OS Hardening: Windows and Linux

Questions and Answers

Which principle is LEAST directly addressed when focusing on system integrity checks during OS hardening?

• Integrity, verifying data remains unaltered and trustworthy.
• Authentication, confirming the identity of users or processes.
• Availability, ensuring systems remain operational.
• Confidentiality, protecting sensitive information from unauthorized access. (correct)

What is the MOST critical difference between discretionary access control (DAC) and mandatory access control (MAC) systems like SELinux or AppArmor?

• DAC allows users to set permissions on objects they own, providing flexibility but potential security risks, whereas MAC enforces centrally-defined policies, limiting user discretion but enhancing security. (correct)
• DAC uses security labels for access control decisions, while MAC relies on Access Control Lists (ACLs).
• DAC is centrally managed, while MAC is distributed.
• DAC is focused on preventing privilege escalation, while MAC is designed to ensure data confidentiality.

How does kernel hardening contribute to the overall security posture of a Linux system?

• By automatically backing up system files to prevent data loss.
• By encrypting network traffic to protect against eavesdropping.
• By implementing stricter password policies for user accounts.
• By reducing the kernel's attack surface and preventing exploitation of kernel vulnerabilities. (correct)

What is the MOST significant implication of failing to regularly update the patch management in Windows systems?

Increased risk of security vulnerabilities being exploited by attackers. (C)

Consider a scenario where an organization needs to ensure secure remote access to its Linux servers. Which of the following configurations would provide the MOST robust security against unauthorized access?

Disabling password-based authentication and using only single-factor key-based SSH access; regularly rotate SSH keys. (A)

An administrator configures SELinux in targeted mode. What is the expected behavior of SELinux in this configuration?

SELinux enforces security policies only on specific processes or types of processes. (B)

Which of the following is the MOST effective method to protect sensitive data stored on a laptop in case of theft or loss?

Enabling full disk encryption with a strong passphrase. (A)

Consider a scenario where a web server is serving sensitive data over HTTPS, and an attacker exploits a vulnerability to perform a man-in-the-middle attack. What is the MOST effective countermeasure to prevent the attacker from intercepting and decrypting the traffic?

Enforcing the use of strong TLS cipher suites and regularly updating the server's SSL/TLS certificate. (D)

An organization wants to implement a security measure to detect unauthorized changes to critical system files on its Linux servers. Which technique meets this objective most effectively?

Implementing a host-based intrusion detection system (HIDS) with file integrity monitoring capabilities. (A)

Which of the following techniques is MOST effective in mitigating the risk of privilege escalation attacks on a Windows server?

Implementing the principle of least privilege and regularly auditing user accounts and group memberships. (D)

What is the PRIMARY purpose of using a security baseline in OS hardening?

To establish a minimum security standard and a consistent security configuration across multiple systems. (A)

Which of the following is the MOST important consideration when configuring Windows Firewall on a server?

Allowing only necessary inbound connections required for specific services and applications. (B)

An organization is implementing file system encryption on its Linux servers using LUKS. What is the MOST critical step to take after setting up LUKS?

Backing up the LUKS header and encryption key to a secure, offsite location. (B)

Which of the following is the MOST effective method to prevent brute-force attacks against SSH on a Linux server?

Disabling password authentication and using only key-based authentication. (A)

An administrator discovers an unauthorized process running with elevated privileges on a Windows server. Which of the following actions should the administrator take FIRST?

Identify the process, investigate its origin, and determine the scope of the compromise. (C)

How does the principle of least privilege contribute to OS hardening?

By limiting user access to only the resources and privileges necessary for their job functions. (C)

An organization wants to implement a solution to prevent unauthorized software from running on its Windows systems. Which of the following technologies would be the MOST effective in achieving this goal?

AppLocker or Windows Defender Application Control (WDAC). (B)

What is the PRIMARY benefit of using a jump server (also known as a bastion host) in a hardened network architecture?

To provide a single point of entry for accessing internal resources, limiting the attack surface. (D)

Which of the following is the MOST effective defense against SQL injection attacks on a web server?

Implementing input validation and parameterized queries. (B)

Why is disabling unnecessary services important for OS hardening?

It reduces the attack surface by minimizing potential entry points for attackers. (B)

How does UEFI Secure Boot contribute to OS hardening?

By preventing the execution of unauthorized operating systems and bootloaders. (D)

An organization is concerned about the security of its Windows Server environment. What is the PRIMARY purpose of using the Microsoft Security Compliance Toolkit (SCT)?

