What is Hardening?
Act of configuring an OS securely by updating it, creating rules and policies to govern it, and removing unnecessary applications and services
What is Least Functionality?
Process of configuring workstation or server to only provide essential applications and services
- restrict unneeded applications
- ports
- services
- protocols
What is another method of Least Functionality?
Uninstalling all unneeded apps
What happens sometimes when you install a newer version of an app?
The previous version remains installed.
- Uninstall it manually
When adding new computers, what should you do with the image?
Utilise a secure baseline image
- OS
- minimum apps required
- strict configuration policies
What is SCCM?
Microsoft System Center Configuration Management
- allows admins to manage large amounts of software across a network
- push updates and configurations
What is Application Whitelist?
Process of allowing applications to run only if they are on the white list
- explicit allow statement
What is an Application Blacklist?
Block specific applications from running if they are on the blacklist
Which is more secure, Application Whitelisting or Blacklisting
White Listing
- but more difficult to setup and manage
- have to adjust your list every time you need a new app
What are some problems with Application Blacklisting?
New variations of malware that are not known will not be blocked since you have to manually add them to the list
Can whitelisting and blacklisting be centrally managed?
Yes
- By using Active Directory Domain Control and be updated through policies
What are Services in an OS?
Type of applications working in the background of the OS and perform various functions
What should you do with unneeded serviecs?
Disabled in the OS
- services.msc
- find the service you want to stop → Stop it → Change ‘Startup type’ to Disabled to prevent it from starting up when rebooting
- this is helpful with a service malware that installs itself as a service - follow those steps to remove it better
same thing can be done with cmd
- sc stop wuauserv (or what ever name of service)
- or net stop (service name)
How do you see services and stop them in Linux & Mac OS?
- ‘top’ in terminal shows processes
- get the PID and type ‘kill ####’
What is a Trusted Operating System (TOS)?
Any OS that meets the requirements set forth by governments and has multilevel security
What OS meet the criteria for TOS?
- Windows 7 - and newer
- Mac OS X 10.6 - and newer
- FreeBSD (TrustedBSD)
- Red Hat Enterprise Server
What is a requirement to stay TOS
Frequent patching and staying up to date
How do you identify the current version and build of your OS prior to updating a system?
Windows - msinfo32.exe in cmd
What are patches?
A single problem-fixing piece of software for an operating system or application
What is a hotfix?
Exact same as a patch
-A single problem-fixing piece of software for an operating system or application
- Originally it meant that you did not need to reboot the system after a hotfix where as a patch does
What are the categories of updates?
- Security Update
- Critical Update
- Service Pack
- Windows Update
- Driver Update
What is a Security Update?
Software code that is issued for a product-specific security-related vulnerability
- corrects the bug in the code
What is a critical update?
Software code for a specific problem addressing a critical, non-security bug in the software
- e.g. google chrome crashing when loading facebook
What is a service pack?
A tested, cumulative grouping of patches, hotfixes, security updates, critical updates, and possibly some feature or design changes
