From : Jagriti Sahu, World Informatix Cyber Security.
Adversary :
Now a days as the technology is upgrading to serve mankind, it has many inherent flaws as well. Also it opens door for Cyber terrorism. Cyber terrorism includes damaging web sites, stealing sensitive information of organization, financial fraud, blackmail, developing worms, Trojan horses and viruses as well as attacking infrastructures. Within an organization, it is mandatory to secure our system and use the advanced technology very carefully and smartly.
This blog tells about secure configurations of devices and systems being used within the organization and also about keeping and maintenance of the device configurations because mis-configuration of systems/devices is one of the major reasons for security breach.
Also this article aims to highlight primary security configuration to avoid common hacking attacks which occurs due to improper configuration.
Standardization of equipment such as hardware and software must follow the points mentioned in the article.
Check List :
There are several requirements that need to be fulfilled and some are reflected in the SANS Top 20 controls:
1. System images – Golden copy : ( Operating System which is being used )
This is the process of creating backup of system/device of current secured and well configured system state. In case of any disaster, organization can revert back system/devices to last known secured and good configured state.
- Images should be created for both workstations and servers.
- Strict and secured configuration management should be followed. These images should be validated and refreshed on a regular basis to update their security configuration in light of recent vulnerabilities and attack vectors.
- Any existing system that becomes compromised is re-imaged with the secure build.
- Golden copies of secure build themselves must be well protected to ensure they are not tampered with
2. Server configuration and hardening :
It is the process of configuring devices/system with required configuration and after that hardening those newly applied configuration in such a way so that it is hardened against attacks with new configured system/device.
- Standardized images should represent hardened versions of the underlying operating system and the applications installed on the system.
- This hardening would typically include configuring non executable stacks, removal of unnecessary accounts, unnecessary services and heaps, also involves recommended applying patches.
3. Network security and secure communication:
Communication in network between devices must be secured (Encrypted) so that data sniffing can not be possible. Unwanted, unused ports and services should be disabled to minimize attack surface. To detect intrusion we must have some mechanism.
- All the communication between remote and local server, workstation, network devices, and similar equipment should be over secure channels to prevent it to get intercepted by eavesdropper.
- All open and unused network port should be closed.
- In order to secure the network, implementation of intrusion detection and/or intrusion prevention systems and host-based firewalls should be done.
- Protocols such as telnet, VNC, RDP should support strong encryption.
- Consider using new generation IPS/IDS systems that rely on behavioral algorithms and not just signatures and pattern recognition
4. Software and package standard :
In a network, major cause of any security breach is old/outdated software or package. As we know the risk of vulnerability in old or outdated software can be high so we must have some mechanisms to assess all the devices in network.
- Latest and fully patched version of software should be in use. Outdated or old software should be removed/updated because if any old or buggy version of package is in use, it may leave system vulnerable.
- System scanning tools that check for software version, patch levels, and configuration files must be run on a daily basis.
5. Documentation :
Whatever configuration of system/devices, we must have a document listing all those settings and packages installed in it. Security settings and status of package installed with version helps in restoring and replication process.
- System images, working software, implemented policies etc must have documented and registered.
- System images must have documented security settings that are tested before deployment.
6. Data Security:
For security of data we must have some registered and standard data security schemes. Such scheme reduce the risk of data breach and lose.
- A standard and approved security policy by an organization change control board for data should be adopted and implemented.
- Documented security settings must be registered with a central image library for the organization or multiple organizations.
7. Integrity checking :
We must implement some mechanism to maintain integrity of the files. In case of any security breach, attacker alters file, these integrity checker will notify admin.
- File integrity checking tools must be run on a regular basis, any changes to critical operating system, services, and configuration files must be checked on an hourly basis.
- All alterations to such files should be automatically reported to security personnel. It is important that the evaluation team verify that all unauthorized changes have been detected.
8. Process and Infrastructure manager:
In an organization there must be a standard process for any changes or modification to be done. And changes should be done periodically.
- Organizations need to adopt a formal process and management infrastructure for configuration control of devices and it should be performed at a regular interval of time.
9. Storage and Backup management:
An important phase of security implementation is saving data, creating system images but storing those backup images and data in a safe place is more important. Proper encryption, good environment for devices and proper monitoring of those backup devices also important.
- The master images themselves must be stored on securely configured servers.
- Alternatively, these master images can be stored in offline machines, air-gapped from the production network, with images copied via secure media to move them between the image storage servers and the production.
- All the data backup must be stored securely in encrypted manner.
- Such servers must be monitored with integrity checking tools and change management to ensure that only authorized changes to the images are possible.
10. Monitoring and Recovery System :
For automated testing of configuration and security settings we should have a monitoring system which should be configured in such way so that it can perform test on remote devices on regular time interval or on occurrence of any changes done.
- Implement and test an automated configuration monitoring system that measures all secure configuration elements that can be measured through remote testing.
- These automated tests should analyze both hardware and software changes, network configuration changes, and any other modifications affecting security of the system.
- The system must be capable of routine and expected changes, highlighting unusual or unexpected alterations and identifying any changes to an official hardened image that may include modifications to key files, services, ports, configuration files, or any software installed on the system.
- Recovery option for unwanted or accidental modification should be available if possible according to the risk of environment.
So these are few security guards that should be configured in systems/devices and should be followed by an organization.
Thank You.