Operating Systems Flashcards
How can the risk of attacks on remotely accessed services, such as the web or file transfer services, be reduced?
Ensuring that most of the files can only be read, but not written, by the user
What’s the goal for penetration testing an operating system and when should it be performed?
Ensure previous security configuration steps are correctly implemented, identify any possible vulnerabilities, and close all unneeded ports.
Testing should be done after initial hardening of the system and repeated periodically as part of the security maintenance process
Why shouldn’t supplied default software packages be used when performing the initial installation?
Default configuration is set to maximise ease of use and functionality rather than security.
If fewer software packages are available to run, the risk is reduced. If additional packages are needed later, they can be installed when required
What are the four basic steps to secure the base operating system?
- Install and patch the operating system.
- Harden and configure operating system by:
- removing unnecessary services, applications and protocols
- configuring users, groups and permissions
- configuring resource controls. - Install and configure additional security controls such as antivirus, host-based firewalls and IDS.
- Test the security of the basic operating system to ensure that the steps taken adequately address its security needs.
All installations need to come from trusted sources
What are the four strategies to secure an operating system?
- White-list approves applications
- Patch third party applications and operating system vulnerabilities.
- Restrict administrative privileges.
- Create a Defense-in-depth system.
How should an operating system be installed?
Installed by an expert, in an isolated environment then immediately updated for databases that are publicly available.
