Langsung ke konten utama

Hardening Host

HARDENING HOST
Farah Hanin Nafisah / 2103161013

a.      Definition of hardening and hardening host
Definition of "hardening" in general means doing the hardening process of a soft layer. So, the layer becomes stronger and more resistant of damage. In computing, hardening usually defines as the process of securing a system by reducing its surface of vulnerability, which is larger when a system performs more functions. In principle a single-function system is more secure than a multipurpose one. Reducing available ways of attack typically includes changing default passwords, the removal of unnecessary software, unnecessary usernames or logins, and the disabling or removal of unnecessary services.
This principle is also used to implement hardening host that affect host security. Hardening host is a procedure that minimizes the threat that comes with setting configuration ,and deactivating applications and services that are not needed. Hardening host provides a variety of safeguards in computer systems.This protection is provided in various layers, called "coated defense". The layers are the OSI layers such as application, transport, physical etc.

b.      Purpose and function of hardening host
The purpose of Hardening Host is to eliminate the risk of threats that can occur on the computer, this is usually done by deleting all programs or files that are not needed.
The function of "hardening host" process is to increase the level of security on the host.

c.       Elements of Hardening Host
The following are elements of Hardening Host
1.      Security Policy

Security Policy is divided into various fields based on its use, the fields includes:
a. Policy on computer usage
b. Cannot lend an account to someone else.
c. It is not allowed to take / put files from office computers, etc.
d. Policy usage of program installation
e. Can not install the program without the permission of the IT staff
f. Cannot install illegal programs, etc.
g. Policy on Internet usage
h. Not allowed to use the internet for carding, hacking d
i. Not allowed to use the internet to access sites that have the potential to spread viruses, etc.
j. Policy for using Email
k. You may not use office e-mail for mailing list activities, etc.

2.      Cryptography

Cryptography (cryptography) is the science and art of storing a message safely
a. Encryption and Decryption
b. Symetric Cryptography
c. Asymetric Cryptography

3.      Firewall

Firewalls are composed of rules that are set both for hardware, software and  its system .This has a purpose to protect computers in the network, either by filtering, limiting or rejecting a connection request from services outside the network such as the internet.

4.      IDS (Intrusion Detection System)

One common way of automating surveillance infiltration is to use IDS. IDS will detect the type of attack from "signature" or "pattern" on network activity. It can even block suspicious traffic.

5.      Backup
Backup is the process of making backup data by copying or archiving computer data ,so the data can be reused if there is damage or loss.

Backup has two purposes. The main purpose is to restore data if the data is lost, either because it is erased or because it is corrupted. The second goal is to return the data to a certain point in the past. Because of its function, the backup process requires the user to duplicate data, which ultimately depletes the capacity of the storage media. This prompted the discovery of technologies to streamline backup data storage, such as deduplication and compression.

6.      Audit System

Audit System is form of supervision and control of information technology infrastructure as a whole. This information technology audit can work together with financial audits and internal audits, or with other similar monitoring and evaluation activities.

7.      Digital forensics

Digital forensics deals with:
a. Check the active connection
b. Checking listening ports after an incident
c. Check the active process after the incident
d. Checking the logged user log
e. Check the log system
f Checking access log services, etc.


d.      Basics in Strengthening Hardening Host
1.      Encryption / Description

Encryption technology is one mechanism to improve security. Your sending data is modified ,so it is not easily to tap. Many services on the Internet still use "plain text" for authentication, such as using a userid and password pair. This information can be seen easily by tapping programs or sniffers. Examples of services using plain text include: remote access using telnet and rlogin, file transfer using FTP ,Email access via POP3 and IMAP4 ,sending email via SMTP ,and web access via HTTP .

2.      Firewall

Computers and networks that connected to the internet are need to be protected from attacks. A firewall is a fairly efficient way to do it. In general, the firewall will separate the public network and private network. The firewall works by observing the IP (Internet Protocol) packet that passes through it. Based on the configuration of the firewall, access can be arranged based on the IP address, port, and direction of information. Details of the configuration depend on each firewall.

3.      Logs

A system administrator must see the log of the system from time to time. By looking at the log, the system administrator can see the activities that occur and most likely can anticipate ,if some suspicious activities occur.

4.      IDS (Intrusion Detection System)

One common way of automating surveillance infiltration is to use IDS. IDS will detect the type of attack from "signature" or "pattern" on network activity. It can even block suspicious traffic.

IDS can be computer-based or host-based IDS. On a computer network-based IDS, IDS will receive a copy of the packet aimed at a host to then check the packages. If it turns out that a dangerous package is found, the IDS will warn the system manager. Because the package being checked is only a copy of the original package, then even if a malicious package is found, the packet will still reach the host it is destroying.

5.      Intrusion Prevention System (IPS)

Intrusion Prevention System (IPS) is a system that is widely used to detect and protect a security system from attacks by outside and inside parties.

An IPS is more active than an IDS. Working with a firewall, an IPS can give a decision whether a package can be accepted or not by the system. If IPS finds that the packet being sent is a malicious package, then IPS will notify the system firewall to reject the data packet.

6.      Honeypot

"HoneyPot" is a "feed" server which is a distraction. The purpose of the honeypot is they don't run services like most servers ,but pretend to run them ,so they allow intruders to think that they really are the real "server". Honeypot is also useful to see techniques that used by intruders .

7.      Configuration

As discussed earlier, a careful configuration will help you to withstand the possibility of an attack. Most of the cases of web defacement occur due to a misconfiguration that causes third parties to take advantage of this error.

