Preventing Server Attacks

Previous page
Table of content
Next page
 < Day Day Up > 

Preventing server attacks can be a difficult job from scratch because it is not only the operating system you need to secure, but the applications that run on top of it and the network that surrounds the server. Locking down server operating systems (OS), applications, and networks can be a long process of trial and error; however, some excellent guides and websites can make your job easier. Table 13-4 lists links to websites and PDF documents to assist in securing networks, Linux, Solaris, and Windows systems.

Table 13-4. Security Guides

System

Link

NSA: The 60 Minute Network Security Guide

http://www.nsa.gov/snac/support/sixty_minutes.pdf

NSA Security Recommendation Guides Cisco Router Guides

http://acs1.conxion.com/cisco/

Windows Server 2003 Security Guide

http://www.microsoft.com/technet/security/prodtech/windowsserver2003/W2003HG/SGCH00.mspx

NSA Guide to Securing Windows XP

http://nsa2.www.conxion.com/winxp/

NSA Security Recommendation Guides Windows 2000

http://nsa2.www.conxion.com/win2k/

NSA Guide to Secure Configuration of Solaris 8

http://nsa2.www.conxion.com/support/guides/sd-12.pdf

Linux Security HOW TO

http://www.tldp.org/HOWTO/Security-HOWTO/

Securing Linux Production Systems

http://www.puschitz.com/SecuringLinux.shtml

FOCUS on Linux: Securing Linux Part One

http://www.securityfocus.com/infocus/1419


By searching the web, you can find literally hundreds of sites with tips and tricks on securing your system, so by no means treat Table 13-4 as a single one-stop shop for protecting your systems. Table 13-5 displays a general list of known attacks and recommendations to protect your environment. This works hand in hand with the official documents in Table 13-4.

Table 13-5. Basic Prevention Recommendations

Attack Type

Recommendation

Password guessing

Implement strict password policies.

Worms and viruses

Install anti-virus software and keep it up-to-date.

Application flaws (buffer overflows)

Install and maintain the most current service packs and hot fixes.

External network attacks

Always install firewalls at the perimeter, then make sure the firewall is blocking necessary traffic.

Internal network attacks

Install a local firewall on the server to minimize access to it.

Internal/external network attacks

Install and manage a network based IDS system to monitor all traffic to and from the servers.

Ping (ICMP) sweeps

Disable ICMP on the servers to help hide them on your network.

Logging

Also enable local application logging wherever you can, such as logging server logins and disk access. Ensure you monitor the logs on a regular basis. Lastly save the log file off to another server and/or media such as tapes for long term analysis if ever required.

Server file system

Install file system integrity-checking programs such as Tripwire. This enables you to monitor unexpected changes to files and folders on the system. (See http://www.tripwire.com).

Physical access to the server room

Secure the server room and record entry and exit. Even implement cameras that monitor activity within the server room. Some companies use biometric or smart card technology for server room access, so keep these in mind.

Monitoring several servers at once

By using an enterprise product such as GFI or Microsoft Operation Manager (MOM), you can easily monitor dozens of server event logs and help resolve problems.

Backups

Keep your backup secure and log access to tapes.


Now that you have secured your systems using these extensive checklists, it is time to apply even more security, if possible. You can accomplish this by adding anti-virus programs to the server to help detect and eliminate malicious software. Table 13-6 displays a list of some of the most big-name brands on the market today.

Table 13-6. Anti-virus Software

Anti Virus Software

Link

PC-Cillin

http://uk.trendmicro-europe.com

BitDefender

http://www.bitdefender.com

AVG Anti-Virus Pro

http://www.grisoft.com/doc/1

McAfee VirusScan

http://www.macafee.com

F-Secure

http://www.f-secure.com

Norton AntiVirus

http://www.symantec.com

F-Prot Antivirus

http://www.f-prot.com

eTrust EZ AntiVirus

http://www.etrust.com

Eset NOD32

http://www.nod32.com

Panda

http://www.pandasoftware.com

Sophos

http://www.sophos.com


Adding a personal firewall can also help to prevent external users and even internal LAN users from having free access to your server. Several firewall vendors are on the market, and even Microsoft has gotten into the game by adding a firewall to XP and Server 2003. Table 13-7 lists some possible firewall solutions with links to their home pages.

Table 13-7. Firewall Software

Firewall Software

Link

ZoneAlarm Pro

http://www.zonelabs.com

Outpost Firewall Pro

http://www.outpost.uk.com

Norton Personal Firewall

http://www.symantec.com

Norman Personal Firewall

http://www.norman.com

SurfSecret Personal Firewall

http://www.surfsecret.com

BlackICE Protection

http://www.iss.net


The last topic to mention when it comes to protection of computers is Cisco Security Agent (CSA). CSA provides protection to client and server machines in a way that most other applications do not. CSA goes beyond the standard of most secure software and provides detection and protection on a behavioral-based system that helps to prevent day zero attacks. Following are some of the basic features that CSA has to offer:

  • Host intrusion prevention

  • Spyware/adware protection

  • Protection against buffer overflow attacks

  • Distributed firewall capabilities

  • Malicious mobile code protection

  • Operating-system integrity assurance

  • Application inventory

  • Audit log-consolidation

One interesting note that sets CSA apart from most anti-virus and firewall software solutions is that CSA executes from behavior-based and not signature-based detection. In other words, it does not need to be updated on a regular basis, because as abnormal behavior is observed on the host computer, such as when a virus is attacking your computer, CSA assists to prevent a successful attack. For more information on CSA, please see http://www.cisco.com/en/US/products/sw/secursw/ps5057/index.html.

After you have created this locked-down, baseline environment, your job is only just beginning. Now it is time to start monitoring and testing. You cannot totally prevent hacking attempts, but now that you are security focused and have put the appropriate monitoring into action, you can at least detect most attempts. For example, even if you implement strong password policies on your servers, hackers can attempt to log in. However, monitoring the Event Log for failure and success ensures that you remain alert to the risk. Maintaining a handle on your entry points and when and by whom they are being exercised is important.

     < Day Day Up > 

    Previous page
    Table of content
    Next page
    Penetration Testing and Network Defense
    Penetration Testing and Network Defense
    ISBN: 1587052083
    EAN: 2147483647
    Year: 2005
    Pages: 209
    Authors: Andrew Whitaker, Daniel Newman
    BUY ON AMAZON
    MySQL Stored Procedure Programming
    Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
    Building Web Applications with UML (2nd Edition)
    Programming Microsoft ASP.NET 3.5
    Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
    Python Standard Library (Nutshell Handbooks) with
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy