Operating System Security 3.3

Question 1

Operating System Types

Answer 1

Appliances - Some OS’s are designed specifically for a purpose. Usually they are minimal and unseen by the user.

Kiosks - Other OS’s are designed for public use like a kiosk. The OS is tightly locked down.

Mobile - OS’s are designed for touch screen phones and tablets. Optimized for mobile hardware.

Question 2

Patch Management

Answer 2

Incredibly important, must always have the very latest version of these patches. Security problems can only be fixed by these. Occasionally you will deal w/ service packs which are large packages of patches together. Other updates will be monthly, and others weekly. Generally they will be on a predictable schedule in order for security teams to work around these time frames. Urgent/critical updates will be patched asap no matter the timeframe.

Question 3

Update Options

Answer 3

Windows Update - Can be managed through Windows Server Update Services (WSUS) which is a centralized management system for Windows devices. Mac OS will have Software Update under the Apple Menu however newer Apple devices will integrate them into the App Store so it will be through the App Store instead. Linux will have multiple options.

Question 4

The Patching Process

Answer 4

May take planning because patching can fix some problems while creating others. In some cases you will not want to deploy every single patch. You always want to get the security related ones. This will be centrally managed on your update server and after you complete your testing of the patches, you can tell the server to roll out the patches.

Question 5

Disabling Unnecessary Services

Answer 5

Every service on you system has the potential for trouble. It’s not easy to tell which services are necessary. Windows 7 had 130 default services while Windows 10 has over 240. You will have to do research to figure out which ones you can disable and which are needed. Sometimes it will take trial and error to figure out. Third party websites will not always be reliable.

Question 6

Controlled Functionality

Answer 6

To reduce your security risks, you want to reduce your potential security risks. Over time you will fine tune your system configs to make it very secure.

Question 7

Evaluation Assurance Level (Common Criteria)

Answer 7

Known as the “Common Criteria for Information Technology Security Evalutation”, the categorizing of what a secure OS looks like has already been documented. This is an international standard. They are measured in EAL 1 thru 7. EAL 4 is the most accepted minimum level.

International Security Standard - ISO/IEC 15408

Question 8

App White/Black Listing

Answer 8

All apps can become vulnerable. You can set security polices to control if these app will execute on your systems. Whitelisting is very restrictive, Blacklisting is to stop some known bad apples and more liberal.

Question 9

Whitelisting Methods

Answer 9

The OS has some built in system management options.

You can set your system to only allow applications with a unique hash identifier.

The same goes for certificates, the only allowed apps will have a specific certificate.

You can also only allow apps to run for a specific file path on the computer.

Additionally you can only allow apps to run on network from a specific area of that network.

Question 10

Disable Unnecessary Accounts

Answer 10

All OS’s contain multiple user accounts. Guest accounts, root accounts, mail accounts, etc. These can be disabled/removed.