Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Kevin Arnold Professor William Oblitey COSC 356 12 April 2012 Securing Network Servers With the development of computer networks over the past two decades, it has created the need for networked servers. Network servers today store valuable and confidential information of organizations; information is knowledge and knowledge is power. The purpose of this paper is to provide an understanding of the activities performed in securing network servers that provide services over network communications as a main function. Communication can be in the form of outward–facing publically accessible servers, such as web servers, e-mail servers, file servers, database servers, user authentication servers and many more. There are also inward–facing servers, which are only available to the organizations that own and run the servers, and are managed via a firewall. Network servers are often deployed to provide centralized access to information and resources. These can include file and database servers, which are the most useful to an attacker who wants to compromise a server. Security breaches on a network can result in the disclosure of critical information that can affect the entire organization. Therefore, securing network servers should be a significant part of a company’s network and information security strategy. To secure a server, it is essential to first define the threats that must be mitigated. Many threats against data and resources are possible because of mistakes such as bugs and vulnerabilities in the operating system or server software, and also, errors made by end users and administrators. Threats can come from intentional actors, attackers who want resources from a server, or unintentional actors, such as an administrator who forgets to disable the account of a former employee. Threats can also be local, a disgruntled employee, or remote, such as an attacker outside the company anywhere in the world. An important element of planning the appropriate security controls for a server is understanding the threats associated with the environment in which the server is deployed. “Many security problems can be avoided if servers and networks are appropriately configured. Default hardware and software configurations are typically set by vendors to emphasize features and functions more than security. Since vendors are not aware of your security needs, you must configure new servers to reflect your security requirements and reconfigure them as your requirements change.” (Securing Network Servers, 2000) There are four major security issues related to network servers: confidentiality, availability, integrity, and mutual authentication. Confidentiality refers to protecting information from being accessed by unauthorized parties. Integrity refers to ensuring the authenticity of information–that information is not altered, and that the source of the information is genuine. Availability means that information is accessible by authorized users. Mutual authentication ensures that the user is who he claims to be and that the network server host is who it claims to be. Here is an outline of a 3 part approach to secure a network server. The first is planning and executing the deployment of servers. Second, is to configure the server to help make them less vulnerable to attacks. Lastly, is maintaining the integrity of the deployed servers. Each of these parts has their own individual steps that this paper will talk about. The first step of the planning and execution of server deployment is to identify the purpose of the server. An organization should ask themselves the following questions: What information categories will be stored on this server? What are the security requirements for this information? What network protocols should be used (IPv4/IPv6)? Where on the network will the server be located? Other things to consider are the network service software, for both client and server. Also, which users or categories will be able to access the server, along with how they will authenticate themselves and the privileges they are allotted. Intrusion detection strategies using logs should also be considered when setting up the server. The next step is to include explicit security requirements when selecting a server. There are many server venders and even more security capabilities for their products. Considering security requirements when selecting servers allows you to choose a product with fewer vulnerabilities and select better security-related features. This makes long term operation of your site more economical by reducing costs. Security requirements usually include the following, the absence of vulnerabilities used by known forms of attacks, the ability to restrict administrative activities to authorized users only, the ability to log certain activities, and the ability to deny access to information other than that intended to be available. Here is how to accomplish these goals. One, identify your functionality and performance requirements. Second, review the recommended practices that address the configuration and operation of the server product. Lastly, identify specific securityrelated features, such as types of authentication, level of access control, support for remote administration and logging features. The first step in configuring servers is keeping operating systems and applications software up-to-date. The time interval between when a vulnerability is publically known, to the time required to fix it, to the time the vulnerability is fixed, gives intruders a chance to mount an attack on a network. To minimize the gap in time between the vulnerability and the fix, companies need to be aware of the announcements of updates to security-related problems that apply to their systems. This can be done by developing and maintaining a list of sources of information about such problems. Once an update comes out, it is up to the company to decide to use it, but it is highly recommended that they do. The next step is planning the installation of the applicable updates, which can cause more problems. When installing an update, it can disrupt service to that server, or worse, make it more vulnerable to attacks, and the worse case scenario, the update itself can do more harm than good because it may cause more problems with security. The next step in configuring servers is to offer only essential network services and operating system services. This helps secure the server in many ways, for instance, other services cannot be used to attack the host. Also, by isolating hosts it allows for each host to have only one administrator and implements what is known as separation of duties. You can reduce the number of logs for each individual host by reducing services on a host, making it easier to