Nội dung

4831xc17.fm Page 812 Wednesday, September 13, 2006 10:00 AM In this chapter, we will look at we will look at security from a more detailed viewpoint than was done in Chapter 9. Not only is the topic important enough that CompTIA added it to the Essentials exam with the latest version, but they also added it to every elective exam as well. So ubiquitous is the topic, you cannot escape it in the real world or the exam world. It is highly recommended that you read Chapter 9 as you study for your elective exam, in addition to this chapter. Understanding Security Baselines One of the first steps in developing a secure environment is to develop a baseline of the minimum security needs of your organization. A security baseline defines the level of security that will be implemented and maintained. You can choose to set a low baseline by implementing next to no security, or a high baseline that doesn’t allow users to make any changes at all to the network or their systems. In practicality, most implementations fall between the two extremes; you must determine what is best for your organization. Microsoft provides a tool for establishing a security baseline and for subsequent evaluations of security on Windows 2000 and higher OSs with the Microsoft Security Baseline Analyzer. The baseline provides the input needed to design, implement, and support a secure network. Developing the baseline includes gathering data on the specific security implementation of the systems with which you’ll be working. One of the newest standards for security is Common Criteria (CC). This document is a joint effort between Canada, France, Germany, the Netherlands, the United Kingdom, and the United States. The standard outlines a comprehensive set of evaluation criteria, broken down into seven Evaluation Assurance Levels (EALs). EAL 1 to EAL 7 are discussed here: EAL 1 EAL 1 is primarily used when the user wants assurance that the system will operate correctly, but threats to security aren’t viewed as serious. EAL 2 EAL 2 requires product developers to use good design practices. Security isn’t considered a high priority in EAL 2 certification. EAL 3 EAL 3 requires conscientious development efforts to provide moderate levels of security. 4831xc17.fm Page 813 Wednesday, September 13, 2006 10:00 AM Hardening a System 813 EAL 4 EAL 4 requires positive security engineering based on good commercial development practices. It is anticipated that EAL 4 will be the common benchmark for commercial systems. EAL 5 EAL 5 is intended to ensure that security engineering has been implemented in a product from the early design phases. It’s intended for high levels of security assurance. The EAL documentation indicates that special design considerations will mostly likely be required to achieve this level of certification. EAL 6 EAL 6 provides high levels of assurance of specialized security engineering. This certification indicates high levels of protection against significant risks. These systems will be highly secure from penetration attackers. EAL 7 EAL 7 is intended for extremely high levels of security. The certification requires extensive testing, measurement, and complete independent testing of every component. EAL certification has replaced the Trusted Computer Systems Evaluation Criteria (TCSEC) system for certification. The recommended level of certification for commercial systems is EAL 4. Currently, only a few operating systems have been approved at the EAL 4 level, and even though one may be, that doesn’t mean that your own individual implementation of it is functioning at that level. If your implementation doesn’t use the available security measures, you’re operating below that level. The network is only as strong as its weakest component. If users can install software, delete files, and change configuration, then these actions can be done within software programs such as viruses and malware as well. Windows XP (SP2), Windows Server 2003 (SP1) Standard, Enterprise, and Datacenter editions, Red Hat Enterprise Linux Version 4 update 1AS and 1WS, Windows 2000 Professional, Server, and Advanced Server (SP3) have all achieved EAL 4. Hardening a System Hardening is the process of reducing or eliminating weaknesses, securing services, and attempting to make your environment immune to attacks. Typically, when you install operating systems, applications, and network products, the defaults from the manufacturer are to make the product as simple to use as possible and to allow it to work with your existing environment as effortlessly as possible. That isn’t always the best scenario when it comes to security. You want to make certain that your systems, and the data within them, are kept as secure as possible. The security prevents others from changing the data, destroying it, or inadvertently harming it. In addition to hardening a system, you can also harden components of it. Application hardening, for example, involves making an application more difficult for non-authorized individuals to access, exploit, and so on. 4831xc17.fm Page 814 Wednesday, September 13, 2006 10:00 AM 814 Chapter 17  Installing, Configuring, Upgrading, and Optimizing Security Hardening the OS and NOS Any