Operating System Security Flashcards
Hardening measures
White-list approved applications
Patch 3rd party apps
Patch OS vulnerabilities and use latest versions
Restrict admin privileges
NIST SP 800-123
Assess risks and plan system deployment
Secure the underlying OS and key apps
Ensure critical content is secured
Ensure appropriate network protection mechanisms
Ensure appropriate processes used to maintain security
objective of system, type of information, apps and services
categories of users, privileges and types of information they access
how users authenticate
how access is stored
what access to information in other hosts
who will administer system
additional security measures
Base steps
install and patch OS
remove unnecessary services, apps and protocols
configure users, groups permissions
configure resource controls
install antivirus, Host-based firewall, IDS
test security
define an access control strategy for the users
give appropriate permissions to data and resources based on policies
web defacement -> only read-access to files in server, only maintainers of system can write
disable examples that come with server
Security maintenance
Manually test/install patches, w/automated tools
logging -> only informed on things that already happened but can help to act proactively to detect and recover
TCPWrappers tcpd wrapper that listens for connection requests on their behalf
chroot jail moves root directory from / to a given /srv/ft/public /usr/home and everything outside from it is not accessible
disadvantage is added complexity, many files to be copied into the chroot jail
if a chrooted process acquires root it can break from jail
Windows specifics
Security Account Manager and LDAP, group of systems belonging to a domain
basic firewall and malware countermeasures
Virtualization
Execution management -> scheduling, memory management to isolate and context switching between various processor states
device emulation
execution of privileged operations, lifecycle mgmt
Type 1 -> native between HW and Guest OSs
virtualization hosts clustered together for increased availability and load balancing
Type 2 -> hosted between Host OS and Guest OSs
Container based -> as type 2 betwen Host OS and Guest OS
run multiple environments
shared resources
type 1 performs better and more secure than type 2
networking
guest OS -> access to NIC
hypervisor mediate using shared interfaces
hypervisor defines a virtual network interface cards, bridging and routing traffic (most efficient but not monitored by physicial sensors)
VLANs VXLANs and software defined networks that encompass multiple serves and abstract layer 2 and 3
Security
disable access to other guest OSs; monitor activity, disable view or modify image and snapshot mgmt
plan security
secure all elements hypervisor, guest oss, and virtualized infra
ensure and test
restrict and protect admin access
Virtual Firewall
capabilities for traffic flowing between systems hosted in virtual envs that do not need external routing
