Servers and Host computers
- SERVERS : software/computers that provide services to other computers or software
the computers and software that utilize these services are called CLIENTS
software servers are usually hosted on the computer servers
software servers = servers
computer services = host computers
Types of servers
- domain name server (DNS)
- web server
- application server
- email server
- database server
- file server
Securing the host computer
1) protecting the physical device
- physical access to equipment
- secure equipment
2) securing the operating system
- five-step process
3) using security-based software
- antivirus, firewall
4) access control
Protecting the physical device (physical access)
- prevent unauthorized physical access to equipment : prevent tampering and destruction
- secure equipment : prevent removal/theft
What would happen if an attacker has physical access to the host computer? (physical access)
1) risk of DoS attack (shut down, disconnect the network etc)
2) system could be held for ransom (stolen and held for ransom, install ransomware)
3) reconfigure to boot from a floppy disk and erase the hard drives (to remove all the information and data in the computer)
4) copy/steal the hard drives, install on own computer and read it
5) copy hard drive, install on own , boot up and conduct brute-force password guessing
6) install a keylogger (hardware or software) to spy on login credentials and other information
7) install malware to provide backdoor access or perform other malicious tasks
8) install wireless device
9) physical destruction
Physical access control (physical access)
- secured doors
- fencing
- camera surveillance
- access list (only people on the list are allowed to access)
- mantrap :
> room with 2 doors, only one can open at a time
> each door may require different authentication to open - proximity tags and readers :
> access is allowed only if a shortrange wireless (RFID, Bluetooth) tag is nearby and detected by a reader
> only authorized people possess the tags
Secure equipment (physical access)
1) portable devices have steel brackets, security slots or cable locks
2) notebook PCs may be places in a safe
3) locking cabinets
What is an operating system (OS)? (securing OS)
- a software that functions as an interface between the user and the computer
- allows user to use the computer by :
- MANAGING RESOURCES of a computer such as the printer, mouse, keyboard etc
- PROVIDNG USER INTERFACE, graphical user interface (GUI) makes it very easy to use
- RUNNING APPLICATIONS the ability to multitask by running many applications at once
- SUPPORT FOR BUILT-IN UTILITY PROGRAMS, eg find and fix errors in the operating system
Types of OS (securing OS)
1) host computers (Unix, windows server)
2) personal computers (Microsoft windows, macOS, chrome OS)
3) mobile phones (android, IOS)
4) for all kinds of devices, like IOT, network devices etc
Securing the operating system (securing OS)
Five-step process for protecting operating system :
1) develop the security policy
2) perform host software baselining
3) configure operating system’s security and settings
4) deploy the settings
5) implement patch management
1) Developing the security policy
- acceptable use
- anti-virus
- password management
- email and retention
- wireless communication
- disposal and destruction
2) Perform host software baselining
1) baselining
- create a checklist against which an operating system can be evaluated to implement an effective and efficient security infrastructure
2) Microsoft baseline security analyzer (MBSA)
- performs an audit check on Windows operating system to reveal security vulnerabilities and recommend settings for hardening the operating system
some check that MBSA conducts :
- missing security updates
- file system type on hard drives
- guest accounts are disabled
- number of local administrator accounts
- for blank or simple local user account passwords
- if unnecessary services are running
3) Configure security and settings
1) change insecure default settings
- restrict permissions on files and directories
- remove and disable guest accounts
- apply password guidelines
2) eliminate unnecessary software, devices, services and protocols
3) enable security features such as Windows firewall
4) Deploy the settings
- a security template is created and deployed for all computers
- use tools to automate the process to each computer
- in Microsoft, a security template is a collection of security configuration settings that includes the following :
1. account policies
2. user rights
3. event log settings
4. system services
5. file permissions
6. registry permissions
5) Implement patch management
- software vendors usually deploy software fixes to address the vulnerabilities in operating systems that are uncovered after the software has been released
> patch : broadly released software security update intended to cover vulnerabilities that have been discovered
hotfix : addresses a specific customer situation, often not distributed outside that customer’s organization
service pack : a cumulative package of all hotfixes, patches and updates
Anti-virus (security software)
What is an antivirus, what is the purpose?
- software that examines a computer for malware infections
- scans files and programs for known malware
- monitor computer and programs for suspicious behavior or actions (eg for malware that escaped the scanning)
Scan files and programs for known malware signatures (security software)
- while scanning a file, refers to a virus definition file
virus definition file : a database of malware signatures
malware signatures : bits of unique code patterns of malware that have been encountered before
- anti-virus detects malware by looking for code in the files that match the signatures
- virus definition files are regularly updates by anti-virus developers with signatures of newly discovered malware
weakness : only works for known malware & modern malware defeat scanning by mutating their code/using encryption to hide their code
Monitor programs for suspicious behavior or actions (security software)
- to detect malware that escaped scanning
- detect malware by monitoring programs for suspicious behavior or actions
eg attempting to : delete files, delete events in log files, communicate with unknown internet addresses, install other programs
Host-based firewall
- software that is installed in the Host Computer
- designed to prevent malicious packets from entering or leaving a computer
> monitors inbound and outbound traffic flowing to/from your computer
> allows/blocks traffic based on a set of rules
note :
network-based firewalls covered in Network Security topic
- hardware firewalls installed on the network
- made to prevent malicious packets from entering/leaving the network
