Section 6 - Hardening

Question 1

What is “hardening”?

Answer 1

The act of configuring an operating system securely by updating it, creating rules and policies to govern it, and remove unnecessary applications and services.

*** Essentially, you are attempting to mitigate the risks by minimizing the vulnerabilities.

Question 2

What is the concept of “least functionality”?

Answer 2

This is the process of configuring a work station or a server to only provide essential applications and services that are required by the user.

Question 3

In large networks, what is the best solution for protecting computers from having unused programs on their computers?

Answer 3

Preventing excessive installations

*** In corporate networks, it’s common to create a secure baseline image that is used at all work stations across the company. This has an OS, minimum applications and strict configuration policies.

Question 4

What is “application allowlisting”?

Answer 4

Only applications that are on the approved list are allowed to be run by the OS

*** With this, everything is denied by default unless its on that list

Question 5

What is “application blocklisting”?

Answer 5

Any application that’s placed on a list will be prevented from running

*** With this, everything is allowed except what’s explicitly denied, every new variation of malware or new program would be allowed until you create a blocklist rule for it.

Question 6

What is “Microsoft Active Directory domain controller”?

Answer 6

This allows you to centrally manage your lists (blocklist and allowlist) and deploy them through your group policies

Question 7

What is a “service” on a computer?

Answer 7

A type of application that runs in the background of the operating system, and it performs various functions like the print spooler.

Question 8

Where can you go on a Windows machine to see the services installed on your machine?

Answer 8

Type in “service” in the windows key. You can also go into command prompt, and type in sc or net command.

For Mac computers, you would go into Activity Monitor or your command line (Linux uses command line too)

Question 9

What is a “Trusted Operating System”?

Answer 9

Any operating system that meets the requirements set forth by the government and it contains multilevel security

Question 10

What are some examples of Trusted Operating Systems?

Answer 10

1. Every version of Windows since Windows 7
2. Every version of MAC OS since 10.6
3. Red Hat Enterprise Server
4. TrustedBSD extensions

Question 11

How does a software manufacturer remain as a Trusted Operating System?

Answer 11

They must routinely provide patches and updates to the software in order to maintain its security

Question 12

What is a patch?

Answer 12

A single problem-fixing piece of software for an operation system or application

*** When a bug is found in the code a patch is created to correct this.

Question 13

What is a Hotfix?

Answer 13

A single problem-fixing piece of software for an operating system

Question 14

What is the difference between a patch and a hotfix?

Answer 14

A hotfix can be installed without requiring a reboot of your system. A patch requires a system reboot.

These are often used interchangeably.

Question 15

What are the five different categories of updates?

Answer 15

1. Security Updates
2. Critical Update
3. Service Pack
4. Windows Update
5. Drivers Update

Question 16

What is a Security Update?

Answer 16

Software code that is issued for a product-specific security-related vulnerability

** If a hacker finds a bug in the code for Microsoft Word that might be a breach of security. So Microsoft would release a security update that contains a patch to correct the bug for that code.

Question 17

What is a Critical Update?

Answer 17

A piece of software that’s designed for a specific problem that addresses a critical, non-security bug in a piece of software.

** For example, if Google Chrome kept crashing every time you tried to load Facebook then Google would release a Critical Update that patches this non-security focused bug.

Question 18

What is a Service Pack?

Answer 18

A grouping of other patches. It contains hot fixes, security updates, critical updates, and possibly even some feature or design changes.

These are commonly seen with OS updates released once a year.

Now Service Packs are nice because they provide a single installation file that contains hundreds of individual updates that can be installed as opposed to doing individual patches and updates.

Question 19

What is a Windows Update?

Answer 19

This is a recommended update to fix a non-critical problem that certain users have found and it may also provide some additional features or capabilities.

*** For example, if Windows wanted to add a new way to display animated background images on your desktop, this would be a Windows update.

Question 20

What is a Drivers Update?

Answer 20

These provide either a security fix or additional features for a supported piece of hardware.

