Host and Server-Based Security
Host and sever-based security must be applied to all network systems. Mitigation techniques for these devices include:
- Device hardening
- Antivirus software
- Personal firewalls
- Operating system patches
The following sections describes these mitigation techniques in greater detail.
Device Hardening
When a new operating system is installed on a device, the security settings are set to the default values. In most cases, this level of security is inadequate. You should take some simple steps that apply to most operating system:
- Default usernames and passwords should be changed immediately.
- Access to system should be restricted to individuals who are authorized to use those resources.
- Any unnecessary services and applications should be turned off and uninstalled when possible.
- Configure system logging and tracking.
Antivirus software
Antivirus software does this in two ways:
- It scans files, comparing their contents to known virus signatures. Matches are flagged in a manner defined by the end user.
- It monitors suspicious processes running on a host that might indicate infection. This monitoring may include data captures, port monitoring, and other methods.
Most commercial antivirus software uses both of this approaches. Keep in mind that antivirus software is good only if the definition are up to date. Update antivirus software vigilantly as shown in the picture
Personal Firewall
PCs connected to the internet through a dial up connection, DSL, or cable modem are as vulnerable as corporate networks. Personal firewalls reside on the user's PC and attempt to prevent tracks. Personal firewalls are not designed for LAN implementations when compared to appliance-based or server-based firewalls, and they may prevent network access if installed with other networking clients, services , protocols, or adapters
Operating System Patches
The most effective way to mitigate a worm and its variants is to download security updates and patch all vulnerable systems. OS patches typically are downloaded from the operating system vendor, such as Microsoft or Apple. However, Linux is available in several distributions or flavors. Updates would be available for the specific Linux distribution or from reputable links in the open-source community.
It is critical to protect network hosts, such as work station PCs and servers. These hosts need to be secured as they are added to the network, and they should be updated with security patches as these updates become available. Additional step can be taken to secure these host. Antivirus, firewall, and intrusion detection are valuable tools that can be used to secure a network hosts. Because many businesses resources may be contained on a single file server, it is especially important to servers to be accessible and available.
Updating numerous systems is difficult with uncontrolled user systems in the local network, and it's even more troublesome if these systems are remotely connected to the network via a VPN or remote-access server( RAS ). Administering numerous systems involves creating a standard software image( operating system and accredited applications that are authorized for use on deployed client systems) that is deployed on new or upgraded systems. These images may not contain the latest patches, and the process continually rebuilding the image to integrate the latest patch may quickly become administratively time-consuming. Pushing patches out of all systems requires that those systems be connected in some way to the network, which may not be possible.
One solution to managing critical security patches is to create a central patch server that all systems must communicate with after a set period of time. Any patches that are not applied to a host are automatically downloaded from the patch server and installed without user intervention. This solution could be enforced using the Cisco NAC appliance.
In addition to performing security updates from the OS vendor, you can simplify the process of determining which devices can be exploited by using security auditing tools that look the vulnerabilities.