Secure Operating Environments - OS Hardening

Question 1

what are the top four strategies to prevent cyber intrusions ?

Answer 1

• White-list approved applications
• Patch third-party applications and OS vulnerabilities
• Restrict administrative privileges
• Create a defense-in-depth system

Question 2

What is a secure Base OS ?

Answer 2

• Installed and patched
• Hardened and correctly configured
• Test security of basic OS to ensure that steps taken adequately address its security needs

Question 3

How can we harden an OS ?

Answer 3

• Removing unnecessary services, applications, protocols
• Configuring users, groups, and permissions
• Configuring resource controls

Question 4

What are additional security controls that can be added to harden an OS ?

Answer 4

antivirus, host-based firewalls, and intrusion detection system (IDS)

Question 5

Why do we need to configure our OS ?

Answer 5

Default configuration might not be secure:
- Default configuration set to maximize ease of use and
functionality rather than security
- Additional packages can later be installed if required

Question 6

Why do we need an System planning process for our OS ?

Answer 6

System planning process should identify what is required for a given system. -> less Software on the machine -> less risk

Question 7

How should we restrict elevated privileges ?

Answer 7

Elevated privileges should be restricted to those users that require them, and only when needed to perform a task

Question 8

What should we consider in the System planning process concerning users, groups and permissions ?

Answer 8

• Categories of users on the system
• Privileges they have
• Types of information they can access
• How and where access control configuration is set