CompTIA Security+ SYO-401

Certification Training
9146 Learners
View Course Now!
33 Chapters +

Select the Appropriate Solution Tutorial

1 Select the Appropriate Solution to Establish Host Security

A computer network has hosts such as servers, desktops, and workstations that need to be properly secured. This lesson is about securing these hosts by implementing proper solutions. The following screen explains the objectives covered in this lesson. After completing this lesson, you will be able to: • Describe operating system security and settings, • Describe anti-malware solutions, • Distinguish between whitelisting and blacklisting applications, • Identify hardware security solutions, • Describe host software baselining, and • Explain virtualization and its related security concepts or issues.

2 Host Operating System Security

In this topic, you will learn about securing the operating system running on a host. A host may refer to any laptop, desktop, workstation, or server. At the core of the host is an Operating System, or O-S, acting as a system software for managing hardware and software resources and for offering standard services for applications or programs. An OS is typically responsible for performing several functions, including file system services, network services, graphic support, communication support between processes, memory protection, and resource allocation. In simple words, OS uses the host’s incorporated or attached hardware for executing the applications. Moreover, the host is also responsible for storing data on an embedded storage device or a storage medium attached to it. For proper functioning of these functions and for ensuring data security, it is important to secure the hosts. Operating system security refers to the practice of ensuring OS integrity, availability, and confidentiality. It involves specific measures or steps for protecting the operating system from threats such as hacker intrusions, malwares, and unauthorized access. Usually, each network has its own requirements and implementations when it comes to ensuring the security of an operating system. This indicates that the default settings related to an operating system as provided by the manufacturer must be changed according to the requirements. These changes are a part of operating system hardening as explained in the next screen. Hardening refers to a generic security technique where the default configuration is modified for overcoming vulnerabilities so that the system is protected against the possible attacks such as denial of service and password guessing. Usually, hardening is preferred for complying with the security requirements stated in the organization’s security policy. Usually, an operating system on a host needs to serve several applications or functions. However, not all of those applications or functions are required all the time. Keeping this is mind, we can define operating system hardening as the technique where any unnecessary components or features are disabled or removed before securing the rest of the existing elements. For example, you may uninstall a few applications and utilities, disable some processes or services, disable or remove guest user IDs and unused user IDs, disable network ports, and implement the access control list. Similarly, you can also install relevant operating system patches regularly, tweek registry settings, configure firewall, and configure Internet settings and auditing to reduce attacks. Moreover, you should also document the hardening process for later reference. Let’s now explore the concept of Trusted OS, an advanced technique employing multiple layers of security. A trusted OS refers to a system featuring several layers of security, such as the authentication layer and authorization layer. Such a modular system of layers helps in determining the users who can access the system and how they can use the system’s resources, services, and applications. Moreover, we call any operating system with security features complying with the government and/or military standards such as Common Criteria, or CC, a trusted OS. Some examples of a trusted OS include Apple Mac OS X 10.6, Trusted Solaris, Windows 7, and Windows Server 2008 R3.

3 Anti-Malware as Host Security Solution

In this topic, you will learn about anti-malware as a host security solution. Installed on the operating system, anti-malware applications run incessantly to safeguard the host from execution and proliferation of malware on it. Most popular anti-malware applications are capable of detecting, removing, and pushing malware into quarantine according to the malware’s signature and behavior. For the proper functioning of an anti-malware application, it is necessary for you to install and configure it correctly. It is equally important that you update its signature files for keeping the malware detection utility up-to-date. You can use seven solutions together for protecting a host from malware. The first solution is an anti-virus program usually available as a part of an anti-malware suite or a host-based firewall acting as an anti-malware solution. An anti-virus detects malware in the form of a Trojan, worm, or a virus after which it deletes or quarantines it for a clean original file. The second one is anti-spam working as a spam filter installed on an e-mail gateway, desktop, or workstation, or embedded in an e-mail application for checking all emails. An unsolicited e-mail is spam, which an anti-spam detects quickly by looking at the sender’s IP address. Once detected, the anti-spam then blocks or moves that e-mail to a different folder. The e-mail is usually highlighted as spam to bring it to the notice of the reader. Another solution is anti-spyware, installed on computers to prevent unauthorized monitoring activities. It prevents users from sharing their Personally Identifiable Information, or P-I-I, such as credit card number, with spyware in an unauthorized manner. Although any standard anti-virus suite shall have anti-spyware, it is more judicious to have it from a different vendor. The fourth solution is pop-up blockers. As the name suggests, pop-up blockers prevent an untrusted Web site from opening any extra browser windows or frames without the permission of the user. Pop-ups usually are used to proliferate malicious codes or show unsuitable content. For example, adware is a popular type of pop-up showing unsolicited ads. Many standard Web browsers, nowadays, come with a pop-up blocker utility to stop popping up adware and other types of pop-ups. You can have all these solutions on all desktops, servers, and workstations for implementing multi-layered security.

