Unit 7: Operating System (OS) Security
Any operating system (OS) connected to a network is considered at risk of unauthorized disclosure. Networks have security systems in place, but an OS should still be hardened in case of unauthorized access. This unit addresses the methods used to harden an OS, protection methods such as antivirus and antimalware software, and OS firewalls and security tools that can provide OS security.
Completing this unit should take you approximately 2 hours.
Upon successful completion of this unit, you will be able to:
- describe the methods used to harden an OS and minimize threats;
- discuss how antivirus and antimalware tools provide OS protection;
- explain the method of protection provided by an OS firewall; and
- identify security tools used to assess the vulnerabilities of an OS.
7.1: OS Hardening
To secure an operating system (OS) means to harden the OS. Techniques used to harden systems are performed by a system administrator (SA) but are verified by an information security professional. Techniques used to harden a system may include regular system patching, account configuration, or system changes that are made as required by a security technical implementation guide (STIG). These techniques are performed by a SA, but the information security professional will verify that the technique is in place or was accurately performed. These tools and techniques protect against threats and reduce risks. This section will discuss OS hardening and includes account configuration, patching, and auditing.
The only way to ensure a system is completely secure is to eliminate any connectivity and to place the system in a secure area. Since this defeats the purpose of resource connectivity, the next best thing is to harden the operating system (OS). Hardening the OS means to remove all vulnerabilities possible from the system. What can be removed, avoided, disabled, or configured to harden an OS? How can you harden your personal devices?
When hardening servers, there are some common techniques that should be observed. This video describes how to address the presence of things like telnet, tcpwrappers, and shadow passwords. What should you do when hardening a server?
When hardening a system, it is important to set up logging and to monitor the log files. It is also important to remove or disable unnecessary accounts and services. As you watch this video, note how security can be enhanced with log files, and take note of the system logs that should be reviewed. How should logs be formatted to make viewing of anomalous activity easy? When hardening individual systems, what should be disabled and what should be protected?
Once a user is authenticated and is allowed access files on a system, how can limitations be placed on the tasks a user can perform? A user is granted permissions so that a user may be able to read a file while another can read and edit the same file. Watch this video to understand how user and group settings in a Windows system are used to allow or disallow an authorized user access to files. What is the difference between a user and an administrator account? What is the difference between a power user, a standard user, and a guest account? Name some permissions a user may be given.
It can be costly for an organization to not have a regular patching schedule and ongoing updates. Even though patching an operating system (OS) is important, patching applications is just as important. Read this article to understand why organizations sometimes do not make patching a priority. Make note of why patching is important and the reasons why patching is often neglected.
As you read in the previous section, there are many reasons why patching does not occur within an organization. One main reason for refusing to patch is that the patches may break the system. While reading, note how some organizations handle system patching to ensure patching does not break their production systems.
Read the section on access control assurance in this article to learn about system auditing. Auditing a system is important to verify that security policies are being followed. When reading, learn what auditing is and what should be audited on a system. Why information can be tracked through system auditing? How should audit and log data be protected to ensure confidentiality and integrity?
7.2: OS Protection Methods
Additional tools that can protect an operating system are antivirus and antimalware software. These tools are installed by a system administrator (SA) but the type of software may be chosen or approved by a security professional. Antivirus software detects and protects against viruses that can attack a system while antimalware detects and removes malware. In this section you will learn the difference between antivirus and antimalware software and how each one detects threats.
Antivirus software protects a system from becoming infected with a virus. This video discusses what antivirus software is, how it works, and how to use the software once it is installed on a system. How do antivirus applications find viruses on a system? Why is it important to update your antivirus software as updates are available? What does antivirus software do with infected files?
You learned about malware and about viruses in unit two and you should now understand the two terms. But what is the difference between antivirus and antimalware software? Do you need both types to secure your operating system (OS)? Read this article to learn why antimalware is needed and be able to explain why it is needed on systems today. What is meant by the term heuristics?
7.3: OS Firewalls
The purpose of firewalls are to shield systems from external attacks. Firewalls may be a part of the operating system (OS), as it is in the Linux OS through the use of iptables. First, the security professional determines the traffic that should be allowed or denied, then the system administrator (SA) codes the iptables according to those requirements. In this section, the OS firewall tools in the form of iptables that are coded in the Linux OS are described.
Firewalls are tools that can protect an OS. Linux has iptables and firewalld, which contain firewall rules and can manage firewall rules in Linux. Essentially, iptables and firewalld are configured by the systems administrator to reject or accept traffic. While you are not expected to be able to configure a system, read this article to see how iptables can control incoming or outgoing traffic. Why does the order of the rules matter?
7.4: OS Security Tools
Scanners detect vulnerabilities in systems, but how does a scanner find the vulnerabilities? Watch this video and be able to describe six steps in the scanning process. Do scanners exploit the vulnerabilities found in a system?
A data breach can cause a loss of reputation as well as a financial impact to an organization. The assessment of vulnerabilities on a system before a breach happens can help to circumvent a breach. Watch this video to learn what a vulnerability assessment is and why organizations need them. Be prepared to describe a vulnerability assessment to include identifying vulnerabilities, the business impact, vulnerability scans, and the risk management strategy in brief detail.
OpenSCAP is a tool to find vulnerabilities and configuration errors on a Windows or on a Linux system. SCAP is a security content automation protocol, or a set of security standards developed by the National Institute of Standards and Technology (NIST). The tool is installed on a computer system and ran on the system to evaluate known vulnerabilities. You should understand the concept of OpenSCAP and how it checks vulnerabilities on a system. What are the limitations of OpenSCAP and why does it have these limitations?
Unit 7 Assessment
- Receive a grade
Take this assessment to see how well you understood this unit.
- This assessment does not count towards your grade. It is just for practice!
- You will see the correct answers when you submit your answers. Use this to help you study for the final exam!
- You can take this assessment as many times as you want, whenever you want.