Security Control Implementation Report Template

CST 620 Prevention of Cyber Attack Methodologies Project 4 – System Security Controls Security Control Implementation Report Template Prepared By: Firstname Lastname Version 1.0 1 Windows Local Account and Group Security Best Practices Several strategies can be employed to secure local accounts and groups in a Windows environment. These strategies include: * Use Strong Passwords: Ensure that every user account in the system utilizes strong passwords. These passwords should be a mix of uppercase and lowercase letters, digits, and special characters. Additionally, it is recommended to change and rotate passwords frequently to prevent malicious actors from gaining access (Accounts Rename guest account - security policy setting - Windows Security, 2023). * Account Lockout Policies: Implement rules to disable and lockout accounts in cases of multiple failed login attempts. Regularly monitor and review such attempts to ensure logs are tracked for unauthorized access and changes. Account counters should be reset regularly, and lockout duration determined. * Least Privilege Principle: Restrict access to low-privilege accounts by granting only the minimum permissions necessary to perform their tasks. These accounts should not be given administrative privileges. * Regular Auditing: Accounts should be regularly audited to review login accounts, privilege actions, and account activities to check for suspicious activities. This ensures that logs are tracked for unauthorized access and changes. * Unique User Accounts: Ensure that each user has a unique account, and discourage the sharing of user credentials. Use individual accounts for accountability and easier tracking of activities. * Rename Default Accounts: Change the default usernames like "Administrator" to prevent attackers from targeting well-known accounts. Even though the renaming process does not change the accounts' security identifiers, it makes it hard for enumeration and brute force attacks. * Disable Guest Account: By default, this account is disabled and should be disabled or enabled only when required. If this type of account is enabled, a thorough review of the assigned permissions should be done. For instance, internet access should be cut off to prevent any abuse. * Secure Built-in Groups: Monitor and restrict the members of built-in groups like the Administrators group to administrative users only. * Two-Factor Authentication (2FA): Enable two-factor authentication to add an extra layer of security for all user accounts. * Regular Security Training: Educate users on security best practices and the dangers of falling prey to attacks such as phishing. Regular security awareness workshops should be done to reinforce these practices (Jaeger et al., n.d.). * Physical Security: Monitor workstation and server areas for unauthorized access and limit access to critical infrastructure to authorized users. * Regular System Updates: Having a well-coordinated and consistent update plan ensures that the system has emerging vulnerabilities patched before malicious actors exploit them. * Backup and Recovery: It is a wise decision to put a backup strategy in place for when a system is exploited, corrupted and destroyed by external or internal factors. When an attack is over, the system will have to be brought back up whilst maintaining the integrity of the pre-existing systems and account setups. Conclusion In conclusion, implementing the above policies ensures local accounts and groups are secure at all times. To reduce the chances of suffering security issues, unauthorized access or even intellectual property damage, it is advisable to perform accounts auditing, create proper security policies and improve on existing security measures from time to time. 2. Linux Local Account and Group Security Best Practices Linux systems were built with security as the priority point of concern. However, more configurations and modifications have to be carried out to fortify the system against security issues. The bests practices include the following: 1 Password Management: Weak passwords make it easier for attackers to find access to systems using basic enumeration. It is good practice to have sophisticated passwords that make it harder to crack when under brute force attacks or just basic password guessing. Increasing the complexity of each password should be common practice for each account or sensitive directories. Enforce the use of strong and complex passwords for user accounts (Red Hat, 2019, August 30). 2 Account Lockout Policies: Login attempts should be monitored and accounts locked if these attempts fail severally. The suspicious accounts should be disabled and audited for malicious intent. 3 Sudo Access: Sudo must be carefully enabled to avoid privileges being granted to low-privilege users. In instances where users have written access to scripts, they should not be allowed to execute them with sudo privileges (Jang, 2006). The sudo package also logs the user's ID with the authorized command and makes it easier to audit who performed the command. Another best practice is to completely disable the root password since it can be bypassed by users who have physical access to the console. 4 SSH Security: To minimize risks and chances of an attack, SSH should be disabled for instances where they are not necessary. Direct login via SSH should be disabled and measures undertaken to make it more secure. Public key authentication should be considered over password authentication since they are brute force resistant (Morgan, 1997). It is also important to monitor SSH access logs regularly to be on the lookout for malicious activities. 5 Unique User Accounts: Users each need to have distinct credentials for resource access. These details should not be shared to ensure easier tracking and auditing. This makes each user accountable for any activity under their accounts. 6 Regular Auditing: Auditing should be a regular activity for efficient monitoring of user activities and system events. In addition, tools like audits can be used to track these events. Linux administrators can configure audited by adjusting different parameters in /etc/audit/audit.conf to conduct regular audits (Jang, 2006). For instance, the logfile parameter specifies where the logs for auditing are stored and the log format determines the way audit information is written on a disk. Another example is log group which points out the group that owns log files, whereas priority_boost decides how much priority boost should be given to the audit daemon. 7 Use PAM (Pluggable Authentication Modules): PAM modules authenticate users by determining whether a user is supposed to be logged in at a particular time. Additionally, the pam_chauthtok () function prevents system access unless they update their password upon its expiration. PAM policies can be used to enforce password complexity, renew, and also initiate password lockouts. 8 Group Membership: Linux groups users for easier administration and management by assigning rights to the entire group based on the functionality needed. This information is then stored in the /etc/group file path. Membership in these groups should be reviewed and updated regularly 9 Regularly Review sudoers File: The sudo configuration done by the visudo utility should be regularly audited. This utility should be used to safely edit the sudoers file and lock it. The visudo also performs a sanity check and file syntax errors. 10 Regular System Updates: It is vital to keep the Linux system updated to patch emerging vulnerabilities. This proces...