Ten Practical Security Steps
Summary
Without good backups, there is no way to recover a lost or damaged
system whether the damage is caused by an intruder, hardware failure
or an act of nature. If system configuration is well documented
(unlikely at any site that doesn't make good backups) you can rebuild
systems but you can't get lost data back without backups.
Good passwords and firewalls keep the unwanted off systems.
Turning off services also keeps the unwanted out. Proper access
restrictions limit those on the systems to that which they need.
Theoretically, if you did a perfect job with passwords, turned
off all unneeded services, kept running services up-to-date and
properly set file access rights, you could get along without a
firewall. As a practical matter, getting one firewall right is a
lot easier than getting many hosts right. It's unlikely that
either a firewall or network services will be set up perfectly.
Doing both well provides redundancy on most systems and greatly
reduces the likelihood that there are open holes to vulnerable or
unneeded services that an intruder can find with network scanning
tools.
Not sharing files over the Internet is an especially important case of
getting the firewall rules right. Exposing your shared file systems
to the Internet creates the potential for your data to be taken or
destroyed without an intruder even needing a user name or password and
opens your systems to other compromises. A password may be all that
prevents a remote connection attempt. Since shared drives are being
discussed, the passwords will by definition be shared within your
organization and thus likely to be neither private or difficult.
Denying direct remote administrative access and limiting use of the
privilege escalation tools (su, sudo) to those authorized to use the
administrative account(s) removes the general user population with
their typically weak passwords from the easy privilege escalation
attacks. Automated checking of key system files for unexpected changes
helps to keep you confident that the systems you think are reasonably
secure, are in fact so. Finding unexpected changes warns you that you
may have an intruder on your system(s). Either one of the other steps
hasn't been done right or a calculated risk you've taken has been
exploited.
Applying security updates to your reasonably secure systems keeps
them reasonably secure. Last, not putting unneeded files on your
systems makes most of these other tasks much easier.
There is much more that can be done. If you want to claim that your
systems are very secure, there is much more that needs to be done.
These additional steps are likely to be time and or money intensive
and may involve a significant ongoing time commitment. Some of the key
ones are network based intrusion detection. Open source solutions will
be initially labor intensive and commercial solutions both labor and
financially intensive. Both will require an ongoing time commitment.
There are numerous system logs that can and should be audited but this
can be a major ongoing time consumer. Host based intrusion detection
should be extended to include processes as well as file monitoring.
Servers can be comprehensively hardened where the steps discussed here
are just the first limited moves in the required direction. This
might include TCP wrappers to add one more layer of protection around
certain networked resources. Running firewall software on each host
or workstation adds even more protection but is very labor intensive.
Any techniques that restrict local machines ability to communicate
with each other will improve security at the cost of flexibility;
replacing temporarily down systems will be much more difficult.
The foregoing apply additional security to ordinary systems.
There are additional levels of security that can be applied such
as adopting Kerberos or public key infrastructure techniques.
File systems can be encrypted. "Trusted" operating systems can
replace the standard versions. I'm sure the list goes on and
on but these are all beyond my areas of knowledge.
Top of Page -
Site Map
Copyright © 2000 - 2014 by George Shaffer. This material may be
distributed only subject to the terms and conditions set forth in
http://GeodSoft.com/terms.htm
(or http://GeodSoft.com/cgi-bin/terms.pl).
These terms are subject to change. Distribution is subject to
the current terms, or at the choice of the distributor, those
in an earlier, digitally signed electronic copy of
http://GeodSoft.com/terms.htm (or cgi-bin/terms.pl) from the
time of the distribution. Distribution of substantively modified
versions of GeodSoft content is prohibited without the explicit written
permission of George Shaffer. Distribution of the work or derivatives
of the work, in whole or in part, for commercial purposes is prohibited
unless prior written permission is obtained from George Shaffer.
Distribution in accordance with these terms, for unrestricted and
uncompensated public access, non profit, or internal company use is
allowed.
|