Using the required reading and any other resources you might find helpful, write

Question

Using the required reading and any other resources you might find helpful, write a few paragraphs regarding development of an effective approach to operating system and application hardening for your project organization. Be sure to cover the following topics: Conduct a comprehensive and detailed analysis of techniques for hardening operating systems and applications. Describe vulnerabilities related to the failure to harden operating systems and applications. Identify controls necessary to defend against those vulnerabilities. Develop a strategy for operating system and application security as a component of an overall security management plan. Use proper APA (6th edition) style and formatting for all references and citations.

Explanation / Answer

Operating System Hardening

The hardening of operating systems involves ensuring that the system is configured to limit the possibility of either internal or external attack. While the methods for hardening vary from one operating system to another the concepts involved are largely similar regardless of whether Windows, UNIX, Linux, MacOS X or any other system is being baselined. Some basic hardening techniques are as follows:

Non-essential services - It is important that an operating system only be configured to run the services required to perform the tasks for which it is assigned. For example, unless a host is functioning as a web or mail server there is no need to have HTTP or SMTP services running on the system.

Patches and Fixes - As an ongoing task, it is essential that all operating systems be updated with the latest vendor supplied patches and bug fixes (usually collectively referred to as security updates).

Password Management - Most operating systems today provide options for the enforcement of strong passwords. Utilization of these options will ensure that users are prevented from configuring weak, easily guessed passwords. As an additional levels of security include enforcing the regular changing of passwords and the disabling of user accounts after repeated failed login attempts.

Unnecessary accounts - All guest, unused and unnecessary user accounts must be disabled or removed from operating systems. It is also vital to keep track of employee turnover so that accounts can be disabled when employees leave an organization.

File and Directory Protection - Access to files and directories must be strictly controlled through the use of Access Control Lists (ACLs) and file permissions.

File and File System Encryption - Some filesystems provide support for encrypting files and folders. For additional protection of sensitive data it is important to ensure that all disk partitions are formatted with a file system type with encryption features (NTFS in the case of Windows).

Enable Logging - It is important to ensure that the operating system is configured to log all activity, errors and warnings.

File Sharing - Disable any unnecessary file sharing.

OS Hardening Tips

While different operating systems have their own intricacies, there are recommended practices that apply universally. This list is not all-inclusive and you may implement additional best practices when applicable. However, in order to minimize clients' risk of suffering a cyber attack, adhere to the following protocol:

1. Programs clean-up – Remove unnecessary programs. Every program is another potential entrance point for a hacker. Cleaning these out helps you limit the number of ways in. If the program is not something the company has vetted and "locked down," it shouldn’t be allowed. Attackers look for backdoors and security holes when attempting to compromise networks. Minimize their chances of getting through.

2. Use of service packs – Keep up-to-date and install the latest versions. It’s that simple. No one thing ensures protection, especially from zero-day attacks, but this is an easy rule to follow.

3. Patches and patch management – Planning, testing, implementing and auditing patches should be part of a regular security regimen. Make sure the OS is patched regularly, as well as the individual programs on the client's computer.

4. Group policies – Define what groups can or can’t access and maintain these rules. Sometimes, it’s simply user error that leads to a successful cyber attack. Establish or update user policies and ensure all users are aware and comply with these procedures. For example, everyone should be implementing strong passwords, securing their credentials and changing them regularly.

5. Security templates – Groups of policies that can be loaded in one procedure; they are commonly used in corporate environments.

6. Configuration baselines – Baselining is the process of measuring changes in networking, hardware, software, etc. To create a baseline, select something to measure and measure it consistently for a period of time. Establish baselines and measure on a schedule that is acceptable to both your standard for maintaining security and meeting your clients' needs.

Related Questions

Navigate

• Browse (All)
• Browse U
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.