Security + Exam Guide (Charles River Media Networking/Security)

Many of the operating systems available today can be made to be somewhat secure. Unfortunately, it is common for many default installations of operating system software packages to leave systems vulnerable to outside attack. For security purposes, it is essential that you stop (disable) any unneeded services and remove or unbind any unnecessary protocols that are not needed by a system that has direct connection to an outside influence such as the Internet.

If you are using the Windows operating system and have an external connection to the Internet, you should consider removing the following protocols from your external NIC cards TCP/IP protocol bindings. This can be accomplished through the Windows Control Panel:

• Server

• Workstation

• NetBIOS interface

You should also consider removing or disabling the following services from a system if they are not needed. Keep in mind that disabling particular services might render a system useless for particular tasks:

• Computer browser service

• IIS Admin service

• FTP Server service

• Spooler service

• Netlogon service

• DHCP (Dynamic Host Configuration Protocol)

It is likely that the exam will ask you what unused services should be removed or disabled from a system to reduce the risk of malicious attack.

From a network as well as operating systems perspective, the following items should always be taken into consideration when hardening an environment from outside destructive forces:

• Always apply the most recent hot-fixes and service packs available from your operating systems manufacturer.

• Block all TCP/IP and UDP ports that are not needed for network traffic. As a general rule, block TCP port 139 and UDP ports 137 and 138.

  Note

  It is likely that the exam will target this issue. The blocking of these ports should be on the first page of any Security 101 book or procedure.

• Enable a strong password structure.

• Enable auditing and logging .