The computing world is a
complex and constantly changing process. To minimize security risks,
companies must pay attention to The "5 basic safety principles"
- 100% security does not exist
- Security risks are directly proportional to the complexity of software
- Implement layered security
- Do not allow an intrusion is made reused elsewhere, ignoring safety
- Thinking "We are never ready for intruders," the concept of moving to perfection
is impossible to guarantee that all programs
running on all your systems are free of any type of bug that could be used to break
systems. There are many people who simply write many lines of code,
checking and checking very little of his work. This is not just the fault
of the software developers. Software development is an extremely complex
process and an incorrect character (eg a string) in a program with millions of
lines of code can create a security hole. Additionally you can not
accurately predict the interactions of thousands of different programs may end
in a single network together. It is impossible that the code written is
perfect, because the creators are also human and are subject to imperfections,
so you should make architectural decisions with this fact in
mind. Security is a trade-off. Business needs must be balanced with
security concerns in much the same way as physical security
controls. Security policies should always be done with a risk assessment
and cost / benefit. In the end, the degree of
safety
is always a business decision. Security risks are directly proportional
to the complexity of software There are two issues here: the
complexity of each software program and the total number of software programs
that make up your solution or web server / client site. The more code you
have, the more bugs are likely to have. Since all software has bugs, it
must be assumed that the errors can be exploited as security holes. Firms
should only run software they need to be operational.Companies must eliminate
sample programs, scripts and documentation that are unnecessary to the
operation of a production system, because there is no reason to take the risk
when these programs deliver any operational value. Furthermore, most
software means more security updates. So for example, if your basic users
do not even use the help of Linux, Windows or any other operating system or application,
why then install help? Besides saving space, if any intruder discovering a
flaw in the Windows help, for example, and you corrected all applications and
the Windows operating system thought, "but I think in Windows Help, there
would be no possibility of intrusion," there can be great opportunity to
fail and the attacker, it also serves to Linux and other systems. simply
not install the default configuration. Most software comes in an insecure
configuration and to make it as easy as possible in the intrusion. To
eliminate unnecessary security risks, you should "shield" the
software or operating system installation, which we call Hardening ¹, or rather
virtual shield. In particular, the default settings and passwords should
be changed, since they are easily available to hackers and other evil
beings. Additional steps that a hardening process may include:
- Limiting the software installed to that which is intended for the desired function of the system;
- Apply and maintain updated patches, both operating system as applications;
- Review and modify the permissions of the file systems, in particular as regards the writing and execution;
- Enhancing login security, enforcing a strong password policy
Finally,
the simplest programs are less likely to have security holes when using
them. That's why proxies are a good way to protect the border of the
network from external attacks. Proxies are simple programs - they
understand the application protocol but not implement the functionality. Therefore,
they are safer than the servers they protect. Implement layered
security theory "onion". Besides having several layers
of the onion, it has a "bad smell". Think about it, form a
layered security and created a defense system that is distasteful, offensive
attackers. As all code has bugs, you never want to rely on any piece of
code as their only line of defense. If you apply multiple layers of
security, the hacker can not enter as easily as a weakness in one layer can not
represent a total breakdown of the system. For example, if the server is
running as a privileged user such as "root" or "admin" and
there is a bug anywhere within this large and complex piece of code, a hacker
might well gain full administrative access to your computer. If your web
server runs as a non-privileged user, so even if a bug is found, the exposure
can be controlled. A basic example of software-based "onion
theory" to me, is the NMAP. When we run NMAP without using the root
account, we can sweep services with some options, but with all the options,
just using the root account. So what's the trend? EVER run that NMAP
USING THE ROOT ACCOUNT and thus also expose our system to a scan or
attack. There are more, just the technique we use IP and MAC SPOOFING
SPOOFING and fine. In upcoming articles I will demonstrate that gives that
swept to locate a host, even with IP / MAC SPOOFING. allow an intrusion
not done is reused elsewhere SecuritySeparation function is essential for
safety. You need to have separate
devices for separate
functions and different computer networks with different security
levels. This is bad for GreenIT (Green IT, how to save energy for the
environment, a good example of the advantages is beyond
virtualization). For example, a web server communicates with the outside world,
while a server database should only communicate with the web server.Each
machine must be on a separate network. So if you have a "break"
the web server by a hacker may have access to your email server, but your
server database, which is physically isolated and protected by firewalls and
other. Keep in mind , security is never about any one thing, but the whole
set. Further security is as good as a weak link, something that many
companies seem to forget. Firewalls are just one piece of the puzzle so you
may need more than one firewall. For example, many companies use virtual
private networks (VPNs) to allow two offices can communicate on a form
"Internet safe". VPNs have a fundamental Achilles heel that
could make them undesirable: if you have a home user connected to a corporate
network through a VPN, then the entire corporate network is as secure as the
security of the home PC. How safe is your home office? Item: Backtrack-linux.org
Posts
0 comments:
Post a Comment