• Choose a category
• All
• Classic-Fiction

The primary focus of this chapter is hardening. Hardening refers to the process of reducing or eliminating weaknesses, securing services, and attempting to make your environment immune to attacks. Typically, when you install operating systems, applications, and network products, the defaults from the manufacturer are to make the product as simple to use as possible and allow it to work with your existing environment as effortlessly as possible. That isn’t always the best scenario when it comes to security.

In this chapter, you’ll learn the general process involved in securing or hardening the systems, network, and applications that are typically found in a business. This chapter also develops the issues of threats to your network and the concept of developing a security baseline.

Overview of Network Security Threats

Network threats involve many facets of the network and organization. You’ve seen that your systems and information are susceptible to attacks and disruption based on internal, external, and design factors in the systems you support. Ensuring that your systems and applications are kept up-to-date and making sure your security procedures are in place and followed meticulously can minimize many of these threats. Most of the exploitation attacks that occur to programs such as Outlook, Outlook Express, and Exchange are fixed as soon as they’re discovered, if not shortly thereafter. As an administrator, you must apply fixes and patches immediately after they have been thoroughly tested in a lab environment; doing so makes it harder for attackers to learn about your systems and exploit known weaknesses.

One of the organizations that tracks and reports security problems is the CERT Coordination Center (CERT/CC). CERT/CC is a part of the Software Engineering Institute (SEI) at Carnegie-Mellon University. SEI is a federally funded research institution with a strong emphasis on computer security-related topics. CERT/CC (http://www.cert.org/stats/fullstats.html) provides interesting perspectives on the growth of computer-related incidents but stopped making numbers available after 2003 since “attacks against Internet-connected systems have become so commonplace that counts of the number of incidents reported provide little information with regard to assessing the scope and impact of attacks.”

CERT/CC provides a great deal of current threat analysis and future analysis in the computer security area. The website for CERT/CC is http://www.cert.org.

In the past, the computer industry hasn’t taken the issue of computer security as seriously as it should. This attitude has caused a great deal of frustration on the part of users and administrators who are attempting to protect assets. The important thing to remember is that until recently, many software manufacturers have only paid lip service to the problem of operating system and application vulnerabilities.

According to the Internet Storm Center (http://isc.sans.org), a computer connected to the Internet has an average of 5 minutes before it falls under some form of attack.

A penetration test is the best way to tell what services are really running on your system. Penetration testing involves trying to get access to your system from an attacker’s perspective. Typically, you perform this test from a system on the Internet and try to see if you can break in or, at a minimum, get access to services running on your system.

Just short of penetration testing is vulnerability testing. In a vulnerability test, you typically run a software program that contains a database of known vulnerabilities against your system to identify weaknesses. Two of the most well-known vulnerability scanners are Nessus (http://www.nessus.org/nessus/) and the NMAP port scanner (http://nmap.org/).

Defining Security Baselines

One of the first steps in developing a secure environment is to develop a baseline of the minimum security needs of your organization. A security baseline defines the level of security that will be implemented and maintained. You can choose