Users and groups need to be managed to ensure proper permissions are applied. We created user and groups to segment everyone’s access to resources. If we as security professionals did not create specific users and groups with specific permissions then it would just be a free-for-all as to what data people could access. This in turn would lead to a compromised system or environment relatively quickly.
Without managing users and groups, you are leaving the door open for either mistake where either someone has permissions well above what they need or you may even have an account that is for an employee that no longer works there and if fit falls into the wrong hands can be used by an attacker without being detected due to it being an account on the network. Having users and groups also puts up internal borders so that teams can mainly only access the things they need and to access anything else they would need approval from a supervisor or clearance from security/compliance.
managing users and groups helps with access management, permissions management, authentication, assign roles. This is critical for the organization to function secure its information systems. Windows Active Directory is the industry leader that helps manage users and groups in the systems architecture of a domain network.
There is no absolute security in the computer field, only relative security, and virtual machines are no exception. For example, Rootkit is a special kind of malicious software. Its function is to hide and designated files, processes, network links, and other information on the installation target. A rootkit is more commonly used in combination with Trojan horses, backdoors, and other malicious programs. Such attacks usually do not trigger automated network security control functions, such as intrusion detection systems.
IT industry often ignores some loopholes in virtualization, I list a few examples.
1. VM Escape
VM escape is a process that separates from its virtual machine and runs interactively on the host operating system. A virtual machine is “a client operating system that is completely isolated from the normal host operating system.” The risk of virtual machine escape mainly exists in the VMware SDK before 2020.
2. VM sprawl
When the number of virtual machines on the network reaches the level that administrators can no longer effectively manage them, virtualization sprawl will occur. There are two reasons for this: first, over-allocation of virtual resources (CPU, memory, or disk); second, unlimited virtual resource allocation strategy.
3. Hyperjacking
Hyperjacking attack enables hackers to control the virtual layer maliciously by creating a virtual environment in the virtual machine host. The target of the attack is the operating system under the virtual machine, which makes the attacker’s program run on the virtual machine, and makes the virtual machine completely ignore the existence of the running program.
It is important to get approval before conducting a vulnerability test because this is the main difference between an ethical and unethical hacker. The approval will sign off on the rules of engagement and provide a scope for the ethical hacker to perform. The scope will detail what systems will be tested, the date and time the test will occur, what penetration tactics will be used, etc. Additionally, there are legal implications if approval is not received prior to conducting the test.
Depending on the size of the organization’s network, a software-based router could do the same job as a box-based router at a lower cost if the network is small as well. I would say that for the best security overall, hardware-based solutions would be better for larger networks and smaller networks alike. The cost factor has to align with the organization’s budget, however.
In my opinion, I would say Windows Server is easier. Since Windows has many users, we can find many solutions via the internet. Also, I have been using Windows for many years. When I try to set up something on my PC, I can easily find it out. However, I will need to research before I make changes to Linux. After having a little bit of experience in Linux Server, I feel like they have similar ways to build the system but use different formats, for example, both systems have an admin account, Windows is admin, which it can change the name and create a fake admin account, and Linux is the root, which it cannot change the name.
From a pure hardening standpoint, I think they are equal. You assign appropriate permissions to users in either OS, makes sure no vulnerable services are running, listening ports can be accessed by authorized users and services, ect. In the long run however, I think a Linux server would be easier to harden. Assuming you have fluent experience with both operating systems. The major reason being that more corporations use windows devices and servers. This means a majority of the exploits attackers are constructing will be geared towards Microsoft devices. This is not to say there are not attacks for Linux machines, because there are plenty. . Also, since everything on a Linux machine is a file, I believe it would be easier to locate malicious software on the machine with the proper training and methodology.
I’d like to say Linux is easier to secure, but Microsoft is catching up. In the past few editions of MS Server, you have been able to install the OS in a server core mode that doesn’t install a GUI environment and is command-line only. It also installs the bare minimum services and applications to decrease the potential attack surface. While server core still has vulnerabilities, there are fewer than when the GUI (Desktop Experience) environment is installed as well. Also, windows server (and win10 as well) have windows update turned on by default and will even reboot the server when necessary. I agree with Anthony, it’s probably a flip of the coin right now as far as what OS is more secure out of the box. You also have to consider that Windows is a far more popular desktop OS and therefore has a Larger hacker audience.
Reduced capital and operating costs.
Minimized or eliminated downtime.
Increased IT productivity, efficiency, agility and responsiveness.
Faster provisioning of applications and resources.
Greater business continuity and disaster recovery.
Simplified data center management.
