Host Security Flashcards
Three ways to Increase security of an OS
- Limit User Access
- Patch Management
- System Hardening
System Hardening
- Remove services and components not necessary to perform business functions
- Lock down the host firewall configurations
- Disable default accounts and passwords
Reducing the attack surface of an OS
Having the least amount of services, software, and components available for an attack.
Four types of Malware (Need to know for exam)
- Viruses - spread by human action
- Worms - Spread through a network
- Spyware - Harvests data
- Trojan Horse - Impersonates useful applications
Two types of Antimalware Mechanisms
- Signature Detection - known pattern database is used to detect malware
- Heuristic (Behavior) Detection - checks for activity that is different from normal patterns of use.
Sandboxing
Suspicious code is executed in a safe environment and monitored for signs of malicious activity before it is allowed to run on the protected system
Two approaches to application control
- Whitelisting - creates a list of approved programs
2. Blacklisting - creates a list of blocked programs (Not as effective)
Host Software Baselining
A standard list of software that you would expect to see on a computer and reports when an unexpected software is running on one of the computers in your network.
Default Deny Principle for Firewalls
Block any connection not explicitly allowed
Two types of firewalls
- Network Firewalls
2. Host firewall
Network firewall
Hardware devices that regulate connections between two networks. Systems on the same network are not restricted.
Host Firewall
Software on an OS that limits connections to a server
IDS (Intrusion Detection System)
Alerts administrators to suspicious network activity
IPS (Intrusion Prevention Systems)
Take proactive measures to block suspicious network activity
