Presentation is loading. Please wait.

Presentation is loading. Please wait.

Operating System Hardening

Published byEleanor Mason Modified over 5 years ago

Similar presentations

Presentation on theme: "Operating System Hardening"— Presentation transcript:

1 Operating System Hardening
Based on slides accompanying the book Network Defense and Countermeasures by Chuck Easttom (2018)

2 Objectives Properly configure a secure Windows system
Properly configure a secure Linux system Apply appropriate operating system patches to Windows Apply application patches Securely configure a web browser

3 Introduction Securely configuring the operating system and its software is a critical step in system security that is often neglected. It is not enough to just implement firewalls and proxy servers, it is also important to secure internal machines and the applications and information they house. You may want to revisit security in-depth and what that means.

4 Configuring Windows Properly
Key configuring tasks include Disable unnecessary services Configure the Registry Enable the firewall Configure the web browser

5 Windows Accounts and Users
Disable default user accounts and groups Disabling the default administrator account is better than renaming it. Other accounts to disable if not used IUSR_MachineName ASP.NET Database accounts Assign each account the least privileges needed to perform the job  The principle of least privileges Discuss the default accounts that are created during installation of Windows.

6 Windows Security Policies
Password policies History, age, length, complexity Account lockout policies Other issues Users should not write passwords down Users should not share passwords Users should have the least privileges required Have separate admin accounts and standard user accounts Only use the admin accounts for tasks that require admin privileges You may want to include a discussion of the information presented in the tables. The following slides have those tables to display if you need them. Explain the additional issues of protecting passwords and granting access when required.

7 Default Windows Password Policies

8 Password Setting Recommendations

9 Windows Lockout Policies

10 Recommended Lockout Policies

11 Registry Basics Hierarchical Database Edit using regedit
Top-level sections HKEY_CLASSES_ROOT HKEY_CURRENT_USER HKEY_LOCAL_MACHINE HKEY_USERS HKEY_CURRENT_CONFIG Explain what registry settings are held in each of these folders.

12 Registry Editing Caution
Incorrect editing of your registry can render parts of your operating system unusable. If you are new to registry editing, do not practice on a production machine that has critical data. Explain the danger associated with editing the registry.

13 Securing the Registry Restrict Null session access
Restrict Null session access over named pipes Restrict anonymous access Change TCP/IP stack settings Disable default administrative shares Disable remote access to the Registry Restrict anonymous access to the Registry Continue discussion of the registry. You may want to demonstrate viewing the registry through regedit. (DO NOT CHANGE ANYTHING HERE, UNLESS YOU KNOW WHAT YOU ARE DOING.) Note Table 8.5 on the next slide.

14 Securing the Registry

15 Working with Window Services
Services run without direct user intervention Referred to as daemons in Linux/Unix Disabling unneeded services can increase security Use the Services.msc console to manage services Be careful not to disable a service that’s needed; Use the Dependencies tab to see whether other services depend on the one you are about to disable Demonstrate the Services console and show how to disable and enable services.

16 Encrypting File System (EFS)
Encrypts files and folders for greater security Uses a method based on public key encryption Virtually transparent to the user Built into Windows and easy to use Discuss EFS and how it benefits the user and how it might affect the user.

17 Security Templates A security template contains hundreds of possible settings that can control a single or multiple computers Settings include user rights, permissions, and password policies Enable administrators to deploy settings with Group Policy Objects (GPOs) Discuss the purpose and use of security templates.

18 Security Templates Hisecdc.inf: Domain controllers (more secure)
Securedc.inf: Domain controllers (less secure) Hisecws.inf: Client computers and member servers Securews.inf: Client computers and member servers Setup security.inf: Reapplies the default security settings of a freshly installed computer Explain the differences between each of these different templates. Refer to the end-of-chapter exercise on security templates for practice.

19 Configuring Linux Properly
Many security principles apply in Linux as they do in Windows Commonalities between Windows and Linux Default users and policies (names are different) All services not in use should be shut down Browser must be configured securely Routinely patch the OS Explain the commonalities between Linux and Windows and that differences reside in the implementation, not necessarily in how the security policies act.

20 Configuring Linux Properly cont.
Differences between Linux and Windows No application should run as the root user Root password must be complex and changed frequently Disable all console-equivalent access for regular users Hide your system information Discuss how the two operating systems differ.

21 Patching the Operating System
Allow Windows Update to run automatically in Windows to keep the OS up to date In Linux, open up a terminal window and type sudo apt-get upgrade.

22 Configuring Browsers Privacy settings Security settings
Block third-party cookies Prompt for first-party cookies Always allow session cookies Security settings Limit what can run Unsigned components ActiveX Java Explain where and how you would configure the privacy and security settings in IE. You might give examples both in Windows and Macintosh.

23 Configuring Browsers Each browser has its own way of changing settings
General principles: Limit cookies Do not allow ActiveX to run without your knowledge Do not allow any scripts to execute without your knowledge Provide examples of the differences between IE and other browsers such as Chrome and Firefox.

24 Summary Hardening of operating systems is a critical part of network security Proper security configuration can make hacking more difficult Encrypted File System (EFS) can secure information on the local computer Disable unneeded services in Windows Proper Registry settings are also key in a Windows environment

25 Summary Failure to properly configure Registry settings will greatly reduce the security of the computer Securing the browser can limit exposure to malware Summarize the finer points of securing your browser.

Download ppt "Operating System Hardening"

Similar presentations

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 3 Configuring the Windows Server 2008 Environment.

MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 3 Configuring the Windows Server 2008 Environment.
Configuring Windows Internet Explorer 7 Security Lesson 5.

Configuring Windows Internet Explorer 7 Security Lesson 5.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 14: Windows Server 2003 Security Features.
Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.

Hands-On Microsoft Windows Server 2003 Administration Chapter 4 Managing Group Policy.
11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.

11 SUPPORTING LOCAL USERS AND GROUPS Chapter 3. Chapter 3: Supporting Local Users and Groups2 SUPPORTING LOCAL USERS AND GROUPS  Explain the difference.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:

Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:
Remote Desktop Security Raghav Chawla, Jon Ussery Group 20.

Remote Desktop Security Raghav Chawla, Jon Ussery Group 20.
Terminal Server © N. Ganesan, Ph.D.. Reference Thin-Client Concept Thin-Client concept tutorial.

Terminal Server © N. Ganesan, Ph.D.. Reference Thin-Client Concept Thin-Client concept tutorial.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.

Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
Users and Groups Security Architecture Editing Security Policies The Registry File Security Auditing/Logging Network Issues (client firewall, IPSec, Active.

Users and Groups Security Architecture Editing Security Policies The Registry File Security Auditing/Logging Network Issues (client firewall, IPSec, Active.

Similar presentations

Ads by Google