Entries from October 2010 ↓

Security+ Objective 1.3 Implement OS hardening practices and procedures to achieve workstation and server security – hotfixes

hotfixDespite their best efforts to test their products, software companies typically have to fix a lot of problems that are only discovered once their stuff gets released publicly into the wild world.  If they want us to continue to buy their software, they have to fix those problems for us.

A hotfix is a relatively small update released by a software vendor that addresses one or more issues in a specific application.

It’s not just a fix.  It’s a “hot” fix because there is some urgency involved.  This means that it may not be fully tested.  It is generally smaller and more quickly developed than a service pack or a patch.  If there is no service pack, patch or workaround to resolve a problem, the vendor tries to fix it quickly by developing a hotfix.  A hotfix could even be released to address issues caused by a recent service pack.

Service packs and patches each have their own unique features that differentiate them from hotfixes.  Make sure you know the difference.

Go back to the Exam Objectives list

Security+ Objective 1.3 Implement OS hardening practices and procedures to achieve workstation and server security

To describe hardening, we will compare your computer system to a medieval castle.  You want to protect yourself from the bad guys so you build a strong castle with high, thick walls.  If you are the bad guy you want to find the weakest spot and exploit that vulnerability.  You aren’t going to try to penetrate a thick stone wall if there is a thin wooden door take advantage of.  If you are an avid movie watcher, I’m sure you’ve seen movies where the secret sewer tunnel allows someone through!  The point of hardening your system is to make it hard to penetrate the system by reducing the attack surface.

There are many different “thin doors” and “sewer tunnels” that a bad guy might try to penetrate.  Here is list of some things you can do to harden a system:

Some steps to hardening systems (parts of a standard policy):

  • Apply company security template  and configuration baselines
    • Company defined configuration settings should be more secure than out-of-the-box settings
  • Close unnecessary network ports
    • If you never use the “door” seal it off
  • Install only needed software, remove everything else
    • Software can open other doorways for the bad buys
  • Disable all non-required/unused services
    • Not typically configured/secured correctly and can sustain attacks that go unnoticed
  • Network based patch management
    • Push patches to the client instead of hoping they patch themselves
  • Limit administrative privileges
    • Don’t give too many people the keys to the castle
  • Install a strong software firewall
    • Check all the traffic coming in and out of your castle
  • Apply all system patches and service packs
    • Hotfixes, patches, and service packs obtained from the manufacturer’s website will often address security weaknesses
    • The most recent manufacturer updates and patches to the server will seal off newly discovered vulnerabilities
  • Default passwords in hardware and software should be changed
    • The bad guys can find the documented default passwords and gain administrative access to your systems if you don’t change them!

Real world note: The ATM machines that many people use for various banking purposes have been exploited due to default passwords not being changed upon installation.  Systems ranging from a grandma’s home system to powerful government servers have been exploited due to uninstalled security patches.  Many sad stories can be avoided by hardening your systems properly.  

Comptia expects you to know all the things on this list, some of which are described in more detail in the upcoming posts.

Go back to the Exam Objectives list

Security+ Objective 1.2 Explain the security risks pertaining to system hardware and peripherals – Network attached storage

Network attached storage is essentially a device that is built for data storage and plugs directly into the network instead of plugging into a computer.  Although it is included in the list of things to know, there is nothing that pertains to network attached storage that isn’t covered in other sections.  Treat any question that mentions it just like any other data/storage question.

Easy peasy!!  Next topic will be longer, I promise.

Go back to the Exam Objectives list

Security+ Objective 1.2 Explain the security risks pertaining to system hardware and peripherals – Removable Storage

Removable storage allows data to be easily stolen and transported to other systems.  This is primarily a threat to the confidentiality of sensitive data.

 A couple sections ago we talked about USB drives.  Not all removable storage uses USB, but between these two sections you have all you need to know.

Go back to the Exam Objectives list

Security+ Objective 1.2 Explain the security risks pertaining to system hardware and peripherals – Cell Phones

Cell phones pose a couple threats that you should know about.  The first threat is loss or theft of sensitive data that a user legitimately stores on their phone as part of their work activities.  The portable nature of mobile phones makes them easy to lose or get stolen.  To help prevent the data from falling into the wrong hands, the phone should be set to require a password to unlock it after periods of inactivity.

Cell phones also pose a threat to secure facilities.  They have the ability to copy and transmit sensitive data.  Even if there is a policy that prohibits cell phones from a secure area, it is hard to detect policy violations.  A faraday cage can be used to prevent cell phone usage.  A faraday cage is a metallic enclosure that keeps the phone’s electromagnetic signals from escaping.

Bluejacking and bluesnarfing are also concerns when using cell phones.  They will be covered in their own sections

Go back to the Exam Objectives list

Security+ Objective 1.2 Explain the security risks pertaining to system hardware and peripherals – USB devices

thumb driveThere are many types of USB devices, but there are only a couple that you need to know about.  The main threat of USB devices comes from USB drives (also called flash drives, thumb drives, jump drives, etc.).  These drives can have a very large capacity in a small, easy to conceal package.  Sometimes they are built into ordinary looking pens.  They are capable of stealing massive amounts of sensitive data from highly secure environments.  They can also introduce unauthorized or damaging software into a secure environment. 

One social engineering tactic is to leave a malware loaded USB drive in the parking lot of a company.  As employees come to work, someone is sure to find it and plug it in to their computer, opening the doorway to infect the whole network.

To prevent data theft and other risks associated with USB drives, you can disable USB in the operating system and in BIOS.  There is no other technical way to do it.  Organization wide policies against USB drives help, but a disabled USB port doesn’t rely on employee compliance.

The keyboard is the only other USB device that may make an appearance on your exam.  The threat here lies in keystroke logging devices which can be attached between a USB keyboard and the USB port on the computer.  They will capture everything typed (including user names and passwords) and send them to the bad guy, or store it for later retrieval.

Go back to the Exam Objectives list