OS hardening practices Hi there. In this video, we'll discuss operating system, or  OS, hardening and why it's essential to keep the entire network secure. The operating system is  the interface between computer hardware and the user. The OS is the first program  loaded when a computer turns on. The OS acts as an intermediary  between software applications and the computer hardware. It's important to secure the OS in each system  because one insecure OS can lead to a whole network being compromised. There are many types of operating systems, and they  all share similar security hardening practices. Let's talk about some of  those security hardening practices that  are recommended to secure an OS. Some OS hardening tasks  are performed at regular intervals,  like updates, backups, and keeping  an up-to-date list of devices and authorized users. Other tasks are performed only  once as part of preliminary safety measures.  One example would be configuring a device setting to fit a secure encryption standard. Let's begin with OS hardening tasks that are performed at a regular interval,  such as patch installation,  also known as patch updates. A patch update is a software and operating system, or  OS, update that addresses  security vulnerabilities within a program or product. Now we'll discuss patch updates provided  to the company by the OS software vendor.  With patch updates, the OS should be upgraded to its latest software version.  Sometimes patches are released to fix a security vulnerability in the software. As soon as OS vendors publish  a patch and the vulnerability fix,  malicious actors know exactly where  the vulnerability is in systems running the out-of-date OS. This is why it's important for organizations to run  patch updates as soon as they are released. For example, my team  had to perform an emergency patch to  address a recent vulnerability  found in a commonly used programming library. The library is used almost everywhere,  so we had to quickly patch most of our servers and  applications to fix the vulnerability.  The newly updated OS should be  added to the baseline configuration,  also called the baseline image. A baseline configuration is a documented set of  specifications within a system  that is used as a basis for future builds, releases, and updates. For example, a baseline may contain  a firewall rule with a list of  allowed and disallowed network ports.  If a security team suspects unusual activity affecting the OS,  they can compare the current configuration to  the baseline and make sure that nothing has been changed. Another hardening task performed regularly is  hardware and software disposal.  This ensures that all old hardware is properly wiped and disposed of.  It's also a good idea to delete any unused software applications since  some popular programming languages have known vulnerabilities. Removing unused software makes sure that there aren't  any unnecessary vulnerabilities connected  with the programs that the software uses. The final OS hardening technique that we'll  discuss is implementing a strong password policy. Strong password policies require  that passwords follow specific rules. For example, an organization may set  a password policy that requires  a minimum of eight characters, a capital letter, a number, and a symbol. To discourage malicious actors,  a password policy usually  states that a user will lose access to  the network after entering  the wrong password a certain number of times in a row. Some systems also require  multi-factor authentication, or MFA.  MFA is a security measure which requires a user to verify their identity in  two or more ways to access a system or network. Ways of identifying yourself include  something you know, like a password,  something you have like an ID card,  or something unique about you, like your fingerprint. To review, OS hardening is a set of procedures that  maintains OS security and improves it.  Security measures like access privileges and password policies  frequently undergo regular security checks  as part of OS hardening. Coming up, we'll discuss network hardening practices.