Security Tips for IT

Security Tips for IT

General Security Also, Windows, Linux & Solaris Best Practices

Account Security

• Access to your account on any system by another party is prohibited
• Accounts are equivalent to signing your name on a tangible document. Anything done with these accounts under your name is your responsibility and you may be liable for it.
• Accounts setup for group use is prohibited

Auditing

• Review security event logs on a regular basis
  • It is useless to generate event logs if one is not going to monitor them

Backups

• Perform full backups weekly
• Store full backups offsite once per month
  • Periodically test the backups for integrity

Business Resumption Plan

• Each college, school or department should have a business resumption (continuity) plan
  • In case of a disaster, such as a hurricane, you need to have critical systems back on-line as quickly as possible
• Keep good inventory

Drive Mapping

• Administrators must take precautions when logging into workstations that have drive mappings to their servers. Many viruses will propagate using the mapped drive. If an administrator has full access to servers and logs-in to a workstation that has a drive mapped to a server, and the workstation happens to be infected with a worm, it will infect the server as well.
  • Administrators should use an account with limited permission to servers when troubleshooting a workstation. Or, have the regular user login to the workstation

FTP, SSH and Web Servers

• Disable anonymous FTP
• Disable version banners
• Set filters/wrappers based on IP addresses to deny access to unwanted hosts
• Run these services/applications with user permissions other than administrator or root

Hardware Disposal

• When disposing magnetic media such as hard drives, diskettes, or tapes, make sure that they are erased first

Install Latest Patches

• Install all vendor recommended service and security patches
  • To accomplish this in an automated way for common operating systems, please check the Security Tools page
• Links to web sites to obtain current patches for your operating system:
  • Microsoft http://www.microsoft.com/technet/itsolutions/security/current.asp
  • Apple - Mac OS http://www.apple.com/support/security/security_updates.html
  • Novell http://support.novell.com/misc/patlst.htm
  • Linux Distributions
    • Redhat http://www.redhat.com/security/updates/
    • SCO (Caldera) http://www.caldera.com/support/security/
    • Mandriva http://www.mandriva.com/security
    • SUSE http://www.suse.com/us/support/security/index.html
  • Berkeley Standard Distribution (BSD)
    • FreeBSD http://www.freebsd.org/security/security.html
    • OpenBSD http://www.openbsd.org/security.html
    • NetBSD http://www.netbsd.org/Security/
  • Solaris http://www.sun.com/software/solaris/downloads.html
  • HP/Unix http://www.software.hp.com/SUPPORT_PLUS/
  • Aix http://techsupport.services.ibm.com/rs6k/ml.fixes.html
  • SGI http://www.sgi.com/support/security/patches.html

Modems

• Avoid the use of modems on the network
  • Unmanaged or poorly managed desktop modems pose a risk to PC

Passwords

• Passwords should be a minimum of 6 characters, including numerals
• Never share passwords with anyone
• Change passwords at least every sixty (60) days

SSH (Secure Shell)

• Use SSH instead of Telnet or rlogin
• A good program to use is Putty. Download here

Time Synchronization

• To effectively investigate compromises or security incidents it is necessary to have clocks synchronized to a common system (NTP - Network Time Protocol)
  • Install synchronizing software such as Netlab for Windows
  • 
    

Viruses

• All systems must run an anti-virus software package
  • Make sure to budget to renew your antivirus definitions service on a yearly basis. Many programs come with one free year of upgrades, but you need to budget (usually < $15) to keep your antivirus upgrade access current.
  • You should update your virus definitions on a daily basis.
• Inform systems administrators as soon as a virus has been detected
• Check Security Tips for Everyone for further tips.

Windows Best Practices

• Review Computer Security Standards
• Subscribe to security web sites, such as Microsoft’s Technet
• Insure that all critical data is stored on NTFS partitions
• Verify that the Administrator account has a strong password
  • Prevent Null user sessions
• Unbind unnecessary protocols
• Remove additional OS installations. Install only what you need
• Always install the latest security patches available from the vendor. See above.
  • Update your operating system regularly – crackers take advantage of vulnerabilities reported by vendors
• Disable unnecessary services. Run only the services that are necessary
• Turn off auto run for CD-ROM
• Review security event logs on a regular basis
• Make frequent backups

Above

Linux Best Practices

• Review Computer Security Standards
• Subscribe to security web sites and mailing lists (i.e., www.securityfocus.com, www.linuxsecurity.com, etc.)
• Change or disable passwords for all default accounts
• Make sure you choose a secure password for root
• Install sudo to enhance control over root access
• Always install the latest security patches available from the vendor. See above.
  • Update your operating system regularly – crackers take advantage of vulnerabilities reported by vendors
• If you are using Red Hat Linux, use up2date to update your system packages
• If you are using Debian, use apt-get to update your system packages
• Disable all network services in /etc/inetd.conf and enable only those you need
• If you are using Redhat, make sure to disable the linuxconf line in inetd.conf (if it exists)
• Check your runlevel startup files to make sure things you don't want are not starting up.
  • Example: For System V-like systems, this would be in /etc/rcX.d, where X is the value of the runlevel your system boots into by default. For BSD-like systems, this would be in /etc/rc.common or /etc/rc.
  • Check your system documentation if unsure of your init system.
• Disable RPC (portmap, etc) unless you need Sun services such as NFS
• Disable LPD unless you need to use the machine for printing purposes
• Install Secure Shell (Open SSH) for remote access
• Consider using tcp wrappers to control access to your machine over the network
• Remove /etc/hosts.equiv
• Control remote access to system by modifying /etc/hosts.allow and /etc/hosts.deny
• Make sure you are running the latest version of Sendmail. You may consider using Postfix, Qmail, or Exim
• If you are running an ftp daemon, consider using Proftpd
• Make frequent backups

Above

Solaris Best Practices

• Review Computer Security Standards
• Subscribe to security web sites (i.e., www.securityfocus.com)
• Change or disable passwords for all default accounts
• Make sure you choose a secure password for root
• Always install the latest security patches available from the vendor. See above.
  • Update your operating system regularly – crackers take advantage of vulnerabilities reported by vendors
• Disable all network services in /etc/inetd.conf and enable only those you need
• Remove startup scripts for sendmail and web servers if you don’t need those services
  • Make sure you are running the latest version of Sendmail. You may consider using Postfix
• You should be especially careful with the r-services. They are often not needed and can pose a significant security risk
• Use the Secure Shell (SSH) instead of telnet
• Control access to your machine by installing both tcp wrapper and Wietse Venemaís version of portmap for SunOS or rpcbind for Solaris
  • These utilities cover different groups of network services, so you need both of them
• Run syslog, and save the output
• Consider installing and running swatch, which will notify you when specified events happen. Even if you decide not to run swatch, syslog output can be very useful in tracing an incident once it happens
• Remove /etc/hosts.equiv
• Do not have a .rhosts file without good reason
• If you are running ftp daemon, consider using Proftpd
• Make frequent backups