Hardening

Question 1

What is Hardening?

Answer 1

Configuring an operating system and applications to reduce security vulnerabilities

**Relevant for servers, AND mobile devices

Question 2

Another definition for hardening

Answer 2

Comprehensive approach to keeping organization safe from intruders by reducing vulnerabilities

Attack surface reduction

Question 3

Why is physical security important in hardening?

Answer 3

Compromised devices are hard to detect, and encryption helps protect data

Question 4

How can digital forensics techniques be used?

Answer 4

To retrieve data from disposed of hard drives or SSD

Question 5

Zero-day vulnerabilities

Answer 5

Vulnerabilities that have already been discovered therefore there are zero days to patch it

Question 6

2 Main activities in reducing attack surface

Answer 6

• remove ALL unnecessasry components
• Update management (what, when, manual, automatic?)

Question 7

Sandboxing

Answer 7

Separate as much as possible the execution of processes

EX: (Each service provided by a different virtual machine, or MAC)

Question 8

What access control do typical consumer systems (Linux, windows) use

Answer 8

Discretionary Access Control (DAC), where each user owns resources and grants access to other users

single user granularity (coarse-grained)

Question 9

What has a very large and exposed attack surface, and why

Answer 9

web browser because it can access every file in home directory and every resource in local network

Question 10

Two solutions with better granularity for controlling access to resources

MAC Hardening

Answer 10

1. SELinux (security enhanced linux) expressive but complex
2. AppArmor (application armor) easier to use and the default in Ubuntu

android uses selinux
ubuntu use apparmor

Question 11

Two examples of DAC in Unix/Linux allowing binaries to dynamically change their execution user/group at runtime (SUID)

Answer 11

1. Mail server (must run as superuser to deliver email, but shouldn’t always run like so)
2. Password change (requires access to restricted file!)

Question 12

What is the purpose of SUID/SGID binaries?

Answer 12

Temporarily elevate privileges for specific tasks (e.g., password management).

Question 13

What is a major risk of SUID binaries?

Answer 13

If there is a vulnerability, unauthorized code could be run as a superuser by an ATTACKER!!!

They can also modify shell binary, for example, and permit privilege escalation

Question 14

If an attacker hides a malicious SUID binary in file system, how do we find it?

Answer 14

• capabilities (POSIX 1003.1e) allow control over binary files without requiring SUID/GUID

Question 15

Advantage of capabilities instead of SUID/GUID

Answer 15

fine-grained control over specific privileges for binary files reducing need for full root privileges and lowering the attack surface for privilege escalation.

Question 16

Disadvantage of capabilities

Answer 16

Can be complex and error prone, not all systems are familiar with it, older software could lack support

Question 17

Anti-Forensics Techniques

Answer 17

Encrypt storage to make data harder to recove after deletion

Question 18

What is full disk encryption, and what is a common problem?

Answer 18

Encrypts the entire disk. Without the key, the system cannot boot.

Question 19

What is Nmap, and what is it used for?

Answer 19

A network scanner to identify exposed attack surfaces.

Question 20

What are common steps for SSH hardening?

Answer 20

Disable password access, enforce public key authentication, and enable MFA.