Section 6 - Hardening Flashcards
What is “hardening”?
The act of configuring an operating system securely by updating it, creating rules and policies to govern it, and remove unnecessary applications and services.
*** Essentially, you are attempting to mitigate the risks by minimizing the vulnerabilities.
What is the concept of “least functionality”?
This is the process of configuring a work station or a server to only provide essential applications and services that are required by the user.
In large networks, what is the best solution for protecting computers from having unused programs on their computers?
Preventing excessive installations
*** In corporate networks, it’s common to create a secure baseline image that is used at all work stations across the company. This has an OS, minimum applications and strict configuration policies.
What is “application allowlisting”?
Only applications that are on the approved list are allowed to be run by the OS
*** With this, everything is denied by default unless its on that list
What is “application blocklisting”?
Any application that’s placed on a list will be prevented from running
*** With this, everything is allowed except what’s explicitly denied, every new variation of malware or new program would be allowed until you create a blocklist rule for it.
What is “Microsoft Active Directory domain controller”?
This allows you to centrally manage your lists (blocklist and allowlist) and deploy them through your group policies
What is a “service” on a computer?
A type of application that runs in the background of the operating system, and it performs various functions like the print spooler.
Where can you go on a Windows machine to see the services installed on your machine?
Type in “service” in the windows key. You can also go into command prompt, and type in sc or net command.
For Mac computers, you would go into Activity Monitor or your command line (Linux uses command line too)
What is a “Trusted Operating System”?
Any operating system that meets the requirements set forth by the government and it contains multilevel security
What are some examples of Trusted Operating Systems?
- Every version of Windows since Windows 7
- Every version of MAC OS since 10.6
- Red Hat Enterprise Server
- TrustedBSD extensions
How does a software manufacturer remain as a Trusted Operating System?
They must routinely provide patches and updates to the software in order to maintain its security
What is a patch?
A single problem-fixing piece of software for an operation system or application
*** When a bug is found in the code a patch is created to correct this.
What is a Hotfix?
A single problem-fixing piece of software for an operating system
What is the difference between a patch and a hotfix?
A hotfix can be installed without requiring a reboot of your system. A patch requires a system reboot.
These are often used interchangeably.
What are the five different categories of updates?
- Security Updates
- Critical Update
- Service Pack
- Windows Update
- Drivers Update
What is a Security Update?
Software code that is issued for a product-specific security-related vulnerability
** If a hacker finds a bug in the code for Microsoft Word that might be a breach of security. So Microsoft would release a security update that contains a patch to correct the bug for that code.
What is a Critical Update?
A piece of software that’s designed for a specific problem that addresses a critical, non-security bug in a piece of software.
** For example, if Google Chrome kept crashing every time you tried to load Facebook then Google would release a Critical Update that patches this non-security focused bug.
What is a Service Pack?
A grouping of other patches. It contains hot fixes, security updates, critical updates, and possibly even some feature or design changes.
These are commonly seen with OS updates released once a year.
Now Service Packs are nice because they provide a single installation file that contains hundreds of individual updates that can be installed as opposed to doing individual patches and updates.
What is a Windows Update?
This is a recommended update to fix a non-critical problem that certain users have found and it may also provide some additional features or capabilities.
*** For example, if Windows wanted to add a new way to display animated background images on your desktop, this would be a Windows update.
What is a Drivers Update?
These provide either a security fix or additional features for a supported piece of hardware.
** For example, you might receive a driver update for your network card. This would help increase the efficiency of how it sends/receives data.
In Windows 10, the ___ ___ ___ is used to manage all of the different types of updates directly from Microsoft.
windows update program
*** This can be configured to allow automated updates to occur as well
What is Patch Management?
The planning, testing, implementing, and auditing of software patches.
*** Part of patch management is keeping track of all of the various updates and ensuring that they get installed
What are the four steps to patch management?
- Planning
- Testing
- Implementing
- Auditing
What happens during the “Planning” step of Patch Management?
Consists of creating policies, procedures, and systems to track available patches and updates, and a method to verify that they are compatible with your systems.
This also determines how you’re going to test and deploy each patch.