Operating System Hardening

Vulnerabilities Unique vulnerabilities for: – Different operating systems – Different vendors – Client and server systems Vendors try to correct Attackers try to exploit Security professionals must keep update

Typical Vulnerabilities Default install Auto login, FTP server, Service exploits Auto Play (C/DVD, USB) Default protocols FTP, HTTP, RDP, Known accounts and passwords Administrator, Root, admin : admin Built-in applications Remote administration File access methods FAT32, Everyone, 777 Physical access Anything could happen Buffer overflows Injection, Adware, Worm

Windows Hardening Security Assesment Identify Asset Risk Assessment Vulnerability & Threats Security Hardening GUI Tools Microsoft Config (msconfig) Services Registry Security Policy (secpol.msc) User Rights Audit Group Policy (gpedit.msc) Windows Settings Windows Behaviour Computer Management (compmgmt.msc) Event Viewer

Windows Hardening Windows Update – Important update Security update Driver / Bug – Optional update Enhancement Non-Essentials Update Type – Patch Bug Fix – Hot Fix Fix Security Flaw – Roll up Cumulative patches & hotfixes – Service pack Added feature

Windows Hardening Configuration Management Security Baseline – A template of configuration that applies to a group of system Antivirus (adware, malware, worm, virus) Event Viewer (Windows Log) Auditing (Action purpose)

Group Policy Applying security baseline

Group Policy Apply template to a system Predefined settings Templates based on role

Windows Hardening File / Print server hardening (Tutorial) Directory service hardening (Tutorial)

Virtualization Technology Honey Pot Testing Patch Management

Directory Service OpenLDAP Microsoft Active Directory Novell eDirectory LDAP client LDAP server LDAP client Stores directory data Directory query