IT Security Foundations: Operating System Security — Notes

Photo by Claudio Schwarz on Unsplash

Today’s article is a collection of my notes while attending the LinkedIn course entitled “IT Security Foundations: Core Concepts”. It is the 3rd of 12 course courses in the “Become an IT Security Specialist” learning path. The course is divided into 6 sections which are:

• Understand User Authentication.
• Understand Permissions.
• Dissecting Audit Policies.
• Server Protection.
• Providing Email Protection.
• Understand Encryption.

Understand User Authentication

Authentication is the process of proving your identity. There are 3 types of authentication, what you know (password, PIN, ..), what you have (Smart card,…) and what you are (biometrics). Passphrases are now more recommended to use than passwords as they are longer, more complex and stronger than passwords. While choosing your passphrase make sure to avoid:

• Breached passwords.
• Repeated characters.
• Dictionary words.
• Context specific phrases.

https://howsecureismypassword.net/ is a website you can use to check how strong is your password.

A smart card is a credit card sized card that contains information on an embedded chip about the user, such as credit and buying preferences, loyalty program data, and even medical information. Smart cards can store several forms of identification, such as a fingerprint and a password. Smart cards can be contact or contactless. The difference between smart cards and memory cards is that memory cards hold the information but can’t process it while smart cards can hold information and process it. Smart cards can be used for:

• Access control: employees access cards.
• Membership cards.
• Banking cards.
• Health care.
• Single sign-on.

Biometric identification uses an individual’s unique attributes or behavior to authenticate such as fingerprint, retina iris pattern and voice recognition. Biometrics are used for access control to gain access to cellphones, laptops, networks, buildings, and border control. It’s also being used in a multi-factor authentication system.

Multifactor authentication requires two or more ways to authenticate, such as a PIN and a fingerprint, or a password and a smart card.

https://haveibeenpwned.com/ a website used to check if your email was ever hacked.

RADIUS is Remote Authentication Dial-In User Service. It is a great protocol as it provides authentication and authorization and is what is considered a client/server model, whereby a network access server is a client of the RADIUS server. RADIUS provides multiple authentication options.

Understand Permissions

he file system itself can provide an additional level of security. All Windows operating systems use the New Technology File System or NTFS. NTFS has advanced ability to secure the file system by granting or denying various permissions. This allows control over which users and groups can gain access to the files and folders stored on the NTFS volume. With NTFS user-defined attributes can be added to a file. And for accountability NTFS adds a time stamp indicating when the file was last accessed. Permissions define the type of access granted, such as Full Control, Modify, List Folder Contents, Read, and Write. The different types of permissions in NTFS are explicit permission. This is applied directly to the file or folder. Inherited. Permissions that are granted to a folder will extend into child objects, such as sub-folders or files within the parent folder.

There are several permissions that can be defined like:

• Traverse folder/execute file: when you have to traverse a restricted folder to reach a folder you have access to.
• List folder/read data: view the files and sub-folders names.
• Read data: view the data in the files.
• Read attributes: view the attributes read-only and hidden.
• Read extended attributes: view the extended attributes of a file or a folder.
• Create files/ Write data: can create files in the folder.
• Create folders/ Append data: can create sub folders and append to the end of files.
• Write attributes: change the attributes of a files or a folder.
• Write extended attributes: make changes to the extended attributes.
• Delete.
• Read.
• Change.
• Take ownership.
• Synchronize.
• Copy or move folders.

A directory service allows information to be stored, classified, and retrieved. The directory in a Microsoft operating system is Active Directory. Active Directory is a database of objects that stores, organizes, and enables access to other objects. Active Directory also provides essential networking services, such as DNS and Kerberos based authentication. Components of Active directory are Objects, Attributes, Schema, Schema classes…

To ensure system security, you should separate roles and privileges and enforce granular control that includes people and processes.

Dissecting Audit Policies

Auditing detects and records or logs events, such as a user attempting to create, access, or delete files and folders along with non-security related events, such as starting or stopping a service. Auditing is used to monitor systems and alert system administrators about security threats. Every organization determines what to log, how long to keep the log , where to store the files … Logs can be used to monitor a hacker’s activities, conduct investigations and provide evidence.

Logs must be stored in a secured area as they are usually the only evidence to look through after an attack. They also have to follow guidelines like HIPPA,… For good practice, make sure you log to a central log management system to write-only devices. The log event should include a date, timestamp, source address, destination address, and other details. The log system should pull synchronize times using a consistent approach such as network time protocol.

Netwrix.com a website that provides guidance on audit policy best practices

Server Protection

Servers are among the most important components in any organization. Isolating them decreases the chances of threats. The isolation can be achieved through a number of ways; resource, physical, internet and application isolation and separation of roles and privileges. Shared resources can increase security risk, isolating the server gives the option if one resource is down the remaining components are intact. Physically isolating the server means putting it in a closed locked room to defend against attackers. The use of firewall, DMZ and internet isolation adds another layer of security. Good practices to secure the system are:

• Use anti-virus and anti-spyware protection.
• Secure email systems to minimize threats.
• Conduct periodic risk assessments.
• Use strong passwords or passphrases for all user accounts.
• Disable any unneeded user accounts.
• Lock the computer when you step away.
• Think before downloading and installing any free software.
• Update the system regularly.
• Disable any unneeded applications.

Providing Email Protection

Email protection include: anti-spam, defense against spoofing, defense against spoofing, and defense against pharming. Social engineering is the root of many cyber-attacks, which includes phishing, pharming, popups, and fake websites.

Reputation is a method of assuring appropriate email traffic and preventing abusive email. The organization goes to the cloud to check the reputation of the IP address. By reputation it assures the the website is OK and that the mail can be delivered. There are several reputation-based system like Spamhaus.

Attackers send millions of spam messages laced with malware with the hope that multiple victims will fall for the bait. Network administrators enable strong spam filters to prevent spam and phishing emails from reaching the end users by validating inbound email. Tools used include Sender Policy Framework, DomainKeys Identified Mail, and Domain Message Authentication, Reporting, & Conformance.

Domain Name System maps a host name to an IP address. It’s essential on any network. DNS records are also important for email delivery and spam protection. A PTR record is a reverse lookup which maps the IP address to the name. PTR records are important for email delivery and are another tool for spam filters.

mxtoolbox.com a website where you can check if your organization is on the blacklist.

Understand Encryption

Cryptographic techniques ensure confidentiality, integrity and authentication of data, whether in motion (traveling through the network) or at rest (on a drive, cloud storage,…). Encryption uses a mathematical algorithm and a key to convert data into a scrambled format which is meaningless unless you have a key. Encryption can be asymmetric (has 2 keys, public and private keys) symmetric (has 1 key used for encryption and decryption).

Symmetric encryption (also known as conventional encryption) uses a single shared secret key. Examples of symmetric encryption algorithms are: AES, DES, 3DES, IDEA. Symmetric encryption is used t provide confidential online communication like SSL/TLS transaction or S/MIME.

Asymmetric encryption (also known as public key encryption) uses a pair of public and private keys to encrypt and decrypt data.

Public Key Infrastructure uses a trusted third party or a certificate authority to authenticate entities by using a digital signature for each entity.