Operating System Hardening
Vulnerabilities Unique vulnerabilities for: – Different operating systems – Different vendors – Client and server systems Vendors try to correct Attackers try to exploit Security professionals must keep update
Typical Vulnerabilities Default install Auto login, FTP server, Service exploits Auto Play (C/DVD, USB) Default protocols FTP, HTTP, RDP, Known accounts and passwords Administrator, Root, admin : admin Built-in applications Remote administration File access methods FAT32, Everyone, 777 Physical access Anything could happen Buffer overflows Injection, Adware, Worm
Windows Hardening Security Assesment Identify Asset Risk Assessment Vulnerability & Threats Security Hardening GUI Tools Microsoft Config (msconfig) Services Registry Security Policy (secpol.msc) User Rights Audit Group Policy (gpedit.msc) Windows Settings Windows Behaviour Computer Management (compmgmt.msc) Event Viewer
Windows Hardening Windows Update – Important update Security update Driver / Bug – Optional update Enhancement Non-Essentials Update Type – Patch Bug Fix – Hot Fix Fix Security Flaw – Roll up Cumulative patches & hotfixes – Service pack Added feature
Windows Hardening Configuration Management Security Baseline – A template of configuration that applies to a group of system Antivirus (adware, malware, worm, virus) Event Viewer (Windows Log) Auditing (Action purpose)
Group Policy Applying security baseline
Group Policy Apply template to a system Predefined settings Templates based on role
Windows Hardening File / Print server hardening (Tutorial) Directory service hardening (Tutorial)
Virtualization Technology Honey Pot Testing Patch Management
Directory Service OpenLDAP Microsoft Active Directory Novell eDirectory LDAP client LDAP server LDAP client Stores directory data Directory query