๐Ÿ’ฝOS Hardening

OS Hardening: Securing Your Operating System

Welcome to the OS Hardening course. In this course, we will cover best practices and techniques for securing your operating system and reducing the attack surface of your systems. By following the guidelines outlined in this course, you can improve the security of your systems and make it more difficult for attackers to gain unauthorized access.

Patching and Updates

The first step in hardening your operating system is to keep it up to date with the latest security patches and updates. This includes both the operating system itself and any installed applications. Regularly applying patches and updates can help prevent known vulnerabilities from being exploited by attackers.

File Permissions

File permissions are an important aspect of OS hardening. By setting appropriate permissions on files and directories, you can control who has access to sensitive data and system files. This includes setting restrictive permissions on system and configuration files, and ensuring that users only have access to the files they need to perform their job.

User Management

Proper user management is crucial for OS hardening. This includes creating unique accounts for each user, disabling or removing inactive accounts, and implementing strong password policies. It's also important to limit the access and privileges of users to the minimum necessary for them to perform their job.

Firewall Configuration

A firewall is an important tool for protecting your systems from unauthorized access. A firewall allows you to control incoming and outgoing network traffic and can be used to block or restrict access to specific ports and services. It's important to configure your firewall to only allow necessary traffic and to block any unnecessary services.

Network Segmentation

Network segmentation is the practice of dividing a network into smaller, more secure segments. This can include separating internal and external networks, or creating separate VLANs for different departments or user groups. By segmenting your network, you can limit the scope of an attack and make it more difficult for an attacker to move laterally through your network.

Intrusion Detection and Prevention

Intrusion detection and prevention systems (IDPS) are security tools that can help detect and prevent unauthorized access to your systems. An IDPS can monitor network traffic, analyze logs, and alert you to suspicious activity. It's important to configure your IDPS to detect known threats and to fine-tune its rules and settings to minimize false positives.

Auditing and Logging

Auditing and logging are important for maintaining the security of your systems. By regularly reviewing logs and audit trails, you can detect suspicious activity, identify security breaches, and track down the source of an attack. It's important to have a centralized logging system that can collect logs from all systems and to implement a log retention policy to ensure that logs are kept for a sufficient amount of time.

FTP hardening

Depends on software you are using for FTP server, specified options can be located in different places and with different names. Check steps below and find guides to configure your specific server software, after every change do not forget to restart your FTP server.

  1. Disable anonymous login. Open your server configuration and do not allow connection for anonymous login. Only defined users with strong passwords should have access.

  2. Hide banner. Changes configuration to hide name and version of software you are using.

  3. Use SSL certificate to prevent credential stealing. SSL stands for Secure Sockets Layer, the protocol which provides secure, encrypted communications between server and client, this encrypt data packets traveling between server-client networks. If hacker will sniff your connection he will be not able to read captured information because entire data will show in the form of cipher text.

  4. Set a threshold account lockout policy. For example, if within a minute the password is entered incorrectly three times then the account should be locked or if there are 5 incorrect connections from a given IP address within one minute, block the connection from this address for 24 hours. This can be done using firewall rules or software like ufw, portsentry or fail2ban.

  5. Allow specific IP to connect to FTP server. Just create white-list of addresses which can connect to FTP server and block connections from other locations.

  6. You can also change default port from 21 to 5021. Vulnerability scanners usually scan the default ports to perform an automatic reconnaissance and analyze a possible attack.

Tools

Lynis

Lynis is a popular open-source security tool that can be used to scan and audit your operating system for security vulnerabilities and misconfigurations. It can be run on various Linux and Unix-based systems, and will provide a detailed report of potential security issues and recommendations for remediation. For example, Lynis can check for outdated software, weak passwords, and open ports that could be exploited by attackers.

To use Lynis, you can download the package and install it on your system, or use the package manager of your Linux distribution. Once installed, you can run the lynis audit system command and it will perform a scan of your system, providing you with a report of the results.

Wazuh

Wazuh is an open-source security software that provides intrusion detection, threat detection, and compliance management capabilities. It is built on top of the popular OSSEC Host-based Intrusion Detection System (HIDS) and provides a comprehensive security solution for organizations.

Key Features

  • Intrusion detection: Wazuh uses OSSEC's rule-based intrusion detection system to detect and alert on suspicious activity on the host. It can detect and alert on a wide range of security events, including unauthorized access attempts, system changes, and malware infections.

