Operating system security

- Security administrators are often responsible for the configuration of operating systems to meet an organization's security control requirements. This configuration work may include all types of end point devices from laptops and servers to smartphones and tablets. This is an extremely important responsibility because attackers can exploit a security vulnerability in one endpoint device, and then use that access to gain access to an entire network. Let's take a look at some important operating system security issues. There are many different security settings in any operating system that you can customize to meet the security needs of your organization. You'll want to establish a security baseline for your organization. That includes the settings important in your environment. One of these is limiting the access that users have to administrative resources because this level of administrative access can often result in a security compromise. Let's look at how to limit administrative access on this windows server. Windows manages many security settings through group policy, objects, or GPOs. We want to ensure that users on endpoint devices in this domain don't have administrative access to their computers. We can do that here in the group policy management tool. I'm going to navigate through the folder for my domain certmike.com and then the group policy objects folder. Now that I'm here, I'm going to create a new group policy object for this domain by right clicking and choosing new. It's important to give GPOs a descriptive name because you're wanting to remember what the GPO does when you come back and look at this GPO months, or even years later, we'll call this one limit administrative access to local systems. Once I click, okay, you can see that GPO here in my list of GPOs, but at this point it's still empty. It's a shell that does nothing. We need this GPO to actually limit administrative access. So let's right click on the GPO and choose edit. I'm going to use this GPO to remove every user from the administrators local group on systems. This is a user configuration setting. So let's expand that folder and drill down into preferences and then control panel settings. Once I'm here, I'm going to right click on local users and groups. And I'm going to tell windows that I want to create a new local group. That's a little confusing terminology because we actually want to remove someone from an existing local group, but we'll tell windows that in just a moment, see here where it selected the action update instead of these alternatives create, replace and delete. That means that we're modifying an existing group. The group that we want to modify is the built-in administrators group. So we'll choose that in the group name, menu. And the action that we want to take is to remove the current user from that group. This gives them only normal user access. Clicking apply, applies this update to my domain. The second operating system security issue that we need to discuss is patch management, applying patches to operating systems and applications is critical because it ensures that these systems are not vulnerable to security exploits that have been discovered by attackers. Each time a software vendor discovers a new vulnerability. They create a patch that corrects the problem. Promptly applying patches ensures a clean and tidy operating system and application environment. On a windows system, the windows update mechanism is the simplest way to apply security patches to systems, as soon as they're released. Here we are on that windows system again, looking at the system settings, I'm going to choose update and security. And when I do that, I see a screen giving me status information about windows update. Now I can see this was just recently checked for updates at 5:43 PM today. And the system is telling me that it has all current updates applied. I can click the check for updates button and just run that check again, to see if any new updates have been released in the meantime. I find out when I do that, there actually is an update available and the system begins downloading and installing that new update. In these settings, I can also manage some of the automatic download settings, the hours during which a system will be upgraded and rebooted and other details about how windows updates itself. Now, let's look at applying updates on a Linux system. There are several different ways to update Linux systems that vary, depending upon the distribution that you're using. I'm opening an SSH session here to a Linux system, running an Amazon web services. That's running the Ubuntu Linux distribution. And as you can see here, the system is telling me on the login banner that there are 149 package updates available. And 71 of those updates are security updates. I can go ahead and apply these updates using the app to get command. The first thing I'm going to do is type the command Sudu, S U D O. That simply means I'd like to run the command following this as the root user, that gives me administrative privileges that are required to install updates. The next thing I'm going to do is issue the apt-get command. This is the package manager used in a bunch of distributions. And then we're going to issue the update command. This simply says, reach out to the distribution servers and obtain all the latest package updates. It is only retrieving a list of updates. It's not actually applying anything to my system, to apply the updates to my system, downloading them and installing them. I'm going to, again, issue the Sudu command and then apt-get, and then upgrade. Update retrieves a list of packages, upgrade actually downloads and installs them. I then get a long list of all the packages that will be upgraded when I issue this command. And I confirm that I would like to do this. And then the upgrade process begins. Now, depending upon the number of packages that you're upgrading, this may take some time and you'll see lots of texts scrolling by as you're installing those updates on your system. As you can see, when you're applying these updates, you're going to see a lot of status messages telling you different things about different packages that are being upgraded. Most of these are just informational in nature, and then eventually the updates will complete. That's how you apply updates to a Linux system. As a security administrator, you should not only ensure that your systems are configured to receive updates. You should also analyze the output of patch management processes to ensure that those patches were applied properly. Configuration management tools can assist you with automating this work. They also help you keep track of patches to the applications that you run in your organization. We just looked at applying patches to windows and Linux operating systems, but it's also important to ensure that your applications received security updates. Without a patch management tool, this can be an overwhelming task. You'll also want to perform a task known as system hardening. System hardening involves analyzing the default settings of your operating system and removing services and components that are not required to meet your business needs. As you perform system hardening, you should accomplish a few important tasks. First, you should remove any unnecessary software or operating system components to configure the system for the least functionality required to perform its function. This activity is known as reducing the attack surface, the fewer things you have installed on the system, the fewer things there are for an attacker to exploit. Second, you should lock down the host firewall to only allow access to those open ports and services that are intended for use by other systems. We'll talk more about that later in the course. Third, you should disable any default accounts and passwords that came with the operating system or applications that you installed. These default accounts provide attackers with a starting point for brute force attacks. And when they're configured with default passwords, there'll be quickly compromised if exposed to the internet. Finally, you should verify that your system configuration settings match industry best practices. On windows systems, this may mean modifying registry settings to configure your system, to meet minimum security requirements. On Linux systems, you may need to modify configuration files to perform similar hardening tasks.