4 Whitelisting and Blacklisting Applications as Host Security Solution

One anti-malware solution is a patch known as a piece of code acting as a fix for an identified application issue. It resolves a mistake or bug left behind unintentionally by the software developer at the time of coding. A patch can be used even for fixing the bugs in an operating system. A prudent patch management system can keep the zero-day attack at bay, occurring as a result of known vulnerabilities that are yet to be resolved. The sixth solution is a Host-based firewall, used for determining the specific range of traffic that can access the system. Having such a firewall is indispensable if there is a need to connect to an untrusted network such as the one at home, a café, or a hotel, especially by using an office laptop while on the go. Host-based firewalls are also used for preventing the spread of malware in a sub-network. One more option is a host-based intrusion detection system, also known as H-I-D-S, used for monitoring a system or network such that it detects any suspicious activity. You can install a host-based intrusion detection system on any machine including workstations. The data gathered by such a system is quite useful for security monitoring and computer forensic teams. Windows Server Update Services, or W-S-U-S, is a patch management tool exclusively designed for Microsoft products in a network. You can choose one or more of the three types of patches existing for Windows. The first type is a hotfix also known as an urgent or immediate patch. Generally, hotfixes are meant to repair serious security issues and are therefore mandatory. The second type is a patch, a non-crucial fix requiring no urgent implementation. Therefore, patches are optional at times when it comes to implementing them in the networking environment. Finally, you have the service pack, a cumulative collection of hotfixes and patches available so far. In this topic, you will learn about whitelisting and blacklisting applications as a solution to host security. Another effective way to secure hosts on your network is to allow applications to install and run on a host or block them from installing or running on a host. For allowing applications, you need to state the applications in a whitelist, while you need to state them in a blacklist for blocking. Whitelisting is a good example of “implicit deny” as it denies execution or installation to any application whose name is not mentioned in its list. Similarly, blacklisting is a good example of “implicit allow” as it allows execution or installation of any application whose name is not in its list.

5 Host Software Baselining as Host Security Solution

In this topic, you will learn about host software baselining as a host security solution. One of the first steps toward a secure networking environment is to form a baseline governing the minimum-security needs of an organization. Software baselining for the host involves installing and configuring the operating system, security applications, and only the necessary productivity applications. Also known as a performance baseline, a security baseline determines the level of security to be implemented and maintained on the systems. Developing such a security baseline involves collecting data regarding a specific security operation of network systems. This baseline then offers relevant input required for designing, deploying, and supporting a secure network according to the decided goal. You can download and run Microsoft Baseline Security Analyzer as a free tool on Windows for scanning for errors and creating security reports. This helps you ensure that the performance of a host is according to the baseline. You can opt for a low baseline by implementing almost no security measures or a high baseline for not allowing users to make any changes on their systems or to the network. In real life, most implementations lie somewhere between these two extremes. However, it is extremely vital to determine what is essential and ideal for your organization.

