One way to make sure a host is hardened is to keep the system up to date with patches provided by the vendor. Depending on the operating system vendor patches may come out on a specific schedule, e.g. Microsoft releases patches every second Tuesday of the month. While patches are free they can cause a headache with organizations because as the threat environment grows and more vulnerabilities are found the number of patches released can get overwhelming. Automatically applying newly released patches to production servers can have catastrophe results that could end up causing servers to not function as intended, freeze, or cause damage. Any of these scenarios could cost organizations to lose money with systems being offline. System administrators need to test each patch on development environments first to make sure nothing gets damaged which takes time and resources of employees. Having an effective patch management policy in place can save organizations a lot of time and money by making sure only necessary patches are implemented based on priority and that they are thoroughly tested beforehand.
One section of this reading I found interesting was the section on Virtualization. Virtualization allows multiple operating systems to run on one physical device. The analogies given by the chapter were very helpful. The average user has the equivalent of a “Bachelor Pad.” This is because you usually have one OS on one device. Then there is a single-family home. The equivalent of this is having multiple operating systems on one device. Finally, there is a hotel, which is the equivalent of a server stack. In a server, there could be hundreds of virtual machines all at once. Virtualization is very important for host hardening. Some of the benefit are that it helps security baselines, reduced labor costs, and helps with the installation of patches on many machines.
Thank you for the comments, after reading your explanation of virtualization i realized that I misunderstand what virtualization was. Your explanation helped me understand the different types or virtualization. My comment below is totally wrong based on your statements, I thank you for the explanation and correcting my thinking.
Two key takeaways I identified related to the risks associated with patch updates and the fact that anti-virus software can be rendered ineffective. While I was surprised, this just reiterates that nothing is 100% safe and that human error is a big risk. For both patches and anti-virus software installation typically there is a tradeoff in that the added security can reduce the functionality in addition to making the machine slower. Depending on the level of security offered for pathing, it might not be worth it, In addition, specific to patches, some patches can damage or freeze machines which is a large risk if there is no was to uninstall the patch. This is why it is important to test the patches first in a non-production environment or on a test machine. It is also critical that users are educated regarding the importance of antivirus software and the ramifications if it is altered. For example, the user can turn off the automatic download option for new virus signatures or schedule an update for a time the computer is turned off. The user also might not pay for the annual fee and then once the contract ends while to anti-virus software appears to be in place and operating effectively, in actuality any updates and patches will no longer be provided which increases exposure, even though the software appears to be functioning as normal. .
An important takeaway from this chapter is an understanding of the different ways to fix a vulnerability along with the problems posed by patching a system. The least effective way of fixing a vulnerability is a work-around, where a system administrator must manually changed the settings on the host to prevent the vulnerability from being exploited. A vendor may publish a patch for its vulnerability, which is a piece of software that will overwrite the program with new code fixing the problem. A vendor may also publish service packs, or major collections of patches bundled together to fix multiple vulnerabilities at once. Finally, software version upgrades are published periodically, representing a wholesale change of the software which typically provides a variety of security improvements.
Some obstacles to efficiently patching an information system are the overwhelming number of patches published daily by vendors, the cost of labor required to maintain an up-to-date system, and the potential for unexpected downtime on systems after patches are installed. These obstacles mean that most organizations aren’t able to install every patch on every system, and must prioritize them based on criticality and likelihood of downtime post-install.
What stuck out to me in this chapter is how serious it is to make sure that antivirus protection is up-to-date at all times. It may slow down your computer, but it is better to have a slow computer that is protected, than a fast running computer without antivirus software that is vulnerable to any attacks. Having a paid antivirus can be very beneficial with more protection features than the free version. However, letting the annual fee expire may certainly cause a risk in keeping your data protected.
Those are all things I seriously consider when protecting my personal devices. One thing I’ve been happy about is that Windows Defender, the built in antivirus, has become a lot more effective in recent years. 10 years ago, just having Windows Defender installed on your computer was almost equivalent to having no antivirus at all.
