Hardening

Question 1

What is Hardening?

Answer 1

Configuring an operating system and applications to reduce security vulnerabilities

*Relevant for servers, mobile devices and laptops

Question 2

Why is physical security important in hardening?

Answer 2

Compromised devices are hard to detect, and encryption helps protect data

Question 3

Attack Surface Reduction

Answer 3

Remove unnecessary components

Question 4

Sandboxing

Answer 4

Limits resources that applications/processes can access

Question 5

Examples of sandboxing

Answer 5

Web browsers running processes in isolated environments

Virtual machines for running different services

Question 6

Difference between SELinux and AppArmor?

Answer 6

SELinux expressive but complex, AppArmor is easier to use and the default in Ubuntu

Question 7

What is the purpose of SUID/SGID binaries?

Answer 7

Temporarily elevate privileges for specific tasks (e.g., password management).

Question 8

What is a major risk of SUID binaries?

Answer 8

Vulnerable binaries can lead to privilege escalation.

Question 9

Anti-Forensics Techniques

Answer 9

Encrypt storage to make data harder to recove after deletion

Question 10

What is full disk encryption, and what is a common problem?

Answer 10

Encrypts the entire disk. Without the key, the system cannot boot.

Question 11

What is Nmap, and what is it used for?

Answer 11

A network scanner to identify exposed attack surfaces.

Question 12

What is Snort, and how does it work?

Answer 12

A network-based intrusion detection system using rule-based signatures.

Question 13

What are common steps for SSH hardening?

Answer 13

Disable password access, enforce public key authentication, and enable MFA.

Question 14

What does rsyslogd do?

Answer 14

Centralizes log management with encrypted transport.