Hardening Flashcards
Hardening
Act of configuring an OS securely by updating it, creating rules and policies to govern it, and removing unnecessary apps and services.
We are not guaranteed security, but we can minimize the risk.
Mitigate risk by minimizing vulnerabilities to reduce exposure to threats.
Unnecessary Applications
Least Functionality - process of configuring workstation or server to only provide essential apps and services.
Personal computers often accumulate unnecessary programs over time.
Utilize a secure baseline image when adding new computers.
SCCM - Microsoft’s System Center Configuration Management
Restricting Applications
Application Whitelist - only apps that are on the list are allowed to be run by the OS while all other applications are blocked.
Application Blacklist - any app placed on the list will be prevented from running while all others will be permitted to run.
Whitelisting and Blacklisting can be centrally managed.
Unnecessary Services
Any services that are unneeded should be disabled in the OS.
Trusted Operating System (TOS)
An OS that meets the requirements set forth by government and has multilevel security.
Windows 7 and newer.
Mac OS X 10.6 and newer.
FreeBSD (TrustedBSD).
Red Hat Enterprise Server.
You need to identify the current version and build prior to updating a system.
Updates and Patches
Patches - a single-problem fixing piece of software for an OS or application.
Hotfix - a single-problem fixing piece of software for an OS or application.
Patches and hotfixes are now used interchangeably by most manufacturers.
Security Update - software code that is issued for a product-specific security-related vulnerability.
Critical Update - software code for a specific problem addressing a critical, non-security bug in the software.
Service Pack - a tested, cumulative grouping of patches, hotfixes, security updates, critical updates, and possibly some feature or design changes.
Windows Update - recommended update to fix a noncritical problem that users have found, as well as to provide additional features or capabilities.
Driver Update - updated device driver to fix a security issue or add a feature to a supported piece of hardware.
Windows 10 uses the Windows Update program (wuapp.exe) to manage updates.
Patch Management
Process of planning, testing, implementing, and auditing of software patches.
Verify it is compatible with your systems and plan for how you will test and deploy it.
Always test a patch prior to automating its deployment.
Manually or automatically deploy the patch to all your clients to implement it.
Large organizations centrally manage updates through an update server.
Disable the wuauserv service to prevent Windows Update from running automatically.
It is important to audit the client’s status after patch deployment.
Linux and OSX also have built-in patch management systems.
Group Policy
Set of rules or policies that can be applied to a set of users or computer accounts within the OS.
Access the Group Policy Editor by opening the Run prompt and enter gpedit.
Password complexity; account lockout policy; software restrictions; app restrictions.
Active Directory domain controllers have a more advanced Group Policy Editor.
Security Template - group of policies that can be loaded through one procedure.
Group Policy Objectives (GPOs) aid in the hardening of the OS.
Baselining - process of measuring changes in the network, hardware, and software environment; a baseline establishes what is normal so you can find deviations.
