Professional Documents
Culture Documents
System Hardening
Shoring up defenses, reducing exposed functionality, disabling less-used
features
Called attack surface reduction
80/20 rule of functionality
The Pareto principle (also known as the 80/20 rule, the law of the vital
few, or the principle of factor sparsity) states that, for many events,
roughly 80% of the effects come from 20% of the causes.
Not always achievable
Strip mobile code support on servers
Servers easier to harden
Used for specific and controlled purposes
Administrative users with better skills than workstation users
System Hardening
The process of securing and preparing a system for the
production environment is called hardening this will
reduce the IT vulnerability.
Systems hardening is a collection of tools, techniques, and best
practices to reduce vulnerability in technology applications, systems,
infrastructure, firmware, and other areas. The goal of systems
hardening is to reduce security risk by eliminating potential attack
vectors
Source:Principles of Computer Security: CompTIA Security+ and Beyond, Fifth Edition, 5th Edition,2018
The vulnerabilities can occur in multiple ways,
Solution- Hardening
Harden operating systems and network operating systems, Implement host-level security,
Harden applications, Establish group policies, Secure alternative environments
Hardening systems, servers, workstations, networks, and applications is a process of
defining the required uses and needs and then aligning security controls to limit a system’s
desired functionality.
Video link
Also have the very powerful netfilter Linux kernel native firewall
mechanism and iptables user-space front end
Useful on firewalls, servers, desktop
Typically for “personal” firewall use will:
Allow incoming requests to specified services
Block all other inbound service requests
Allow all outbound (locally-originating) requests
Do have automated rule generators
If need greater security, manual configuration is required
Antivirus Software
Historically Linux not as vulnerable to viruses
Windows targeted more due to popularity
Prompt patching of security holes more effective for worms
Viruses abuse users privileges
Non-privileged user account
Less scope of being exploited
Growing Linux popularity means growing exploits
Hence antivirus software will be more important
Various commercial and free Linux A/V
Basis for comparison Virus Worm Trojan Horse
Initiates by attaching a virus to an Utilizes system or application Attaches itself to a program and
Infection
executable file. weaknesses. interpret as useful software.
Purpose Modification of the information. Halt the CPU and memory. Steals the user's information.
User Management
Disabling unnecessary ports and services prevents their use by unauthorized users and
improves system throughput and increases security. Systems have ports and connections
that need to be disabled if not in use.
Secure configurations
Disable default accounts/passwords
Application whitelisting/blacklisting
Sandboxing refers to the quarantine or isolation of a system from its surroundings
Server Hardening
Remove unnecessary protocols such as Telnet, NetBIOS, Internetwork Packet Exchange (IPX), and File
Transfer Protocol (FTP).
Remove unnecessary programs such as Internet Information Services (IIS).
Remove all shares that are not necessary.
Rename the administrator account, securing it with a strong password.
Remove or disable the Local Admin account in Windows.
Disable unnecessary user accounts.
Disable unnecessary ports and services.
Keep the operating system (OS) patched and up to date.
Keep all applications patched and up to date.
Turn on event logging for determined security elements.
Control physical access to servers.
Securing a Workstation
Remove unnecessary protocols such as Telnet, NetBIOS, and IPX, unnecessary software, modems unless
needed and authorized and all shares that are not necessary.
Rename the administrator account, securing it with a strong password.
Disable the Local Admin account in Windows, unnecessary user accounts and unnecessary ports and
services.
Install an antivirus program and keep abreast of updates and firewall.
Keep the operating system (OS) and applications patched and up to date.
Turn on event logging for determined security elements.
Anti Malware
Antivirus (AV) products attempt to identify, neutralize, or remove malicious programs, macros, and files.
Signature-based scanning - Much like an intrusion detection system (IDS), the antivirus products scan
programs, files, macros, e-mails, and other data for known worms, viruses, and malware. The antivirus
product contains a virus dictionary with thousands of known virus signatures that must be frequently
updated,
Heuristic scanning - is a method of detecting viruses by examining code for suspicious properties. To
counter this problem, the heuristic model was specifically designed to spot suspicious characteristics that
can be found in unknown, new viruses and modified versions of existing threats as well as known malware
samples.
Network Hardening
Proper controls over network access must be established on computers by controlling the services that are
running and the ports that are opened for network access
These network devices should be configured with very strict parameters to maintain network security.
Like normal computer OSs that need to be patched and updated, the software that runs network
infrastructure components needs to be updated regularly.
An outer layer of security should be added by implementing appropriate firewall rules and router Access
Control Lists.
Application Hardening