Red_Hat_Enterprise_Linux 4 Security

[ Pobierz całość w formacie PDF ]

10.5.2. Patching the System
Patching affected systems is a more dangerous course of action and should be undertaken with great
caution. The problem with patching a system instead of reinstalling is determining whether or not a given
system is cleansed of trojans, security holes, and corrupted data. Most rootkits (programs or packages
that a cracker uses to gain root access to a system), trojan system commands, and shell environments
are designed to hide malicious activities from cursory audits. If the patch approach is taken, only trusted
binaries should be used (for example, from a mounted, read-only CD-ROM).
10.6. Reporting the Incident
The last part of the incident response plan is reporting the incident. The security team should take notes
as the response is happening and report all issues to organizations such as local and federal
authorities or multi-vendor software vulnerability portals, such as the Common Vulnerabilities and
Exposures site (CVE) at http://cve.mitre.org/. Depending on the type of legal counsel an enterprise
employs, a post-mortem analysis may be required. Even if it is not a functional requirement to a
compromise analysis, a post-mortem can prove invaluable in helping to learn how a cracker thinks and
how the systems are structured so that future compromises can be prevented.
96
Chapter 10. Incident Response
[7] http ://www.g cn.co m/21_32/web /20 40 4-1.html
97
Red Hat Enterprise Linux 4 Security Guide
Part V. Appendixes
This part discusses some of the most common ways an intruder can breach computer systems or
intercept data in transit. This part also details some of the most commonly used services and their
associated port numbers, which can be useful to administrators looking to mitigate the risks of being
cracked.
98
Hardware and Network Protection
Hardware and Network Protection
The best practice before deploying a machine into a production environment or connecting your network
to the Internet is to determine your organizational needs and how security can fit into the requirements
as transparently as possible. Since the main goal of the Security Guide is to explain how to secure Red
Hat Enterprise Linux, a more detailed examination of hardware and physical network security is beyond
the scope of this document. However, this chapter presents a brief overview of establishing security
policies with respect to hardware and physical networks. Important factors to consider include how
computing needs and connectivity requirements fit into the overall security strategy. The following
explains some of these factors in detail.
Computing involves more than just workstations running desktop software. Modern organizations
require massive computational power and highly-available services, which can include mainframes,
compute or application clusters, powerful workstations, and specialized appliances. With these
organizational requirements, however, come increased susceptibility to hardware failure, natural
disasters, and tampering or theft of equipment.
Connectivity is the method by which an administrator intends to connect disparate resources to a
network. An administrator may use Ethernet (hubbed or switched CAT-5/RJ-45 cabling), token ring,
10-base-2 coaxial cable, or even wireless (802.11x) technologies. Depending on which medium an
administrator chooses, certain media and network topologies require complementary technologies
such as hubs, routers, switches, base stations, and access points. Determining a functional network
architecture allows an easier administrative process if security issues arise.
From these general considerations, administrators can get a better view of implementation. The design
of a computing environment can then be based on both organizational needs and security
considerations an implementation that evenly assesses both factors.
A.1. Secure Network Topologies
The foundation of a LAN is the topology, or network architecture. A topology is the physical and logical
layout of a LAN in terms of resources provided, distance between nodes, and transmission medium.
Depending upon the needs of the organization that the network services, there are several choices
available for network implementation. Each topology has unique advantages and security issues that
network architects should regard when designing their network layout.
A.1.1. Physical Topologies
As defined by the Institute of Electrical and Electronics Engineers (IEEE), there are three common
topologies for the physical connection of a LAN.
A.1.1.1. Ring Topology
The Ring topology connects each node using exactly two connections. This creates a ring structure [ Pobierz całość w formacie PDF ]

Tematy