CertiGuide to Security+  9  Chapter 3:  Infrastructure Security (Domain 3.0; 20%)       9  3.5  Security Baselines            9  3.5.1  OS/NOS Hardening

3.5.1  OS/NOS Hardening 1 2 3 4 3.5.1.1  File System

OS Configuration

OS configuration involves any settings that you can specify to customize the behavior of the OS. (Technically it includes the ideas of installed options and available services. But it also continues to include general OS settings such as those specified in the Windows registry.)

In the Windows world, many OS configuration details can be accomplished by applying what are known as Policies, on users, groups, the entire network, and other objects. The Security Configuration Tool Set for Windows 2000³⁵⁶ is a suite of MMC snap-ins related to security administration, which is well described in Hack-proofing Windows 2000 Server³⁵⁷ by Todd and Johnson. Using this toolset, you can manage account policies, machine policies, system event log settings, registry permissions, services, IPSec policies, public key policies, and more.

One specific decision in the area of OS configuration, which can have a substantial impact on network security, is choice of an authentication mechanism. In UNIX, your choices are typically the traditional /etc/password based login, NIS+ from Sun, or Kerberos. In Windows, your choices include Anonymous, Basic, and Message Digest, NTLM, Kerberos and PKI authentication. The pros and cons of these options are explained in the Windows 2000 Security Handbook³⁵⁸ by Cox and Sheldon.

3.5.1  OS/NOS Hardening 1 2 3 4 3.5.1.1  File System