Operating System Security 3.3 Flashcards

1
Q

Operating System Types

A

Appliances - Some OS’s are designed specifically for a purpose. Usually they are minimal and unseen by the user.

Kiosks - Other OS’s are designed for public use like a kiosk. The OS is tightly locked down.

Mobile - OS’s are designed for touch screen phones and tablets. Optimized for mobile hardware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Patch Management

A

Incredibly important, must always have the very latest version of these patches. Security problems can only be fixed by these. Occasionally you will deal w/ service packs which are large packages of patches together. Other updates will be monthly, and others weekly. Generally they will be on a predictable schedule in order for security teams to work around these time frames. Urgent/critical updates will be patched asap no matter the timeframe.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Update Options

A

Windows Update - Can be managed through Windows Server Update Services (WSUS) which is a centralized management system for Windows devices. Mac OS will have Software Update under the Apple Menu however newer Apple devices will integrate them into the App Store so it will be through the App Store instead. Linux will have multiple options.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The Patching Process

A

May take planning because patching can fix some problems while creating others. In some cases you will not want to deploy every single patch. You always want to get the security related ones. This will be centrally managed on your update server and after you complete your testing of the patches, you can tell the server to roll out the patches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Disabling Unnecessary Services

A

Every service on you system has the potential for trouble. It’s not easy to tell which services are necessary. Windows 7 had 130 default services while Windows 10 has over 240. You will have to do research to figure out which ones you can disable and which are needed. Sometimes it will take trial and error to figure out. Third party websites will not always be reliable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Controlled Functionality

A

To reduce your security risks, you want to reduce your potential security risks. Over time you will fine tune your system configs to make it very secure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Evaluation Assurance Level (Common Criteria)

A

Known as the “Common Criteria for Information Technology Security Evalutation”, the categorizing of what a secure OS looks like has already been documented. This is an international standard. They are measured in EAL 1 thru 7. EAL 4 is the most accepted minimum level.

International Security Standard - ISO/IEC 15408

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

App White/Black Listing

A

All apps can become vulnerable. You can set security polices to control if these app will execute on your systems. Whitelisting is very restrictive, Blacklisting is to stop some known bad apples and more liberal.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Whitelisting Methods

A

The OS has some built in system management options.

You can set your system to only allow applications with a unique hash identifier.

The same goes for certificates, the only allowed apps will have a specific certificate.

You can also only allow apps to run for a specific file path on the computer.

Additionally you can only allow apps to run on network from a specific area of that network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Disable Unnecessary Accounts

A

All OS’s contain multiple user accounts. Guest accounts, root accounts, mail accounts, etc. These can be disabled/removed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly