Security: Mitigation and Deterrents - Paiet/Tech-Journal-for-Everything GitHub Wiki

  • Remove the GUI:
    • yum grouplist
    • yum groupremove "GNOME Desktop Environment"
    • vi /etc/inittab
  • Change the run level to text only id:3:initdefault:
  • Examine services: service --status-all chkconfig --list netstat -tulpn
  • Remove/Disable Services yum erase inetd xinetd telnet-server chkconfig inetd off
  • Monitoring system logs
    • Event logs - computer performance, etc.
    • Audit logs - time stamps, etc.
    • Security logs - logon events, etc.
    • Access logs - key fob events, etc.
    • could also consider monitoring system performance logs
  • Hardening
    • Disabling unnecessary services
    • Protecting management interfaces and applications
      • if only administering by SSH, disable the web config
    • Password protection
    • Disabling unnecessary accounts
      • user, computer and service accounts
  • Network security (keeping those who shouldn't be on your network off your network)
    • MAC limiting (port security) and filtering (kiosk or public access drops unknown macs)
    • 802.1x (RADIUS)
    • Disabling unused interfaces and unused application service ports
    • Rogue machine detection (BYOD)
  • Security posture (the position a company takes on security all areas of its business)
    • Initial baseline configuration
      • to help with creating and maintaining a baseline use templates, images, GPOs
    • Continuous security monitoring
      • whenever changes are made to the network a review of the security should be done
    • Remediation
  • Reporting (use along with audits and logs)
    • Alarms -> used to bring attention to a fault in the system
    • Alerts -> used to communicate that a condition has occurred and needs attention
    • Trends -> performance or event across a specified time frame
      • good reporting can help to determine trends
  • Detection controls (monitor a situation or activity) vs. prevention controls (monitor AND react to situations)
    • to determine whether you need detection or prevention controls all boils down to risk.
    • if a situation has a low impact then detection is appropriate. if a situation has a high impact then prevention is ideal