Lec 03- Operating System Hardening

In this module we cover:

  • Service packs and hot fixes
  • Patches and Patch management
  • Group Policy security templates
  • Configuration Baseline

Service Packs and Hot fixes

Hot fixes are bug fixes. Hot fixes are synonyms for updates. Hot fix can address vulnerability.

Accumulated fixes/updates are called services packs. Windows call it service packs, and apple calls it support packs.  Service packs are large and hot fixes are small updates.

All updates are part of normal software development process.

updates should be signed by valid CA of vendor.

If updates can not roll back, then test updates in test environment before actually installing in production.

Patch: Patch Management

What is patch? Patch is solution to bug/vulnerability.

Patch management Process:

1- Prioritization(server vs client side software) and scheduling(off peak hours )

2- Patch testing (prototype, pilot testing, staging  area environment)

3- Change management

4- Audit and Assessment(Quarterly)

5- Documentation

Group Policy Security Templates

Group Policy is configuration managed on windows server, and implemented on servers and workstations.

If we talk about just workstation, then LSP, Local Security Policy is there to implement all those configurations across operating system of workstation.

Examples of Policies in GP and LSP are:

  • Password Policy
  • Audit Policy
  • Account Lockout Policy

Configuration Baseline

All policies in GP/LSP have a baseline configuration, which administrator/user can change to suite his/her environment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s