  • File integrity monitoring: Wazuh can monitor changes to files on the host, alerting on any changes that deviate from a known baseline. This can help detect malicious changes, such as those made by malware or unauthorized users.

  • Log management: Wazuh can collect and manage log data from a variety of sources, including syslog, Windows event logs, and JSON-formatted logs. This data can be used for security analysis, incident response, and compliance reporting.

  • Security information and event management (SIEM): Wazuh can aggregate data from multiple hosts and provide a centralized view of security events across the organization. This can help security teams quickly identify and respond to security incidents.

  • Compliance management: Wazuh provides built-in support for compliance standards such as PCI-DSS, HIPAA, and NIST. It can also be configured to meet custom compliance requirements.

Installation

To install Wazuh, you can follow the steps below:

  1. Download the Wazuh package for your operating system from the official website.

  2. Install the package using the package manager of your operating system. For example, on Ubuntu you can use the following command to install the package:

  3. Once the installation is complete, you can start the Wazuh service and access the web-based management console.

sudo apt-get install wazuh-manager

Getting Started

After the installation, you can begin configuring the software to meet your organization's security needs. Wazuh provides a web-based management console that can be used to configure and manage the software. The console provides a range of options for configuring intrusion detection rules, file integrity monitoring, log management, and compliance management.

In addition to its core functionality, Wazuh also provides a range of additional capabilities, such as active response and agentless monitoring. By using Wazuh, you can improve the security of your systems and minimize the risk of unauthorized access.

Conclusion

Wazuh is a powerful security solution that can help organizations improve their security posture and comply with industry standards. Its key features include intrusion detection, file integrity monitoring, log management, and compliance management. With Wazuh, security teams can quickly identify and respond to security incidents, and improve their overall security posture. The installation process is straightforward and it's easy to get started with the software.

SSH Key

SSH (Secure Shell) keys are a secure and convenient way to authenticate to a remote server over an SSH connection. Instead of using a password, SSH keys use a public and private key pair to authenticate the user. The public key is stored on the remote server, and the private key is kept on the user's local machine. When the user attempts to connect to the remote server, their private key is used to prove their identity. If the remote server recognizes the public key as valid, the user is granted access.

Generating SSH Keys

To use SSH keys, you first need to generate a key pair. This can be done using the ssh-keygen command. For example, on Linux or macOS, you can open a terminal and run the following command:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

This will generate an RSA key pair with a key length of 4096 bits, and it will be associated with the provided email address as a comment. You will be prompted to provide a file name and location to save the key pair, or you can press enter to use the default location. You will also be prompted to provide a passphrase, which is an additional layer of security for your private key.

Adding Public Key to Remote Server

Once you have generated your SSH key pair, you can add the public key to the remote server. This can be done by copying the public key to the remote server and adding it to the authorized_keys file. For example, you can use the ssh-copy-id command to copy the public key to the remote server and add it to the authorized_keys file.

ssh-copy-id user@remote_server

You'll be prompted for the remote user's password.

Using SSH Keys

Once the public key is added to the remote server, you can use your private key to authenticate to the remote server. When you attempt to connect to the remote server, your private key will be used to prove your identity. If the remote server recognizes the public key as valid, the user is granted access.

ssh user@remote_server

You may be prompted for the passphrase you set earlier if you provided one.

SSH Key Management

It's important to keep your private key safe and secure, as it can be used to gain unauthorized access to remote servers. A best practice is to use a passphrase to encrypt your private key, and to regularly rotate your keys to minimize the risk of compromise.

SSH keys offer a secure and convenient way to authenticate to remote servers and can help to protect against the risk of password-based attacks. By generating and managing SSH keys properly, you can improve the security of your systems and minimize the risk of unauthorized access.

Conclusion

OS hardening is an ongoing process that requires regular monitoring, maintenance, and updating. By following the best practices outlined in this course, you can improve the security of your systems and make it more difficult for attackers to gain unauthorized access. Remember that the security of your systems depends on the security of the weakest link, so it's important to address vulnerabilities and to keep your systems up to date.

By following this guidelines, you can make your systems more resistant to attacks and improve the overall security posture of your organization. Remember that security is a process, not a product, and that you should regularly review and update your security measures to adapt to new threats and vulnerabilities.

PreviousSyncthingsNextHacking

Last updated