Good question. I think server virtualization can make more efficient use of resources, but the virtual server itself still needs to be set up with the same Settings as the actual hardware dedicated to the server. In addition, you also need to properly configure the hypervisor to ensure that the server is running safely.
Simply put, virtualization is to run multiple “virtual servers” on one physical server. This kind of virtual server is also called a virtual machine. On the surface, these virtual machines are independent servers, but they share the CPU, memory, hardware, network card, and other resources of the physical server. Currently, popular virtual machine software includes VMware and Virtual Box. Through virtual machine software, one or more virtual computers can be simulated on a physical computer. These virtual machines work exactly like a host, enabling users to allocate computer resources flexibly and efficiently.
I think for most companies, the cost of virtualization is cheaper than installing a actual IT infrastructures. By virtualization, it don’t need to find a space and funding to create an on-site resource, just need to purchase the license or the access from a third-party provider. Besides, virtualization can help to increased productivity. With virtualization, admins don’t need to monitoring and check hardware and system anytime, balanced the internal IT resources.
Through server virtualization, more virtual servers can be virtualized on fewer servers, which greatly reduces the hardware costs of enterprises purchasing servers and arranging computer rooms. At the same time, from an environmental perspective, virtualization can reduce the power consumption of enterprises, because servers are generally turned on for 365 days, and costs such as air conditioning to cool the servers are accumulated over a long period of time.
There isn’t necessary a best vulnerability management tool. The tools you decide to use will vary depending on your organizations goals and funding. The most popular vulnerability tool is Nessus and Qualys. Both of these Vulnerability Scanners help you reduce your organization’s attack surface and ensure compliance. They also features high-speed asset discovery, configuration auditing, target profiling, malware detection, sensitive data discovery and more.
Hi zhen, I think unix is better in granting access permission. The server process usually runs under a special user account on the Unix system, which means that after successful intrusion through the network, the intruder can only get the permissions of the user account corresponding to the service. In most cases, these users are ordinary users, and most malware requires an administrator account to work properly.
I am not sure if voice recognition is an effective of authentication, but it definitely offers some advantages. One of the advantages is increased security where the method of authentication acknowledges the voice, character, and other factors that affect the sound. This reduces fraud as the biometric channel can quickly identify a different voice. Another advantage is accuracy which is more reliable than the use of passwords that can be easily compromised. Voice cannot be changed, recreated, or forgotten as in the case of passwords. Voice authentication could be an effective method of user identity as it offers adequate layers of security but this can definitely be debatable.
I think at the stage that voice recognition software is at, it is not currently an effective type of authentication. However I do believe that down the road as tech continues to improve that it can be an effective way, especially if your voice is initially captured and compares every time you go to authenticate to that initial voice. With that being said, just like the facial recognition video where a mask was able to bypass it, there are going to be ways to bypass this. I think its most useful position would be to have to voice command to obtain physical access where there is also a camera so someone can analyze the ID of the voice with the live feed of the camera.
In the most time, users an admins may ignored recommended patches, and it’s difficult to ensure all systems are adequately patched. Patch management servers can help users to ensures all updated and patched were implement on time, and check systems and devices to see which ones are secure and which are vulnerable. Software patches and updates are important, they can prevent software and systems from known vulnerabilities.
Operating System Security Harding includes:
Automatically applying OS updates, service packs, and patches
Removing or disabling non-essential software, drivers, services, file sharing, and functionality, which can act as back doors to the system
Requiring all users to implement strong passwords and change them on a regular basis
Logging all activity, errors, and warnings
Restricting unauthorized access and implementing privileged user controls
I think back up your data in the Cloud is a effective method. By Cloud, the data was stored in a remote location, we can access that at any time by network, and this is cheaper than some other physical backup. Also, the Cloud services keep data safe with end-to-end encryption, it increase the security of this method.
One method is to use a redundant array of independent disks (RAIDs). RAIDs provide a way of storing the same data in multiple hard drives to help with data redundancy and the available of data. These disks can be located in a back up data center in case there’s an event of a disaster. .
Create a virtual security policy
We usually have a security policy in a physical environment, but we also need this security policy in a virtual environment. Many of them can be used in combination, but many aspects are different from the physical environment’s security policy.
Collaboration between departments
Virtualization generally involves various departments of the entire enterprise, so it is also prone to security accidents. It is necessary to ensure that communication can be kept open and open to all company departments in conflicts and safety accidents.
Create virtual endpoint security
Traditional firewalls and intrusion prevention monitoring systems can play many roles in virtual environments and are transplanted to cloud architectures. Virtual firewalls and IPS need to be deployed at certain key architectural points. Similarly, we cannot ignore the monitoring and tracking of enterprise integrated security information and event management systems.