I definitely think the performance impact of antivirus solutions has decreased over the years. More processing power, increased RAM, SSDs have all helped. On my first laptop, an antivirus scan would take 5-6 hours and the computer would be unusable for that time. Now, a full scan takes about 5-10 minutes on my current laptop and is mostly only noticeable because my fan speed increases.
Totally agree here Christopher. We always test to confirm whether antivirus software is current an enabled to ensure systems are being protected. All of the organizations I’ve seen have paid third party vendors as they offer the most comprehensive coverage.
Hi Christopher, great response. I do agree that updated antivirus and anti malware systems provide protection against known malware. Many schools, enterprises and businesses have organization wide policy with mandatory anti virus installation requirements. This applies especially if the organization allows bring your own device at the organization. I do think that its not just the antivirus that will protect a user from attacks, I think cyber security awareness among the user will help boost the effectiveness of the antivirus software
One of the important sections is vulnerabilities and patches. It is necessary to fix the before zero-day attacks. If not, the hacker will quickly develop exploits within a short period like one to two days or even within hours. The vendors will create fixes when they discover vulnerabilities. There are four kinds of fixes: work-arounds, patches, service packs, and upgrading to a new version of the program. Work-arounds is a manual action that the systems administrator needed to fix the problem. Although it does not need new software, because it is manual action; it might have human error risks and it is costly. Patches is a small program for the system administrator to fix a particular vulnerability. It is easier to install and download. Service packs are a combination of functional improvement and vulnerability fixes. Version upgrades are necessary because vendors usually fix the vulnerability within a newer version system. Vendors might stop creating fixes for old version software.
An interesting takeaway from this week’s reading is the host hardening defense mechanism of patching. Patches are usually easy to download/install and in some cases are even done automatically. While this may seem to be an otherwise simple host hardening technique, there are risks associated with patching. This includes; machines freezing up or other damage and degree of added security may not be worth cost of reduced functionality associated with patching. Given this, many organizations tend to download and test patches prior to installing across various host systems.
Hi Lakshmi, great point you brought up here. I think that host hardening with patching is one of the most effective mechanisms for protecting data. However, I do not think that it is the only method of preventing cyber attacks. You brought up a good point about freezing after installing the patches. Since the operating system may be outdated the patches may cause tech glitches especially if the patches required are a lot. These technical glitches can affect the “availability” principles of information security.
This chapter introduced the concept of host hardening and started by defining a host as anything with an IP address. It explained several concepts used for hardening, which can help to protect against attacks, including backups, physical controls, secure configurations, minimizing unnecessary applications and services, patch and vulnerability management, and managing users, groups, and permissions. One of the key points that I found interesting and useful was the explanation of some of the benefits of virtualization when it comes to hardening. It explained that in using virtualization, it can allow for the creation and application of a single security baseline that can be easily cloned. This helps to increase availability and fault tolerance and decrease labor costs and provides strength to the overall environment through better standardization and hardening. Although I was familiar with the operational benefits of virtualization, I had not thought about it before from a hardening and general security perspective.
This chapter emphasizes the importance of server and host. Server is a computer that provides data to other computers and attackers like to focus their efforts on serves because they contain valuable data. The host is any device with an IP address such as client PCs and even mobile phones. The host is the last line of defense for thwarting attacks, so it is important to harden all hosts. The one of most important steps to host hardening is security policy implementation. The security policies discussed in Chapter 2 and the password policies discussed in Chapter 5 mean little if they are not implemented. Security policies exist to protect computing resources from harm. Corporations can even be held liable for not implementing certain security policies required by law.
One of the aspects of this reading that resonates with me is the concept of secure baselines and images. Knowing how to secure a host is obviously important. But it’s not enough. You need to make sure that the secure baseline is used across the company. If you have 10 firewalls that should be set up the same way, you want to make sure they are configured exactly the same. Having someone do this manually from memory leaves room for error. Secure baselines and images also help with disaster recovery. In my work, I’ve seen images and standard configurations often used for end user devices like workstations and laptops. Network devices seems to often get overlooked. I think this leaves organizations open to vulnerabilities — specifically vulnerabilities they don’t know about because they could be the result of one wrong click.
