Hardening Technique 2.5

Question 1

Hardening

Answer 1

• Reducing the attack surface area associated with a system reduces the vulnerabilities now and in the future.

Question 2

Security Updates

Answer 2

• Always apply updates to the operating system
• Includes operating system update/service packs, security patches.

Question 3

Securing User Accounts

Answer 3

• A form of system hardening
• Ensure proper password management
• Give limited access or specific access for certain user accounts.

Question 4

Network Access and Security

Answer 4

• An area of system hardening.
• Limit who has access to the system when logging on.

Question 5

Monitor and Secure

Answer 5

• Another method for system hardening.
• Using some form of end point detection to secure the system.
• Done through anti-virus and anti-malware.

Question 6

Encryption

Answer 6

• A hardening technique.

Question 7

Encrypted File System (EFS)

Answer 7

• Security feature of Windows, from Windows 2000 onward.
• Enables the transparent encryption/decryption of the files on the system.

Question 8

Full Disk Encryption (FDE)

Answer 8

• Application of encryption to an entire disk.
• Protects all contents in one container.

Question 9

Virtual Private Network (VPN)

Answer 9

• Encrypted network connection across another network.
• Offers a private communication channel across a public medium.

Question 10

Endpoint Detection and Response (EDR)

Answer 10

• A method of threat point detection
• Scales to meet the increasing number of threats.
• Can perform a root cost analysis of a threat.

Question 11

EDR Response to a Threat

Answer 11

• Isolate the system, quarantine the threat, then roll back to a previous config.
• This process can be automated using an API.

Question 12

Host-Based Firewalls

Answer 12

• Also known as Personal Firewalls.
• Host-Based protective mechanisms.
• Monitor and control traffic passed in to and out of a single system.
• Stops malware before it can start
• Can be managed by a central system.

Question 13

Host-Based Intrusion Prevention System (HIPS)

Answer 13

• Recognizes and blocks known attacks.
• Secures OS and application configs, validate incoming service requests.
• Often built into endpoint protection software.

Question 14

HIPS Identification

Answer 14

• Detects malicious actions being performed on the system which can include signatures, heuristics, behavioral.
• Can also monitor how the operating system is working
• Detects buffer overflows, registry updates, or if there are written files to the Windows folder.

Question 15

Open Ports and Services

Answer 15

• When installing an outward facing software, ports will be open.
• Attackers will attempt to find these open ports and exploit them.

Question 16

Securing Open Ports and Services

Answer 16

• Close as many ports as possible.
• Using firewalls to block an open port.

Question 17

Removing Unnecessary Software

Answer 17

• Different applications will have their own specific patches to stay up to date.
• Best practice is to remove any unused applications or software.