Chapter - 20 - Hardening Flashcards
What are few ways to perform system hardening?
- Changing default configurations - i.e. changing default username/passwords.
- Creating a secure base of systems
- Closing unneeded ports
- Removing unneeded applications and services
- Creating a allow-list of applications that we can install on our system.
How can we open Services utility on a Windows system?
By running services.msc
What command can we use to stop a service in Linux?
sc stop wuauserv ### or
net stop wuauserv
What are Trusted Operating system?
These are the operating systems that have a implementation of very strict or secure access control policies. For example - such OS is SELinux that implement access policies using MAC(Mandatory Access Control).
What metric do we use to rate Trusted Operating systems?
EAL value - EAL stands for Evaluation Assurance level. It goes from 1 to 7
Most Linux and windows operating system user EAL4 or plus.
Give me an example of an element of Trusted operating system in Android Devices.
Use of Sandboxing.
What is Patch Management?
It is the process of planning, testing, implementing and auditing software patches.
Patches can be deployed in rings - Ring1, Ring2, Ring3
Give me an example of patch management software that we can use in Windows environment.
Microsoft Endpoint Configuration Manager
What are group policies?
Group policies are the set of rules and policies/configurations that we can deploy on a system or to a group of system or users, usually from a central point (such as Active Directory).
To access group policy tool in Windows Operating System, we can gpedit tool.
Example of few group policies -
Password requirements
Account lockout policies
Software Restriction
etc
What is SELinux?
SELinux is a trusted Operating system and it uses MAC to implement access control policies on the OS.
SElinux is used to enforce MAC on processes and resources and enable information to be classified and protected
SElinux defines 3 main contexts for each file and process:
- user
- Role
- Type - It groups objects together that have similar security requirements or characteristics.
- Level - It is used to describe the sensitivity level of a file, directory or process.
What are 3 different modes that we can run SElinux mode in?
- Disabled mode
- Enforcing mode
- Permissive mode
What are different data encryption levels?
- Full Encryption
- Partition Encryption
- Volume Encryption
- Database Encryption
- Record Encryption
- File Encryption