Inherit administrator privileges
Role-based access control can do a lot in virtual environments. Management access authority settings can continue to be adopted according to priority rules.
Honestly, from my personal stand point, I don’t think Windows offers any benefit over Windows. Bare in mind I have some familiarity with Linux. I am no expert in Linux, but the more I use it, the more I enjoy it over Windows. That said, for the masses, Windows offers one major benefit, EVERYONE uses it! I assume that 95% of most companies are Windows based. That means if a user has a Windows question, or an admin doesn’t know how to do something, there are plenty of people to ask for help, or plenty of sites on the web you can leverage to find an answer.
I agree with Anthony. Linux is often my preference but Windows is definitely more user friendly. I think that’s the only benefit to using Windows vs Linux.
Windows Server 2019 is the latest version of the Windows Server server operating system by Microsoft, as part of the Windows NT family of operating systems, developed concurrently with Windows 10 version 1809. There are security protections the Windows Server 2019 provide: 1. New Shielded VM Improvements.
2. Device Guard Policy Updates without Reboot. 3. Kernel Control Flow Guard (CFG)
4. System Guard Runtime Monitor. 5. Virtual Network Encryption. 6. Windows Defender ATP Agent Included OOB.
A serious security threat. I don’t know of any company now that even engages in the idea of shared accounts. Accountability being the main reason. If the account is shared, how is it possible to identify who the current user is. I can’t even think of an example of where shared accounts are still used… Can you?
Why do we need to manage users and groups?
Users and groups need to be managed to ensure proper permissions are applied. We created user and groups to segment everyone’s access to resources. If we as security professionals did not create specific users and groups with specific permissions then it would just be a free-for-all as to what data people could access. This in turn would lead to a compromised system or environment relatively quickly.
Without managing users and groups, you are leaving the door open for either mistake where either someone has permissions well above what they need or you may even have an account that is for an employee that no longer works there and if fit falls into the wrong hands can be used by an attacker without being detected due to it being an account on the network. Having users and groups also puts up internal borders so that teams can mainly only access the things they need and to access anything else they would need approval from a supervisor or clearance from security/compliance.
managing users and groups helps with access management, permissions management, authentication, assign roles. This is critical for the organization to function secure its information systems. Windows Active Directory is the industry leader that helps manage users and groups in the systems architecture of a domain network.
Do you think virtualizing servers can make them more secure?
There is no absolute security in the computer field, only relative security, and virtual machines are no exception. For example, Rootkit is a special kind of malicious software. Its function is to hide and designated files, processes, network links, and other information on the installation target. A rootkit is more commonly used in combination with Trojan horses, backdoors, and other malicious programs. Such attacks usually do not trigger automated network security control functions, such as intrusion detection systems.
What does the IT profession often ignore vulnerabilities in virtualization?
IT industry often ignores some loopholes in virtualization, I list a few examples.
1. VM Escape
VM escape is a process that separates from its virtual machine and runs interactively on the host operating system. A virtual machine is “a client operating system that is completely isolated from the normal host operating system.” The risk of virtual machine escape mainly exists in the VMware SDK before 2020.
2. VM sprawl
When the number of virtual machines on the network reaches the level that administrators can no longer effectively manage them, virtualization sprawl will occur. There are two reasons for this: first, over-allocation of virtual resources (CPU, memory, or disk); second, unlimited virtual resource allocation strategy.
3. Hyperjacking
Hyperjacking attack enables hackers to control the virtual layer maliciously by creating a virtual environment in the virtual machine host. The target of the attack is the operating system under the virtual machine, which makes the attacker’s program run on the virtual machine, and makes the virtual machine completely ignore the existence of the running program.
Why is it important to get approval in writing before conducting a vulnerability test?
It is important to get approval before conducting a vulnerability test because this is the main difference between an ethical and unethical hacker. The approval will sign off on the rules of engagement and provide a scope for the ethical hacker to perform. The scope will detail what systems will be tested, the date and time the test will occur, what penetration tactics will be used, etc. Additionally, there are legal implications if approval is not received prior to conducting the test.
Do software-based/virtual router software offer comparable security to box-based routers with integrated hardware and software?
Depending on the size of the organization’s network, a software-based router could do the same job as a box-based router at a lower cost if the network is small as well. I would say that for the best security overall, hardware-based solutions would be better for larger networks and smaller networks alike. The cost factor has to align with the organization’s budget, however.
What would you say is easier to harden? A Windows Server or a Linux Server?
