Академический Документы
Профессиональный Документы
Культура Документы
Chapter 8
Learning Objectives
Understand the general requirements for
installing a bastion host
Select the attributes—memory, processor
speed, and operating system—of the bastion
host
Evaluate different options for positioning
the bastion host, both physically and within
the network
continued
Learning Objectives
continued
Steps for Securing a Bastion
Host
1. Install the services you want to provide, or
modify existing services
2. Remove services and accounts that aren’t
needed
3. Back up the system and all data on it,
including log files
4. Run a security audit
5. Connect the machine to the network
Selecting the Host Machine
Number of machines
Memory considerations
Processor speed
Choosing the operating system
How Many Machines?
Limited access
Protection with an alarm system with
battery backup
Physical computer lock and cable
Password-protected screen saver and short
time delay
Install the Operating System
Securely
Reinstall OS with minimum configuration
Create two partitions on Windows 2000/XP
bastion host
One for the OS (C: drive)
One for other software that will run on the host (eg,
Web server or DNS server)
Use only NTFS file system for file storage
Include virus protection software
Configure DNS server located on a bastion host in
DMZ to prohibit unauthorized zone transfers
Document Your Work
Name and location of bastion host
Bastion host’s IP address and domain name
Bastion host’s operating system
Location of backup files
What to do in case the system crashes
Levels of patches that have been made to bastion
host’s operating system
Customized scripts that have been developed to
support the host
Configuring Your Bastion Host
Security_patch_check utility
Automates process of analyzing security
patches already on the system and reporting on
patches that should be added
Trusted Computing Base (TCB) Check
Makes sure that software you run is trusted
System logging
Special Considerations for
Windows Systems