Chapter 7 - Host Hardening Flashcards
Define a host.
A host is any device that has an IP address.
Why is host hardening necessary?
Host hardening is necessary because most hosts, when operating by system defaults, are very easy to breach.
What are the major categories of hosts?
The major categories of hosts are servers, clients (including mobile phones), routers, switches, and firewalls.
What are the elements of host hardening?
The elements of host hardening are:
- Back up the host regularly.
- Restrict physical access to the host.
- Install the OS with secure configuration options.
- Minimize the number of applications and OS services running on the host.
- Harden all remaining applications on the host.
- Keep patches up to date.
- Manage users and groups.
- Manage access permissions for those users and groups.
- Encrypt data if possible.
- Add a host firewall.
- Read OS logs regularly.
- Run vulnerability tests against the system regularly.
Why is it important to replace default passwords during configuration?
It is important to replace default passwords during configuration because default passwords are easy to look up and abuse by attackers.
What is a security baseline, and why is it important?
A security baseline is a set of specific actions to be taken to harden hosts of a certain type (windows, OSX, etc) and particular versions within that type.
Security baselines are important because they set a standard baseline to which all units will conform.
Why is the downloading of disk images of the operating system desirable compared to configuring each host individually?
Using disk images of the OS as opposed to individual configuration is preferable because it saves money on installation, and ensures that the baselines are met completely with each install.
What is virtualization?
Virtualization is when multiple operating systems are able to run independently on a single physical machine.
What are some of the advantages of virtual machines?
There are many benefits from virtual machines. Virtual machines are much faster to set up and configure, as they’re cloned from a server with its own security baseline. This also makes for a more secure environment, and reduces inconsistencies.
It also reduces labor costs, that is, the cost of server admin, development, testing, and training.
What does a systems administrator manage?
A systems administrator generally manages a host, or groups of hosts. They’re responsible for hardening systems, and generally do not manage the network.
What is the name of Microsoft’s sever operating system? What security protections do recent version of this operating system offer?
Microsoft’s server operating system is called Microsoft Windows Server. It provides server software firewalls, encryption, autopatching, and intelligent management of services and applications.
What are MMCs?
MMCs are Microsoft Management Consoles. These are administrative tools inside Microsoft Windows Server, and are displayed in a common format.
Why is UNIX systems security difficult to describe, generally?
UNIX systems security is difficult to describe because of all the different “flavors” of UNIX, each with their own possible issues and concerns.
Distinguish between Linux and UNIX.
Linux is the most popular version of UNIX. It runs on ordinary PCs, but has been modified to run in many other places. Linux itself is only the kernel, the individual “flavors” of Linux are the kernel + other programs.
What is the Linux kernel?
The Linux kernel is core of the Linux OS.
Comment on the cost of Linux.
Linux is free, but various distributions may not be. Regardless, Linux is generally cheaper than other OSes, and in some cases, one license will allow for installation on multiple machines.
Does a particular version of UNIX have a single user interface?
Most versions of UNIX have several different user interfaces.
What are UNIX CLIs called?
UNIX CLIs are called shells.
How are CLIs beneficial? Why are they difficult to use?
CLIs are beneficial because they use very little in the way of system resources, and can be used to execute scripts of commands. They can be difficult to use because the commands that they run tend to be complex, and syntax-specific, so typos wreck merry hell.
What is a vulnerability?
A vulnerability is a security weakness that opens a program to an attack.
What is an exploit?
An exploit is a program that takes advantage of a vulnerability.
What is a zero-day attack?
A zero-day attack is an attack that takes place before a vulnerability can be patched.
What are the four types of fixes for vulnerabilities?
The four types of fixes for vulnerabilities are as follows:
- Work-Around: A work-around is a series of manual steps taken by the sysadmin to ameliorate the problem. Labor-intensive, and prone to mistakes.
- Patch: A patch is a small program that fixes particular vulnerabilities.
- Service Pack: A service pack is a large grouping of vulnerability fixes and system improvements.
- Version Upgrade: A version upgrade is like a service pack, but an overhaul of the whole OS.
Why is upgrading to a new version of an OS usually good for security?
Upgrading to a newer version of an OS is good for security because, generally, newer versions of OSes have fixes for security vulnerabilities, and older versions of OSes may stop being supported in time.