The Need for Host Hardening | Inside Network Perimeter Security (2nd Edition)

Leaving the system in its default configuration provides attackers with too many opportunities for obtaining unauthorized access to the host. Even if there is a well-tuned firewall in front of the machine, it's hard to anticipate every way in which attackers may access the protected system. This is why the material in this chapter is so critical to ensuring the security of your infrastructure. When erecting a house, you want to make sure that high-quality concrete is used to provide a robust foundation for the structure built upon it so that the concrete will not crack under stress. In a network security system, each measure we take to lock down the host's configuration provides us with the basis for offering secure and reliable services to the system's users.

A significant issue in host-level security is the applications installed on the system. Of course, a host is typically useless without the applications and OS components necessary for it to fulfill its function. At the same time, any software enabled on a system may be exploited due to vulnerabilities in the application or the underlying OS. A configuration flaw or a coding error can provide the attacker with access to the underlying host, offering an internal "island" from which to conduct further attacks. For example, buffer overflow exploits against a vulnerable application can allow an attacker to execute privileged commands on the targeted system. Operating systems and applications contain vulnerabilities that attackers can exploit, even though some of these vulnerabilities might not have been discovered yet or have not been publicly announced.

The NNTP Vulnerability in Windows, Circa 2004

The MS04-036 security bulletin and the associated patch, which Microsoft released in October 2004, addressed a critical vulnerability in the Network News Transfer Protocol (NNTP) component of Windows operating systems. If exploited, the bug could allow a remote attacker to gain full control over the affected host. Of course, the vulnerability existed before it was publicly announced. If the attacker possessed a "private" version of the exploit, she could have accessed the vulnerable system with little effort. Organizations that removed or disabled the NNTP component from their hosts (if it was not needed) protected themselves against this attack vector even without knowing about the vulnerability.

From a security perspective, the most reliable way of locking down the host's configuration is to begin with a minimalist systemjust the core OS (freshly patched, of course) with only administrative accounts and tightly restricted access rights. You would then add user accounts, install applications, and relax permissions only to the extent needed for the system to function properly. Unfortunately, the installation process of many operating systems and applications doesn't facilitate this process, installing unnecessary components with loose permissions in a default configuration. In such situations, you will need to carefully comb the system to disable, remove, and otherwise lock down components that unnecessarily increase the host's risk profile.

Keep in mind that as you increase the extent to which the system is locked down, you often end up decreasing the level of convenience it offers to its users. That might be one of the reasons systems are frequently shipped with too many features enabled by default. For example, Microsoft has, historically, shipped its products with userfriendly default settings for ease of setup and use, with little regard to security implications of having too many unnecessary components running on the system. With the release of Windows 2003 Server and Windows XP Service Pack 2, we have seen a shift toward tighter default configurations of Windows; however, system administrators still need to review the operating system's setup, tuning it to match their requirements.

When devising hardening procedures for hosts on your network, keep in mind the cost you incur from applying the hardening techniques and maintaining the systems that have been locked down. Not all hosts should be hardened to the same extent. If an end-user workstation, a web server, and a VPN server have different responsibilities on the network, their extent of appropriate hardening is different as well. You need to achieve the right balance between security and functionality to determine what exposure to threat is acceptable while still providing critical business services.

Securing Applications on the Host

Many of the principles discussed in this chapter in the context of OS hardening apply, to a large extent, to applications that run on top of the OS. Especially when dealing with more complicated applications such as databases and web servers, you will need to get rid of unnecessary software components and internal user accounts; establish access privileges; audit events; protect accounts, data, and configuration parameters; and so on.

Consult vendor documentation when installing an application, in case the vendor has provided best practices guidelines for locking down the program's configuration. Such recommendations may explain how to install the application so that it runs under a system account with limited privileges, and how to change the default passwords assigned to the application's internal users during the installation process. Keep in mind that you should not rely solely on the vendor's documentationseek out books and guides that offer independent advice on setting up the application in a secure manner.

An essential aspect of host hardening is ensuring the secure configuration of the underlying OS. Securing the OS involves disabling or removing unnecessary services, daemons, libraries, and other extraneous components that find their way onto the system as part of the default OS installation.