In my opinion, I would say Windows Server is easier. Since Windows has many users, we can find many solutions via the internet. Also, I have been using Windows for many years. When I try to set up something on my PC, I can easily find it out. However, I will need to research before I make changes to Linux. After having a little bit of experience in Linux Server, I feel like they have similar ways to build the system but use different formats, for example, both systems have an admin account, Windows is admin, which it can change the name and create a fake admin account, and Linux is the root, which it cannot change the name.
From a pure hardening standpoint, I think they are equal. You assign appropriate permissions to users in either OS, makes sure no vulnerable services are running, listening ports can be accessed by authorized users and services, ect. In the long run however, I think a Linux server would be easier to harden. Assuming you have fluent experience with both operating systems. The major reason being that more corporations use windows devices and servers. This means a majority of the exploits attackers are constructing will be geared towards Microsoft devices. This is not to say there are not attacks for Linux machines, because there are plenty. . Also, since everything on a Linux machine is a file, I believe it would be easier to locate malicious software on the machine with the proper training and methodology.
I’d like to say Linux is easier to secure, but Microsoft is catching up. In the past few editions of MS Server, you have been able to install the OS in a server core mode that doesn’t install a GUI environment and is command-line only. It also installs the bare minimum services and applications to decrease the potential attack surface. While server core still has vulnerabilities, there are fewer than when the GUI (Desktop Experience) environment is installed as well. Also, windows server (and win10 as well) have windows update turned on by default and will even reboot the server when necessary. I agree with Anthony, it’s probably a flip of the coin right now as far as what OS is more secure out of the box. You also have to consider that Windows is a far more popular desktop OS and therefore has a Larger hacker audience.
What are the benefits of virtualization?
Reduced capital and operating costs.
Minimized or eliminated downtime.
Increased IT productivity, efficiency, agility and responsiveness.
Faster provisioning of applications and resources.
Greater business continuity and disaster recovery.
Simplified data center management.
Good question. I think server virtualization can make more efficient use of resources, but the virtual server itself still needs to be set up with the same Settings as the actual hardware dedicated to the server. In addition, you also need to properly configure the hypervisor to ensure that the server is running safely.
Simply put, virtualization is to run multiple “virtual servers” on one physical server. This kind of virtual server is also called a virtual machine. On the surface, these virtual machines are independent servers, but they share the CPU, memory, hardware, network card, and other resources of the physical server. Currently, popular virtual machine software includes VMware and Virtual Box. Through virtual machine software, one or more virtual computers can be simulated on a physical computer. These virtual machines work exactly like a host, enabling users to allocate computer resources flexibly and efficiently.
I think for most companies, the cost of virtualization is cheaper than installing a actual IT infrastructures. By virtualization, it don’t need to find a space and funding to create an on-site resource, just need to purchase the license or the access from a third-party provider. Besides, virtualization can help to increased productivity. With virtualization, admins don’t need to monitoring and check hardware and system anytime, balanced the internal IT resources.
Through server virtualization, more virtual servers can be virtualized on fewer servers, which greatly reduces the hardware costs of enterprises purchasing servers and arranging computer rooms. At the same time, from an environmental perspective, virtualization can reduce the power consumption of enterprises, because servers are generally turned on for 365 days, and costs such as air conditioning to cool the servers are accumulated over a long period of time.
With the Internet becoming more prevalent, does Cloud Computing make sense for all applications of an organization?
What is the best vulnerability management software tool? Why?
There isn’t necessary a best vulnerability management tool. The tools you decide to use will vary depending on your organizations goals and funding. The most popular vulnerability tool is Nessus and Qualys. Both of these Vulnerability Scanners help you reduce your organization’s attack surface and ensure compliance. They also features high-speed asset discovery, configuration auditing, target profiling, malware detection, sensitive data discovery and more.
I set you up…I work for the company which makes Nessus and know the developers. We are the most accurate vulnerability assessment tool on the market.
HA!! We use Nessus and love it. I have no idea how much it costs, but I’m assuming it’s not cheap.
Based on the different access permission in the Windows and UNIX, which one is better?
Hi zhen, I think unix is better in granting access permission. The server process usually runs under a special user account on the Unix system, which means that after successful intrusion through the network, the intruder can only get the permissions of the user account corresponding to the service. In most cases, these users are ordinary users, and most malware requires an administrator account to work properly.
Is voice recognition an effective type of authetication?
