Intro to Computer Security: Operating System Hardening

Questions and Answers

What is the primary objective of operating system hardening?

To properly configure a secure Linux system

To secure internal machines and applications (correct)

To implement firewalls and proxy servers

To update the hardware of the system

Default user accounts like 'Win Server' and 'DB' should be changed to enhance system security.

True

What policy determines the number of failed sign-in attempts that will cause a user account to be locked?

Account Lockout Threshold

What is the purpose of a Patch Management System?

To manage and regularly update missing software patches in a network of computers

Which setting is recommended to increase computer security in the Windows Registry?

Null session access

What is a computer virus?

A type of malicious code or program written to alter the way computers operate

Explain how a computer virus spreads.

A computer virus spreads by replicating itself and spreading to other machines, either through network connections, emails, or website deliveries.

A computer virus may or may not have a malicious __________.

payload

Virus scanners work by comparing files on a computer to a list of known virus files.

True

What is an important factor to consider when choosing antivirus software?

The technical specifications of the software

Match the virus scanning technique with its description:

E-mail and attachment scanning = Scans email content and attachments for viruses Download scanning = Scans downloaded files for viruses File scanning = Scans files on the computer for viruses Heuristic scanning = Scans for patterns or behaviors indicating a potential virus Active code scanning = Scans for active malicious code in programs Instant messaging scanning = Scans instant messaging conversations for virus links or malware

Study Notes

Operating System Hardening

• Hardening of the operating system (OS) involves configuring an OS securely, updating it, creating rules and policies to govern the system in a secure manner, and removing unnecessary applications and services.
• The goal of OS hardening is to reduce the chance of a computer operating system becoming vulnerable to attacks.

Securing Windows OS

• Disable default user accounts and change default usernames and passwords.
• Avoid using default accounts if possible and restrict user access to downloading, installing, and accessing the server/VPN.
• Delete unused files and folders and apply the latest patches to secure the system.

Configuring Windows OS

• Set security policies to prevent user error, which can lead to successful cyberattacks.
• Create and update user policies, and ensure all users are aware of and comply with these procedures.
• Implement password policies, account lockout policies, and restrict user access.

Password Policy

• Default Windows password policies should be updated to ensure stronger passwords.
• Recommended password settings include:
  • Password length: 8 characters
  • Password age: 60 days
  • Password history: 12 passwords
  • Account lockout duration: 30 minutes
  • Account lockout threshold: 3 attempts
  • Reset account lockout counter after: 30 minutes

Registry Settings

• The Windows Registry stores information and settings for software programs, hardware devices, user preferences, and operating system configuration.
• Registry settings can be altered to increase computer security.
• Restrict null session access, restrict null session access over named pipes, and restrict anonymous access.

Registry Basics

• Core registry folders in the registry include:
  • HKEY_CLASSES_ROOT
  • HKEY_CURRENT_USER
  • HKEY_LOCAL_MACHINE
  • HKEY_USERS
  • HKEY_CURRENT_CONFIG

Services

• Shut down unnecessary services in Windows to prevent security risks.
• Port filtering and firewalls in Windows can be used to secure the system.

Encrypting File System (EFS)

• EFS is a method for securing information on the local computer.
• It is built into Windows and easy to use.
• EFS is virtually transparent to the user.

Security Templates

• Security templates are used to manage group policy and ensure consistency across the organization.
• Common security templates include:
  • DC security.inf
  • Hisecdc.inf
  • Hisecws.inf
  • Securedc.inf
  • Securews.inf
  • Setup security.inf

Configuring Linux OS

• Many security principles apply in Linux as they do in Windows.
• Commonalities between Windows and Linux include:
  • Default users and policies
  • Shutting down unnecessary services
  • Configuring the browser securely
  • Routinely patching the system
• Differences between Linux and Windows include:
  • No application should run as the root user
  • Complexity of the root password
  • Disable all console-equivalent access for regular users
  • Hide system information

Patching the OS

• Patches have a critical role in fixing security holes.
• Patch management systems manage and regularly update missing software patches in a network of computers.
• Windows and Linux have their own patch update systems.

Configuring Browsers

• Browsers are not set up in a secure default configuration.
• Browser security and privacy settings include:
  • Keeping browsers up to date
  • Enabling automatic updates
  • Blocking pop-ups, plug-ins, and phishing sites
  • Setting the browser not to store passwords
  • Disabling third-party cookies
  • Prompting for first-party cookies and always allowing session cookies
  • Browser-specific settings, such as installing the uBlock Origin add-on in Firefox and disabling Java in Safari.

Defending Against Virus Attacks

• Objectives:
  • Explain how virus attacks work
  • Explain how viruses spread and propagate
  • Distinguish between different types of virus attacks
  • Employ virus scanners to detect viruses
  • Have a working knowledge of several specific viruses
  • Formulate an appropriate strategy to defend against virus attacks

Understanding Virus Attacks

• A computer virus is a type of malicious code or program that alters/harms the way a computer operates and replicates itself to spread to other machines.
• Characteristics of a computer virus:
  • Self-replicates
  • Spreads rapidly
  • May or may not have a malicious payload
• Classification of threats:
  • Malware attack (stands for malicious software)
  • Examples of malware: viruses, worms, Trojan horses, adware, spyware, ransomware, bot

How does a Virus Spread?

• Through network connections, copying itself to other hosts on the network
• Through email propagation, mailing itself to everyone in the host's address book
• Through website delivery, relying on end-user negligence
• Multiple vectors for a virus are becoming more common

Types of Viruses

• Macro virus
• Multi-partite virus
• Armored virus
• Memory resident virus
• Sparse infector virus
• Polymorphic virus
• Examples: Minmail virus, Rombertik, Gameover ZeuS, FakeAV, Sobig virus

Virus Scanners

• Software that tries to prevent viruses from infecting machines
• Works in two ways:
  • Contains a list of known virus files and compares files on the computer to that list
  • Monitors the computer for certain types of virus behavior
• Can be on-demand or ongoing scanning

Virus Scanning Techniques

• E-mail and attachment scanning
• Download scanning
• File scanning
• Heuristic scanning
• Active code scanning
• Instant messaging scanning

Commercial Antivirus Software

• Factors to consider when choosing antivirus software:
  • Skill (users need to understand how to use it)
  • Budget (price)
  • Vulnerability (how often is email used or files downloaded?)
• Examples of commercial antivirus software:

Antivirus Policies and Procedures

• Brief summary of possible policies:
  • Always use a virus scanner
  • If unsure about an attachment, do not open it
  • Consider exchanging a code word with friends
  • Do not believe "security alerts" you are sent
  • Be skeptical of any email you are sent
  • Do not download files from the internet

Defending Your System

• Additional methods for defending your system:
  • Set all browsers to block active code
  • Set all user accounts so that they cannot install software or change browser security
  • Segregate subnetworks

Infected by a Virus?

• What to do if your system is infected by a virus:
  1. Stop the spread of the virus
  2. Remove the virus
  3. Find out how the infection started
• Stopping the spread of the virus:
  • Disconnect the WAN or subnet
  • Disconnect vital servers and backup devices
• Removing the virus:
  • Run antivirus software and update it
  • Find removal instructions online
• Finding out how the infection started:
  • Talk to users of infected machines
  • Read online documentation on the virus
  • Check activity logs from the machine

Description

This quiz covers the basics of configuring a secure operating system, including Windows and Linux, and applying security patches and configuring a secure web browser.