Entries Tagged 'Comptia Security+' ↓

Security+ Objective 1.3 Implement OS hardening practices and procedures to achieve workstation and server security

To describe hardening, we will compare your computer system to a medieval castle.  You want to protect yourself from the bad guys so you build a strong castle with high, thick walls.  If you are the bad guy you want to find the weakest spot and exploit that vulnerability.  You aren’t going to try to penetrate a thick stone wall if there is a thin wooden door take advantage of.  If you are an avid movie watcher, I’m sure you’ve seen movies where the secret sewer tunnel allows someone through!  The point of hardening your system is to make it hard to penetrate the system by reducing the attack surface.

There are many different “thin doors” and “sewer tunnels” that a bad guy might try to penetrate.  Here is list of some things you can do to harden a system:

Some steps to hardening systems (parts of a standard policy):

  • Apply company security template  and configuration baselines
    • Company defined configuration settings should be more secure than out-of-the-box settings
  • Close unnecessary network ports
    • If you never use the “door” seal it off
  • Install only needed software, remove everything else
    • Software can open other doorways for the bad buys
  • Disable all non-required/unused services
    • Not typically configured/secured correctly and can sustain attacks that go unnoticed
  • Network based patch management
    • Push patches to the client instead of hoping they patch themselves
  • Limit administrative privileges
    • Don’t give too many people the keys to the castle
  • Install a strong software firewall
    • Check all the traffic coming in and out of your castle
  • Apply all system patches and service packs
    • Hotfixes, patches, and service packs obtained from the manufacturer’s website will often address security weaknesses
    • The most recent manufacturer updates and patches to the server will seal off newly discovered vulnerabilities
  • Default passwords in hardware and software should be changed
    • The bad guys can find the documented default passwords and gain administrative access to your systems if you don’t change them!

Real world note: The ATM machines that many people use for various banking purposes have been exploited due to default passwords not being changed upon installation.  Systems ranging from a grandma’s home system to powerful government servers have been exploited due to uninstalled security patches.  Many sad stories can be avoided by hardening your systems properly.  

Comptia expects you to know all the things on this list, some of which are described in more detail in the upcoming posts.

Go back to the Exam Objectives list

Security+ Objective 1.2 Explain the security risks pertaining to system hardware and peripherals – Network attached storage

Network attached storage is essentially a device that is built for data storage and plugs directly into the network instead of plugging into a computer.  Although it is included in the list of things to know, there is nothing that pertains to network attached storage that isn’t covered in other sections.  Treat any question that mentions it just like any other data/storage question.

Easy peasy!!  Next topic will be longer, I promise.

Go back to the Exam Objectives list

Security+ Objective 1.2 Explain the security risks pertaining to system hardware and peripherals – Removable Storage

Removable storage allows data to be easily stolen and transported to other systems.  This is primarily a threat to the confidentiality of sensitive data.

 A couple sections ago we talked about USB drives.  Not all removable storage uses USB, but between these two sections you have all you need to know.

Go back to the Exam Objectives list

Security+ Objective 1.2 Explain the security risks pertaining to system hardware and peripherals – Cell Phones

Cell phones pose a couple threats that you should know about.  The first threat is loss or theft of sensitive data that a user legitimately stores on their phone as part of their work activities.  The portable nature of mobile phones makes them easy to lose or get stolen.  To help prevent the data from falling into the wrong hands, the phone should be set to require a password to unlock it after periods of inactivity.

Cell phones also pose a threat to secure facilities.  They have the ability to copy and transmit sensitive data.  Even if there is a policy that prohibits cell phones from a secure area, it is hard to detect policy violations.  A faraday cage can be used to prevent cell phone usage.  A faraday cage is a metallic enclosure that keeps the phone’s electromagnetic signals from escaping.

Bluejacking and bluesnarfing are also concerns when using cell phones.  They will be covered in their own sections

Go back to the Exam Objectives list

Security+ Objective 1.2 Explain the security risks pertaining to system hardware and peripherals – USB devices

thumb driveThere are many types of USB devices, but there are only a couple that you need to know about.  The main threat of USB devices comes from USB drives (also called flash drives, thumb drives, jump drives, etc.).  These drives can have a very large capacity in a small, easy to conceal package.  Sometimes they are built into ordinary looking pens.  They are capable of stealing massive amounts of sensitive data from highly secure environments.  They can also introduce unauthorized or damaging software into a secure environment. 

