A Comprehensive Overview of OS Hardening

Encryption

It’s essential to encode hard drives. Windows 10 is equipped with BitLocker and hasan easy encryption process. Trusted Platform Module (TPM) must be empowered to encode with BitLocker. Advanced editions of Windows 10 are equipped with TPM aided by default, while secure boot should be used together with encryption, linking the hard drive to the system hardware and ensuring that only Microsoft-trusted firmware is used upon boot.

BIOS configuration

Windows 10 systems come laden with a Basic Input Output System (BIOS) like previous versions of Windows. The BIOS has a DOS-ish interface but doesn’t require wide-ranging coding experience to operate. Before working with the BIOS, research whether your Windows 10 variant has any BIOS configuration applicable to it, then configure away.

Linux hardening

Most systems have confidential data that should be protected. To do this, we need to protect our Linux system, by physically taking security measures to prevent unauthorized people from access the system in the first place. Then installation should be done properly, so a strong foundation is there. Finally, a set of common security measures need to be applied. Once it’s all done, your server or desktop system should be effectively secured.

Fundamental rules of system hardening

System hardening can be divided into a few core principles. These include the principle of least privilege, segmentation, and reduction.

Principe of least privilege

The principle of least privileges suggests that you give users and processes the bare minimum of consent to do their job. It is like granting a visitor access to a building. You could give full access to the building, including all sensitive areas. The other option is to only let your guest access a single floor where they need to be. The choice is easy, right?

Examples:

• When read-only access is sufficient, don’t give write permissions
• Don’t allow executable code in memory areas that are highlighted as data sections
• Do not run applications as the root user, as an alternative use a non-privileged user account

Segmentation

The next principle is that you divide greater areas into smaller ones. If we look at that building again, we have split it into numerous floors. Each floor can be additionally divided into diverse regions. Perhaps you visitor is only permitted on floor 4, in the blue zone. If we interpret this to Linux security, this code would apply to memory usage. Each process can only access their own memory sections.

Reduction

The objective of this principle is to eliminate something that is not sternly needed for the system to work. It appears like the principle of least privilege, yet it focuses on averting something altogether.

Steps of system hardening

1.  Install security updates and patches
2.  Use strong passwords
3.  Bind processes to local host
4.  Implement a firewall
5.  Keep things clean
6.  Security configurations
7.  Limit access
8.  Monitor your systems
9.  Create backups (and test!)
10.  Perform system auditing

Conclusion

Contemporary computing environments are discrete infrastructures which need any organization to develop interruption finding plans for the servers. An organization must similarly update its computer arrangement plan when relevant changes occur. The environment will only work efficiently if the process is centralized. Therefore, it’s incumbent upon financial institutions to develop, execute and monitor suitable information security programs. Whether systems are maintained in-house or by a third-party vendor, appropriate security controls and risk management systems should be put into place.