Securing your Linux, Windows, and Mac Systems both On-Premise and in the Cloud
| August 11, 2020Linux, Windows, and Mac exploits are often months in the making. Because system management is handled differently and independently from one another, hackers count on the fact that the security of these operating systems is siloed. Then the incremental changes that are part of a more significant or more sophisticated attack go unnoticed or ignored.
You have to know what to look out for across your servers and systems to protect your business.
For Linux servers, attackers usually follow a common theme of methods to gain access to these servers.
Firewall
- Once an attacker gains access to the server, they can easily modify the firewall rules and open ports. As soon as this happens, they can begin to migrate data to a remote server.
Sudoers (Super-User privileges)
- An attacker can modify the “sudoers” file to give a local account elevated privilege. Once they have access to a sudoer-level account, they can make any changes or modifications to any undermanaged Linux server.
SSH Configuration (Remote Access)
- By modifying the SSH configuration, what may have started as an attack on the internal network can now evolve to an attack externally as well. Allowing easy access for the attacker to reach the server.
Modifying Configuration Files
- Sudoers/SSH are just two specific examples; however, modifying any configuration file can be malicious. For example, server-hosting web applications, holding financial data, and more. Modifying configuration files can bring down an entire cluster of servers.
Turn On/Off Services
- When services are unmanaged, they can be enabled/disabled, and attackers can often enable unpatched services with known vulnerabilities. Even if services are updated, many third-party tools hook directly into powerful permissions that are utilized by services.
By consolidating the security and policy management of Linux, Windows, and Mac systems, the opportunity for misconfiguration and exploit is significantly reduced. NetIQ AD Bridge, as part of a robust governance strategy, can provide a secure baseline from which monitoring, analysis, and other security policies can be implemented to secure a defense strategy e to what is a troubling reality.
AD Bridge provides the capabilities of applying an added layer of security via configuration policies. This hardens system resources and assists with mitigating the risk of a breach, and happens across several key areas.
Persistence
- Persisting a Linux server’s configuration automatically reverts any changes an attacker made. This includes, but is not limited to, the examples above, firewall rules, Sudoer/SSH, configuration, and services.
Notifications
- When a file-change is made to a monitored and persistent file, a notification is generated to ensure administrators are aware of all changes and possible attacks. They can now start to plan steps to mitigate the attack and prevent it in the future.
Baseline Configuration
- Following CIS Hardening guidelines, a desired-state system configuration can be applied whenever a new or existing Linux resource is brought online. By setting a baseline security configuration, security administrators can be a step ahead of the attackers.
Ease of Management
- Anytime a change needs to be made to a group or classification of Linux resources, AD Bridge easily propagates the change by managing them through the native Windows GPO Editor (gpedit.msc). This tool is commonly used for Windows resource management, but the AD Bridge snap-in (extension) enables it for Linux as well.
Brand new policy management solutions from Micro Focus can help, watch our webinar below to see how we can help you consolidate policy management.
View a recording of this webinar
Fill out the form below to learn how Concensus Technologies can give you the flexibility to do more with the resources you have today.