Page 528 - StudyBook.pdf
P. 528

512    Chapter 8 • Infrastructure Security: System Hardening

                    2. Endpoint-based NAC requires the installation of software agents on
                        each network client.These devices are then managed by a centralized
                        management console.
                  3. Hardware-based NAC requires the installation of a network appliance.The
                      appliance monitors for specific behavior and can limit device connectivity
                      should noncompliant activity be detected.

                 NAC offers administrators a way to verify that devices meet certain health stan-
             dards before they’re allowed to connect to the network. Laptops, desktop com-
             puters, or any device that doesn’t comply with predefined requirements, can be
             prevented from joining the network or can even be relegated to a controlled net-
             work where access is restricted until the device is brought up to the required secu-
             rity standards.

             Databases

             Database servers may include servers running SQL or other databases such as
             Oracle.These types of databases present unique and challenging conditions when
             considering hardening the system. For example, in most SQL-based systems, there
             is both a server function and a client front end that must be considered. In most
             database systems, access to the database information, creation of new databases, and
             maintenance of the databases is controlled through accounts and permissions cre-
             ated by the application itself.Although some databases allow the integration of
             access permissions for authenticated users in the OS and NOS directory services
             system, they still depend on locally created permissions to control most access.This
             makes the operation and security of these types of servers more complicated than is
             seen in other types.
                 Unique challenges exist in the hardening of database servers. Most require the
             use of extra components on client machines and the design of forms for access to
             the data structure, to retrieve the information from the tables constructed by the
             database administrator. Permissions can be extremely complex, as rules must be
             defined to allow individuals to query database access to some records, and no access
             to others.This process is much like setting access permissions, but at a much more
             granular and complex level.
                 Forms designed for the query process must also be correctly formulated to
             allow access only to the appropriate data in the search process. Integrity of the data
             must be maintained, and the database itself must be secured on the platform on
             which it is running to protect against corruption.




          www.syngress.com
   523   524   525   526   527   528   529   530   531   532   533