3.4. Securing Workstations and Servers

Workstations are particularly vulnerable in a network. Most modern workstations, regardless of their operating systems, communicate using services such as file sharing, network services, and applications programs. Many of these programs have the ability to connect to other workstations or servers.

Because a network generally consists of a minimal number of servers and a large number of workstations, it's often easier for a hacker to find an unsecure workstation and enter there first. Once the hacker has gained access to the workstation, it becomes easier to access the network since they're now inside the firewall.


These connections are potentially vulnerable to interception and exploitation. The process of making a workstation or a server more secure is called platform hardening. The process of hardening the operating system is referred to as OS hardening. (OS hardening is part of platform hardening, but it deals only with the operating system.) Platform hardening procedures can be categorized into three basic areas:

  • Remove unused software, services, and processes from the workstations (for example, remove the server service from a workstation). These services and processes may create opportunities for exploitation.

  • Ensure that all services and applications are up-to-date (including available service and security packs) and configured in the most secure manner allowed. This may include assigning passwords, limiting access, and restricting capabilities.

  • Minimize information dissemination about the operating system, services, and capabilities of the system. Many attacks can be targeted at specific platforms once the platform has been identified. Many operating systems use default account names for administrative access. If at all possible, these should be changed. During a new installation of Windows Vista or Windows XP, the first user created is automatically added to the administrators group. Windows Vista then goes one step further and automatically disables the actual administrator account once another account belonging to the administrators group has been created.

One way to prevent users from making changes in the Microsoft operating systems is to lock their configuration settings. This is possible with Windows clients through the use of group policies.


Most modern server products also offer workstation functionality. In fact, many servers are virtually indistinguishable from workstations. Linux functions as both a workstation and a server in most cases.

Most successful attacks against a server will also work against a workstation, and vice versa. Additionally, servers run dedicated applications, such as SQL Server or a full-function web server.

Users Installing Unauthorized Software

Members of your information systems (IS) department are screaming about the amount of unauthorized software that is being installed on many of the Windows clients on your network. What advice can you offer them on how to minimize the impact of this software?

All newer Windows clients allow permissions to be established to prevent software installation. You should evaluate the capabilities of the settings in the workstations for security. This process is referred to as locking down a desktop. You can lock down most desktops to prevent the installation of software. Doing so may also prevent users from automatically upgrading software and may create additional work for the IS department. You'll need to evaluate both issues to determine the best approach to take and then make your recommendation to the IS department.


NOTE

An early version of Internet Information Services (IIS) included a default mail system as a part of its installation. This mail system was enabled unless specifically disabled. It suffered from most of the vulnerabilities to virus and worm infections discussed in Chapter 2. Make sure your system runs only the services, protocols, and processes you need. Turn off or disable things you don't need.

When you're looking for ways to harden a server, never underestimate the obvious. You should always apply all patches and fixes that have been released for the operating system. Additionally, you should make certain you aren't running any services that aren't needed on the machine.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.135.217.228