CompTIA Server+ Certification (Exam SK0-004) 5.3 Server Hardening

Understand the concepts of hardening, baseline configurations, and host management Apply operating system and application software patches and firmware updates The number in the bottom right corner of the slides refers back to the page where this topic starts in the course book. 5.3 Server Hardening

Baseline OS Security and Settings Attack surface Interfaces Services Application service ports Install to secure configuration Uninstall or disable unnecessary devices / services / protocols Install patches and updates Configure shared resources / ACLs and user privileges Install and configure security software Anti-malware Host firewall / IDS Server application hardening Execution control (white listing / black listing) 5.3 Server Hardening

Firmware Security System passwords Supervisor / Administrator User Disable Wake on LAN (WoL) and hardware Intrusion detection 5.3 Server Hardening

Patch Management Security control improving availability Update policies and schedule Apply all latest Only apply specific patches Testing 5.3 Server Hardening

Windows Update Types of patches and service packs Windows Update web client Windows Server Update Services (WSUS) 5.3 Server Hardening

Linux Patch Management Distribution repositories Source code versus precompiled Package managers (rpm, apt-get, yum) 5.3 Server Hardening

Upgrading Firmware Update via vendor website / update tool Updates for security software Firmware updates 5.3 Server Hardening

Understand the concepts of hardening, baseline configurations, and host management Apply operating system and application software patches and firmware updates What general procedures are involved in server hardening? Establish a configuration baseline identifying the necessary services and ports that should be open and running and software that should be installed and disable or uninstall everything else. Make sure that OS and application patches and drivers are kept up-to-date. Configure security software and access permissions / privileges appropriately. In a security context, what would disabling WoL achieve? Prevent a server from being turned on over the network without authorization. What is WSUS? Windows Server Update Services is a Windows service for managing product update deployment. Name three Linux package managers that can be configured to install application updates. rpm (RedHat), apt-get (Debian), and yum (Fedora). Following an update cycle, multiple servers in your company are experiencing high packet loss due to checksum errors. What type of update rollback is most likely to fix this type of problem? Most likely to be a driver issue. What type of update is most likely to require frequent installation and least likely to require extensive testing? Security software (anti-malware) updates are often issued frequently and should have the least impact on system reliability, though problems can occur. 5.3 Server Hardening