Page 499 - StudyBook.pdf
P. 499
Infrastructure Security: System Hardening • Chapter 8 483
Concepts and Processes
of OS and NOS Hardening
System security and hardening is the process of building a barrier between the net-
work and those who would do it harm.The key is to make sure the network you
are in charge of is not one that is an easy target.You want to make the barrier
more difficult to cross than anyone else’s network. In other words, Information
Technology (IT) security involves creating a deterrent to convince a would-be-
attacker that a system is more difficult to breach than some other system.
Let’s start with hardening the OS and the network operating system (NOS)
environments.This area includes concepts previously studied such as access control,
authentication and auditing (AAA), media access control (MAC), discretionary
access control (DAC), role-based access control (RBAC), and auditing (discussed in
Chapter 1), as well as a number of sublevels including:
■ File security
■ Updates
■ Hotfixes
■ Service packs
■ Patches
When looking at ways to provide file and directory security, you must first look
at how file security can be structured.
■ Start with everything accessible and lock down the things you want to
restrict
■ Start with everything locked down and open up the things you want to
allow access to
Of these two potential methods, the second, which is also referred to as the rule
of least privilege is the preferred method. Least privilege is when you start with the
most secure environment and then loosen the controls as needed. Using this
method works to be as restrictive as possible with the authorizations provided to
users, processes, or applications that access these resources.Accessibility and security
are usually at opposite ends of the spectrum; this means that the more convenient it
is for users to access data, the less secure the network.While looking at hardening
security through permissions (e.g.,AAA), administrators should also consider
www.syngress.com
