Securing Resources  «Prev  Next»

Lesson 3Operating system security
ObjectiveKey requirements for securing your operating system.
Regardless of what operating system is running (UNIX, Windows NT, NetWare, etc.), you will have security-related problems. Because specific problem areas appear and disappear with operating system upgrades, an operating system change requires reevaluation of your security policy and assessment of new vulnerabilities.
Securing Resources Passwords

Operating system policies

Define operating system policies along with service security policies. Examine each system in your network on a user-by-user basis to see if any contain excessive access privileges. The table below lists the key areas for securing your operating system.

Key areas for securing your operating system

User and Groups:

  1. Assign the lowest level of access for each user or group that allows them to perform their jobs
  2. Carefully examine any default accounts and remove, reset or rename them as appropriate
  3. Create special accounts for public servers that access resources through the operating system

Removing services

Most organizations omit the simple solution of removing unnecessary services that might create an unintentional back door. For example, if you are using Internet Information Server on Windows NT, do not leave the NT server service running. Doing so creates a security hazard and invites unneeded risk.
Your operating system is the central element of your network. If you secure it, you will be able to enhance and complement other security systems.

OS Security Quiz

Click the Quiz link below to take a multiple-choice quiz about securing your operating system.
OS Security Quiz