Summary

This chapter introduced you to the concept of hardening operating systems, network devices, and applications. In order to secure a network, each of the elements in its environment must be individually evaluated. Remember, your network is no more secure than your weakest link.

Security baselines provide a standardized method for evaluating the security capabilities of particular products. Never consider an operating system or application to be secured unless it has been certified using the EAL standard. The EAL system works off of a seven-level certification.

Common Criteria has replaced TCSEC as the primary security certification. EAL 4 is the level recommended to provide reasonable security for commercial operating systems.

The number of vulnerabilities is rapidly increasing. The increase is partially due to the fact that many systems manufacturers did not take security issues seriously enough in the past. This attitude is changing, and many of the larger manufacturers now realize the damage that security leaks cause to their users.

The process of making a server or an application resistant to attack is called hardening. One of the major methods of hardening an operating system is to disable any protocols that are not needed in a system. Keeping systems updated will also help improve security.

The common protocols used in PC-based networks are NetBEUI, IPX/ SPX, and TCP/IP. Each of these protocols creates unique security challenges that must be addressed.

Large-scale networks often use UNIX networks and additional protocols, such as NFS. NFS is difficult to secure, and it should not be used in external networks. Additional security is available in this environment if secure VPN connections are used.

The FAT file system provides user-level and share-level security. Because of this, FAT is largely unsuitable as a file system for use in secure environments. NTFS provides security capabilities similar to UNIX, and it allows control of individual files using various criteria.

Manufacturers and venders provide product updates to improve security and to fix errors in the products they support. The three primary methods of upgrading systems are hotfixes, service packs, and patches. Hotfixes are usually meant as temporary fixes to a system until a permanent fix can be found. Microsoft refers to its bug patches as hotfixes. Service packs usually contain multiple fixes to a system. Patches are used to temporarily fix a program until a permanent fix can be applied. Manufacturers tend to replace entire programs rather than patching or hotfixing systems. When installing a patch, make sure that you follow the directions to the letter. An improperly installed patch can render a system unusable.

Network devices are becoming increasingly complicated, and they require that updates applied on a regular basis. The update process is usually accomplished using either a terminal-based or web-based utility. Routers and other devices are increasingly being targeted for attack by intruders. Make sure they are kept to the current software release.

Unused protocols should be disabled on all devices. Each protocol used increases the potential vulnerability of your environment. ACLs are being implemented in network devices and systems to enable the control of access to systems and users. ACLs allow individual systems, users, or IP addresses to be ignored.

Application hardening helps ensure that vulnerabilities are minimized. Make sure that you run only the applications and services that are needed to support your environment. Application protocols can be targeted by attackers. Many of the newer systems offer a rich environment for end users. Each protocol increases your risk.

Directory services allow information to be shared in a structured manner to large numbers of users. These services must be secure in order to prevent impersonation or embarrassment. The more common directory services used are LDAP, AD, X.500, and eDirectory.

Database technologies are vulnerable to attacks due to the nature of the flexibility they provide. Make sure that database servers and applications are kept up to date. To provide increased security, many environments have implemented multi-tiered approaches to data access.



CompTIA Security+ Study Guide. Exam SY0-101
Security+ Study Guide
ISBN: 078214098X
EAN: 2147483647
Year: 2006
Pages: 167

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net