Week 2 discussion deals with Operating systems and its vulnerabilities. An operating system is defined as the following: A software that manages the hardware and software of a system. It also provides the User Interface that allows humans to interact with the system. As much of the information is either created and/or stored in the system, securing the OS requires a thorough understanding of the Operating system and how to secure it. There are many different types of operating systems that exist, either for desktops, routers, switches, servers, and mobile devices.
In the previous week’s discussion, you identified and discussed a system and its vulnerabilities.
- Based on the definition above, please identify the operating system. Provide recommendations on how you would secure and harden the operating system to ensure it has been configured more securely.
- Based on the system and its operating system, please research the vendor and its website to identify any hardening guides and documents you may find. You may also research other sources on the Internet for a hardening guide. Some of useful sites you may visit are the following:
- SANS Information Security – SANS is a valuable information Security resource. SANS organization has been recognized within the Information Security community as an indispensable tool for all security needs. The reading room serves as the repository on thousands of white papers and documents regarding information security. It has templates on creating InfoSec policies and guidelines on how to configure IT systems securely.
- Best Practices and How To Articles – Here is a collection of Information Security policy documents, best practices, and how to articles for Information Security. It can be used to help develop hardening documents.
- National Vulnerability Database Repository – National Institute of Standards and Technology is a government agency that is tasked with developing standards on all technology, from IT to non-IT technology and things like standard weights and measure. Many regulations that drive Information Security reference NIST as a source for standard methodologies used in the industry.
- Based on your research, please list and discuss any operating system configuration that needs to be evaluated and hardened. Please identify the default setting and what it needs to be to ensure a higher level of security. You should also indicate the importance of the setting.