Presentation: Computer Security for Student

advertisement
Computer Security
for
Student-Administered Computers
Agenda

What's the Problem?

Security Risk

Security Incidents

Defenses

Vigilance
What's the Problem at UW?
 http://staff.washington.edu/dittrich/talks/security/incidents.html

port-scanning: looking for systems to target

buffer-overrun attacks: command execution via coding errors

open account exploits: to login

packet sniffing: to learn login secrets

trojan horse attacks: to fool user into executing infected program

shared/stolen accounts: to login

denial of service attacks: to prevent or hamper use of computers

file storage: to pirate software/music/etc.

forging email or other electronic messages: to harass/threaten/fool
Security Goals
 Microsoft
Prescriptive Guidance: Security Operations
Guide for Windows 2000 Server

http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/security/
prodtech/windows/windows2000/staysecure/default.asp

Get secure

Stay secure (over time, amidst changes)
Security Risk

Managing risk to protected resources

Resources: data, applications, servers, etc.
 what's

its value?
Threat: something that could access/harm resources
 natural/physical,
unintentional/intentional

Vulnerability: point where resource can be attacked

Exploit: use of a vulnerability by a threat
 could
result in loss of confidentiality, integrity or
availability

Risks need to be ranked: low, medium, high
Security Incidents

physical: earthquake, water leak, power failure, etc.

technical vulnerability exploits: attacks, buffer overflows, ...

information gathering exploit: OS identification, wireless
leak, social engineering

denial of service exploit: resource removal, physical damage,
etc.
Defenses

Data: encryption and backups; antivirus software

Application: developer needs to enforce

Host: limit server to specific roles

Network: blocking and/or encrypting traffic

Perimeter: firewalls; authorized PCs are clean before
connecting

Physical: removable media, locks, redundancy, restricted
areas

Policies and Procedures: raise awareness and prevent abuse
Windows 2000 Defenses

Planning

Isolation

Installation and Upgrades

Antivirus software

Group Policy/Registry Changes

IPSec/Filtering

Application Lockdown
Windows 2000 Defenses: Planning

What kind?
 server:
member or domain controller?
 workstation?

What role?
 basic?

web server? cluster?
What’s required for other services?
 need
to think about this
Windows 2000 Defenses: Isolation

On Internet-connected computer:
 gather
all upgrades, antivirus software

http://www.washington.edu/computing/software

download
 Network Associates/McAfee
Netshield (server)
 McAfee VirusScan (workstation)
 upgrades and updates
 burn

on CD
Connect to a hub not connected to Internet
 Use
static, non-routable IP addresses: 10.10.xxx.xxx
Windows 2000 Defenses:
Installation and Upgrades

Install Windows 2000
 don’t
do it blindly -- read and think about it

Install latest service packs

Install security patches/hotfixes to service packs

Switch to non-privileged account
 use

RUNAS whenever elevated privileges needed
Watch logs (use EventViewer)
Windows 2000 Defenses: Antivirus

Install Netshield

Install latest upgrades/updates
 don’t
schedule to update/upgrade (not connected)
Windows 2000 Defenses:
Group Policy/Registry Changes
 %SystemRoot%\security\templates

Basic
 Basicwk.inf
(workstation)
 Basicsv.inf (member server)
 Basicdc.inf (domain controller)

Incremental
 securedc.inf
(domain controller)
 securews.inf (workstations or member servers)
 IIS Incremental.inf (IIS only)
Windows 2000 Defenses:
Apply AD Group Policy

Active Directory Users and Computers/Domain
Controllers/Properties/Group Policy/New
 type



“BaselineDC Policy”
press enter, then right-click on BaselineDC Policy
select “No Override
Edit/Windows Settings (expand)/Security Settings/Import
Policy
 locate
template BaselineDC.inf and place name in “Import Policy
From” box
 close Group Policy and then click Close

replicate to other domain controllers and reboot
Windows 2000 Defenses:
Apply Member Group Policy

Active Directory Users and Computers/Member
Servers/Properties/Group Policy/New
 type

“Baseline Policy”
Edit/Windows Settings (expand)/Security Settings/Import
Policy
 locate
template Baseline.inf and place name in “Import Policy
From” box
 close Group Policy and then click Close

repeat above for Incremental template files

replicate to other domain controllers and reboot
Windows 2000 Defenses:
Verify Group Policy


Verify with secedit (compare with existing
template)

secedit /analyze /db secedit.sdb /cfg xxxxx.inf

look at log file
Test!
Windows 2000 Defenses:
Registry Changes (in Baseline)


HKLM\System\CurrentControlSet\Services\Tcpip\Parameters

EnableICMPRedirect=0

SynAttackProtect=2

DisableIPSourceRouting=2

PerformRouterDiscovery=0
HKLM\System\CurrentControlSet\Services\AFD\Parameters

DynamicBacklogGrowthDelta=10

EnableDynamicBacklog=1

MinimumSynamicBacklog=20

MaximumDynamicBacklog=20000
Windows 2000 Defenses:
IP Filtering

Block all ports not needed for servers
Windows 2000 Defenses:
Application Lockdown
Read

application’s notes on security
IIS
IS
Incremental.inf
follow

guidelines
SQL Server
change
default system DBA passwords
protect
DBs with access rights/file permissions
Linux Defenses

Planning

Isolation

Installation and Upgrades

Antivirus software???

IP Filtering

Application Lockdown
Linux Defenses: Planning

What kind?
 workstation?
 server?

What servers?
 web
server? insecure servers?

What apps are required?

What services are required?
Linux Defenses: Isolation

On Internet-connected computer:
 gather
 burn

all upgrades
on CD
Connect to a hub not connected to Internet
 Use
static, non-routable IP addresses: 10.10.xxx.xxx
Linux Defenses:
Installation and Upgrades

Install Linux
 don’t
 put
do it blindly -- read and think about it
/tmp, /home and /var/log in separate partitions

Install latest upgrades

Switch to non-privileged account
 use

“su -” whenever elevated privileges needed
Watch logs (usually in /var/log)
Linux Defenses:
IP Filtering

tcp wrappers
 /etc/hosts.deny

ALL:ALL
 /etc/hosts.allow

ALL: 10. LOCAL

sshd: ALL
 /etc/xinetd.d

disable=yes for undesired services
 killall
-USR2 xinetd
Linux Defenses:
Apache Lockdown

Apache -- start by restricting everything
<Directory />
Options None
AllowOverride None
Order deny,allow
Deny from all
</Directory>
 then

allow by specific directories
want to disable CGI, includes
Linux Defenses:
FTP Lockdown

should not use -- sends passwords in plain text
 use

ssh/scp/sftp instead
/etc/ftpusers

should NOT include root or other privileged accounts

disallow anonymous FTP
 should
read:
class all real *
References
 http://www.washington.edu/computing/security
 Microsoft
Baseline Security Analyzer

for 2000/XP

requires Internet access to run

http://www.microsoft.com/technet/treeview/default.asp?url
=/technet/security/tools/Tools/mbsahome.asp
 SANS


Institute Bookstore (Windows 2000 & Linux)
SANS = System Administration, Networking and Security)
https://www.washington.edu/computing/software/sitelicens
es/sans/sw/access.html
Download