482    Chapter 8 • Infrastructure Security: System Hardening

             Introduction


             Security+ technicians need to fully understand the fundamentals of system hard-
             ening (also described as “locking down” the system).This knowledge is needed not
             only to pass the Security+ exam, but also to work in the field of information secu-
             rity.You will learn that the skills needed to detect breeches and exploits are an
             essential part of the security technician’s repertoire.
                 The Security+ exam covers the general fundamentals of hardening.This
             chapter covers the hardening methods and techniques that can be applied on var-
             ious systems in the following broad categories:
                  ■   OS-based, which includes information about securing and hardening var-
                      ious OSs (client and server), as well as methods to secure file systems.

                  ■   Network-based, which examines the procedures and methods of hard-
                      ening network devices, services, and protocols.

                  ■   Application-based, which explores the many things that must be done to
                      harden and secure application servers, including e-mail and Web servers.

                 The first topic covered is operating system (OS) hardening, which covers
             important concepts such as locking down file systems and methods for configuring
             file systems properly to limit access and reduce the possibility of a breach. Many
             OS default configurations do not provide an optimum level of security, because
             priority is given to those who need access to data. Even so-called “secure” OSes
             may have been configured incorrectly to allow full access.Thus, it is important to
             modify OS settings to harden the system for access control. Other topics covered in
             the area of OS hardening are how to receive, test, and apply service packs and hot-
             fixes to secure potential vulnerabilities in systems.
                 Network-based hardening is another important topic that Security+ technicians
             need to understand. Many network-based devices, such as routers and switches,
             must be secured to stop unauthorized individuals from updating the firmware
             installed on them, or modifying or installing configurations such as access control
             lists (ACLs).This chapter also looks at disabling unneeded services and protocols on
             a network. It is important that Security+ technicians know what services they need
             and how to disable those they do not need.This can eliminate headaches and make
             the network more secure.
                 Application-based hardening explores the fundamentals of securing Domain
             Name Server (DNS), Dynamic Host Control Protocol (DHCP), databases, and
             other applications, systems, and services on a network.



          www.syngress.com