Chapter 2 – OS Hardening

Publisher Summary This chapter focuses on the concept of infrastructure security and specifically discusses the concepts and processes for hardening various sections of systems and networks. Operating system (OS) hardening involves making the operating system less vulnerable to threats. One of the first places to explore when securing a system is the structure and security setting on files and directories. Start with everything locked down and open up those files necessary to allow access to. This method is referred as the rule of least privilege. Least privilege starts with the most secure environment and then loosens the controls as needed. This method tends to be the most restrictive, with authorizations provided to users, processes, or applications that access these resources on a needs-only basis. Additionally, operating system security and configuration protections are discussed as were file system permission procedures, access control requirements, and methods to protect the core systems from attack. Security objectives were studied in relation to OS hardening and in relation to hardening by visiting potential problem areas including configuration concerns, Access Control List, and elimination of unnecessary protocols and services from the computer. It also covers how these hardening steps might improve and work with the OS hardening and ways to obtain, install, and test various fixes and software updates.