Understanding Security

Previous page
Table of content
Next page

Understanding Security

The most fundamental skill in securing computers and networks is understanding the big picture of security. By understanding the big picture of how to secure computers and networks as well as the limitations of security, you can avoid spending time, money, and energy attempting impossible or impractical security measures. You can also spend less time resecuring assets that have been jeopardized by poorly conceived or ineffective security measures.

Granting the Least Privilege Required

Always think of security in terms of granting the least amount of privileges required to carry out the task. Excess privileges serve no useful business or technical proposes and can lead to users, administrators, or attackers taking advantage of them.

Defending Each Network Layer

Imagine the security of your network as an onion. Each layer you pull away gets you closer to the center, where the critical asset exists. On your network, defend each layer as though the next outer layer is ineffective or nonexistent. The aggregate security of your network will increase exponentially if you defend vigilantly at all levels.

Reducing the Attack Surface

Attackers are functionally unlimited and thus possess unlimited time, while you have limited time and resources. (The concept of being functionally unlimited is detailed in Chapter 2, Understanding Your Enemy. ) An attacker needs to know of only one vulnerability to successfully attack your network, while you must pinpoint all your vulnerabilities to defend your network. The smaller your attack surface, the better chance you have of accounting for all assets and their protection. Attackers will have fewer targets, and you will have less to monitor and maintain.

Avoiding Assumptions

Making assumptions will generally result in you overlooking, prematurely dismissing, or incorrectly assessing critical details. Often these details are not obvious or are buried deep within a process or technology. That is why you must test everything! You might also want to hire a third party to assess the security of your network or applications. Some organizations might even have legal or regulatory compliance statutes that require them to undergo this type of evaluation.

Protecting, Detecting, and Responding

When you think about securing a computer or a network, think about how you can protect the asset proactively, detect attempted security incidents, and respond to security incidents. This is the security life cycle. By looking at security from this perspective, you will be better prepared to handle unpredictable events.

Securing by Design, Default, and Deployment

When you design networks, ensure that the following criteria are met:

  • Your design is completed with security as an integral component.

  • Your design is secure by default.

  • The deployment and ongoing management of the implementation maintains the security of the network.

By accomplishing these three goals, you can address security proactively and natively rather than reactively and artificially.

The 10 Immutable Laws of Security

In 2000, Scott Culp of the Microsoft Security Response Center published the article The Ten Immutable Laws of Security on the Microsoft Web site, which you can read at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/security/essays/10imlaws.asp. Despite that the Internet and computer security are changing at a staggering rate, these laws remain true. These 10 laws do an excellent job of describing some of the limitations of security:

  1. If a bad guy can persuade you to run his program on your computer, it s not your computer anymore.

    Often attackers attempt to encourage the user to install software on the attacker s behalf. Many viruses and Trojan horse applications operate this way. For example, the ILOVEYOU virus succeeded only because unwitting users ran the script when it arrived in an e-mail message. Another emerging class of applications that attackers prompt a user to install are spyware applications. Once installed, spyware monitors a user s activities on his computer and reports the results to the attacker.

  2. If a bad guy can alter the operating system on your computer, it s not your computer anymore.

    A securely installed operating system and the securely procured hardware that it is installed on is referred to as a Trusted Computing Base (TCB). If an attacker can replace or modify any of the operating system files or certain components of the system s hardware, the TCB can no longer be trusted. For example, an attacker might replace the file Passfilt.dll, which is used to enforce password complexity with a version of the file that also records all passwords used on the system. If an operating system has been comprised or you cannot prove that it has not been compromised, you should no longer trust the operating system.

  3. If a bad guy has unrestricted physical access to your computer, it s not your computer anymore.

    Once an attacker possesses physical access to a computer, you can do little to prevent the attacker from gaining administrator privileges on the operating system. With administrator privilege compromised, nearly all persistently stored data is at risk of being exposed. Similarly, an attacker with physical access could install hardware or software to monitor and record keystrokes that is completely transparent to the user. If a computer has been physically compromised or you cannot prove otherwise, you should not trust the computer.

  4. If you allow a bad guy to upload programs to your Web site, it s not your Web site any more.

    An attacker who can execute applications or modify code on your Web site can take full control of the Web site. The most obvious symptom of this is an attacker defacing an organization s Web site. A corollary to this law is that if a Web site requests input from the user, attackers will use bad input. For example, you might have a form that asks for a number between 1 and 100. While normal users will enter numbers within the specified data range, an attacker will try to use any data input he feels will break the back-end application.

  5. Weak passwords trump strong security.

    Even if a network design is thoroughly secure, if users and administrators use blank, default, or otherwise simple passwords, the security will be rendered ineffective once an attacker cracks the password.

  6. A machine is only as secure as the administrator is trustworthy.

    One constant on all networks is that you must trust the network administrators. The more administrative privileges an administrator account has, the more the administrator must be trusted. In other words, if you do not trust someone, do not give him administrator privileges.

