|
Leaving the system in its default configuration provides attackers with too many opportunities for obtaining unauthorized access to the host. Even if there is a well-tuned firewall in front of the machine, it's hard to anticipate every way in which attackers may access the protected system. This is why the material in this chapter is so critical to ensuring the security of your infrastructure. When erecting a house, you want to make sure that high-quality concrete is used to provide a robust foundation for the structure built upon it so that the concrete will not crack under stress. In a network security system, each measure we take to lock down the host's configuration provides us with the basis for offering secure and reliable services to the system's users. A significant issue in host-level security is the applications installed on the system. Of course, a host is typically useless without the applications and OS components necessary for it to fulfill its function. At the same time, any software enabled on a system may be exploited due to vulnerabilities in the application or the underlying OS. A configuration flaw or a coding error can provide the attacker with access to the underlying host, offering an internal "island" from which to conduct further attacks. For example, buffer overflow exploits against a vulnerable application can allow an attacker to execute privileged commands on the targeted system. Operating systems and applications contain vulnerabilities that attackers can exploit, even though some of these vulnerabilities might not have been discovered yet or have not been publicly announced.
From a security perspective, the most reliable way of locking down the host's configuration is to begin with a minimalist systemjust the core OS (freshly patched, of course) with only administrative accounts and tightly restricted access rights. You would then add user accounts, install applications, and relax permissions only to the extent needed for the system to function properly. Unfortunately, the installation process of many operating systems and applications doesn't facilitate this process, installing unnecessary components with loose permissions in a default configuration. In such situations, you will need to carefully comb the system to disable, remove, and otherwise lock down components that unnecessarily increase the host's risk profile. Keep in mind that as you increase the extent to which the system is locked down, you often end up decreasing the level of convenience it offers to its users. That might be one of the reasons systems are frequently shipped with too many features enabled by default. For example, Microsoft has, historically, shipped its products with userfriendly default settings for ease of setup and use, with little regard to security implications of having too many unnecessary components running on the system. With the release of Windows 2003 Server and Windows XP Service Pack 2, we have seen a shift toward tighter default configurations of Windows; however, system administrators still need to review the operating system's setup, tuning it to match their requirements. When devising hardening procedures for hosts on your network, keep in mind the cost you incur from applying the hardening techniques and maintaining the systems that have been locked down. Not all hosts should be hardened to the same extent. If an end-user workstation, a web server, and a VPN server have different responsibilities on the network, their extent of appropriate hardening is different as well. You need to achieve the right balance between security and functionality to determine what exposure to threat is acceptable while still providing critical business services.
An essential aspect of host hardening is ensuring the secure configuration of the underlying OS. Securing the OS involves disabling or removing unnecessary services, daemons, libraries, and other extraneous components that find their way onto the system as part of the default OS installation. |
|