tailieunhanh - Chapter 12 – Security Baselines

Operating systems and software are written to be functional and easy to use and install. Otherwise vendors will have a hard time selling them ;-) Unfortunately they generally come configured insecure (or less secure that possible) out of the box. There are two important terms we need to understand in regards to securing systems out of the box. | Security+ All-In-One Edition Chapter 12 – Security Baselines Brian E. Brzezicki Hardening and Baselines Operating systems and software are written to be functional and easy to use and install. Otherwise vendors will have a hard time selling them ;-) Unfortunately they generally come configured insecure (or less secure that possible) out of the box. There are two important terms we need to understand in regards to securing systems out of the box. Hardening Hardening – the process of securing a system as much as possible for production Installing updates/patches Disabling or removing* un-necessary software/services Securing services Setting application configuration controls to max security Setting OS configuration controls to max security Restricting access to authorized users Installing add on host based tools such as firewalls and anti-virus. Baseline – The row of shields above your fighter that protects you from attack by hordes of aliens Baselines Close actually Baselines – the . | Security+ All-In-One Edition Chapter 12 – Security Baselines Brian E. Brzezicki Hardening and Baselines Operating systems and software are written to be functional and easy to use and install. Otherwise vendors will have a hard time selling them ;-) Unfortunately they generally come configured insecure (or less secure that possible) out of the box. There are two important terms we need to understand in regards to securing systems out of the box. Hardening Hardening – the process of securing a system as much as possible for production Installing updates/patches Disabling or removing* un-necessary software/services Securing services Setting application configuration controls to max security Setting OS configuration controls to max security Restricting access to authorized users Installing add on host based tools such as firewalls and anti-virus. Baseline – The row of shields above your fighter that protects you from attack by hordes of aliens Baselines Close actually Baselines – the process of establishing a minimum set of protections that protects a computer system/network from attack from the hordes of script-kiddies and crackers. MINIMUM set of protections and configurations Important to have baselines in any organization – why? Password Policies (340) One baseline concept that is often overlooked is the idea of requiring strong password practices (policy). Why is a password policy important? (more) Password Policy Concepts (343) What are all these things? Minimum password lengths - 8 Minimum password ages – days to weeks Maximum password ages 60 - 90 days Case changes, number and special characters 1 or more A-Z 1 or more a-z 1 or more 0-9 1 or more special character Password History 5 - 10 No personal information (usernames, real name, children's names, birthdates) Password Usability vs. Security However you have to balance “usability” vs. security what do I mean by this What problems occur with “too secure” passwords? I like to use a “passphrase” to generate