network is only as strong as its weakest component. Sometimes, the most obvious components are overlooked, and it’s your job as a security administrator to make certain that doesn’t happen. You must make certain that the operating systems running on the workstations and on the network servers are as secure as they can be. Hardening an operating system (OS) or network operating system (NOS) refers to the process of making the environment more secure from attacks and intruders. This section discusses hardening an OS and the methods of keeping it hardened as new threats emerge. This section will also discuss some of the vulnerabilities of the more popular operating systems and what can be done to harden those OSs. Hardening Microsoft Windows 2000 Windows 2000 entered the market at the millennium. It includes workstation and several server versions. The market has embraced these products, and they offer reasonable security when updated. Windows 2000 provides a Windows Update icon on the Start menu; this icon allows you to connect to the Microsoft website and automatically download and install updates. A large number of security updates are available for Windows 2000—make sure they’re applied. In the Windows environment, the Services Manager or applet is one of the primary methods (along with policies) used to disable a service. The server and workstation products operate in a similar manner to Windows NT 4. These products run into the most security-related problems when they’re bundled with products that Microsoft has included with them. Some of the more attack-prone products include IIS, FTP, and other common web technologies. Make sure these products are disabled if they aren’t needed, and keep them up-to-date with the most recent security and service packs. Many security updates have been issued for Windows 2000. The Microsoft TechNet and Security websites provide tools, white papers, and materials to help secure Windows 2000 systems. You can find the Microsoft TechNet website at http://technet.microsoft .com/default.aspx. The Microsoft security website is at http://www .microsoft.com/security/. Windows 2000 includes extensive system logging, reporting, and monitoring tools. These tools help make the job of monitoring security fairly easy. In addition, Windows 2000 provides a great deal of flexibility in managing groups of users, security attributes, and access control to the environment. The Event Viewer is the major tool for reviewing logs in Windows 2000. Figure 17.1 shows an example Event Viewer. Several types of events can be logged by using Event Viewer, and administrators can configure the level of events that are logged. 4831xc17.fm Page 815 Wednesday, September 13, 2006 10:00 AM Hardening a System FIGURE 17.1 815 Event Viewer log of a Windows 2000 system Another important security tool is Performance Monitor. As an administrator of a Windows 2000 network, you must know how to use Performance Monitor. This tool can be a lifesaver when you’re troubleshooting problems and looking for resource-related issues. Windows 2000 servers can run a technology called Active Directory (AD), which lets you control security configuration options of Windows 2000 systems in a network. Unfortunately, the full power of AD doesn’t work unless all the systems in the network are running Windows 2000 or higher. Hardening Microsoft Windows XP Windows XP functions as a replacement for both the Windows 9x family and Windows 2000 Professional. There are multiple versions of Windows XP, including the Home, Media Center, and Professional editions. Windows XP Home Edition was intended specifically to replace Windows 9x clients and could be installed either as an upgrade from Windows 9x or as a fresh installation on new systems. Media Center adds entertainment options (such as a remote control for TV), while Windows XP Professional is designed for the corporate environment. Windows XP Professional has the ability to take advantage of the security possible from Windows 200x servers running Active Directory. 4831xc17.fm Page 816 Wednesday, September 13, 2006 10:00 AM 816 Chapter 17  Installing, Configuring, Upgrading, and Optimizing Security With Microsoft’s increased emphasis on security, it’s reasonable to expect that the company will be working hard to make this product secure. At the time of this writing, the second service pack for XP is available. The service packs fix minor security openings within the operating system, but nothing substantial has been reported as a weakness with XP. Hardening Windows Server 2003 The update for Microsoft’s Windows 2000 Server line of products is Windows Server 2003, which is available in four varieties:  Web edition  Standard edition  Enterprise edition  Datacenter edition This product introduced the following features to the Microsoft server line:  Internet connection firewall (now called the Windows Firewall)  Secure authentication (locally and remotely)  Wireless connections as secure as they can be in today’s environments  Software restriction policies  Secure Web Server (IIS 6)  Encryption and cryptography enhancements  Improved security in VPN connections  PKI and X.509 certificate support In short, the goal was to make a product