One social engineering tactic is to leave a malware loaded USB drive in the parking lot of a company.  As employees come to work, someone is sure to find it and plug it in to their computer, opening the doorway to infect the whole network.

To prevent data theft and other risks associated with USB drives, you can disable USB in the operating system and in BIOS.  There is no other technical way to do it.  Organization wide policies against USB drives help, but a disabled USB port doesn’t rely on employee compliance.

The keyboard is the only other USB device that may make an appearance on your exam.  The threat here lies in keystroke logging devices which can be attached between a USB keyboard and the USB port on the computer.  They will capture everything typed (including user names and passwords) and send them to the bad guy, or store it for later retrieval.

Go back to the Exam Objectives list

Security+ Objective 1.2 Explain the security risks pertaining to system hardware and peripherals – BIOS

BIOS (Basic Input/Output System) is built onto the motherboard of a system.  It is the first code run when you power on your computer.  It finds all the hardware and typically tells your computer to boot to the operating system on your hard drive.  If a bad guy wants to bypass the security features of your operating system, they just need to alter the boot order and tell BIOS to boot to their CD or USB drive first.  They can have an operating system of their own with all their hacker tools, where they are the administrator of the system with full rights to everything.

The main way to prevent someone from changing the boot order is to password protect the BIOS.  If the bad guy doesn’t know your BIOS password, they can’t get in there to make alterations.  For the test, just remember “BIOS Password” and you should be able to answer those questions.

Real World Note: on most computers the BIOS password can be cleared or bypassed fairly easily, so physically securing your system is really the best way to keep the bad guys from altering the BIOS.

Go back to the Exam Objectives list

Security+ Objective 1.1 – Differentiate among various systems security threats – Logic Bomb

Logic Bomb sketchA logic bomb is malicious code that lays dormant until triggered by a specific event, usually a date and time. For example:
• a virus that executes on April fool’s day or Friday the 13th
• a programmer who inserts malicious code into an application that will run if his termination paperwork is processed
• code that does it’s damage if a certain program is run
That’s it, malicious code that runs at a specific time, or when some other event triggers it.

Go back to the Exam Objectives list

Security+ Objective 1.1 – Differentiate among various systems security threats – Botnets

botnet sketchA Botnet is a collection of computers on a network that can be controlled by a bad guy. Bot is short for robot, because each system will do as it is told. Another common term for a bot is zombie. To create a network of bots/zombies the bad guy infects systems with agent software. That agent software acts as a zombie slave and is programmed to receive commands from the zombie master. The zombie master acts as a command and control center. All of the slaves will routinely send out packets to the master letting the bad guy know that they are ready to receive commands.

Typically the bad guy uses Internet Relay Chat (IRC) to “chat” with the bots and send commands. With an army of bots at his command the bad guy will usually run Distributed Denial of Service attacks (DDoS) that can take down web servers that are designed to handle massive amounts of traffic. He never would have had enough power to do this with just his own PC.

Go back to the Exam Objectives list

Security+ Objective 1.1 – Differentiate among various systems security threats – Rootkits

A rootkit is a particularly dangerous kind of malware. The “root” account in Unix and Linux is the all powerful administrative account that controls the entire operating system.  So a rootkit embeds itself into an operating system (including Windows) and can control what the OS does.  It can be running, but tell the OS to hide processes, files and registry entries, so you’ll never know it.  The bad guys can now hide all their bad stuff.  This makes it difficult to detect because even anti-virus programs go through the OS to know what files and processes to scan (even in safe mode). 

Although some malware scanners can detect certain rootkits, there are more sure ways to approach this problem.  You can boot to a known clean OS on a USB drive or CD in order to scan the infected OS.  The rootkit isn’t in control of the known clean OS, so it can’t hide itself.  If you really want to be safe you can format the entire hard disk and reinstall the OS from the original media.

Side Note: To try to protect its copyright material Sony BMG included copy protection software on some of their CDs in 2005.  It became a huge scandal because it was essentially a rootkit.

Go back to the Exam Objectives list

Security+ Objective 1.1 – Differentiate among various systems security threats – Adware

Adware is software that delivers ads to your computer, usually in the form of pop-ups.  If you are constantly getting pop-ups that aren’t tied to the websites that you are visiting, chances are you have some adware installed on your system.  It sometimes doesn’t fall under the scope of your anti-virus software, so alternate scanning software may be needed to prevent adware.

Go back to the Exam Objectives list