8.      Anti Virus

Anti-virus is software to deal with viruses that attack the security of computer network systems.


e.       Chart of Hardening Host



INFORMATION :
a. Admin performs configuration or settings on the server.
b. The admin also performs digital forensics on the server to check access logs.
c. Admin checks logs through the server, logs contain various information history of network activity
d. The honey pot is a duplicate of the original server that lets hackers enter, so the way hackers attack the network can be known.
e. On the server a firewall has been installed to protect various network attacks from outside the network such as viruses, worms, trojans, malicious programs and filter incoming internet access ... firewall is only installed on the server, because if the server is protected it means that the client is protected, this is because of access from the client is given by the server itself
f. Admin through the server running ids, ids will automatically monitor every activity in the network and block data traffic in the event of an attack or access to it.
g. Admin via server sends messages / files by cryptography so that the files are kept confidential to the client.
h. All users in the network must comply with the security policy or rules of use that have been made.

f.       Software Used to Strengthening Hardening Host
1.        Batille Linux
Bastille's hardening program locks the OS, actively configures the system to improve security and reduce its vulnerability. Bastille supports Red Hat (Fedora Core, Enterprise, and Numbered / Classic), SUSE, Debian, Gentoo, and Mandrake with HPUX.

Users / administrators are allowed to choose how to do hardening on the OS. In the default hardening setting, Bastille will ask if the user has a question.

2.        JASS for Solaris systems
The SolarisTM Security Toolkit, also known as the JumpStartTM Architecture and Security Scripts (JASS) toolkit, provides flexible and flexible mechanisms to minimize, harden, and secure Solaris Operating Environment systems.

3.        Syhunt Apache / PHP Hardener
Syhunt Apache / PHP Hardener is used to evaluate security threats and identify appropriate countermeasures at the web server configuration stage, thus providing extra protection against web hacking and is the highest level of application security.

g.      How to Work Hardening Host
1.      Penetration System
System Penetration is a method for evaluating the security of a computer or network system by simulating possible attacks from irresponsible parties.
2.      Patching
Patch is making improvements to existing security holes. This is done by detecting existing damage and then making repairs.

h.      How to Strengthen Hardening Host
1.      Create a non-root user
2.      Add non-root to the sudoers group
3.      Add public SSH key to non-root user
4.      Deny all inbound trafic with ufw firewall
5.      Open required ports withing the ufw firewall
6.      Update SSH config – Password less login
7.      Update SSH config – Disable root login
8.      Update SSH config – Change SSH port
9.      Unattended upgrades
10.  Postfix for emails
11.  Logswatch to send daily summary emails
12.  Fail2ban
13.  Set the timezone to UTC and install NTP
14.  Secure shared memory
15.  Add a security login banner
16.  Harden the networking layer
17.  Prevent IP spoofing


i.        Example of hardening host
The example of hardening host are Installing a firewall, installing antivirus, deleting cookies, creating passwords, and deleting unnecessary programs.


Link praktikum Hardening Host :

 Praktikum Hardening Host

Komentar

Posting Komentar

Postingan populer dari blog ini

Kesimpulan dari diskusi kelompok 4 dynamic 2016

     Kali ini,aku bakal ngeposting tentang kesimpulan dari diskusi kelompok 4 dynamic 2016 tentang full day school.      Full day school  adalah program sekolah yang menyelenggarakan proses belajar mengajar di sekolah selama sehari penuh. Umumnya sekolah yang menyelenggarakan pendidikan full day school dimulai 07.00 sampai 16.00. Istilah full day school berasal dari kata day school (bahasa Inggris) yang artinya hari sekolah. Pengertian hari sekolah adalah hari yang digunakan sebuah institusi untuk memberikan pendidikan kepada anak-anak (atau usia sekolah). Dengan menambahkan istilah full pada day school maka pendidikan dijalankan sehari penuh mulai dari pagi hari hingga menjelang sore.      Belum sebulan menjabat sebagai menteri pendidikan dan kebudayaan,Muhajir effendy sudah membuat rencana kebijakan tentang pelaksanaan full day school di sekolah.Kebijakan ini pun mengundang pro kontra bagi semua kalangan masyarakat.   ...
Posting Komentar
Baca selengkapnya

galeri dynamic 2016 (6)

Kali ini aku bakal ngeposting galeri dynamic ke 6. Di foto pertama, ada rico fajar afandi,dipanggil rico dari D4 IT B.Dia anaknya supel dan baik. Foto selanjutnya ada yosyafat aulia f,dipanggil yosyafat dari D4 IT A,dia anaknya baik dan supel. Lalu ada narendra yogha prathama dipanggil Yogha dari D4 IT A.Dia anaknya baik,asik,supel. Lalu ada ridho pahlevy dipanggil ridho dari D4 IT B.Dia anaknya baik dan supel. Selanjutnya disebelah kiriku ada stefanus samuel ryo dipanggil ryo dari D3 IT B.Dia anaknya baik,supel,ramah. Lalu ada ayu lestari dipanggil ayu dari D3 IT B,Dia anaknya baik,agak pendiam dan ramah. Lalu yang paling pojok sebelah kanan ada nuril ratu qurani dipanggil nuril dari D4 IT A.Dia anaknya baik,ramah. Lalu ada mufidatun nisa nur laliliy,dipanggil mufida dari D4 IT B.Dia anaknya pendiam tapi baik. Lalu ada rachmad syahrul h,dipanggil rahmad dari D4 IT B.Dia anaknya baik. Lalu ada muhammad alif akbar dipanggil alif dari D4 IT A,Dia ana...
Posting Komentar
Baca selengkapnya