Read this whole guide offline with no ads, for a low price!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Need more practice? 300 additional Security+ questions!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 3:  Infrastructure Security (Domain 3.0; 20%)
      9  3.5  Security Baselines
           9  3.5.1  OS/NOS Hardening

Previous Topic/Section
Some Areas to Look At When Hardening an OS
Previous Page
Pages in Current Topic/Section
1
2
Next Page
3.5.1.2  Updates
Next Topic/Section

3.5.1.1  File System
(Page 1 of 2)

File system issues are important to consider when hardening an OS. These relate to both the type of file system chosen, and the access controls on information stored in them.

In most modern operating systems, an administrator can choose to format a disk in any number of standardized formats, called file systems. For example, in the Windows world, there is NTFS, FAT-32, FAT-16, etc. In the UNIX world, there are MS-DOS compatible file systems, JFS, extfs, ReiserFS, etc. The best way to make sense of these is to study your documentation, as complete coverage of the attributes of these file systems is beyond the scope of this document.

Several security-related aspects of file systems are important to consider when choosing a file system:

  • What kind of access controls does the file system provide? (Some, like the FAT-32, provide none);

  • What kind of encryption/data privacy features does the file system provide? (Again, some may provide none, requiring you to use application-level encryption);

  • How resistant is the file system to loss of data as a result of a system crash? (Some, like compressed file systems sometimes used in days of old to conserve disk space, were notoriously bad; others, like the journaling file system for UNIX, are generally good).

O/S Configuration

If your OS allows you to choose the disk file system you use, consider the types of access control, encryption and other data privacy features, and fault tolerance of each file system option when making your choice.


As noted above, some file systems are notorious for losing data when the system crashes. Other file systems are noteworthy for being robust, such as the JFS (journaling file system)359 available for Linux. When thinking about file system security, it’s tempting to focus primarily on access controls. But it’s important to also take into account the reliability of the file system – if your data disappears when there are system problems, it can cause as much business disruption as a cracker intrusion.

Of course, one should also visit the topic of proper file access control configuration. File access permissions provided by an OS depend on the file system involved. As mentioned above, some file systems like the Windows FAT-32 file system and its ancestors provide no file access control permissions (giving everyone locally accessing the machine full permissions to all files and instead leaving it up to network share permissions to control access granted to remote users).


 __________________

359. http://www-124.ibm.com/developerworks/oss/jfs/

Previous Topic/Section
Some Areas to Look At When Hardening an OS
Previous Page
Pages in Current Topic/Section
1
2
Next Page
3.5.1.2  Updates
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.