that is both secure and flexible. Hardening Unix/Linux The Unix environment and its derivatives are some of the most-installed server products in the history of the computer industry. Over a dozen versions of Unix are available; the most popular is a free derivative called Linux. Unix was created in the 1970s. The product designers took an open-systems approach, meaning that the entire source code for the operating system was readily available for most versions. This open-source philosophy has allowed tens of thousands of programmers, computer scientists, and systems developers to tinker with and improve the product. Linux and Unix, when properly configured, provide a high level of security. The major challenge with the Unix environment is configuring it properly. Unix includes the capacity to handle and run almost every protocol, service, and capability designed. You should turn off most of the services when they aren’t needed by running a script during system startup. The script will configure the protocols, and it will determine which services are started. All Unix security is handled at the file level. Files and directories need to be established properly in order to ensure correct access permissions. The file structure is hierarchical by 4831xc17.fm Page 817 Wednesday, September 13, 2006 10:00 AM Hardening a System 817 nature, and when a file folder access level is set, all subordinate file folders usually inherit this access. This inheritance of security is established by the system administrator or by a user who knows how to adjust directory permissions. Keeping patches and updates current is essential in the Unix environment. You can accomplish this by regularly visiting the developer’s website for the version/flavor you’re using and downloading the latest fixes. Linux also provides a great deal of activity logging. These logs are essential in establishing patterns of intrusion. An additional method of securing Linux systems is accomplished by adding TCP wrappers, which are low-level logging packages designed for Unix systems. Wrappers provide additional detailed logging on activity by using a specific protocol. Each protocol or port must have a wrapper installed for it. The wrappers then record activities and deny access to the service or server. As an administrator of a Unix or Linux network, you’re confronted with many configuration files and variables that you must work with in order to keep all hosts communicating properly. Hardening Novell NetWare Novell was one of the first companies to introduce a NOS for desktop computers, called NetWare. Early versions of NetWare provided the ability to connect PCs into primitive but effective LANs. The most recent version of NetWare, version 6.5, includes file sharing, print sharing, support for most clients, and fairly tight security. NetWare functions as a server product. The server has its own NOS. The NetWare software also includes client applications for a number of types of systems, including Macintoshes and PCs. You can extend the server services by adding NetWare Loadable Modules (NLMs) to the server. These modules allow executable code to be patched or inserted into the OS. NetWare version 6.x is primarily susceptible to denial of service (DoS) attacks, as opposed to exploitation and other attacks. NetWare security is accomplished through a combination of access controls, user rights, security rights, and authentication. The heart of NetWare security is the NetWare Directory Services (NDS) or eDirectory (for newer Novell implementations). NDS and eDirectory maintain information about rights, access, and usage on a NetWare-based network. A number of additional capabilities make NetWare a product worth evaluating in implementation. These include e-commerce products, document retrieval, and enhanced network printing. Prior to version 5, NetWare defaulted to the proprietary IPX/SPX protocol for networking. All newer versions of NetWare default to TCP/IP. 4831xc17.fm Page 818 Wednesday, September 13, 2006 10:00 AM 818 Chapter 17  Installing, Configuring, Upgrading, and Optimizing Security Hardening Apple Macintosh Macintosh systems seem to be most the most vulnerable to physical access attacks targeted through the console. The network implementations are as secure as any of the other systems discussed in this chapter. Macintosh security breaks down in its access control and authentication systems. Macs use a simple 32-bit password encryption scheme that is relatively easy to crack. The password file is located in the Preference folder; if this file is shared or is part of a network share, it may be vulnerable to decryption. Macintosh systems also have several proprietary network protocols that aren’t intended for routing. Recently, Macintosh systems have implemented TCP/IP networking as an integral part of the operating system. Hardening File Systems Several file systems are involved in the operating systems we’ve discussed, and they have a high level of interoperability between them—from a network perspective, that is. Through the years, the different vendors have implemented their own sets of file standards. Some of the more common file systems include the following: Microsoft FAT