Questions and Answers
What is the primary objective of operating system hardening?
To secure internal machines and applications
Default user accounts like 'Win Server' and 'DB' should be changed to enhance system security.
True
What policy determines the number of failed sign-in attempts that will cause a user account to be locked?
Account Lockout Threshold
What is the purpose of a Patch Management System?
Signup and view all the answers
Which setting is recommended to increase computer security in the Windows Registry?
Signup and view all the answers
What is a computer virus?
Signup and view all the answers
Explain how a computer virus spreads.
Signup and view all the answers
A computer virus may or may not have a malicious __________.
Signup and view all the answers
Virus scanners work by comparing files on a computer to a list of known virus files.
Signup and view all the answers
What is an important factor to consider when choosing antivirus software?
Signup and view all the answers
Match the virus scanning technique with its description:
Signup and view all the answers
Study Notes
Operating System Hardening
- Hardening of the operating system (OS) involves configuring an OS securely, updating it, creating rules and policies to govern the system in a secure manner, and removing unnecessary applications and services.
- The goal of OS hardening is to reduce the chance of a computer operating system becoming vulnerable to attacks.
Securing Windows OS
- Disable default user accounts and change default usernames and passwords.
- Avoid using default accounts if possible and restrict user access to downloading, installing, and accessing the server/VPN.
- Delete unused files and folders and apply the latest patches to secure the system.
Configuring Windows OS
- Set security policies to prevent user error, which can lead to successful cyberattacks.
- Create and update user policies, and ensure all users are aware of and comply with these procedures.
- Implement password policies, account lockout policies, and restrict user access.
Password Policy
- Default Windows password policies should be updated to ensure stronger passwords.
- Recommended password settings include:
- Password length: 8 characters
- Password age: 60 days
- Password history: 12 passwords
- Account lockout duration: 30 minutes
- Account lockout threshold: 3 attempts
- Reset account lockout counter after: 30 minutes
Registry Settings
- The Windows Registry stores information and settings for software programs, hardware devices, user preferences, and operating system configuration.
- Registry settings can be altered to increase computer security.
- Restrict null session access, restrict null session access over named pipes, and restrict anonymous access.
Registry Basics
- Core registry folders in the registry include:
- HKEY_CLASSES_ROOT
- HKEY_CURRENT_USER
- HKEY_LOCAL_MACHINE
- HKEY_USERS
- HKEY_CURRENT_CONFIG
Services
- Shut down unnecessary services in Windows to prevent security risks.
- Port filtering and firewalls in Windows can be used to secure the system.
Encrypting File System (EFS)
- EFS is a method for securing information on the local computer.
- It is built into Windows and easy to use.
- EFS is virtually transparent to the user.
Security Templates
- Security templates are used to manage group policy and ensure consistency across the organization.
- Common security templates include:
- DC security.inf
- Hisecdc.inf
- Hisecws.inf
- Securedc.inf
- Securews.inf
- Setup security.inf
Configuring Linux OS
- Many security principles apply in Linux as they do in Windows.
- Commonalities between Windows and Linux include:
- Default users and policies
- Shutting down unnecessary services
- Configuring the browser securely
- Routinely patching the system
- Differences between Linux and Windows include:
- No application should run as the root user
- Complexity of the root password
- Disable all console-equivalent access for regular users
- Hide system information
Patching the OS
- Patches have a critical role in fixing security holes.
- Patch management systems manage and regularly update missing software patches in a network of computers.
- Windows and Linux have their own patch update systems.
Configuring Browsers
- Browsers are not set up in a secure default configuration.
- Browser security and privacy settings include:
- Keeping browsers up to date
- Enabling automatic updates
- Blocking pop-ups, plug-ins, and phishing sites
- Setting the browser not to store passwords
- Disabling third-party cookies
- Prompting for first-party cookies and always allowing session cookies
- Browser-specific settings, such as installing the uBlock Origin add-on in Firefox and disabling Java in Safari.
Defending Against Virus Attacks
- Objectives:
- Explain how virus attacks work
- Explain how viruses spread and propagate
- Distinguish between different types of virus attacks
- Employ virus scanners to detect viruses
- Have a working knowledge of several specific viruses
- Formulate an appropriate strategy to defend against virus attacks
Understanding Virus Attacks
- A computer virus is a type of malicious code or program that alters/harms the way a computer operates and replicates itself to spread to other machines.
- Characteristics of a computer virus:
- Self-replicates
- Spreads rapidly
- May or may not have a malicious payload
- Classification of threats:
- Malware attack (stands for malicious software)
- Examples of malware: viruses, worms, Trojan horses, adware, spyware, ransomware, bot
How does a Virus Spread?
- Through network connections, copying itself to other hosts on the network
- Through email propagation, mailing itself to everyone in the host's address book
- Through website delivery, relying on end-user negligence
- Multiple vectors for a virus are becoming more common
Types of Viruses
- Macro virus
- Multi-partite virus
- Armored virus
- Memory resident virus
- Sparse infector virus
- Polymorphic virus
- Examples: Minmail virus, Rombertik, Gameover ZeuS, FakeAV, Sobig virus
Virus Scanners
- Software that tries to prevent viruses from infecting machines
- Works in two ways:
- Contains a list of known virus files and compares files on the computer to that list
- Monitors the computer for certain types of virus behavior
- Can be on-demand or ongoing scanning
Virus Scanning Techniques
- E-mail and attachment scanning
- Download scanning
- File scanning
- Heuristic scanning
- Active code scanning
- Instant messaging scanning
Commercial Antivirus Software
- Factors to consider when choosing antivirus software:
- Skill (users need to understand how to use it)
- Budget (price)
- Vulnerability (how often is email used or files downloaded?)
- Examples of commercial antivirus software:
Antivirus Policies and Procedures
- Brief summary of possible policies:
- Always use a virus scanner
- If unsure about an attachment, do not open it
- Consider exchanging a code word with friends
- Do not believe "security alerts" you are sent
- Be skeptical of any email you are sent
- Do not download files from the internet
Defending Your System
- Additional methods for defending your system:
- Set all browsers to block active code
- Set all user accounts so that they cannot install software or change browser security
- Segregate subnetworks
Infected by a Virus?
- What to do if your system is infected by a virus:
- Stop the spread of the virus
- Remove the virus
- Find out how the infection started
- Stopping the spread of the virus:
- Disconnect the WAN or subnet
- Disconnect vital servers and backup devices
- Removing the virus:
- Run antivirus software and update it
- Find removal instructions online
- Finding out how the infection started:
- Talk to users of infected machines
- Read online documentation on the virus
- Check activity logs from the machine
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