I appreciate your comment because it goes to show that just having resources isn’t enough. They have to be organized and utilized correctly in order to be most effective.
The text pointed some risks of patching systems, arguing the added security is often accompanied by the cost of reduced functionality. This sometimes doesn’t justify the level of safety provided by a given patch. In addition, the text also pointed out that it is possible for patches to freeze machines or cause additional damage. However, with good, well-defined policies, organizations can take advantage of virtualization, patch testing, rolling updates, and system backup and restore options to ensure the host machine’s availability and reliability.
The key takeaway from this chapter is host hardening is not single protection but multiple practices that aim to protect any device with an IP address. Important things to do to perform host hardening are: backing up the host regularly, restricting physical access to the host, installing operating systems with secure configuration options, all passwords should meet requirements, minimize applications that run on the host, strengthen all applications on the host, download and install patches for known operating system vulnerabilities, manage users and groups, manage access permissions for users and groups, encrypt data, add host firewall, audit operating system logs, run vulnerability tests
Quynh – I think you raise a really good point. There are lots of different aspects of host hardening and if they are applied appropriately, it provides multiple layers of defense. I thought the chapter really did a good job of addressing each of the different aspects of host hardening and explaining the purpose and also some of the challenges with each.
My biggest takeaway from this section is about patching. Patching can be a very effective way to fix a vulnerability before users have been exposed to it. Additionally, any company that is using software that is no longer being patched by the vendor should remove that software. For example, Microsoft no longer services Windows XP or Windows 7, so those OS’s should no longer be used. Patching reminds me of the time when an apple vulnerability was discovered. By typing, “effective.
Power
لُلُصّبُلُلصّبُررً ॣ ॣh ॣ ॣ
冗,”
You could disable anybody’s iPhone. This was all fun and games when it came out, but I could imagine it caused plenty of people over at Apple to lose sleep for the time it was going on. Thanks to patching, the issue was resolved fairly quickly and people could resume using their phones in peace.
I remember when that vulnerability with Apple was discovered as well. Apple has a genius way of finding bugs along with their normal patching process. They offer “bug bounties” to individuals who discover bugs like that one. This greatly helps with the patching process, as instead of QA testers spending time trying to “break” their systems, the users, who use their products for a majority of the day, can report any issues they find, and may be compensated for it.
I found the Virtualization section the most interesting. The analogy was very helpful in understanding the different structures of virtualization, such as Bachelor Pad, Single Family Home and Hotel. Using the analogy idea of using computers to buildings and operating systems to people, made me understand how the Hotel virtualization works. It looks like any office building could be used as a Hotel virtualization concept. So what is an apartment building, an Apartment is similar to a hotel, however, each unit could have their own ISP and bachelor pad or single family set up.
In this week’s reading assignment, a key takeaway that I thought was important to note was that the risk assessment process does an excellent task of simplifying the overall process into smaller, simpler steps to allow any firm or company to precisely analyze their company. The first step is to characterize the most important parts of the data in order. Anything not fitting to a category will be left out of the plan. After everything is organized then the risk rating can be done. Understanding the threat and vulnerability of data is a crucial aspect of the NIST 800-100. The three steps are needed to be done as detailed as possible to increase the safeguarding of data.
As an auditor, I’m familiar with backups and various backu0 processes. However, the portion of the reading that stood out to me was on backup technologies. There are several common technologies for doing backups such as local, centralized, CDP, and mesh. Of these local is the least preferred as there’s no way to enforce policies and it’s difficult to audit. I quite often see CDP in daily practice as it offers the best features and security. While these are the most common types, there others as well as those that are being developed.
