Module 4 - 03-2 Flashcards
OS hardening
Define Operating System
The interface between computer hardware and the user.
OS is the first program loaded when a computer turns on.
The OS acts as an intermediary between software applications and the computer hardware.
In network security, why is it important to secure operating systems (OS) on each device?
- To prevent the whole network being compromised by one insecure OS
- To provide employees the latest programs and features
- To identify all vulnerabilities present in systems, networks, websites, applications, and processes
- To reduce human error across an organization
To prevent the whole network being compromised by one insecure OS
It’s important to secure the OS on each device because one insecure OS could lead to the whole network being compromised.
What are some OS hardening tasks that are performed at regular intervals?
- Updates
- Backups
- Keeping an up-to-date list of devices and authorized users
What is an OS hardening task that is performed only once as part of preliminary safety measures?
One example would be configuring a device setting to fit a secure encryption standard.
Define Patch update
A software and operating system, or OS, update that addresses security vulnerabilities within a program or product
With patch updates, the OS should be upgraded to its latest software version. Sometimes patches are released to fix a security vulnerability in the software.
As soon as OS vendors publish a patch and the vulnerability fix, malicious actors know exactly where the vulnerability is in systems running the out-of-date OS. This is why it’s important for organizations to run patch updates as soon as they are released.
Define Baseline configuration (Baseline image)
A documented set of specifications within a system that is used as a basis for future builds, releases, and updates
For example, a baseline may contain a firewall rule with a list of allowed and disallowed network ports. If a security team suspects unusual activity affecting the OS, they can compare the current configuration to the baseline and make sure that nothing has been changed.
What is another hardening task performed regularly?
Hardware and software disposal
This ensures that all old hardware is properly wiped and disposed of.
It’s also a good idea to delete any unused software applications since some popular programming languages have known vulnerabilities.
Removing unused software makes sure that there aren’t any unnecessary vulnerabilities connected with the programs that the software uses.
What is an important OS hardening technique?
Strong password policies require that passwords follow specific rules.
For example, an organization may set a password policy that requires a minimum of eight characters, a capital letter, a number, and a symbol.
To discourage malicious actors, a password policy usually states that a user will lose access to the network after entering the wrong password a certain number of times in a row.
Some systems also require multi-factor authentication, or MFA.
What does MFA stand for?
Multi-factor authentication (MFA)
What does OTP stand for?
One-Time Password (OTP)
Define MFA
A security measure which requires a user to verify their identity in two or more ways to access a system or network.
Ways of identifying yourself include something you know, like a password, something you have like an ID card, or something unique about you, like your fingerprint.
This verification happens using a combination of authentication factors: a username and password, fingerprints, facial recognition, or a one-time password (OTP) sent to a phone number or email.
What are some categories of Multi-Factor Identification?
- Something you know, like a password
- Something you have, like an ID card,
- Something unique about you, like your fingerprint
Define Brute force attack
A trial-and-error process of discovering private information
What is an example of Brute force attacks?
- Simple brute force attacks
- Dictionary attacks
Define Simple brute force attacks
When attackers try to guess a user’s login credentials.
This is considered a simple brute force attack.
They might do this by entering any combination of usernames and passwords that they can think of until they find the one that works.
Define Dictionary attacks
Attackers use a list of commonly used passwords and stolen credentials from previous breaches to access a system.
These are called “dictionary” attacks because attackers originally used a list of words from the dictionary to guess the passwords, before complex password rules became a common security practice.
What can companies do to assess vulnerabilities on their networks or web applications?
Analysts can use virtual machines and sandboxes to assess vulnerabilities
What can analysts check for when using virtual machines and sandboxes?
- Test suspicious files
- Check for vulnerabilities before an event occurs
- Simulate a cybersecurity incident
What does VM stand for?
Virtual machine (VM)
Define VM
A Virtual Machines are software versions of physical computers.
VMs provide an additional layer of security for an organization because they can be used to run code in an isolated environment, preventing malicious code from affecting the rest of the computer or system. VMs can also be deleted and replaced by a pristine image after testing malware.
VMs are useful when investigating potentially infected machines or running malware in a constrained environment. Using a VM may prevent damage to your system in the event its tools are used improperly. VMs also give you the ability to revert to a previous state. However, there are still some risks involved with VMs. There’s still a small risk that a malicious program can escape virtualization and access the host machine.
You can test and explore applications easily with VMs, and it’s easy to switch between different VMs from your computer. This can also help in streamlining many security tasks.
Note that some malware authors know how to write code to detect if the malware is executed in a VM or sandbox environment. Attackers can program their malware to behave as harmless software when run inside these types of testing environments.
Define Sandbox
A type of testing environment that allows you to execute software or programs separate from your network.
They are commonly used for testing patches, identifying and addressing bugs, or detecting cybersecurity vulnerabilities. Sandboxes can also be used to evaluate suspicious software, evaluate files containing malicious code, and simulate attack scenarios.
Sandboxes can be stand-alone physical computers that are not connected to a network; however, it is often more time- and cost-effective to use software or cloud-based virtual machines as sandbox environments.
Note that some malware authors know how to write code to detect if the malware is executed in a VM or sandbox environment. Attackers can program their malware to behave as harmless software when run inside these types of testing environments.
What are some common measures organizations use to prevent brute force attacks and similar attacks from occurring?
- Salting and hashing
- Multi-factor authentication (MFA) and two-factor authentication (2FA)
- CAPTCHA and reCAPTCHA
- Password policies
What does 2FA stand for?
Two-Factor Authentication (2FA)
Explain Hashing
Hashing converts information into a unique value that can then be used to determine its integrity.
It is a one-way function, meaning it is impossible to decrypt and obtain the original text.
Explain Salting
Salting adds random characters to hashed passwords.
This increases the length and complexity of hash values, making them more secure.
Explain 2FA
2FA is similar to MFA, except it uses only two forms of verification.
What does CAPTCHA stand for?
Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA )
Explain CAPTCHA
It asks users to complete a simple test that proves they are human. This helps prevent software from trying to brute force a password.
Explain reCAPTCHA
A free CAPTCHA service from Google that helps protect websites from bots and malicious software
The _____ acts as an intermediary between software applications and computer hardware.
- authorized user
- baseline
- access system
- operating system
operating system
Which of the following activities are security hardening tasks? Select all that apply.
- Enforcing password policies
- Disposing of hardware and software properly
- Exploiting an attack surface
- Making patch updates
- Enforcing password policies
- Disposing of hardware and software properly
- Making patch updates
Making patch updates, disposing of hardware and software properly, and enforcing password policies are security hardening tasks. Security hardening is the process of strengthening a system to reduce its vulnerability and attack surface.
Multifactor authentication (MFA) is a security measure that requires a user to verify their identity in at least two ways before they can access a system or network.
True
False
True
MFA is a security measure that requires a user to verify their identity in at least two ways before they can access a system or network.
What are examples of physical security hardening? Select all that apply.
- Installing security cameras
- Hiring security guards
- Removing or disabling unused applications
- Reducing access permissions across devices
- Installing security cameras
- Hiring security guards
Physical security is also a part of security hardening and may include securing a physical space with security cameras and security guards.
