Defence in Depth on the Home Front GIAC Security Essentials Certification (GSEC) Practical Assignment Version 1.4b - Option 1 Thomas Harbour April 3, 2003i Table of Contents 1. Abstract ...................................................................................................... 1 2. Introduction ................................................................................................ 1 2.1 Are Intruders Targeting the Home User? ................................................ 1 2.2 Principles of Information Security applied to the Home User .................. 3 2.3 The Defence in Depth Approach for the Home User .............................. 4 3. Implementing the Recommended Defensive Actions................................. 6 3.1 Implementing the Network Access Layer Defensive Measures .............. 6 3.1.1 Use a firewall..................................................................................... 6 3.1.2 Disconnect from the Internet when not using it ................................. 7 3.2 Implementing the Operating System Layer Defensive Measures ........... 7 3.2.1 Use a robust operating system.......................................................... 7 3.2.2 Keep up with patch releases ............................................................. 8 3.2.3 Make a boot/ERD disk and keep it current........................................ 9 3.2.4 Use and keep up to date anti-virus software ..................................... 9 3.2.5 Harden the OS by turning off unnecessary clients, services and features ......................................................................................................... 9 3.3 Implementing the User Application Layer Defensive Measures ............ 10 3.3.1 Keep up with patch releases ........................................................... 10 3.3.2 Do not install programs of unknown origin ...................................... 11 3.3.3 Disable Java, JavaScript, and ActiveX when possible .................... 11 3.3.4 Disable scripting features in e-mail programs when possible.......... 11 3.4 Implementing the Data Layer Defensive Measures .............................. 11 3.4.1 Regular backups of critical data ...................................................... 11 3.4.2 Use encryption to ensure confidentiality of sensitive data............... 12 3.4.3 Use Strong Passwords.................................................................... 13 3.4.4 Open E-mail Attachments with Care ............................................... 13 4. Comparing Three Readily Available Personal Firewalls........................... 14 4.1 Windows 2000 - Using IP Security filters as a Static Packet Filter........ 15 4.1.1 Using a Static Packet Filter as a Firewall ........................................ 15 4.1.2 Overview of IP Security Filters ........................................................ 16 4.1.3 Implementation of a Simple Firewall using IP Security filters.......... 17 4.1.4 Conclusions about this Firewall....................................................... 21 4.2 Windows XP Pro – Using Internet Connection Firewall (ICF) ............... 22 4.2.1 Overview of ICF............................................................................... 22 4.2.2 Implementation of ICF..................................................................... 23 4.2.3 Programs can change the ICF Ruleset ........................................... 23 4.2.4 Conclusions about this Firewall....................................................... 24 4.3 Windows - Using ZoneAlarm Personal Firewall .................................... 25 4.3.1 Overview of ZoneAlarm................................................................... 25 4.3.2 Conclusions about this Firewall....................................................... 25 4.4 Vulnerability of Testing of the Firewalls................................................. 25 5. Conclusion ............................................................................................... 28 Annex A – Connections and Listening Ports..................................................... 29 Annex B – Highlights of Nessus Report with no Firewall/Filtering..................... 30ii Annex C – Microsoft Recommended Updates for Microsoft Windows XP Pro . 31 References........................................................................................................ 32 List of Figures Figure 1. Most common Intruder methods used against home computers ......... 4 Figure 2. Protecting the Internet-connected Home PC ..................................... 15 Figure 3. A Static packet filter firewall and the OSI Model ................................ 15 Figure 4. Defining a Firewall Policy using IP Security filters.............................. 18 Figure 5. New Rule Properties window ............................................................. 19 Figure 6. IP Filter List window ........................................................................... 19 Figure 7. Protocol tab of the IP Filter List window ............................................. 20 Figure 8. Filter Action tab of the IP Filter List window ....................................... 20 Figure 9. Revised Firewall Policy ...................................................................... 21 List of Tables Table 1. Summary of intrusion attempts from ZoneAlarm log files ..................... 2 Table 2. Defence in Depth – Defensive Actions at each layer ............................ 6 Table 3. Results of testing the Firewalls ........................................................... 27 Table 4. Microsoft Recommended Updates for Microsoft Windows XP Pro ..... 311/34 1. Abstract The home Internet user is a target for intruders. The key question facing home Internet users is how they can securely access the Internet without sacrificing the required level of usability. After all if the security measures are too severe then use of the Internet will be very frustrating and either the Internet will not be accessed or more likely, the security measures will be circumvented or ignored to increase usability. This paper sets out a defence in depth approach to meet the security needs of the Windows-based home Internet user while maintaining usability. The four layers of defence identified and discussed are: network access; the operating system; user applications; and data. The most
View Full Document