Operating System Hardening
In this sample chapter from Network Defense and Countermeasures, 4th Edition, you will learn how to configure Windows and Linux systems for secure operations, apply operating system patches and application patches, and securely configure a web browser.
Chapter Objectives
After reading this chapter and completing the exercises, you will be able to do the following:
Properly configure a Windows system for secure operations.
Properly configure a Linux system for secure operations.
Apply appropriate operating system patches to Windows.
Apply application patches.
Securely configure a web browser.
Introduction
Protecting the system’s perimeters and subnets via firewalls, proxy servers (or NAT-enabled machines), intrusion-detection systems, security information and event management (SIEM) systems, honeypots, and other devices is only one part of securing a network. Even installing antivirus software does not complete a network’s security. To achieve a more secure network, you must perform operating system hardening. This is the process of properly configuring each machine, and especially servers, for the optimum security settings. The word optimum rather than maximum is used for a reason. Maximum security is also the least usable. Optimum security strikes a balance between ease of use and security.
Operating system hardening is a part of defense-in-depth. Yes, you should secure your network perimeter, all servers, routers, and switches, but you must also ensure that the operating systems on all workstations, servers, laptops, tablets, and mobile devices are sufficiently secured.
In this chapter, you will learn how to properly configure Windows 10/11, Linux, and various web browsers. Securely configuring the operating system and its software is a critical step in system security that is frequently ignored. Even relatively naive security administrators often think of installing a firewall or antivirus software, but many fail to harden the individual machines against attacks. Discovering the presence of vulnerabilities allows you to close “open” ports and further restrict “input/output” operations. All of these techniques and procedures are in the overarching area of Risk Management Systems and Information Assurance.
It should be noted that application security is just as important as operating system security. However, there are so many different applications that it is impossible to address secure configuration here, other than to say that you should consult the application documentation and ensure it is securely configured and stays patched/updated. Secure programming is also an important topic, but a completely separate topic outside the scope of this book.
The National Institute of Standards has several standards that are relevant. NIST SP 800-123 is a Guide to General Server Security. One of the major recommendations of this standard is to keep patches updated. The standard also recommends removing all unnecessary services, applications, and network protocols. NIST SP 800-70 National Checklist Program for IT Products: Guidelines for Checklist Users and Developers also emphasizes ensuring the system is properly patched and removing any unnecessary functionality.