Techniques for Securing the Operating System

The operating system is the physical environment where your application runs. Any vulnerability in the operating system could compromise the security of the application. By securing the operating system, you make the environment stable, control access to resources, and control external access to the environment.

The physical security of the system is essential. Threats can come through the Web, but they can also come from a physical terminal. Even if the Web access is very secure, if an attacker obtains physical access to a server, breaking into a system is much easier.

We strongly recommend that you review security policies and recommendations for your operating system. Consider implementing the following security best practices.

User Accounts

Limit the number of user accounts on the server computers.
Unnecessary and legacy user accounts increase system complexity and may present system vulnerabilities.
Fewer user accounts reduces the amount of time administrators spend on account administration.

Ensure that only a few trusted users have administrative access to the server computers.
Fewer administrators make it easier to maintain accountability. The administrators must be competent.

Assign the minimum required access permissions for the account that runs the application.
If attackers obtain access to the application, they have the permissions of the user who runs the application.

Account Policies

Develop and administer password policies that promote operating system security.
Examples of such policies are the strong password rule and the password change schedule.

Test the strength of users’ passwords by breaking the passwords.
The users who do not comply with the strong password rule receive a notification to update their passwords according to the organization password policy.
Software is available to help you with this task.

On UNIX, activate the shadow password file.
On UNIX, passwords are stored in the /etc/passwd file. This file is open to everyone, which presents a security risk. To enhance password security, activate the shadow password file named /etc/shadow. If this file is available, passwords are stored in it instead of the passwd file. Because permissions for the /etc/shadow file are more restrictive, the security risk is lower.

File System

Grant the users read-only permissions for required directories.
If attackers obtain access to an application, they have the user permissions.

Deny access by default.
Access to resources is denied for everyone except for the users to whom access is granted explicitly.
You can deny read and write permissions for all directory structures for all users. Only users to whom these permissions are granted explicitly have access to the directories and files. This policy also protects any resources that were overlooked by an administrator.

Network Services

Provide the minimum number of required services on the server computer.
Use only the services that you need to run the application. Each service is a potential entry point for a malicious attack. Reducing the number of running services also makes your system more manageable.
For example, you may not need the ftp, rlogin, or ssh services.

Reduce the level of access permissions for the network services users.
Network services are exposed to the public.

Ensure that the user accounts that have access to the Web server do not have access to the shell functions.

Ensure that unused services do not exist in the rc files, rc0 through to rc6, in the /etc directory on UNIX and Linux.

Ensure that unused services are not running, and that they do not start automatically on Windows.

Ensure that required services are running on UNIX.
You can use the ps and netstat utilities to see the running services. The ps utility gives a list of processes currently running on the computer. The netstat utility provides a list of ports that are currently in use.

Reduce the number of trusted ports specified in the /etc/services file.
Delete or comment out the ports that you do not plan to use to eliminate possible entry points to the system.

Protect your system against NetBIOS threats associated with ports 137, 138, and 139.
These ports are listed in the /etc/services file.

Use wrapper services, such as iptables.

Ensure that the services are current by checking often for security updates.

Avoid using services that have a graphical user interface (GUI), if possible.
Such services introduce many known security vulnerabilities.

System Patches

Run the latest, vendor-recommended patches for the operating system.
The patches may be core OS patches, or patches required by additional applications.

Schedule regular maintenance of security patches.

Operating System Minimization

Remove nonessential applications to reduce possible system vulnerabilities.

Restrict local services to the services required for operation.

Implement protection for buffer overflow.
You may need third-party software to do this.

Logging and Monitoring

Log security-related events, including successful and failed logons, logoffs, and changes to user permissions.

Monitor system log files.

Use a time server to correlate time for forensics.

Secure the system log files by restricting access permissions to them.
Logs are important for daily maintenance and as a disaster recovery tool. Therefore, they must be protected from system failures and user tampering.

Use IPF logging to build a more sophisticated logging system.
To increase the security of the log file system, you can
place all log files in one location, on one server
This simplifies the administration of log files.
set up multiple logging servers for redundancy
use a remote server for logging
This protects the logs if the system is compromised and, for example, the hard drive is destroyed.
Because an IPF server is accessed through the network, it can be located anywhere in the world.

Secure the logging configuration file.
The configuration file contains settings that, if changed, can compromise the reliability of the log system. For example, setting the log level incorrectly may cause some failures not to be logged.

Enable logging of access requests on the Web server.
This can be useful in identifying malicious activity.

System Integrity

Build production systems from a known and repeatable process to ensure the system integrity.

Check systems periodically against snapshots of the original system.

Use available third-party auditing software to check the system integrity.

Back up the system resources on a regular basis.

	Provide the minimum number of required services on the server computer. Use only the services that you need to run the application. Each service is a potential entry point for a malicious attack. Reducing the number of running services also makes your system more manageable. For example, you may not need the ftp, rlogin, or ssh services.
	Reduce the level of access permissions for the network services users. Network services are exposed to the public.
	Ensure that the user accounts that have access to the Web server do not have access to the shell functions.
	Ensure that unused services do not exist in the rc files, rc0 through to rc6, in the /etc directory on UNIX and Linux.
	Ensure that unused services are not running, and that they do not start automatically on Windows.
	Ensure that required services are running on UNIX. You can use the ps and netstat utilities to see the running services. The ps utility gives a list of processes currently running on the computer. The netstat utility provides a list of ports that are currently in use.
	Reduce the number of trusted ports specified in the /etc/services file. Delete or comment out the ports that you do not plan to use to eliminate possible entry points to the system.
	Protect your system against NetBIOS threats associated with ports 137, 138, and 139. These ports are listed in the /etc/services file.
	Use wrapper services, such as iptables.
	Ensure that the services are current by checking often for security updates.
	Avoid using services that have a graphical user interface (GUI), if possible. Such services introduce many known security vulnerabilities.

	Log security-related events, including successful and failed logons, logoffs, and changes to user permissions.
	Monitor system log files.
	Use a time server to correlate time for forensics.
	Secure the system log files by restricting access permissions to them. Logs are important for daily maintenance and as a disaster recovery tool. Therefore, they must be protected from system failures and user tampering.
	Use IPF logging to build a more sophisticated logging system. To increase the security of the log file system, you can place all log files in one location, on one server This simplifies the administration of log files. set up multiple logging servers for redundancy use a remote server for logging This protects the logs if the system is compromised and, for example, the hard drive is destroyed. Because an IPF server is accessed through the network, it can be located anywhere in the world.
	Secure the logging configuration file. The configuration file contains settings that, if changed, can compromise the reliability of the log system. For example, setting the log level incorrectly may cause some failures not to be logged.
	Enable logging of access requests on the Web server. This can be useful in identifying malicious activity.

	Build production systems from a known and repeatable process to ensure the system integrity.
	Check systems periodically against snapshots of the original system.
	Use available third-party auditing software to check the system integrity.
	Back up the system resources on a regular basis.