To create, customize, and deploy security baselines for Windows Server. (A)

What is the MOST important consideration when implementing logging and auditing on a hardened system?

Regularly reviewing logs for suspicious activity and securely storing logs to prevent tampering. (A)

What is the PRIMARY advantage of using a configuration management tool like Ansible, Chef, or Puppet for OS hardening?

To automate the process of configuring and maintaining consistent security settings across multiple systems. (A)

An organization is implementing a security policy that requires all data at rest to be encrypted. Which of the following technologies would be MOST suitable for encrypting the entire file system on a Windows server?

BitLocker. (D)

How does Address Space Layout Randomization (ASLR) contribute to OS hardening?

By randomizing the memory addresses used by programs, making it more difficult for attackers to exploit memory corruption vulnerabilities. (C)

An organization wants to implement a security measure to prevent users from installing unauthorized applications on their Windows workstations. Which of the following would MOST effectively achieve this goal?

Using Group Policy to restrict software installation and execution. (A)

Consider an environment where network segmentation is used as a security strategy. How does this contribute to OS hardening?

By isolating critical systems and limiting the impact of security breaches. (A)

What is the PRIMARY reason for using a centralized log management system in a hardened environment?

To facilitate the analysis of security events and detect anomalies across multiple systems. (D)

An organization wants to ensure the integrity of its Linux kernel. Which technique would be MOST appropriate for verifying that the kernel has not been tampered with?

Using a tool like AIDE (Advanced Intrusion Detection Environment) to perform file integrity monitoring. (D)

What is a PRIMARY benefit of using immutable infrastructure in a hardened environment?

It reduces the attack surface by preventing unauthorized modifications to systems. (A)

Which of the following is the MOST effective method to prevent cross-site scripting (XSS) attacks on a web application?

Implementing input validation and output encoding. (D)

An organization is implementing a BYOD (Bring Your Own Device) program. Which of the following security measures would be MOST important to protect the organization's data?

Implementing Mobile Device Management (MDM) to enforce security policies and remotely wipe devices. (A)

How does disabling or limiting the use of legacy protocols (e.g., SSLv3, TLS 1.0) contribute to OS hardening and improved security?

It mitigates the risk of exploitation of known vulnerabilities in those protocols. (A)

In the context of hardening a web server, what is the PRIMARY purpose of using a Web Application Firewall (WAF)?

To filter out malicious traffic and prevent common web application attacks. (B)

What is the MOST important consideration when implementing two-factor authentication (2FA) on a system?

Ensuring that the second factor is independent of the primary authentication factor and securely managed. (B)

How does OS security hardening, focusing on CIA (Confidentiality, Integrity, Availability), affect an organization’s overall risk management strategy?

It serves as a foundational element by minimizing the likelihood and impact of cyber threats, thus reducing overall risk exposure. (C)

Flashcards

OS Hardening

The process of securing an operating system to reduce vulnerabilities and protect against threats.

Confidentiality

Protecting information from unauthorized access.

Integrity

Maintaining the accuracy and completeness of data.

Availability

Ensuring that systems and data are accessible when needed.

Group Policy

A feature in Windows that allows centralized management of user and computer settings.

Windows Firewall

A built-in firewall in Windows used to control network traffic.

Patch Management

Regularly updating software to fix security vulnerabilities.

SELinux / AppArmor

A Linux security module providing mandatory access control.

Key-Based Authentication

Using cryptographic keys to authenticate users instead of passwords.

Kernel Hardening

Securing the kernel to mitigate exploits and vulnerabilities.

BitLocker

A Windows feature for encrypting entire drives.

LUKS

A Linux standard for disk encryption.

Study Notes

• Operating system (OS) hardening secures operating systems, focusing on confidentiality, integrity, and availability.

Windows OS Hardening

• Windows OS hardening involves using built-in security features.
• Critical aspects include user account management, strong password policies, and security configurations via Group Policy.

Windows Server Hardening

• Securing Windows Server includes hardening server roles and services.
• Configuring Windows Firewall rules and following patch management best practices are crucial.

Linux OS Hardening

• Linux security relies on its security architecture and access controls.
• SELinux or AppArmor are configured for mandatory access control.
• User and group permissions are essential for managing access.

Linux Server Hardening

• Securing SSH access using key-based authentication is important.
• Network services like Apache and MySQL must be hardened.
• Kernel hardening and system integrity checks are also performed.

File System and Disk Encryption

• File system security involves understanding permissions in Windows NTFS and Linux ext4.
• File and folder encryption can be achieved through tools like BitLocker and LUKS.