Section 6 - Hardening Flashcards
What is “hardening”?
The act of configuring an operating system securely by updating it, creating rules and policies to govern it, and remove unnecessary applications and services.
*** Essentially, you are attempting to mitigate the risks by minimizing the vulnerabilities.
What is the concept of “least functionality”?
This is the process of configuring a work station or a server to only provide essential applications and services that are required by the user.
In large networks, what is the best solution for protecting computers from having unused programs on their computers?
Preventing excessive installations
*** In corporate networks, it’s common to create a secure baseline image that is used at all work stations across the company. This has an OS, minimum applications and strict configuration policies.
What is “application allowlisting”?
Only applications that are on the approved list are allowed to be run by the OS
*** With this, everything is denied by default unless its on that list
What is “application blocklisting”?
Any application that’s placed on a list will be prevented from running
*** With this, everything is allowed except what’s explicitly denied, every new variation of malware or new program would be allowed until you create a blocklist rule for it.
What is “Microsoft Active Directory domain controller”?
This allows you to centrally manage your lists (blocklist and allowlist) and deploy them through your group policies
What is a “service” on a computer?
A type of application that runs in the background of the operating system, and it performs various functions like the print spooler.
Where can you go on a Windows machine to see the services installed on your machine?
Type in “service” in the windows key. You can also go into command prompt, and type in sc or net command.
For Mac computers, you would go into Activity Monitor or your command line (Linux uses command line too)
What is a “Trusted Operating System”?
Any operating system that meets the requirements set forth by the government and it contains multilevel security
What are some examples of Trusted Operating Systems?
- Every version of Windows since Windows 7
- Every version of MAC OS since 10.6
- Red Hat Enterprise Server
- TrustedBSD extensions
How does a software manufacturer remain as a Trusted Operating System?
They must routinely provide patches and updates to the software in order to maintain its security
What is a patch?
A single problem-fixing piece of software for an operation system or application
*** When a bug is found in the code a patch is created to correct this.
What is a Hotfix?
A single problem-fixing piece of software for an operating system
What is the difference between a patch and a hotfix?
A hotfix can be installed without requiring a reboot of your system. A patch requires a system reboot.
These are often used interchangeably.
What are the five different categories of updates?
- Security Updates
- Critical Update
- Service Pack
- Windows Update
- Drivers Update
What is a Security Update?
Software code that is issued for a product-specific security-related vulnerability
** If a hacker finds a bug in the code for Microsoft Word that might be a breach of security. So Microsoft would release a security update that contains a patch to correct the bug for that code.
What is a Critical Update?
A piece of software that’s designed for a specific problem that addresses a critical, non-security bug in a piece of software.
** For example, if Google Chrome kept crashing every time you tried to load Facebook then Google would release a Critical Update that patches this non-security focused bug.
What is a Service Pack?
A grouping of other patches. It contains hot fixes, security updates, critical updates, and possibly even some feature or design changes.
These are commonly seen with OS updates released once a year.
Now Service Packs are nice because they provide a single installation file that contains hundreds of individual updates that can be installed as opposed to doing individual patches and updates.
What is a Windows Update?
This is a recommended update to fix a non-critical problem that certain users have found and it may also provide some additional features or capabilities.
*** For example, if Windows wanted to add a new way to display animated background images on your desktop, this would be a Windows update.
What is a Drivers Update?
These provide either a security fix or additional features for a supported piece of hardware.
** For example, you might receive a driver update for your network card. This would help increase the efficiency of how it sends/receives data.
In Windows 10, the ___ ___ ___ is used to manage all of the different types of updates directly from Microsoft.
windows update program
*** This can be configured to allow automated updates to occur as well
What is Patch Management?
The planning, testing, implementing, and auditing of software patches.
*** Part of patch management is keeping track of all of the various updates and ensuring that they get installed
What are the four steps to patch management?
- Planning
- Testing
- Implementing
- Auditing
What happens during the “Planning” step of Patch Management?
Consists of creating policies, procedures, and systems to track available patches and updates, and a method to verify that they are compatible with your systems.
This also determines how you’re going to test and deploy each patch.
Microsoft provides a useful tool that can help us in determining the status of our system, and whether or not a patch needs to be applied. This is known as…?
Microsoft Baseline Security Analyzer
MBSA
This tool can help identify security misconfiguration within your network’s workstations
What happens during the “testing” step of patch management?
This is when testing of any patch your receive prior to automating its deployment throughout the network
What happens during the “deploy” step of patch management?
The patch is deployed to all workstations that might require it. This can be done manually or automatically by deploying that patch to your clients’ workstations to implement it
What is an example of a deployment tool used for patch management?
Microsoft System Center Configuration Manager
There are also other third-party management tools
Why is it recommended that you disable the “Windows Update” tool?
This allows you to test the patch prior to deploying it in your environment
Otherwise, Windows update will automatically update patches across your network
What happens during the “auditing” step of patch management?
Audit the client status after conducting patch deployment. This ensure the patch was installed properly and that there’s no unexpected failures that have occurred.
What is an auditing tool that can be used in patch management?
System Center Configuration Manager
This conducts scanning and verification of your workstations to help ensure those patches were installed properly
What is a “Group Policy”?
A set of rules or policies that can be applied to a set of users or computer accounts within an operating system.
This is done in the Group Policy Editor
What kind of rules can you manage in a group policy?
Password complexity requirements
Account lockout policies
Software restrictions
Application restrictions
Each policy that you set in the Group Policy Editor acts as a ___ ___ that can apply a set of rules to different users.
security template
A large part of hardening the operating system occurs through loading different ___ against the workstation or against the server.
GPOs
Group Policy Objectives
What is “baselining”?
A process of measuring changes in the network, hardware, or software environment.
*** This helps establish what normal is for your organization.
The level of security of your system is affected by its ___ ___ ___.
file system type
What are some examples of file systems?
NTFS
FAT32
ext4
Hierarchical File System Plus
Apple File System
What file system does Windows use?
NTFS or FAT32
*** It is highly recommended that you use NTFS.
What is NTFS?
New Technology File System
The default file system format for Windows as it is more secure than FAT32.
It supports logging, encryption, larger partition sizes and larger file sizes than FAT32 does.
What file system does Linux use?
ext4
What file system does MAC OS X use?
Apple File System
In addition to using the right type of file system, it’s also important to use…?
Whole disc encryption
What are five things you can do to help postpone the inevitable failure of your hard drive?
- Remove any temporary files from your system by using a disc cleanup utility
- Conduct periodic file system checks
- Perform a disc drive de-fragmentation periodically
- Ensure you have a good backup of your data
- Ensure you understand how to use different restoration techniques and actually practice them.