Introduction to Security
In a Nutshell - CIW Course Section 3, Part B3, Chapter 5
Server Vulnerabilities
Most current operating systems are reasonably secure, but no system is completely foolproof. The biggest weakness on any network is poorly secured user accounts and policies. If an attacker can gain access to a user account then they can access all resources available to that account. Flaws or bugs in the operating system can also allow intruders access.
User and Group Permissions
Each user account or user group should have access to only the resources required to allow that user to fulfil their job role. Public servers, such as a Web server or FTP server, should have special accounts that restrict access to only certain areas of the server.
Multiple Partitions
You can often improve security by partitioning the physical disk on your server. By dividing the disk, files for specific functions can be grouped and access restricted to only those users who have the necessary authority.
- Partition1 can be used for the operating system only
- Partition 2 can be used for services and daemons running on the server
- Partition 3 can be used for data storage
Policies
System policies are rules that enforce certain behaviour. Enforcing a minimum password length, minimum password complexity and maximum password age will help strengthen the system security and make life difficult for any would be attacker.
System Defaults
Some operating systems have, by default, certain accounts that may be known to hackers. Often a guest account is present with no password set. Other times manufacturers may have placed support accounts on the system to allow their staff access. These should be changed or disabled at the earliest opportunity.
System Bugs
All systems have bugs or flaws. Some of these will be trivial, but others may be exploited by hackers to gain access or otherwise compromise the normal operations of the server. Software vendors continually strive to address any such weaknesses and will make patches and fixes available. It is up to the system administrator to ensure that these patches are applied to the server regularly.
Enhancing Server Security
There are a number of additional actions that may be taken to further secure your server. These can be summarised as the following:
- Securing the Registry in Microsoft Windows 2000
- Enabling shadow passwords
- Removing unnecessary system services
- Auditing a system
Securing the registry in Windows 2000 is an often overlooked action that is relatively easy to implement. Using regedit32, as opposed to the simpler regedit, permissions can be set on individual registry keys, thereby restricting access to possible sensitive information.
In older Unix systems passwords were stored in the passwd file. These passwords were encrypted but the file was readily accessible. Newer Unix systems store the encrypted passwords in the shadow file which is accessible to only the most privileged accounts.
Firewalls
The main function of a firewall is to create a boundary between a private network and a public network. Firewalls will default to one of two types of behaviour. A firewall can reject all traffic unless explicitly permitted. Alternatively, it can allow all traffic but specifically deny certain types of traffic.
There are three main types of firewall:
- A Packet Filter is a router or other device that inspects only the source IP address, destination address and ports.
- An Application-Level Gateway looks deeper into the IP packet and is usually considered more secure than a packet filter, but is not so good for high-volume traffic.
- A Circuit-Level Gateway is most suitable for NAT, which allows only traffic that is specifically addressed to the network.
Intrusion Detection Systems
An Intrusion Detection System (IDS) monitors internal traffic using filters and rules to log and filter selected traffic.
The three main types of IDS are network-based, host-based and hybrid.
A network-based IDS monitors traffic for the whole network for general denial-of-service attacks and exploit attempts.
A host-based IDS is an agent on a single host that monitors log files and compares these to the rules set out. This is good for sensitive hosts such as database servers or exposed Web servers.
An IDS can improve the security of a server or a network, but presents an overhead that can degrade performance.
| Protocols Used in Proxy-Oriented Bastion Hosts |
|---|
|