7.1 Operating Systems Security P1 Flashcards
Define what is OS hardening host security
Addressing the weaknesses in the (default) OS installation & applications configuration
What are the 5 steps suggested by Andress to harden the security of the OS
- Understand functions that the system will perform (and set it up for that)
- Apply all the vendor-recommended security patches
- Install security monitoring programs
- Audit system configuration
- Design backup & recovery procedures
What are the problems that come with OS hardening?
OS typically comes ready for ‘easy’ installation standard setup / configuration, passwords (defaults)
Easy & repeatable so others will know way round system
Much activity will revolve around “just getting it up and working” - some security aspects will be an after thought
Teething - also will be the novice when setting up the new system
How should managing the OS hardening be done?
Need to replace ‘standard’ set-ups / accounts / access (i.e. easy installation elements)
Continual monitoring & checking (audits)
Manage the system
What is involved in security server hardening?
Different servers can run on a host machine (host can be set up to run specific server)
Server perform specific functions (firewalls, web servers, database servers, email servers, SMS servers, DNS)
Server security
Range from simple configuration options in server application to installing extra security products
Adding extra layers of security to ensure server is secure & protecting rest of system from security breach via server
What is involved in Client OS security?
Client machines may also need ‘hardening’
Locking down clients systems to ensure its not providing too much access or running too many unnecessary services
Need to replace ‘standard’ set-ups / accounts / access (i.e. easy installation elements)
What in involved in mobile device hardening?
Defining and setting use policies
Examples of Apple iPhone / iPad & Galaxy’s with remote disabling
Very relevant for BYOD (Bring Your Own Device)