One way to make sure a host is hardened is to keep the system up to date with patches provided by the vendor. Depending on the operating system vendor patches may come out on a specific schedule, e.g. Microsoft releases patches every second Tuesday of the month. While patches are free they can cause a headache with organizations because as the threat environment grows and more vulnerabilities are found the number of patches released can get overwhelming. Automatically applying newly released patches to production servers can have catastrophe results that could end up causing servers to not function as intended, freeze, or cause damage. Any of these scenarios could cost organizations to lose money with systems being offline. System administrators need to test each patch on development environments first to make sure nothing gets damaged which takes time and resources of employees. Having an effective patch management policy in place can save organizations a lot of time and money by making sure only necessary patches are implemented based on priority and that they are thoroughly tested beforehand.
One section of this reading I found interesting was the section on Virtualization. Virtualization allows multiple operating systems to run on one physical device. The analogies given by the chapter were very helpful. The average user has the equivalent of a “Bachelor Pad.” This is because you usually have one OS on one device. Then there is a single-family home. The equivalent of this is having multiple operating systems on one device. Finally, there is a hotel, which is the equivalent of a server stack. In a server, there could be hundreds of virtual machines all at once. Virtualization is very important for host hardening. Some of the benefit are that it helps security baselines, reduced labor costs, and helps with the installation of patches on many machines.
Charlie,
Thank you for the comments, after reading your explanation of virtualization i realized that I misunderstand what virtualization was. Your explanation helped me understand the different types or virtualization. My comment below is totally wrong based on your statements, I thank you for the explanation and correcting my thinking.
Two key takeaways I identified related to the risks associated with patch updates and the fact that anti-virus software can be rendered ineffective. While I was surprised, this just reiterates that nothing is 100% safe and that human error is a big risk. For both patches and anti-virus software installation typically there is a tradeoff in that the added security can reduce the functionality in addition to making the machine slower. Depending on the level of security offered for pathing, it might not be worth it, In addition, specific to patches, some patches can damage or freeze machines which is a large risk if there is no was to uninstall the patch. This is why it is important to test the patches first in a non-production environment or on a test machine. It is also critical that users are educated regarding the importance of antivirus software and the ramifications if it is altered. For example, the user can turn off the automatic download option for new virus signatures or schedule an update for a time the computer is turned off. The user also might not pay for the annual fee and then once the contract ends while to anti-virus software appears to be in place and operating effectively, in actuality any updates and patches will no longer be provided which increases exposure, even though the software appears to be functioning as normal. .
An important takeaway from this chapter is an understanding of the different ways to fix a vulnerability along with the problems posed by patching a system. The least effective way of fixing a vulnerability is a work-around, where a system administrator must manually changed the settings on the host to prevent the vulnerability from being exploited. A vendor may publish a patch for its vulnerability, which is a piece of software that will overwrite the program with new code fixing the problem. A vendor may also publish service packs, or major collections of patches bundled together to fix multiple vulnerabilities at once. Finally, software version upgrades are published periodically, representing a wholesale change of the software which typically provides a variety of security improvements.
Some obstacles to efficiently patching an information system are the overwhelming number of patches published daily by vendors, the cost of labor required to maintain an up-to-date system, and the potential for unexpected downtime on systems after patches are installed. These obstacles mean that most organizations aren’t able to install every patch on every system, and must prioritize them based on criticality and likelihood of downtime post-install.
What stuck out to me in this chapter is how serious it is to make sure that antivirus protection is up-to-date at all times. It may slow down your computer, but it is better to have a slow computer that is protected, than a fast running computer without antivirus software that is vulnerable to any attacks. Having a paid antivirus can be very beneficial with more protection features than the free version. However, letting the annual fee expire may certainly cause a risk in keeping your data protected.
Those are all things I seriously consider when protecting my personal devices. One thing I’ve been happy about is that Windows Defender, the built in antivirus, has become a lot more effective in recent years. 10 years ago, just having Windows Defender installed on your computer was almost equivalent to having no antivirus at all.