Microsoft’s earliest file system was referred to as File Allocation Table (FAT). FAT is designed for relatively small disk drives. It was upgraded first to FAT16 and finally to FAT32. FAT32 allows large disk systems to be used on Windows systems. FAT allows only two types of protection: share-level and user-level access privileges. If a user has Write or Change access to a drive or directory, they have access to any file in that directory. FAT is very insecure in an Internet environment. Share-level permissions apply when the file is accessed through sharing (over the network): they do not factor in if the user is local. Userlevel permissions apply to the file based upon the user who is accessing it and allow/restrict their actions accordingly. Microsoft NTFS The New Technology File System (NTFS) was introduced with Windows NT to address security problems. Before Windows NT was released, it had become apparent to Microsoft that a new file system was needed to handle growing disk sizes, security concerns, and the need for more stability. NTFS was created to address those issues. Although FAT was relatively stable if the systems that were controlling it kept running, it didn’t do so well when the power went out or the system crashed unexpectedly. One of the benefits of NTFS was a transaction tracking system, which made it possible for Windows NT to back out of any disk operations that were in progress when Windows NT crashed or lost power. With NTFS, files, directories, and volumes can each have their own security. NTFS security is flexible and built-in. Not only does NTFS track security in Access Control Lists (ACLs), which can hold permissions for local users and groups, but each entry in the ACL can specify what type of access is given—such as Read, Change, or Full Control. This allows a great deal of flexibility in setting up a network. In addition, special file-encryption programs were developed to encrypt data while it was stored on the hard disk. 4831xc17.fm Page 819 Wednesday, September 13, 2006 10:00 AM Hardening a System 819 Full control, Change, and Read are permissions available in FAT32. NTFS offers six permissions (Full Control, Modify, Read and Execute, List Folder Contents, Read, and Write) that are preconfigured from a list of 14 granular permissions (Advanced Permissions). Microsoft strongly recommends that all network shares be established using NTFS. Several current operating systems from Microsoft support both FAT32 and NTFS. It is possible to convert from FAT32 to NTFS without losing data, but you cannot do the operation in reverse (you would need to reformat the drive and install the data again from a backup tape). Novell Storage Services Novell, like Microsoft, implemented a proprietary file structure called NetWare File System. This system allows complete control of every file resource on a NetWare server. The NetWare File System was upgraded to Novell Storage Services (NSS) in version 6. NSS provides higher performance and larger file storage capacities than the NetWare File System. NSS, like its predecessor, uses the NDS or eDirectory to provide authentication for all access. Unix File System The Unix file system is a completely hierarchical file system. Each file, subdirectory, and file system has complete granularity of access control. The three primary attributes in a Unix file or directory are Read, Write, or Execute. The ability to individually create these capabilities, as well as to establish inheritance to subdirectories, gives Unix the highest level of security available for commercial systems. The major difficulty with Unix is that establishing these access-control hierarchies can be time-consuming when the system is initially configured. Figure 17.2 illustrates this hierarchical file structure. Most current operating systems have embraced this method of file organization. Unix Network File System Network File System (NFS) is a Unix protocol that allows systems to mount file systems from remote locations. This ability allows a client system to view the server or remote desktop storage as a part of the local client. NFS, while functional, is difficult to secure. The discussion of this process is beyond the scope of this book; the major issue lies in Unix’s inherent trust of authentication processes. NFS was originally implemented by Sun Microsystems, and it has become a standard protocol in Unix environments. Apple File Sharing Apple File Sharing (AFS) was intended to provide simple networking for Apple Macintosh systems. This system used a proprietary network protocol called AppleTalk. An AppleTalk network isn’t routed through the Internet and isn’t considered secure. AFS allows the file owner to establish password and access privileges. This process is similar to the Unix file system. OS X, the newest version of the Macintosh operating system, has more fully implemented a file system that is based on the Unix model. In general, Apple networking is considered as secure as the other implementations discussed in this section. The major weakness of the operating system involves physical control of the systems. Each of these file system implementations requires careful consideration when you’re implementing them in a network. You must evaluate their individual capabilities, limitations, and vulnerabilities when you’re choosing which protocols or systems to implement. 