34,333
edits
Changes
no edit summary
== Security Baselines ==
The process of ''baselining'' involves both the configuration of the IT environment to confirm to consistent standard levels (such as password security and the disabling of non-essential standardsservices) combined with the identification of what constitutes typical behavior on a network or computer system (such that malicious behavior can more easily be identified should it occur during the baselining process).
The baselining process involves the hardening the key components of the IT architecture to reduce the risks of attack. The thre three main areas requiring hardening are operating system, network and applications, each of which will be covered in detail in the remainder of this chapter.
== Operating System Hardening ==
<google>ADSDAQBOX_FLOW</google>
The hardening of operating systems involves ensuring that the system to is configured to limit the possibility of either internal or external attack. While the methods for hardening vary from one operating system to another the concepts involved are largely similar regardless of whether Windows, UNIX, Linux, MacOS X or any other system is being baselined. Some basic hardening techniques are as follows:
* '''Non-essential services''' - It is important that an operating system only be configured to run the services required to perform the tasks for which it is assigned. For example, unless a host is functioning as a web or mail server there is no need to have HTTP or SMTP services running on the system.
== Application Hardening ==
All applications and services installed on network based host systems must be included in the security hardening process to ensure that they do not provide a weak link in the security defenses. A number of common operating system based services are installed installed by default and need to be reviewed.
== Web Servers ==
For non-public sites, authentication methods should be put in place and for sites that are only to be accessible by internal users, an intranet approach should be used so that external access is prevented by a firewall. For the purposes of secure web based transactions Secure Sockets Layer (SSL) communication should be implemented.
Web server logs should be reviewed routinuly routinely for suspicious activity. Any attempts to access unusual URLs on the web server typically indicate an attempt to exploit problems in outdated or unpatched web servers.
As with all software, steps should be taken to ensure that web servers are updated with the latest vendor supplied patches.
== FTP Servers ==
The purpose of the File Transfer Protocol (FTP) is to allow files to be download downloaded from and uploaded to remote servers. Access can be in the form of anonymous FTP and authenticated FTP. Anonymous FTP accounts should be used with caution and monitored regularly. In the case of authenticated FTP it is essential that Secure FTP be used so that logion login and password credentials are encrypted, rather than transmitted in plain text.
== DNS Servers ==
Domain Name Servers (DNS) provide the translation of human friendly names for network destination (such a as a web site URL) to the IP addresses understood by routers and other network devices. Steps should be taken to ensure DNS software is updated regularly and that all access to servers is authenticated to prevent unauthorized zone transfers. Access to the server may be prevented by blocking port 53, or restricted by limiting access to the DNS server to one or more specified external systems.
