Security Engineering Explained - Chapter 7 - Security Deployment Review

From Guidance Share

Jump to: navigation, search

Note - patterns & practices Security Engineering is now live at http://msdn.microsoft.com/en-us/library/ms998382.aspx.


Contents

Summary

A security deployment review is an activity that can be used to ensure that configuration and deployment problems are discovered before they can result in an application vulnerability. Even the most securely designed and implemented application can be compromised by an error during deployment, leaving it open to attack.

This module summarizes the patterns & practices approach to security deployment reviews by explaining what they are and why you should use them. It also describes the key concepts behind the approach.


Overview

Application security is dependent upon the security of the underlying infrastructure on which the application is deployed. The deployment review, depending upon your application, will cover configuration of both the network and the host.


When you review your security deployment, you can organize the precautions you must take and the settings you must configure into categories. These categories are shown in Figure 7.1 on the next page.


By using these configuration categories, you can systematically review the entire application, or pick a particular category and complete specific steps.

Image:ServerConfigurationCategories.gif

Figure 7.1 Server configuration categories


Techniques

Use following techniques when conducting a deployment review:

  • Use server security categories. Use server security categories to help make deployment reviews for security systematic and repeatable.
  • Break down your deployment review. You can use the categories to break down your application deployment for further analysis and to help identify vulnerabilities.
  • Review systematically. By using categories, you can systematically go through the deployment review process from start to finish or pick a particular category for further analysis.


Server Security Categories

Patterns & practices security guidance includes server security categories for each major application type. Use these categories as a starting point and add new items as you learn more about deployment reviews. Table 7.1 lists categories that are common to most deployed applications.


Table 7.1 Server Security Categories

Category

Practices

Patches and Updates

Patching and updating your server software is a critical first step.

Accounts

Accounts allow authenticated users to access a computer. These accounts must be audited. Configure accounts with least privilege to help prevent elevation of privilege. Remove any accounts that you do not need. Help to prevent brute force and dictionary attacks by using strong password policies, and then use auditing and alerts to detect logon failures.

Auditing and Logging

Auditing is one of your most important tools for identifying intruders, attacks in progress, and evidence of attacks that have occurred. Configure auditing for your server. Event and system logs also help you to troubleshoot security problems.

Files and Directories

Protect all files and directories with restricted permissions that only allow access to necessary services and accounts. Use auditing to allow you to detect when suspicious or unauthorized activity occurs.

Ports

Services that run on the server listen to specific ports so that they can respond to incoming requests. Audit the ports on your server regularly to ensure that a service that is not secured or that is unnecessary is not active on your server.

Protocols

Avoid using protocols that are inherently insecure. If you cannot avoid using these protocols, take the appropriate measures to provide secure authentication and communication.

Registry

Many security-related settings are stored in the registry. As a result, you must secure the registry. You can do this by applying restricted Windows access control lists (ACLs) and by blocking remote registry administration.

Services

If the service is necessary, secure and maintain the service. Consider monitoring any service to ensure availability. If your service software is not secure, but you need the service, try to find a secure alternative.

Shares

Remove all unnecessary file shares. Secure any remaining shares with restricted permissions.


Application Security Categories

Patterns & practices security guidance includes application security categories for the appropriate application types. Some application types will require review of application security categories as well as server security categories. For example, you should review application-level Web.config file settings for ASP.NET applications. Use these categories as a starting point, and add new items as you learn more about deployment reviews.


Conclusion

Deployment reviews can help to ensure that application security is not compromised by poor configuration of the network or host. By using server security categories, ou can conduct a systematic review that can be effectively repeated during the next deployment.


Additional Resources

For more information, see “patterns & practices Security Deployment Review Index” at http://msdn.microsoft.com/library/en-us/dnpag2/html/SecurityDeploymentReviewIndex.asp.

Personal tools