adam's notes

Device and Service Hardening

Hardening is the process of making a host or app configuration secure by reducing its attack surface.

  • done by:
    • running only necessary services
    • installing monitoring software to protect against malware and intrusions
    • establishing a maintenance schedule to ensure the system is patched against software exploits

Policies of a Secure Configuration

  • Change default passwords/credentials
    • network devices/appliances often ship with default management passwords
    • change on installation
  • Enforce password complexity/length requirements
    • make passwords highly resistant to guessing and cracking attacks:
      • length
        • every password > 8 characters
          • network appliances passwords should be 14+ characters
      • complexity
        • multiple character classes are no longer required by NIST guidelines
        • still required by many organization’s policies
      • avoiding common passwords
        • any password that could be matched to a dictionary term is completely insecure
  • Configure role-based access
    • default administrator, superuser, or root account has unrestricted access to the device
      • high risk
    • role-based access means that a limited set of permissions is configured for different administrative groups
    • separation of duties
  • Disable unneeded network services
    • any network services that are not used should be disabled
    • reduces the attack surface
      • the range of things an attacker could possible exploit
    • important to disable unused administration interfaces
  • Disable insecure ports
    • insecure protocols should be deprecated
      • use secure protocols instead

Windows Services

  • found in Task Manager
    • view under Services
    • Right click to manage

Linux Services

  • /etc/init.d contains all services
    • ls to view
  • managing a service:
    • use systemctl command
      • systemctl status service
        • view service status
      • systemctl start service
        • start service
      • systemctl stop service
        • stop service
      • systemctl restart service
        • restart service
      • systemctl is-enabled service
        • displays whether service is enabled on startup
      • systemctl enable service
        • enables service on startup
      • systemctl disable service
        • disables service from startup
      • systemctl is-active service
        • tells if service is active

Scanning for Unsecure Protocols

Using nmap:

  • scan subnet for hosts
    • ip a shows IP address
    • nmap NETWORK
      • shows hosts and their services and open ports
  • detailed scan of specific host
    • nmap -p 1-65535 -sV IPADDRESS
      • -p reviews ports from 1-65535
      • sV to determine version of software used
  • look for unsecure services or protocols and any suspicious port usage

Graph View

Backlinks