Section 6: Hardening Flashcards
What is Hardening?
Act of configuring an OS securely by updating it, creating rules and policies to govern it, and removing unnecessary applications and services
What is Least Functionality?
Process of configuring workstation or server to only provide essential applications and services
- restrict unneeded applications
- ports
- services
- protocols
What is another method of Least Functionality?
Uninstalling all unneeded apps
What happens sometimes when you install a newer version of an app?
The previous version remains installed.
- Uninstall it manually
When adding new computers, what should you do with the image?
Utilise a secure baseline image
- OS
- minimum apps required
- strict configuration policies
What is SCCM?
Microsoft System Center Configuration Management
- allows admins to manage large amounts of software across a network
- push updates and configurations
What is Application Whitelist?
Process of allowing applications to run only if they are on the white list
- explicit allow statement
What is an Application Blacklist?
Block specific applications from running if they are on the blacklist
Which is more secure, Application Whitelisting or Blacklisting
White Listing
- but more difficult to setup and manage
- have to adjust your list every time you need a new app
What are some problems with Application Blacklisting?
New variations of malware that are not known will not be blocked since you have to manually add them to the list
Can whitelisting and blacklisting be centrally managed?
Yes
- By using Active Directory Domain Control and be updated through policies
What are Services in an OS?
Type of applications working in the background of the OS and perform various functions
What should you do with unneeded serviecs?
Disabled in the OS
- services.msc
- find the service you want to stop → Stop it → Change ‘Startup type’ to Disabled to prevent it from starting up when rebooting
- this is helpful with a service malware that installs itself as a service - follow those steps to remove it better
same thing can be done with cmd
- sc stop wuauserv (or what ever name of service)
- or net stop (service name)
How do you see services and stop them in Linux & Mac OS?
- ‘top’ in terminal shows processes
- get the PID and type ‘kill ####’
What is a Trusted Operating System (TOS)?
Any OS that meets the requirements set forth by governments and has multilevel security
What OS meet the criteria for TOS?
- Windows 7 - and newer
- Mac OS X 10.6 - and newer
- FreeBSD (TrustedBSD)
- Red Hat Enterprise Server
What is a requirement to stay TOS
Frequent patching and staying up to date
How do you identify the current version and build of your OS prior to updating a system?
Windows - msinfo32.exe in cmd
What are patches?
A single problem-fixing piece of software for an operating system or application
What is a hotfix?
Exact same as a patch
-A single problem-fixing piece of software for an operating system or application
- Originally it meant that you did not need to reboot the system after a hotfix where as a patch does
What are the categories of updates?
- Security Update
- Critical Update
- Service Pack
- Windows Update
- Driver Update
What is a Security Update?
Software code that is issued for a product-specific security-related vulnerability
- corrects the bug in the code
What is a critical update?
Software code for a specific problem addressing a critical, non-security bug in the software
- e.g. google chrome crashing when loading facebook
What is a service pack?
A tested, cumulative grouping of patches, hotfixes, security updates, critical updates, and possibly some feature or design changes
What is a driver update?
Updated device driver to fix a security issue or add a feature to a supported piece of hardware
What is Patch Management?
Process of planning, testing, implementing, and auditing of software patches
What are the 4 steps of patch management?
- Planning
- Testing
- Implementing
- Auditing
What does Planning include in patch management?
Verify the patch is compatible with your systems and plan for how you will test and deploy
- MBSA Microsoft Baseline Security Analyzer
- identify misconfigurations
What does Testing include in patch management?
Always test a patch prior to automating its deployment
What does Implementing include in patch management?
Manually or automatically deploy the patch to all your clients to implement it
- large orgs centrally manage updates through an update server
- disable the ‘wuausery’ service to prevent Windows Update from running automatically
What does Auditing include in patch management?
Important to audit the client’s status after a patch deployment
Does Linux and OSX have built-in patch management systems too?
Yes
What is a Group Policy?
A set of rules or policies that can be applied to a set of users or computer accounts within the operating system
- access the Group Policy Editor by opening the Run prompt and enter ‘gpedit’
What kind of rules can you add through Group Policies?
- Password complexity
- account lockout policy
- software restrictions
- application restrictions
What does the Active Directory Domain Controller have a more advanced version of?
Group Policy Editor
What is a Group Policy Objective (GPO)
Objectives that aid in the hardening of the OS
- helps establishing a security baseline
What is Baselining?
Process of measuring changes in the network, hardware, and software environment
- baseline establishes a standard or what is normal so you can find deviations when they happen
What are the 2 Deviation Categories?
- Acceptable & Expected
- Issue to investigate further
How do you access and edit the Group Policy?
gpedit
Can you add group policies per computer or per user?
Both
How do you add whitelist/blacklist rules in Windows?
Computer Configuration → Windows Settings → Security Settings → Application Control Policies → AppLocker → Executable Rules → Right click and create new rule (white/blacklist)
Do you allow or deny with Whitelist?
Allow
Do you allow or deny with Blacklist?
Deny
What can you deny based on?
- Publisher
- e.g. Microsoft - Path
- specific file or folder - File Hash
- helpful for malwares, every file has a unique hash
Its a good practice to block anything running from which directory?
/temp
What are the most common file systems used by OS’s?
- NTFS (New Technology File System)
- FAT32
- ext4
- HFS+
- APFS (Apple File System)
What file system can Windows utilise?
NTFS or FAT32
- NTFS is highly recommended
What is NTFS?
New Technology File System is the default file system format for Windows and is more secure because it supports logging, encryption, larger partition sizes, and larger file sizes than FAT32
What can you do if you are using FAT32 and want to convert to NTFS without losing data?
- open cmd and type ‘convert G:/FS:NTFS
What file systems do Linux and Mac OS use?
Linux - ext4
Mac - APFS
What are the 5 things you can do to slow degradation process and recovery easy for your harddrives?
- Remove temporary files using Disk Cleanup
- Periodic System file system checks
- win - CHKDSK nfsystem filechecker
- linux - fsck
- mac - firstaid within disk utility - Defragment your disk drive
- backup your data
- Use and practice restoration techniques
- restoring system restore point
- tape backup
- backing up hdd
- restoring individual field from backups
§