  7. Encrypted data is only as secure as the decryption key.

    No encryption algorithm will protect the ciphertext from an attacker if she possesses or can gain possession of the decryption key. Encryption alone is not a solution to a business problem unless there is a strong component of key management and unless users and administrators are vigilant in protecting their keys or key material.

  8. An out-of-date virus scanner is only marginally better than no virus scanner at all.

    New computer viruses, worms, and Trojan horses are always emerging and existing ones evolving. Consequently, antivirus software can become outdated quickly. As new or modified viruses are released, antivirus software is updated. Antivirus software that is not updated to recognize a given virus will not be able to prevent it.

  9. Absolute anonymity isn t practical, in real life or on the Web.

    Two issues related to security that are often confused are privacy and anonymity. Anonymity means that your identity and details about your identity are completely unknown and untraceable, while privacy means that your identity and details about your identity are not disclosed. Privacy is essential, and technology and laws make achieving it possible. On the other hand, anonymity is not possible or practical when on the Internet, or when using computers in general.

  10. Technology is not a panacea.

    Although technology can secure computers and computer networks, it is not and will never be a solution in and of itself. You must combine technology with people and processes to create a secure computing environment.

The 10 Immutable Laws of Security Administration

As a follow-up to his article on security, Microsoft s Scott Culp wrote The Ten Immutable Laws of Security Administration, which you can find at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/security/essays/10salaws.asp. These 10 laws address the security issues that network administrators must contend with, issues entirely separate from the day-to-day security concerns of users:

  1. Nobody believes anything bad can happen to them, until it does.

    Because attacks on computer networks often cannot be seen, felt, or heard, it is easy for users and administrators to place them out of their minds. With attacks far from one s mind, it is difficult to see the need for security. Unfortunately, after a security incident takes place, the need for security is frequently still dismissed and the breach regarded as a one-time incident. Attackers will attempt to compromise the security of your network. It is not a question of if or when it is a question of how frequently. You must protect your networks against attackers, detect their attempts to compromise your network, and respond when security incidents do occur.

  2. Security only works if the secure way also happens to be the easy way.

    For most users and administrators, the more difficult or invasive a security measure is, the more likely they are to ignore it, forget it, or subvert it. Ideally, security should be transparent to users and administrators. When the security measure requires a user or an administrator to change his behavior, you should create clear and easy-to-follow procedures for completing the task in question and explain your rationale for implementing the security measure.

  3. If you don t keep up with security fixes, your network won t be yours for long.

    After a security update is announced and the vulnerability is explained, a race begins between attackers attempting to exploit the vulnerability and administrators attempting to apply the security update. If you do not keep up with applying security updates, an attacker will exploit one of the known vulnerabilities on your network.

  4. It doesn t do much good to install security fixes on a computer that was never secure to begin with.

    Although installing security updates will prevent exposure to newly discovered vulnerabilities, installing security updates in and of itself will not result in a secure computer. For a computer to be secure, it is essential that the base operating system be securely configured.

  5. Eternal vigilance is the price of security.

    Security is an ongoing effort. The security administrator must remain vigilant to attacks and attackers who constantly strive to increase the level of sophistication of their attacks. An infinite number of potential attackers exist, and they have infinite time on their hands to crack your network. Attackers have little to lose and need to know only one exploit. Security administrators, on the other hand, have a finite amount of time and resources to defend their organization s network. A security administrator is defeated when a single attack is successful against the network.

  6. There really is someone out there trying to guess your passwords.

    Because of the mythic qualities surrounding attackers much like the monster under the bed it is easy to push the possibility of attackers out of one s mind. Unlike the monster under the bed, attackers do exist and they do attack networks. In movies, attackers break powerful encryption algorithms; in real life, they guess simple passwords and exploit mundane, known vulnerabilities.

  7. The most secure network is a well-administered one.

    Although a security expert can secure a network, it will not remain secure if it is not well managed from the CIO, to the security administrator, to the end user.

  8. The difficulty of defending a network is directly proportional to its complexity.

    The more complex a network is, the greater the chance for administrators to misconfigure computers, lose track of the configuration of computers, and fail to understand how the network really works. When in doubt, keep it simple.

  9. Security isn t about risk avoidance; it s about risk management.

    You will never avoid all security risks. It would be too costly and impractical. Claims of unbreakable security stem from ignorance or arrogance.

  10. Technology is not a panacea.

    Although it is essential to ensure the bits and bytes on your network are configured securely, doing so will not prevent rogue administrators, poor processes, careless users, or apathetic managers.


Previous page
Table of content
Next page
Microsoft Windows Security Resource Kit
Microsoft Windows Security Resource Kit
ISBN: 0735621748
EAN: 2147483647
Year: 2003
Pages: 189
Authors: Ben Smith, Brian Komar
BUY ON AMAZON
A+ Fast Pass
Adobe After Effects 7.0 Studio Techniques
After Effects and Photoshop: Animation and Production Effects for DV and Film, Second Edition
Quantitative Methods in Project Management
VBScript in a Nutshell, 2nd Edition
Understanding Digital Signal Processing (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy