Assignment | Operating Systems and Application Security.

Verified

Added on  2022/10/09

|27
|3136
|14
Assignment
AI Summary

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Operating Systems and Application Security
1
INFT 5033 – OPERATING SYSTEMS AND APPLICATION SECURITY
By (Student’s Name)
(Course Name)
(Tutor’s Name)
(Date)

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Operating Systems and Application Security
2
Table of Contents
Tables of figures..............................................................................................................................2
Introduction......................................................................................................................................3
Overview of the case study..............................................................................................................4
Part one: Security hardening requirements and controls.................................................................4
Common hardening techniques for both windows and Linux.....................................................4
Specifics for hardening Linux operating systems........................................................................6
Specifics for hardening window based operating system............................................................7
How to adapt the NIST frameworks............................................................................................7
Part two: Implementation Plan........................................................................................................8
Overview of VMWare workstation..............................................................................................8
Implementation 1: Strong passwords.........................................................................................10
Implementation 2: Setting up of restrictions on VMs................................................................13
Implementation 3: Updating Virtual machines..........................................................................13
Implementation 4: Configuring Virtual machine.......................................................................14
Implementation 5: Cloning the Virtual machine........................................................................15
Implementation 6: disabling unnecessary services....................................................................17
Implementation 7: NATting in Virtual machines......................................................................18
Implementation 8: Bridged Network in Virtual machines.........................................................19
Document Page
Operating Systems and Application Security
3
Implementation 9: Access control..............................................................................................21
Implementation 10: Basic configuration....................................................................................23
References......................................................................................................................................24
Tables of figures
Document Page
Operating Systems and Application Security
4
Figure 1: The look of VMWare workstation pro.............................................................................9
Figure 2: Samples virtual machines which have been installed....................................................10
Figure 3: Start by editing the virtual machine settings..................................................................10
Figure 4: Start by editing the virtual machine settings..................................................................11
Figure 5: Password encryption process.........................................................................................13
Figure 6: The appearance of VMware machine after encryption..................................................13
Figure 7: Putting restrictions.........................................................................................................14
Figure 8: Configuring Virtual machine.........................................................................................15
Figure 9: Choosing the current state in the virtual machines........................................................16
Figure 10: creating a full clone......................................................................................................17
Figure 11: Providing a name for the new virtual machine............................................................17
Figure 12: Finishing up the cloning process..................................................................................18
Figure 13: Removing unnecessary services...................................................................................18
Figure 14: NATting implementation.............................................................................................19
Figure 15: Pinging NATting implementation................................................................................20
Figure 16: Bridged Implementation...............................................................................................21
Figure 17: Pinging Bridged Virtual machine network..................................................................22
Figure 18: Access control..............................................................................................................23
Figure 19: After encryption of the access control.........................................................................23
Figure 20: Workspace configuration.............................................................................................24

