Security Operations: Examining Operating Systems Flashcards

1
Q

What is OS Security?

A

Operating-system security is the process of implementing various security controls to increase the resiliency of the OS to unauthorized access, unauthorized configuration, and modification. This helps reduce the attack surface.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What techniques should you implement OS security?

A

Technologies and techniques to implement OS security

Physical security is crucial, as previously discussed in episode 2-4-1 Examining Physical Security. Additionally, there are other very important ways in which to help secure an OS, including:

Centralized administration.

Strong authentication.

Host-based security software.

File-access and integrity technologies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Centralized administration?

A

Group Policy

  • Active Directory
  • Microsoft Entra ID, formerly known as Azure Active Directory (Azure
    AD).

Mobile device management: various third-party providers, including:

  • VMware AirWatch
  • IBM MaaS360
  • Cisco Meraki Systems Manager
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What can you use for strong authentication?

A

Policy-driven enforcement: Includes multifactor authentication (MFA) for signing into accounts:

Biometrics

Security key

Smart card

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What type of Host-based security software can you use?

A

Host-based security software

Real-time antimalware solution.

Software-based firewall.

Network access controls:

Attestation

Trusted locations

Geofencing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

File-access and integrity technologies, what can you use?

A

With respect to file access:

Implement access control: Restricts who can view or use resources and includes:

Discretionary access control: An example is permissions in the Windows OS.

Role-based access control (RBAC): An example is group-based permissions in the Windows OS.

Rule-based access control: An example is a host-based firewall.

Mandatory access control: An example is SELinux in the Linux OS.

File-integrity monitoring is the process of comparing OS and application files with a baseline to detect unauthorized tampering or modifications.

Additionally, there’s backup, testing, and verification, and then versioning, which:

Provide a historical record of changes supporting integrity-checking.

Enables allowing for the rollback to secure states in case of breaches or issues.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are additional ways you can help secure an OS?

A

Additional ways in which to help secure an OS include:

End-user security awareness training.

The principle of least privilege or access: applies to users, applications, and services.

Attack surface reduction:

Industry guidance.

Vendor security-configuration guidelines.

Policy and compliance monitoring enforcement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly