by
play

By: Muhammad Abbas, Luis Magsumbol, Peter Yambao & Eric Group - PowerPoint PPT Presentation

SEC625 Group Presentation By: Muhammad Abbas, Luis Magsumbol, Peter Yambao & Eric Group Plan Divided work Decided Services (Implementation) Calculation for VMs Windows or Linux Network Details Group Plan How to Divide


  1. SEC625 Group Presentation By: Muhammad Abbas, Luis Magsumbol, Peter Yambao & Eric

  2. Group Plan ■ Divided work ■ Decided Services (Implementation) ■ Calculation for VMs ■ Windows or Linux ■ Network Details

  3. Group Plan ■ How to Divide networks ■ Clients (How many?) ■ Windows or Linux ■ Client Access ■ Security as one

  4. Active Directory and DNS ■ Server 2008 R2 ■ Installed Microsoft Security Essentials ■ Updated the System ■ Updated Anti-Virus Definitions ■ Network Configuration (2 Networks)

  5. Active Directory and DNS ■ Networks (Intranet and Internet) ■ Change Local Admin name ■ Installed AD DS role ■ Created OUs and Users ■ Group Policies ■ Downloaded Wireshark

  6. Group Policies ■ Password Age (42 days) ■ Password Length (7 Characters) ■ Domain Wide ■ Hide last logged in User ■ Disable Command Prompt (Non-IT Departements)

  7. DHCP and Mail Server ■ Server 2008 R2 ■ Installed Microsoft Security Essentials ■ Network Configuration (Intranet and Internet) ■ Changed Local Administrator name ■ Joined Server to AD domain

  8. DHCP and Mail Server ■ DHCP leases different IPs ■ Mail configured only for internal use ■ Mail password different from AD ■ Passwords encrypted ■ Built-In Database

  9. Apache Server ■ Updated Linux operating system to latest version ■ Disabled unneeded services – firewalld.service, irqbalance.service, abrtd.service, polkit.service, smartd.service, wpa_supplicant.service, atd.service ■ Installed Logwatch ■ Logging and monitoring of system activity using Logwatch and default log files

  10. Apache Server ■ Installed latest version of Apache Package (httpd) ■ Added ‘ ServerSignature Off’ and ‘ ServerTokens Prod’ lines in config file – Hides operating system name and version from being shown by browser ■ Created index.html in Document Root – hides the listing of files in the directory, displayed by default

  11. Apache Server ■ Installed mod_security module – (firewall for web applications, monitor traffic real-time, protect from brute-force attacks) ■ Configured self-signed SSL: – installed mod_ssl module – made directory storing private key accessible only by root user – SSL key and certificate command: ■ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt

  12. Apache Server (Specific Security) ■ Set up secure SSL parameters ■ Disabled info_module which can leak sensitive information using .htaccess

  13. Apache Server (Firewall) ■ Installed latest version of IPTABLES ■ Changed default policy to drop all traffic by default for all rules (rule of least privilege) ■ Only allow http port 80 and https port 443 traffic from within local network

  14. Apache Server ■ Documented changes for future reference ■ Apache server installed in it’s own machine and separated from other services (zoning) ■ If I had more time: – More research and configured Mod Security module – Improved logging by configuring mod_log_config module – Did more research and adjusted the timeout, maxclients, keepalivetimeout, limitrequestfields, and limitrequestfieldsize directives to protect against DDOS

  15. Client ■ Window 7 was what the group choose to use but the official website will redirect me to Window 10 instead ■ Windows update took several hours because I ended up downloading Window 7 from some other site and it is not updated ■ Getting our VM was problematic because I use VMware to install my client and the group use Virtual Box ■ When I install my Client I choose the default split virtual disk which made it very hard to import to Virtual Box

  16. Client ■ Client defenses are for blocking attacks that pass the perimeter or from the internal network ■ Things I have done to harden our clients include – Using local policies to limit and separate the standard user/admin account – Install/configure Antivirus software – Configure the Firewall to only allow services the group wants – Disable what is not being used ■ While all of these will provide a screen to attacks at best the point is to make it a little harder to attackers

  17. Samba ■ Initial Security Configurations – Update, Turn off unneeded services ■ Network Security – Firewall rules ■ Host Security – File Permissions, logwatch, strong user passwords ■ Application Security – Configuration file

  18. Firewall Server ■ Applying the rule of least privilege ■ Deny everything unless a rule matches ■ Configure logging to notice anomalies ■ Specify state, source, and destination addresses/ports for more focused firewall rules – Iptab ptables les – I (chain hain) – s I IP addr dres ess s – d IP address dress – sport t ## -- --dpor port ## ## -m m conntrac nntrack – cts tsta tate NEW,R ,RELA LATED,E TED,ESTABLI BLISHE HED -j ACCEPT PT

  19. THANK YOU

Recommend


More recommend