Section 6: Hardening

Question 1

What is Hardening?

Answer 1

Act of configuring an OS securely by updating it, creating rules and policies to govern it, and removing unnecessary applications and services

Question 2

What is Least Functionality?

Answer 2

Process of configuring workstation or server to only provide essential applications and services

• restrict unneeded applications
• ports
• services
• protocols

Question 3

What is another method of Least Functionality?

Answer 3

Uninstalling all unneeded apps

Question 4

What happens sometimes when you install a newer version of an app?

Answer 4

The previous version remains installed.

• Uninstall it manually

Question 5

When adding new computers, what should you do with the image?

Answer 5

Utilise a secure baseline image

• OS
• minimum apps required
• strict configuration policies

Question 6

What is SCCM?

Answer 6

Microsoft System Center Configuration Management

• allows admins to manage large amounts of software across a network
• push updates and configurations

Question 7

What is Application Whitelist?

Answer 7

Process of allowing applications to run only if they are on the white list

• explicit allow statement

Question 8

What is an Application Blacklist?

Answer 8

Block specific applications from running if they are on the blacklist

Question 9

Which is more secure, Application Whitelisting or Blacklisting

Answer 9

White Listing

• but more difficult to setup and manage
• have to adjust your list every time you need a new app

Question 10

What are some problems with Application Blacklisting?

Answer 10

New variations of malware that are not known will not be blocked since you have to manually add them to the list

Question 11

Can whitelisting and blacklisting be centrally managed?

Answer 11

Yes

• By using Active Directory Domain Control and be updated through policies

Question 12

What are Services in an OS?

Answer 12

Type of applications working in the background of the OS and perform various functions

Question 13

What should you do with unneeded serviecs?

Answer 13

Disabled in the OS

• services.msc
• find the service you want to stop → Stop it → Change ‘Startup type’ to Disabled to prevent it from starting up when rebooting
• this is helpful with a service malware that installs itself as a service - follow those steps to remove it better

same thing can be done with cmd

• sc stop wuauserv (or what ever name of service)
• or net stop (service name)

Question 14

How do you see services and stop them in Linux & Mac OS?

Answer 14

• ‘top’ in terminal shows processes
• get the PID and type ‘kill ####’

Question 15

What is a Trusted Operating System (TOS)?

Answer 15

Any OS that meets the requirements set forth by governments and has multilevel security

Question 16

What OS meet the criteria for TOS?

Answer 16

• Windows 7 - and newer
• Mac OS X 10.6 - and newer
• FreeBSD (TrustedBSD)
• Red Hat Enterprise Server

Question 17

What is a requirement to stay TOS

Answer 17

Frequent patching and staying up to date

Question 18

How do you identify the current version and build of your OS prior to updating a system?

Answer 18

Windows - msinfo32.exe in cmd

Question 19

What are patches?

Answer 19

A single problem-fixing piece of software for an operating system or application

Question 20

What is a hotfix?

Answer 20

Exact same as a patch

-A single problem-fixing piece of software for an operating system or application

• Originally it meant that you did not need to reboot the system after a hotfix where as a patch does

Question 21

What are the categories of updates?

Answer 21

1. Security Update
2. Critical Update
3. Service Pack
4. Windows Update
5. Driver Update

Question 22

What is a Security Update?

Answer 22

Software code that is issued for a product-specific security-related vulnerability

• corrects the bug in the code

Question 23

What is a critical update?

Answer 23

Software code for a specific problem addressing a critical, non-security bug in the software

• e.g. google chrome crashing when loading facebook

Question 24

What is a service pack?

Answer 24

A tested, cumulative grouping of patches, hotfixes, security updates, critical updates, and possibly some feature or design changes

Question 25

What is a driver update?

Answer 25

Updated device driver to fix a security issue or add a feature to a supported piece of hardware

Question 26

What is Patch Management?

Answer 26

Process of planning, testing, implementing, and auditing of software patches

Question 27

What are the 4 steps of patch management?

Answer 27

1. Planning
2. Testing
3. Implementing
4. Auditing

Question 28

What does Planning include in patch management?

Answer 28

Verify the patch is compatible with your systems and plan for how you will test and deploy

• MBSA Microsoft Baseline Security Analyzer
• identify misconfigurations

Question 29

What does Testing include in patch management?

Answer 29

Always test a patch prior to automating its deployment

Question 30

What does Implementing include in patch management?

Answer 30

Manually or automatically deploy the patch to all your clients to implement it

• large orgs centrally manage updates through an update server
• disable the ‘wuausery’ service to prevent Windows Update from running automatically

Question 31

What does Auditing include in patch management?

Answer 31

Important to audit the client’s status after a patch deployment

Question 32

Does Linux and OSX have built-in patch management systems too?

Answer 32

Yes

Question 33

What is a Group Policy?

Answer 33

A set of rules or policies that can be applied to a set of users or computer accounts within the operating system

• access the Group Policy Editor by opening the Run prompt and enter ‘gpedit’

Question 34

What kind of rules can you add through Group Policies?

Answer 34

• Password complexity
• account lockout policy
• software restrictions
• application restrictions

Question 35

What does the Active Directory Domain Controller have a more advanced version of?

Answer 35

Group Policy Editor

Question 36

What is a Group Policy Objective (GPO)

Answer 36

Objectives that aid in the hardening of the OS

• helps establishing a security baseline

Question 37

What is Baselining?

Answer 37

Process of measuring changes in the network, hardware, and software environment

• baseline establishes a standard or what is normal so you can find deviations when they happen

Question 38

What are the 2 Deviation Categories?

Answer 38

1. Acceptable & Expected
2. Issue to investigate further

Question 39

How do you access and edit the Group Policy?

Answer 39

gpedit

Question 40

Can you add group policies per computer or per user?

Answer 40

Both

Question 41

How do you add whitelist/blacklist rules in Windows?

Answer 41

Computer Configuration → Windows Settings → Security Settings → Application Control Policies → AppLocker → Executable Rules → Right click and create new rule (white/blacklist)

Question 42

Do you allow or deny with Whitelist?

Answer 42

Allow

Question 43

Do you allow or deny with Blacklist?

Answer 43

Deny

Question 44

What can you deny based on?

Answer 44

1. Publisher
   - e.g. Microsoft
2. Path
   - specific file or folder
3. File Hash
   - helpful for malwares, every file has a unique hash

Question 45

Its a good practice to block anything running from which directory?

Answer 45

/temp

Question 46

What are the most common file systems used by OS’s?

Answer 46

1. NTFS (New Technology File System)
2. FAT32
3. ext4
4. HFS+
5. APFS (Apple File System)

Question 47

What file system can Windows utilise?

Answer 47

NTFS or FAT32

• NTFS is highly recommended

Question 48

What is NTFS?

Answer 48

New Technology File System is the default file system format for Windows and is more secure because it supports logging, encryption, larger partition sizes, and larger file sizes than FAT32

Question 49

What can you do if you are using FAT32 and want to convert to NTFS without losing data?

Answer 49

• open cmd and type ‘convert G:/FS:NTFS

Question 50

What file systems do Linux and Mac OS use?

Answer 50

Linux - ext4
Mac - APFS

Question 51

What are the 5 things you can do to slow degradation process and recovery easy for your harddrives?

Answer 51

1. Remove temporary files using Disk Cleanup
2. Periodic System file system checks
   - win - CHKDSK nfsystem filechecker
   - linux - fsck
   - mac - firstaid within disk utility
3. Defragment your disk drive
4. backup your data
5. Use and practice restoration techniques
   - restoring system restore point
   - tape backup
   - backing up hdd
   - restoring individual field from backups

Question 52

§