6 Hardware Security as Host Security Solution

In this topic, you will learn about hardware security as a host security solution. Hardware security refers to implementing physical means for securing the host and preventing it from leaving the usage area without authorization. For example, you should lock the laptop at its place so that no one can take it away during the non-working hours. Similarly, routers and switches should be physically secured in a server room. You can use cable locks, safes, and cabinet locks to secure different types of hardware components. Cable locks or lockdown cables help fasten portable hardware devices such as laptops to their fixed places. Safes are used for storing any device or removable media that has highly sensitive information. You can opt for a department-wide safe managed by a single person or per-desk safes managed by users. A per-desk safe is smaller, although it allows quick access to devices and documentation stored inside. Safes may be available onsite or off-site. Locking cabinets or other containers can prevent or minimize access to power switches, cable runs, media bays, and adapter ports.

7 Virtualization as Host Security Solution

In this topic, you will learn about virtualization as a host security solution. Virtualization means designing and deploying a virtual version of something, including operating systems, virtual computer hardware platforms, network resources, and storage devices. Therefore, in a single physical computer, more than one operating system can coexist, each of which functions independently. Let’s now explore some of the vital concepts, issues, and security solutions related to virtualization. Snapshots refers to backups of virtual computers. They enable you to capture an image of a virtual computer at a specific point in time. Such an image acts a point for you to revert to it, in case something unfavorable or unpredictable happens with the virtual computer. It is vital to understand that not all patches applied to a server may be applicable to a virtualized system, virtual operating system, or virtualization software. This means you need to check for compatibility before applying them to your virtual systems. Or else, at times, these patches may become a security threat for your organization’s virtual environment. It is essential to ensure high availability of the host system. This is because if this availability is not ensured, not all virtualized servers will be available when required. This is something that you will not want as the goal is to have an uptime of 99.9 percent at any point in time. However, ensuring availability means the job is only half done. The remaining part of the job is completed by ensuring elasticity. Elasticity means easily providing and releasing resources to users as and when required in a virtual environment. In the context of virtualization, host elasticity refers to the use of additional hardware when needed, which then allows distributing the workload of the virtualized services. Security controls refer to mechanisms offering different security benefits. These mechanisms include multifactor authentication, firewalls, and anti-malware scanners. However, before implementing these controls, you need to test them for verifying their functions and features for reliability. You also need to test the virtualized operating systems just as you test hardware installed operating systems. This is done by scanning these systems for detecting vulnerabilities and exploiting those vulnerabilities to identity possible risks or losses by penetrating into those systems as ethical hackers. Technically, detecting vulnerabilities is known as vulnerability scanning, while penetrating into a system for exploiting those vulnerabilities is called penetration testing. We will be exploring these two testing techniques in upcoming lessons. It is vital to keep in mind that a virtualization product may trigger unique and extra security concerns due to which the testing process should be adapted to target even those possibilities. Let’s now explore the last concept of sandboxing in a virtual environment in the next screen. Sandboxing refers to the technique of isolating an environment from a bigger system. This allows you to run the environment in a controlled manner for security purposes. Usually, a virtual environment often implements a sandbox for testing the possibly malicious code belonging to non-reliable sources or testing new network functionality before it goes live.

9 Summary

Let us summarize the topics covered in this lesson. • Operating system security refers to the process of ensuring operating system integrity, availability, and confidentiality. • Hardening involves altering the default configuration of a system for overcoming all vulnerabilities and attacks. • Anti-malware helps implementing multi-layered security by installing anti-virus, anti-spyware, patches through Windows Server Update Services, anti-spam, and pop-up blockers on all hosts. • Hotfix, patch, and service packs are three types of Windows patches. • Host software baselining involves installing and configuring only the necessary productivity applications on the system. • Hardware security involves controlling the physical access to system hardware and peripherals. • Virtualization allows having one or more operating systems in the memory of a single host. With this we conclude this lesson, “Given a Scenario, Select the Appropriate Solution to Establish Host Security.” In the next lesson, we will look at “Implementing the Appropriate Controls to Ensure Data Security.”

  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.

Request more information

For individuals
For business
Name*
Email*
Phone Number*
Your Message (Optional)
We are looking into your query.
Our consultants will get in touch with you soon.

A Simplilearn representative will get back to you in one business day.

First Name*
Last Name*
Email*
Phone Number*
Company*
Job Title*