nonessential

Systems (continued)

  • A service can be set to one of the following modes: - Automatic - Manual - Disabled
  • Besides preventing attackers from attaching malicious code to services, disabling nonessential services blocks entries into the system

Disabling Nonessential

Systems (continued)

Hardening Operating Systems

  • Hardening: process of reducing vulnerabilities
  • A hardened system is configured and updated to protect against attacks
  • Three broad categories of items should be hardened: - Operating systems - Applications that the operating system runs - Networks

Applying Updates

  • Operating systems are intended to be dynamic
  • As users’ needs change, new hardware is introduced, and more sophisticated attacks are unleashed, operating systems must be updated on a regular basis
  • However, vendors release a new version of an operating system every two to four years
  • Vendors use certain terms to refer to the different types of updates (listed in Table 4- on page 109)

Applying Updates (continued)

  • A service pack (a cumulative set of updates including fixes for problems that have not been made available through updates) provides the broadest and most complete update
  • A hotfix does not typically address security issues; instead, it corrects a specific software problem

Applying Updates (continued)

  • A patch or a software update fixes a security flaw or other problem - May be released on a regular or irregular basis, depending on the vendor or support team - A good patch management system includes the features listed on pages 111 and 112 of the text

Securing the File System

  • Another means of hardening an operating system is to restrict user access
  • Generally, users can be assigned permissions to access folders (also called directories in DOS and UNIX/Linux) and the files contained within them

Securing the File System (continued)

  • Group Policy settings: components of a user’s desktop environment that a network system administrator needs to manage
  • Group Policy settings cannot override a global setting for all computers (domain-based setting)
  • Windows stores settings for the computer’s hardware and software in a database (the registry)

Hardening Applications

  • Just as you must harden operating systems, you must also harden the applications that run on those systems
  • Hotfixes, service packs, and patches are generally available for most applications; although, not usually with the same frequency as for an operating system