4831xc17.fm Page 820 Wednesday, September 13, 2006 10:00 AM 820 Chapter 17 FIGURE 17.2  Installing, Configuring, Upgrading, and Optimizing Security Hierarchical file structure used in Unix and other operating systems UNIX System File System \ \ETC Disk Drive \DEV \Nancy \USR \Bob \Don \Accounting Directories File \Jan \Feb 01Jan Location: \USR\Nancy\Accounting\Jan\01Jan Most OS providers support multiple protocols and methods. Turn off any protocols that aren’t needed, because each protocol or file system running on a workstation or server increases your vulnerability and exposure to attack, data loss, or DoS attacks. If at all possible, don’t share the root directories of a disk drive. Doing so allows access to system files, passwords, and other sensitive information. Establish shares off hard drives that don’t contain system files. Make sure you periodically review the manufacturers’ support websites and other support resources that are available to apply current updates and security patches to your systems. Doing this on a regular basis will lower your exposure to security risks. Working with Access Control Lists Access Control Lists (ACLs) enable devices in your network to ignore requests from specified users or systems, or to grant them certain network capabilities. You may find that a certain IP address is constantly scanning your network, and thus you can block this IP address from your network. If you block it at the router, the IP address will automatically be rejected any time it attempts to utilize your network. 4831xc17.fm Page 821 Wednesday, September 13, 2006 10:00 AM Hardening a System 821 ACLs allow a stronger set of access controls to be established in your network. The basic process of ACL control allows the administrator to design and adapt the network to deal with specific security threats. Working with Group Policies One of the most wide-sweeping administrative features that Windows 200x offers over its predecessors and other operating systems is that of Group Policy. A part of IntelliMirror, the Group Policy feature enables administrators to control desktop settings, utilize scripts, perform Internet Explorer maintenance, roll out software, redirect folders, and so forth. All of these features can be an administrator's dream in supporting LAN users. To use an analogy: When you connect a television set to the subscription cable coming through the living room wall, you get all the channels to which you subscribe. If you pay an extra $50 per month (depending on where you live), you can get close to 100 channels, including a handful of premium channels. When you turn on the television, you are free to watch any of the channels—regardless of whether the content is questionable or racy. And when you are gone, your children are free to do the same. Enter the V-chip. Before leaving your children alone with the television, you simply enable the V-chip. The V-chip enables you (the “administrator”) to restrict access to the stations that air questionable or racy programming. How is this example analogous to an operating system? On Windows 2000 Professional, for example, users can do just about anything they want to do. They can delete programs and never be able to run them again; they can send huge graphics files to a tiny printer that can print only one page every 30 minutes; they can delete the Registry and never be able to use the system again; and so forth. Enter Group Policy. Group Policy places restrictions on what a user/computer is allowed to do. It takes away liberties that were otherwise there; as such, they are never implemented for the benefit of the user (restrictions do not equal benefits), but are always there to simplify administration for the administrator. From an administrator’s standpoint, if you take away the ability to add new software, you don’t have to worry about supporting nontested applications. If you remove the ability to delete installed printers (accidentally, of course), you don’t have to waste an hour reinstalling the printer. In other words, by reducing what the users can do, you are reducing what you must support and reducing the overall administrative cost of supporting the network/computer/user. Before going any further, it is important to differentiate between roaming users and mobile users, because the two are often confused. As the name indicates, roaming users are simply users who roam throughout the LAN. One example is a secretary within a secretarial pool. On Monday, she may be working in Accounting, on Tuesday in Human Resources, and for the remainder of the week in Marketing. Within each department, she has a different computer but is still on the same LAN. Given this, by simply placing her profile on the network and configuring her as a roaming user, she will have the same desktop and access to all resources regardless of where she works that day. Not only that, but the same Group Policy will apply (and be routinely refreshed) to prevent her from permanently deleting software that has been assigned, changing her desktop, and so forth.