Pi's Website - Archived

Vista Q & A
Home
Common Errors
Helpful Links
Linux
Tutorial Index
Windows Vista
Contact Us
Site Map
PC & Certification Info
Tweaks
Programs

3.5 Understand the following concepts of Security Baselines, be able to explain what a Security Baseline is, and understand the implementation and configuration of each kind of intrusion detection system

o OS / NOS (Operating System / Network Operating System) Hardening

o File System
o Updates (Hotfixes, Service Packs, Patches)

o Network Hardening

 

  • Updates (Firmware) 
  • Configuration
      •  Enabling and Disabling Services and Protocols 
      • Access Control Lists

o Application Hardening

    • Updates (Hotfixes, Service Packs, Patches)
    • Web Servers
    • E-mail Servers
    • FTP (File Transfer Protocol) Servers
    • DNS (Domain Name Service) Servers
    • NNTP (Network News Transfer Protocol) Servers
    • File / Print Servers
    • DHCP (Dynamic Host Configuration Protocol) Servers
    • Data Repositories
    • Directory Services
    • Databases

Security Baselines

Security baselines are essentially a set form of the lowest allowed security measures taken.  They should always be held and exceeded, if possible.

OS/NOS Hardening

OS Hardening is securing an Operating System (OS).  If possible, the OS should be configured to automatically update on a regular, preferrably daily basis.  Critical files should have some form of access control and encryption.  All unnecessary software and services should be disabled/uninstalled.

File System

There are many different types of file systems.  For Windows computers, NTFS is recommended over FAT-32 since NTFS includes access control and is more secure.  For UNIX-based OSes, there are several including extfs and ReiserFS.  It is best to read about the features and weaknesses of each file system before choosing one\

Updates

Updates should be installed quickly, but not before having them tested on a test machine to make sure they do not cause more problems than they prevent.  The website of the software's vendor should have updates and patches.

Network Hardening

Network hardening is securing a network and all of its devices.

Updates

All devices should have their firmware, or programming, update frequently after being tested to ensure that they remain secure and patched.

Configuration

All devices should have their default passwords and configuration changed to make them fit your network and remain more secure.  Check the website of the vendor to see if they have any sort of guide or recommendations, and write down how you have configured and set up the device for future reference.

Services and Protocols

As mentioned several times, disable any services and protocols that are not necessary, especially ones such as SNMP.

ACLs

ACLs should be used to block unwanted traffic that may be hostile.  For example, one could deny all inbound traffic that doesn't meet certain criteria and permit all outbound traffic except for malicious traffic.

Application Hardening

This refers to securing the applications on a workstation or server

Updates

Again, all updates should be installed as soon as they are tested.

Servers

Servers are very important, and the software on them must be secured.  Each type of server will need open ports (ex 80 and 443 for a web server and 20 & 21 for an FTP server) based on their function.

Resources:
Security+ Study Guide & DVD Training System, Second Edition. By: Ido Dubrawsky, Jeremy Faircloth
ISBN: 1597491535 http://www.syngress.com/catalog/?pid=4350

PrepLogic Security+ Mega Guide - http://www.preplogic.com/products/mega-guides/mega-guides-product-details.asp?eid=129

ExamCram CompTIA Security+ ISBN 0-7897-2910-5 Que Publishing July 2006.

This page was last modified on 07/28/07 02:09 PM