operating system hardening vulnerabilities
play

Operating System Hardening Vulnerabilities Unique vulnerabilities - PowerPoint PPT Presentation

Operating System Hardening Vulnerabilities Unique vulnerabilities for: Different operating systems Different vendors Client and server systems Vendors try to correct Attackers try to exploit Security professionals must


  1. Operating System Hardening

  2. Vulnerabilities • Unique vulnerabilities for: – Different operating systems – Different vendors – Client and server systems • Vendors try to correct • Attackers try to exploit • Security professionals must keep update

  3. Typical Vulnerabilities • Default install • Auto login, FTP server, • Service exploits • Auto Play (C/DVD, USB) • Default protocols • FTP, HTTP, RDP, • Known accounts and passwords • Administrator, Root, admin : admin • Built-in applications • Remote administration • File access methods • FAT32, Everyone, 777 • Physical access • Anything could happen • Buffer overflows • Injection, Adware, Worm

  4. Windows Hardening Security Assesment GUI Tools • Microsoft Config (msconfig) • Identify Asset • Services • Risk Assessment • Registry • Vulnerability & Threats • Security Policy (secpol.msc) • Security Hardening • User Rights • Audit • Group Policy (gpedit.msc) • Windows Settings • Windows Behaviour • Computer Management (compmgmt.msc) • Event Viewer

  5. Windows Hardening • Windows Update • Update Type – Important update – Patch • Security update • Bug Fix • Driver / Bug – Hot Fix – Optional update • Fix Security Flaw • Enhancement – Roll up • Non-Essentials • Cumulative patches & hotfixes – Service pack • Added feature

  6. Windows Hardening • Configuration Management • Security Baseline – A template of configuration that applies to a group of system • Antivirus (adware, malware, worm, virus) • Event Viewer (Windows Log) • Auditing (Action purpose)

  7. Group Policy • Applying security baseline

  8. Group Policy • Apply template to a system Predefined settings Templates based on role

  9. Windows Hardening • File / Print server hardening (Tutorial) • Directory service hardening (Tutorial)

  10. Virtualization Technology • Honey Pot • Testing • Patch Management

  11. Directory Service • OpenLDAP LDAP client • Microsoft Active Directory • Novell eDirectory Directory query LDAP server LDAP client Stores directory data Directory query

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend


More recommend