WK4 OS hardening practices Flashcards
OS Hardening
The Operating System hardening
The operating system is the interface between computer hardware and the user. The OS is the first program loaded when a computer turns on. The OS acts as an intermediary between software applications and the computer hardware. It’s important to secure the OS in each system because one insecure OS can lead to a whole network being compromised.
Regular Interval OS Hardening
Some OS hardening tasks are performed at regular intervals, like updates, backups, and keeping an up-to-date list of devices and authorized users.
OS hardening tasks that are performed at a regular interval, such as patch installation, also known as patch updates.
Patch Update
A patch update is a software and operating system, or OS, update that addresses security vulnerabilities within a program or product.
One off OS Hardening tasks
Other tasks are performed only once as part of preliminary safety measures. One example would be configuring a device setting to fit a secure encryption standard.
Regular Interval OS Hardening example 1
Now we’ll discuss patch updates provided to the company by the OS software vendor. With patch updates, the OS should be upgraded to its latest software version. Sometimes patches are released to fix a security vulnerability in the software. As soon as OS vendors publish a patch and the vulnerability fix, malicious actors know exactly where the vulnerability is in systems running the out-of-date OS. This is why it’s important for organizations to run patch updates as soon as they are released.
For example, my team had to perform an emergency patch to address a recent vulnerability found in a commonly used programming library. The library is used almost everywhere, so we had to quickly patch most of our servers and applications to fix the vulnerability.
The newly updated OS should be added to the baseline configuration, also called the baseline image.
A baseline configuration is a documented set of specifications within a system that is used as a basis for future builds, releases, and updates. For example, a baseline may contain a firewall rule with a list of allowed and disallowed network ports. If a security team suspects unusual activity affecting the OS, they can compare the current configuration to the baseline and make sure that nothing has been changed.
A baseline configuration
A baseline configuration is a documented set of specifications within a system that is used as a basis for future builds, releases, and updates. For example, a baseline may contain a firewall rule with a list of allowed and disallowed network ports. If a security team suspects unusual activity affecting the OS, they can compare the current configuration to the baseline and make sure that nothing has been changed.
Regular Interval OS Hardening example 2
Another hardening task performed regularly is hardware and software disposal. This ensures that all old hardware is properly wiped and disposed of. It’s also a good idea to delete any unused software applications since some popular programming languages have known vulnerabilities.
Removing unused software makes sure that there aren’t any unnecessary vulnerabilities connected with the programs that the software uses.
Regular Interval OS Hardening example 3
The final OS hardening technique that we’ll discuss is implementing a strong password policy. Strong password policies require that passwords follow specific rules. For example, an organization may set a password policy that requires a minimum of eight characters, a capital letter, a number, and a symbol. To discourage malicious actors, a password policy usually states that a user will lose access to the network after entering the wrong password a certain number of times in a row. Some systems also require multi-factor authentication, or MFA. MFA is a security measure which requires a user to verify their identity in two or more ways to access a system or network. Ways of identifying yourself include something you know, like a password, something you have like an ID card, or something unique about you, like your fingerprint.
