adam's notes

Endpoint Hardening Techniques

Hardening is the process of putting an operating system or application in a secure configuration.

  • important to keep in mind the devices intended use
    • hardening can restrict a system’s access and capabilities
  • for a device in a given role, a standardized secure configuration should be established
    • called a secure baseline
    • can be applied automatically for a consistent reliable process
  • system should only run protocols and services for its required use and no more
    • minimizes attack surface

Protecting Ports/Interface

  • Interfaces provide a connection to the network
  • may have more than one interface
    • wired and wireless
  • involves restricting the physical interfaces/ports
  • explicitly disable non-required interfaces
  • port control software
    • allows only authorized devices to connect
  • can leverage device firmware settings to:
    • disable physical ports
    • require a password before a device can boot from a nonstandard source
      • e.g., USB drive
  • firewalls

Services

  • Services provide a library of functions for different types of applications
  • unused services should be disabled

Application Ports

  • Application service ports allow client software to connect to applications over a network
  • should either be disabled or blocked at a firewall if remote access is not required
  • server might be configured with a non-standard port
    • e.g., HTTP server might be configured to use 8080 rather than 80
  • intrusion detection system should detect if network data does not correspond to the expected protocol format

Encryption Techniques

  • full disk encryption (FDE)
  • encrypt removable media
  • use self-encrypting drives
  • virtual private network (VPN)
  • email encryption
    • Pretty Good Privacy (PGP)
    • Secure/Multipurpose Internet Mail Extensions (S/MIME)

Accounts

  • Accounts should be checked and reviewed to determine:
    • whether account is needed
    • whether the account has properly configured privileges
  • unused/unneeded accounts should be disabled or removed

Host-Based Firewalls and IPS

  • implicit deny policies

Installing Endpoint Detection

  • Create a deployment plan
    • consider
      • deployment order
      • time frames
      • use stages to limit disruptions
  • Standardize configurations
    • ensure consistency in protection levels
    • simplify compliance management
  • Automate deployments
    • using tools like
      • Microsoft System Center Configuration Manager (SSCM)
      • Group Policy
      • third-party solutions
  • Updates and Patches
  • Monitor endpoint protection agents
    • check for alerts
    • ensure agents are running

Changing Defaults and Removing Unnecessary Software

  • Change default passwords
  • remove unnecessary software
    • keep only software needed for intended function
    • disable unneeded features

Decommissioning

  • data sanitization
    • secure erase
  • reset devices back to factory settings
  • update inventory records

Maintenance

  • important to establish a maintenance cycle for each device
  • keep up to date with new security threats and responses for software on device
  • verify hardware and software versions are actively supported
  • remove End of Support and End of Life devices and software

Graph View

Backlinks