I am not sure if voice recognition is an effective of authentication, but it definitely offers some advantages. One of the advantages is increased security where the method of authentication acknowledges the voice, character, and other factors that affect the sound. This reduces fraud as the biometric channel can quickly identify a different voice. Another advantage is accuracy which is more reliable than the use of passwords that can be easily compromised. Voice cannot be changed, recreated, or forgotten as in the case of passwords. Voice authentication could be an effective method of user identity as it offers adequate layers of security but this can definitely be debatable.
I think at the stage that voice recognition software is at, it is not currently an effective type of authentication. However I do believe that down the road as tech continues to improve that it can be an effective way, especially if your voice is initially captured and compares every time you go to authenticate to that initial voice. With that being said, just like the facial recognition video where a mask was able to bypass it, there are going to be ways to bypass this. I think its most useful position would be to have to voice command to obtain physical access where there is also a camera so someone can analyze the ID of the voice with the live feed of the camera.
Where are passwords stored in Windows vs Linux? Is either of their locations for storage a security concern? Why?
How do patch management servers help companies handle deploy updates/patches?
In the most time, users an admins may ignored recommended patches, and it’s difficult to ensure all systems are adequately patched. Patch management servers can help users to ensures all updated and patched were implement on time, and check systems and devices to see which ones are secure and which are vulnerable. Software patches and updates are important, they can prevent software and systems from known vulnerabilities.
What are some techniques and tools that can be used to harden a system?
Operating System Security Harding includes:
Automatically applying OS updates, service packs, and patches
Removing or disabling non-essential software, drivers, services, file sharing, and functionality, which can act as back doors to the system
Requiring all users to implement strong passwords and change them on a regular basis
Logging all activity, errors, and warnings
Restricting unauthorized access and implementing privileged user controls
What are some back up methods used to protect the availability of data?
I think back up your data in the Cloud is a effective method. By Cloud, the data was stored in a remote location, we can access that at any time by network, and this is cheaper than some other physical backup. Also, the Cloud services keep data safe with end-to-end encryption, it increase the security of this method.
One method is to use a redundant array of independent disks (RAIDs). RAIDs provide a way of storing the same data in multiple hard drives to help with data redundancy and the available of data. These disks can be located in a back up data center in case there’s an event of a disaster. .
Is there a kind of server that needs very little backup?
How can operating systems in servers be hardened?
Create a virtual security policy
We usually have a security policy in a physical environment, but we also need this security policy in a virtual environment. Many of them can be used in combination, but many aspects are different from the physical environment’s security policy.
Collaboration between departments
Virtualization generally involves various departments of the entire enterprise, so it is also prone to security accidents. It is necessary to ensure that communication can be kept open and open to all company departments in conflicts and safety accidents.
Create virtual endpoint security
Traditional firewalls and intrusion prevention monitoring systems can play many roles in virtual environments and are transplanted to cloud architectures. Virtual firewalls and IPS need to be deployed at certain key architectural points. Similarly, we cannot ignore the monitoring and tracking of enterprise integrated security information and event management systems.
Inherit administrator privileges
Role-based access control can do a lot in virtual environments. Management access authority settings can continue to be adopted according to priority rules.
What is the biggest benefit that Windows provides over Linux?
Honestly, from my personal stand point, I don’t think Windows offers any benefit over Windows. Bare in mind I have some familiarity with Linux. I am no expert in Linux, but the more I use it, the more I enjoy it over Windows. That said, for the masses, Windows offers one major benefit, EVERYONE uses it! I assume that 95% of most companies are Windows based. That means if a user has a Windows question, or an admin doesn’t know how to do something, there are plenty of people to ask for help, or plenty of sites on the web you can leverage to find an answer.
I agree with Anthony. Linux is often my preference but Windows is definitely more user friendly. I think that’s the only benefit to using Windows vs Linux.
How would you manage the security configurations for servers that are in different countries across your organization?
What is the name of Microsoft’s sever operating system? What security protections do recent version of this operating system offer?
Windows Server 2019 is the latest version of the Windows Server server operating system by Microsoft, as part of the Windows NT family of operating systems, developed concurrently with Windows 10 version 1809. There are security protections the Windows Server 2019 provide: 1. New Shielded VM Improvements.
2. Device Guard Policy Updates without Reboot. 3. Kernel Control Flow Guard (CFG)
4. System Guard Runtime Monitor. 5. Virtual Network Encryption. 6. Windows Defender ATP Agent Included OOB.
Speaking of User and Group security, What is your opinion on shared accounts?
A serious security threat. I don’t know of any company now that even engages in the idea of shared accounts. Accountability being the main reason. If the account is shared, how is it possible to identify who the current user is. I can’t even think of an example of where shared accounts are still used… Can you?
Vanessa