Chapter 9 - Operating System Security Flashcards
Is it important to secure operating systems?
yes
What ways might we mitigate operating system security risks?
- Operating System Hardening
- Add tools and applications that are designed to combat some o the tools attackers might use.
- Anti-Malware Tools
- Software Firewalls
- Host-based Intrusion Detection Systems
What is an attack surface?
Each area in which we are potentially insecure adds to our attack surface.
Additionally, each piece of software installed on our operating systems adds to our attack surface.
What are the six main ways to decrease our attack surface?
- Removing unnecessary software
- Removing or turning off unessential services
- Making alterations to common accounts
- Applying the principle of least privilege
- Applying software updates in a timely manner
- Making use of logging and auditing functions
Explain the steps taken in removing all unnecessary software.
Because additional installed software increases our OS’s attack surface, ensuring we are working with the bare minimum will help to mitigate these risks.
Installed software includes web server software, libraries or code interpreterrs, utilities, remote access tools, video tools, adobe flash, etc.
Why do we remove unessential services from our OS?
Many devices ship with a wide variety of services turned on, in order to share information over the network, locate other devices, synchronize the time, and allow for access and transferal of files.
Why might we alter default accounts?
A common weakness in many operating systems is the use of accounts known to be standard. In many OS’s, we can find the equivalent of a guest account and an admin account.
In some cases, the default accounts may come equipped with excessively liberal permissions to regulate the actions they are allowed to carry out, which can cause a great deal of trouble when they are being used by an informed attacker.
Some accounts come with a particular password or no password at all.
why might we want to perform updates on our OS?
Regular and timely updates to our OS’s and applications are critical to maintaining strong security. New attacks are published on a regular basis, and if we do not apply the security patches released by the vendors that manufacture our operating systems and apps, we will likely fall victim very quickly to a large number of well-known attacks
How do we turn on logging and auditing?
We generally need to be able to keep an accurate and complete record of the important processes and activities that take place on our systems.
We may also want to include additional features to supplement the tools built into the operating system for these purposes.
An important note: Actually reviewing the logs is a vital part of the process. If we collect logs but never review them, we might as well not collect them at all.
What are the two main ways anti-malware tools detect malware?
- By detecting the presene of, or traffic indicative of, malware in real time
- Performing scans of the files and processes already in place on the system.
What is executable space protection?
To explain briefly, it prevents certain portions of the memory used by the operating
system and applications from being used to execute code.
A hardware- and software-based technology
that can be implemented by operating systems in order to foil attacks that
use the same techniques we commonly see used in malware.
What two components does executable space protection require?
A hardware component and a software component.
Where are firewalls implemented on the OS?
As another layer of security at the host level.
What are Scanners?
We can use a large number of scanning tools to assist in detecting various security
flaws when we are looking at hosts.We can look for open ports and versions of services that are
running, examine banners displayed by services for information, examine the
information our systems display over the network, and perform a large number
of similar tasks.
Nmap is an example of a Scanner
What is an exploit framework?
Many exploit frameworks provide a variety of
tools, including network mapping tools, sniffers, and many more, but one
of the main tools we can find in exploit frameworks is, logically, the exploit.
-Exploits are small bits of software that take advantage of, or exploit, flaws in other software or applications in order to cause them to behave in ways that were not intended by their creators.
Exploit frameworks, provide large sets of prepackaged
exploits in order to make them simple to use and to make a larger library available to us than we might have if we had to put them together individually.
Many exploit frameworks come in the form of graphically interfaced tools that can be run in much the same way that any other application functions. Some tools can even be configured to automatically seek out and attack systems, spreading further into the network as they gain additional access.