I definitely think the performance impact of antivirus solutions has decreased over the years. More processing power, increased RAM, SSDs have all helped. On my first laptop, an antivirus scan would take 5-6 hours and the computer would be unusable for that time. Now, a full scan takes about 5-10 minutes on my current laptop and is mostly only noticeable because my fan speed increases.
Which is why increasing my RAM helped my computer out a great deal.
Totally agree here Christopher. We always test to confirm whether antivirus software is current an enabled to ensure systems are being protected. All of the organizations I’ve seen have paid third party vendors as they offer the most comprehensive coverage.
Hi Christopher, great response. I do agree that updated antivirus and anti malware systems provide protection against known malware. Many schools, enterprises and businesses have organization wide policy with mandatory anti virus installation requirements. This applies especially if the organization allows bring your own device at the organization. I do think that its not just the antivirus that will protect a user from attacks, I think cyber security awareness among the user will help boost the effectiveness of the antivirus software
One of the important sections is vulnerabilities and patches. It is necessary to fix the before zero-day attacks. If not, the hacker will quickly develop exploits within a short period like one to two days or even within hours. The vendors will create fixes when they discover vulnerabilities. There are four kinds of fixes: work-arounds, patches, service packs, and upgrading to a new version of the program. Work-arounds is a manual action that the systems administrator needed to fix the problem. Although it does not need new software, because it is manual action; it might have human error risks and it is costly. Patches is a small program for the system administrator to fix a particular vulnerability. It is easier to install and download. Service packs are a combination of functional improvement and vulnerability fixes. Version upgrades are necessary because vendors usually fix the vulnerability within a newer version system. Vendors might stop creating fixes for old version software.
An interesting takeaway from this week’s reading is the host hardening defense mechanism of patching. Patches are usually easy to download/install and in some cases are even done automatically. While this may seem to be an otherwise simple host hardening technique, there are risks associated with patching. This includes; machines freezing up or other damage and degree of added security may not be worth cost of reduced functionality associated with patching. Given this, many organizations tend to download and test patches prior to installing across various host systems.
Hi Lakshmi, great point you brought up here. I think that host hardening with patching is one of the most effective mechanisms for protecting data. However, I do not think that it is the only method of preventing cyber attacks. You brought up a good point about freezing after installing the patches. Since the operating system may be outdated the patches may cause tech glitches especially if the patches required are a lot. These technical glitches can affect the “availability” principles of information security.
This chapter introduced the concept of host hardening and started by defining a host as anything with an IP address. It explained several concepts used for hardening, which can help to protect against attacks, including backups, physical controls, secure configurations, minimizing unnecessary applications and services, patch and vulnerability management, and managing users, groups, and permissions. One of the key points that I found interesting and useful was the explanation of some of the benefits of virtualization when it comes to hardening. It explained that in using virtualization, it can allow for the creation and application of a single security baseline that can be easily cloned. This helps to increase availability and fault tolerance and decrease labor costs and provides strength to the overall environment through better standardization and hardening. Although I was familiar with the operational benefits of virtualization, I had not thought about it before from a hardening and general security perspective.
This chapter emphasizes the importance of server and host. Server is a computer that provides data to other computers and attackers like to focus their efforts on serves because they contain valuable data. The host is any device with an IP address such as client PCs and even mobile phones. The host is the last line of defense for thwarting attacks, so it is important to harden all hosts. The one of most important steps to host hardening is security policy implementation. The security policies discussed in Chapter 2 and the password policies discussed in Chapter 5 mean little if they are not implemented. Security policies exist to protect computing resources from harm. Corporations can even be held liable for not implementing certain security policies required by law.