** For example, you might receive a driver update for your network card. This would help increase the efficiency of how it sends/receives data.

Question 21

In Windows 10, the ___ ___ ___ is used to manage all of the different types of updates directly from Microsoft.

Answer 21

windows update program

*** This can be configured to allow automated updates to occur as well

Question 22

What is Patch Management?

Answer 22

The planning, testing, implementing, and auditing of software patches.

*** Part of patch management is keeping track of all of the various updates and ensuring that they get installed

Question 23

What are the four steps to patch management?

Answer 23

1. Planning
2. Testing
3. Implementing
4. Auditing

Question 24

What happens during the “Planning” step of Patch Management?

Answer 24

Consists of creating policies, procedures, and systems to track available patches and updates, and a method to verify that they are compatible with your systems.

This also determines how you’re going to test and deploy each patch.

Question 25

Microsoft provides a useful tool that can help us in determining the status of our system, and whether or not a patch needs to be applied. This is known as…?

Answer 25

Microsoft Baseline Security Analyzer

MBSA

This tool can help identify security misconfiguration within your network’s workstations

Question 26

What happens during the “testing” step of patch management?

Answer 26

This is when testing of any patch your receive prior to automating its deployment throughout the network

Question 27

What happens during the “deploy” step of patch management?

Answer 27

The patch is deployed to all workstations that might require it. This can be done manually or automatically by deploying that patch to your clients’ workstations to implement it

Question 28

What is an example of a deployment tool used for patch management?

Answer 28

Microsoft System Center Configuration Manager

There are also other third-party management tools

Question 29

Why is it recommended that you disable the “Windows Update” tool?

Answer 29

This allows you to test the patch prior to deploying it in your environment

Otherwise, Windows update will automatically update patches across your network

Question 30

What happens during the “auditing” step of patch management?

Answer 30

Audit the client status after conducting patch deployment. This ensure the patch was installed properly and that there’s no unexpected failures that have occurred.

Question 31

What is an auditing tool that can be used in patch management?

Answer 31

System Center Configuration Manager

This conducts scanning and verification of your workstations to help ensure those patches were installed properly

Question 32

What is a “Group Policy”?

Answer 32

A set of rules or policies that can be applied to a set of users or computer accounts within an operating system.

This is done in the Group Policy Editor

Question 33

What kind of rules can you manage in a group policy?

Answer 33

Password complexity requirements

Account lockout policies

Software restrictions

Application restrictions

Question 34

Each policy that you set in the Group Policy Editor acts as a ___ ___ that can apply a set of rules to different users.

Answer 34

security template

Question 35

A large part of hardening the operating system occurs through loading different ___ against the workstation or against the server.

Answer 35

GPOs

Group Policy Objectives

Question 36

What is “baselining”?

Answer 36

A process of measuring changes in the network, hardware, or software environment.

*** This helps establish what normal is for your organization.

Question 37

The level of security of your system is affected by its ___ ___ ___.

Answer 37

file system type

Question 38

What are some examples of file systems?

Answer 38

NTFS

FAT32

ext4

Hierarchical File System Plus

Apple File System

Question 39

What file system does Windows use?

Answer 39

NTFS or FAT32

*** It is highly recommended that you use NTFS.

Question 40

What is NTFS?

Answer 40

New Technology File System

The default file system format for Windows as it is more secure than FAT32.

It supports logging, encryption, larger partition sizes and larger file sizes than FAT32 does.

Question 41

What file system does Linux use?

Answer 41

ext4

Question 42

What file system does MAC OS X use?

Answer 42

Apple File System

Question 43

In addition to using the right type of file system, it’s also important to use…?

Answer 43

Whole disc encryption

Question 44

What are five things you can do to help postpone the inevitable failure of your hard drive?

Answer 44

1. Remove any temporary files from your system by using a disc cleanup utility
2. Conduct periodic file system checks
3. Perform a disc drive de-fragmentation periodically
4. Ensure you have a good backup of your data
5. Ensure you understand how to use different restoration techniques and actually practice them.