identify a problem. Another way to reduce the vulnerabilities on a host is to eliminate any unnecessary open network ports. Once you are confident your server is as secure as it can be, you should create and record cryptographic check-sums and baselines for the system software and its configuration. The third step in configuring servers is to configure the server for user authentication. This involves adding user’s information to the authentication server and possibly setting up authentication hardware such as tokens, one-time password devices, or biometric devices. Unauthorized users can jeopardize the security of information stored on or accessible from a computer. To prevent this, you must configure the computer to authenticate all users who attempt to access it. The first form of protection is to have a hardware based password. This is when the computer’s firmware offers the feature of requiring a password when the system is turned on; this is known as a BIOS or EEPROM password. That feature is not offered on all computers but is a very nice feature to have. Other procedures to do when configuring a server are to remove unneeded default accounts and groups; the most common is the guest account without a password and the administrator account with a default password. You can also set up user groups for a particular server, so that only a specific amount of people can access it. Other security measures are to set up a password policy, such as having a minimum length and complexity. You can also set up how often a password is changed and who is allowed to change it, along with a default timer to require reauthentication after idle periods. The next step in configuring a server is to identify and enable system and network logging mechanisms. Collecting data generated by system, network, application, and user activates is essential for analyzing the security of these assets and detecting intrusion. You can set up logs in many different ways. For example, you can have them set up if it records suspicious activity that needs further examination, also, to determine the extent of an intruder’s activity that can be useful and required for legal proceedings. There are also many categories and types of logs you can create. The first is user’s logs, for logging login/logout information, location and time of failed attempt, and changes in authentication status. You can log systems, for the status or errors reported by hardware or software subsystems, along with changes in system status, including shutdowns and restarts. Network logs can log service initiation requests along with the names of users/hosts requesting a service. You can also log packets, new connections, connection duration, and connection flow with network logs. You can log anything you want from any piece of equipment or software you have, making logs as essential as the servers themselves. The one big no-no in logs is logging passwords, correct or incorrect, because it creates a big vulnerability by having a bunch of them in one place. If passwords are incorrect, they are often only incorrect by one letter and thus they create a big security threat. The fifth step in configuring servers is to setting up a backup system for each server. Before deploying a server, you need to develop a file backup and restoration plan and configure the computer to implement that plan. Without a backup, you may be unable to restore a computer’s data after system failures and security breaches. The best way to ensure your back-up is effective is to create a plan with the following guidelines. First, the plan should specify that the data is encrypted before it is sent over the network or to a storage medium. Second, is that the data should remain encrypted while on the backup storage medium, and third, the storage media should be kept in a physically secure facility that is secure from man-made and natural disasters. The most important step in making and enacting a backup plan is to ensure that the data can be recovered after is has been backed up, if you can’t restore the backed up data, the backup is essentially useless. The first step in maintain the integrity of deployed servers is to protect the server from viruses and similar threats. There are several kind of software that can surreptitiously breach computer security. There are viruses, Trojan horses and worms. A virus is a code fragment that reproduces by attaching to another program. It can damage data directly or degrade system performance by consuming system resources. A Trojan horse is an independent program that appears to perform a useful function but hides another unauthorized program inside of it. A worm is an independent program that reproduces by coping itself from one system to another, usually over a network. It works similarly like a virus, by using up system resources or corrupting data directly. To prevent these three threats and threats like them, you should come up with a plan to distribute anti-virus programs and train users to use and monitor these anti-virus programs to spot any suspicious activity. These anti-virus programs should also be checked for updates regularly, especially when new viruses and threats are discovered. Most venders of anti-virus programs release updates weekly or monthly; this is the main method in defending against threats. The last step in the process in securing and maintaining the integrity of servers is to only allow appropriate physical access to the servers, monitors and keyboards. Deploying the server in a secure facility helps prevent unauthorized access to the computer, theft and destruction. Servers should not be placed in an individual’s office. It is preferred to keep the monitor and keyboard out of sight and away from physical access. You should also protect the wiring and other network connection components away from physical access. There should be a list of who is allowed to access the server, monitor and keyboard in order to install hardware and modify existing hardware or software. In conclusion, these steps are an outlined recommendation for planning, deploying, implementing, and maintaining the integrity of networked servers and computers. I’ve covered in fairly good detail ten or so steps that many companies follow and recommend for hardening network servers. This is just an outline and should be adjusted according to a specific company’s needs and wants. Some steps may be omitted and others may be added accordingly. The most important step is keeping software updated, as new threats and vulnerabilities are found every day. Sources Allen, Julie, Gary Ford, Klaus-Peter Kossakowski “Securing Network Servers” CMU/SEI-SIM-010, April 2000 Scarfone, Karen, Wayne Jansen, Miles Tracy “Guide To General Server Security” National Institute Of Technology And Standards, July 2008