490    Chapter 8 • Infrastructure Security: System Hardening

             into their environments, to ensure that they have done everything possible to elim-
             inate a breach or attack.
                 The following section looks at the types of actions security professionals must
             take to limit or reduce attacks, accidental damage, or destruction through their net-
             works. It also discusses recommendations for the appropriate application, timing,
             and installation of updates to the firmware being used and to the OS in the net-
             work device.Additionally, recommendations and best practices for the configura-
             tion of network devices and whether there is a need to disable or enable services
             and protocols within a network scope are explored. Finally, recommendations and
             procedures for establishing appropriate access control levels for devices and systems
             within a network are discussed.
             Updates (Firmware)


             Firmware updates, like software updates, are provided by the manufacturer of the
             hardware device being used.These updates generally fix incompatibility issues or
             device operation problems, and should be applied if the update involves a repair for
             an existing condition, or if it will make the equipment more secure, more func-
             tional, or extends its operational life. It is always necessary to install and test
             firmware updates in a non-production environment, to verify that the update con-
             tains the necessary repairs and benefits that are needed.After sufficient testing of
             the update and its functionality, it can be installed on other devices of the same
             type, as appropriate.

             Configuration

             Configuration of network devices (such as routers and switches) with default instal-
             lation settings, leaves a system extremely vulnerable. It is of paramount importance
             that administrators understand the limitations of default settings. Ideally, configura-
             tions should be tested and assured prior to implementation of the devices on a live
             network. Often, basic device configurations are set for convenience and not for
             control and security. It is easier to operate some devices with just the default set-
             tings, but in many cases, there is a corresponding loss of security.
                 Improperly configured or improperly secured devices left with default configu-
             rations will draw attackers if connected to the Internet. It is important to under-
             stand the ramifications of the settings made on any network device connected to a
             foreign or uncontrolled network.







          www.syngress.com