OS hardening practices
Hi there. In this video,
we'll discuss operating system, or OS, hardening and why it's
essential to keep the entire network secure.
The operating system is the interface between computer hardware and the user.
The OS is the first program loaded when a computer turns on.
The OS acts as an intermediary between software applications and the computer hardware.
It's important to secure the OS in each system because one insecure OS can
lead to a whole network being compromised.
There are many types of operating systems, and they all share similar security hardening practices.
Let's talk about some of those security hardening practices that are recommended to secure an OS.
Some OS hardening tasks are performed at regular intervals, like updates, backups, and keeping an up-to-date list of devices and authorized users.
Other tasks are performed only once as part of preliminary safety measures.
One example would be configuring a device setting to fit a secure encryption standard.
Let's begin with OS hardening tasks
that are performed at a regular interval, such as patch installation, also known as patch updates.
A patch update is a software and operating system, or OS, update that addresses security vulnerabilities within a program or product.
Now we'll discuss patch updates provided to the company by the OS software vendor.
With patch updates, the OS should be upgraded to its latest software version.
Sometimes patches are released to fix a security vulnerability in the software.
As soon as OS vendors publish a patch and the vulnerability fix, malicious actors know exactly where the vulnerability is in systems
running the out-of-date OS.
This is why it's important for organizations to run patch updates as soon as they are released.
For example, my team had to perform an emergency patch to address a recent vulnerability found in a commonly used programming library.
The library is used almost everywhere, so we had to quickly patch most of our servers and applications to fix the vulnerability.
The newly updated OS should be added to the baseline configuration, also called the baseline image.
A baseline configuration is a documented set of specifications within a system that is used as a basis for future builds,
releases, and updates.
For example, a baseline may contain a firewall rule with a list of allowed and disallowed network ports. If a security team suspects
unusual activity affecting the OS, they can compare the current configuration to the baseline and make sure that nothing has been changed.
Another hardening task performed regularly is hardware and software disposal.
This ensures that all old hardware is properly wiped and disposed of.
It's also a good idea to delete any unused software applications since some popular programming languages
have known vulnerabilities.
Removing unused software makes sure that there aren't any unnecessary vulnerabilities connected with the programs that the software uses.
The final OS hardening technique that we'll discuss is implementing a strong password policy.
Strong password policies require that passwords follow specific rules.
For example, an organization may set a password policy that requires a minimum of eight characters,
a capital letter, a number, and a symbol.
To discourage malicious actors, a password policy usually states that a user will lose access to the network after entering the wrong password a certain number of times in a row.
Some systems also require multi-factor authentication, or MFA.
MFA is a security measure which requires a user to verify their identity in two or more ways to access a system or network.
Ways of identifying yourself include something you know, like a password, something you have like an ID card, or something unique about you, like your fingerprint.
To review, OS hardening is a set of procedures that maintains OS security and improves it.
Security measures like access privileges and password policies frequently undergo regular security checks as part of OS hardening.
Coming up, we'll discuss network hardening practices.
No Comments