One of the aspects of this reading that resonates with me is the concept of secure baselines and images. Knowing how to secure a host is obviously important. But it’s not enough. You need to make sure that the secure baseline is used across the company. If you have 10 firewalls that should be set up the same way, you want to make sure they are configured exactly the same. Having someone do this manually from memory leaves room for error. Secure baselines and images also help with disaster recovery. In my work, I’ve seen images and standard configurations often used for end user devices like workstations and laptops. Network devices seems to often get overlooked. I think this leaves organizations open to vulnerabilities — specifically vulnerabilities they don’t know about because they could be the result of one wrong click.
Hi Jon,
I appreciate your comment because it goes to show that just having resources isn’t enough. They have to be organized and utilized correctly in order to be most effective.
The text pointed some risks of patching systems, arguing the added security is often accompanied by the cost of reduced functionality. This sometimes doesn’t justify the level of safety provided by a given patch. In addition, the text also pointed out that it is possible for patches to freeze machines or cause additional damage. However, with good, well-defined policies, organizations can take advantage of virtualization, patch testing, rolling updates, and system backup and restore options to ensure the host machine’s availability and reliability.
The key takeaway from this chapter is host hardening is not single protection but multiple practices that aim to protect any device with an IP address. Important things to do to perform host hardening are: backing up the host regularly, restricting physical access to the host, installing operating systems with secure configuration options, all passwords should meet requirements, minimize applications that run on the host, strengthen all applications on the host, download and install patches for known operating system vulnerabilities, manage users and groups, manage access permissions for users and groups, encrypt data, add host firewall, audit operating system logs, run vulnerability tests
Quynh – I think you raise a really good point. There are lots of different aspects of host hardening and if they are applied appropriately, it provides multiple layers of defense. I thought the chapter really did a good job of addressing each of the different aspects of host hardening and explaining the purpose and also some of the challenges with each.
My biggest takeaway from this section is about patching. Patching can be a very effective way to fix a vulnerability before users have been exposed to it. Additionally, any company that is using software that is no longer being patched by the vendor should remove that software. For example, Microsoft no longer services Windows XP or Windows 7, so those OS’s should no longer be used. Patching reminds me of the time when an apple vulnerability was discovered. By typing, “effective.
Power
لُلُصّبُلُلصّبُررً ॣ ॣh ॣ ॣ
冗,”
You could disable anybody’s iPhone. This was all fun and games when it came out, but I could imagine it caused plenty of people over at Apple to lose sleep for the time it was going on. Thanks to patching, the issue was resolved fairly quickly and people could resume using their phones in peace.
I remember when that vulnerability with Apple was discovered as well. Apple has a genius way of finding bugs along with their normal patching process. They offer “bug bounties” to individuals who discover bugs like that one. This greatly helps with the patching process, as instead of QA testers spending time trying to “break” their systems, the users, who use their products for a majority of the day, can report any issues they find, and may be compensated for it.
I found the Virtualization section the most interesting. The analogy was very helpful in understanding the different structures of virtualization, such as Bachelor Pad, Single Family Home and Hotel. Using the analogy idea of using computers to buildings and operating systems to people, made me understand how the Hotel virtualization works. It looks like any office building could be used as a Hotel virtualization concept. So what is an apartment building, an Apartment is similar to a hotel, however, each unit could have their own ISP and bachelor pad or single family set up.
In this week’s reading assignment, a key takeaway that I thought was important to note was that the risk assessment process does an excellent task of simplifying the overall process into smaller, simpler steps to allow any firm or company to precisely analyze their company. The first step is to characterize the most important parts of the data in order. Anything not fitting to a category will be left out of the plan. After everything is organized then the risk rating can be done. Understanding the threat and vulnerability of data is a crucial aspect of the NIST 800-100. The three steps are needed to be done as detailed as possible to increase the safeguarding of data.
As an auditor, I’m familiar with backups and various backu0 processes. However, the portion of the reading that stood out to me was on backup technologies. There are several common technologies for doing backups such as local, centralized, CDP, and mesh. Of these local is the least preferred as there’s no way to enforce policies and it’s difficult to audit. I quite often see CDP in daily practice as it offers the best features and security. While these are the most common types, there others as well as those that are being developed.