CompTIA Security+ SY0-401 OS Hardening and Virtualization Topics
In the following guide, CompTIA Security+ SYo-401 Authorized Cert Guide, Deluxe Edition, 3rd EditionY, author David L. Prowse discusses OS hardening and virtualization topics. Some of his key points are outlined here.
Off the shelf operating systems can often be insecure for a variety of reasons and need to be hardened to meet your company’s policies, Trusted Operating System (TOS) compliance, and government regulations. Generally, though, operating systems need to be hardened so that they are more difficult to compromise. The process of hardening an operating system includes: removing unnecessary services and applications; whitelisting and blacklisting applications; using anti-malware applications; configuring personal software-based firewalls; updating to the latest patch or service pack (as well as managing those patches); using group policies, security templates, and baselining; utilizing a secure file system and performing preventive maintenance on hard drives; and overall, keeping a well-maintained computer. These processes create a huge workload thereby making the use of automation a key factor. Automate your workload through the use of templates, the imaging of systems, and by using specific workflow methods whenever possible. These steps along with clearly written policies, can help you to get work done in an efficient manner. One great way to accomplish this (in addition to being possibly more secure) is by using virtualization, the creation of a virtual machine or other emulator that runs in a virtual environment, instead of requiring its own physical computer. Utilizing virtualization renders dual-booting pretty much unnecessary, and can offer a lot of options when it comes to compartmentalization and portability. The virtual machine runs in a hypervisor. The hypervisor, and the virtual machines it contains, needs to be secured.
If there is a hosting operating system, it should also be hardened appropriately. Using the latest version of software, the security administrator should update the virtual machine and configure applicable security settings for it. Individual virtual machines should have their virtual BIOS secured, and the virtual machine itself should be hardened the same way a regular, or non-virtual, operating system would be. All virtual systems should be tested thoroughly before being placed into production. It’s the implementation of security control testing that will ensure compatibility between VMs and virtual hosting software, reduce the likelihood of compromise, and provide greater efficiency and less downtime over time.
For more information or to buy the book, go to the David Prowse official website
To purchase the new CompTIA Security+ SYo-401 exam voucher, click here