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Operating Systems and Application Security
5
Introduction
System hardening is a collection of techniques, best practices and tools to reduce
weaknesses in technology applications, firmware, and systems. The major aim of hardening is to
reduce security risk by eliminating potential attacks and considering system’s attack surface.
NIST has developed a voluntary framework which consists of guidelines and standards to
manage cybersecurity risks. The computer security framework developed by NIST provides
guidance of how public and private organizations in the US can improve their ability to detect,
respond, and private computer related attacks. This report will document comprehensively
security control implementation in a virtual machine; this will consist of one file server, one
internal managed windows client, one internal Linux client, and one unmanaged device. This
paper will utilize VMWare workstation pro software to create the virtual machines (Cardwell,
2016, p. 117)
Overview of the case study
LargeCorp is a fictional organization with three physical sites across a variety of
geographical locations. The internal division of the organization includes human resource,
information technology sector, finance, manufacturing, and research and development section.
The organization supports both Linux and windows servers and clients. The organization has
specified that files must be provided only to the authorized users on the organization LAN
through SMB protocol. The files shared must be classified as restricted for internal use only or
highly confidential and public information.
Document Page
Operating Systems and Application Security
6
Part one: Security hardening requirements and controls
Common hardening techniques for both windows and Linux
Cyber-related attacks are very common nowadays. Hackers attack websites and
information systems using various cyber-attack techniques which are referred to as attack
vectors. To prevent such attacks, operating systems needs to get hardened. Hardening is the
process that assist in the enhancement of operating systems. Proper operating system hardening
shields an organization from cyber related attacks in turn reduces them as well (Turnbull, 2013,
p. 69).
Operating system hardening is a process that assists in reducing cyber related attacks
surface of an information system by disabling functionalities which are not required while at the
same time maintaining minimum functionality which is required. According to NIST, operating
system hardening is the process of making an operating system bulletproof; not leaving the
operating system exposed to the general public on the wide area network without any form of
protection. There are various techniques which are applied to harden an operating system. First,
a system administrator needs to keep all operating system updated with the latest version and the
most robust version. This can be achieved by making sure that security patches and all the hot
fixes are constantly updated. Second, LargeCorp needs to install the latest service pack for
operating systems for all windows-based version. Third all, the organization switches and
routers need to be protected with a strong password. For Linux based operating system an
organization needs to remove all the unnecessary drivers which are not in use. This also applies
to window-based operating system (Hassell, 2017, p. 89). To all the user computer one needs not
to create two accounts in the administrator groups. Also one needs to disable and delete
Document Page
Operating Systems and Application Security
7
unnecessary accounts quarterly and disable non-essential services. In addition, an organization
needs to enable audit logs to capture failed and successful login efforts which are elevated from
usage privileges and any kind of unauthorized activities. In addition, an organization needs to
secure CMOS settings and ensure file and directory protection via the use of access control lists
(ACLs) and file permissions. Also, the organization system administrator needs to ensure that all
the log all activity, warnings and errors are configured appropriately and at the same tighten
NTFS and registry partitions (Mani, 2016).
LargeCorp needs to use strong passwords in all the machines and ensure that services are
running with least-privileged accounts. The organization needs also to disable all the
unnecessary file sharing and remove administrative shares if not they are needed.
To adopt the above hardening techniques an organization needs to completely align with defense
in depth strategy. This strategy ensures that security is hardened at host level, the operating
system level, the application level, user level, and the physical level. Defense in Depth approach
includes security measures at each of the above layers.
Other common techniques are programs clean-up, this process usually removes
unnecessary programs which, it is important to note that every program is potential entrance
point by hackers, Cleaning these programs assists in limiting the number of ways a hacker can
enter into a computer. Also an organization needs to ensure group policies; here a system
administrator needs to define groups can’t or can access and also maintain these rules. Most are
the times user error that leads to a cyber-attack. To meet this operating system hardening
technique and organization needs to establish and ensure that all users are aware and complies
with the laid procedures about group policy. An example, every employee at LargeCorp needs to

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Operating Systems and Application Security
8
implement strong passwords on their user accounts. Configuration baselines is another
technique; this is the process of measuring changes in a network, software, and hardware. To
create baselines means selecting something to measure and measuring it consistently for a period
of time (Smith, 2019).
Specifics for hardening Linux operating systems
LargeCorp needs to use SELinux and other specified Linux extensions. This enforces
limitations on a network and other related programs. SELinux provides a flexible Mandatory
Access Control. Here one had to run Kernel to protect the operating system from malicious or
any flawed applications which can damage or destroy Linux Operating system. Second,
LargeCorp needs to set-up passwords which are aging for Linux users to ensure a better security.
Here the chage command in Linux changes the number of days between the data of the last
password change. This information is usually used by the Linux system to determine when a
Linux user ought to change their password. Here one ought to disable password aging. In
addition, on passwords one can restrict users from the use of the previous old passwords. This
enables by Pam_Unix module parameter which can be used to configure the number of previous
passwords which cannot be reused (Pollei, 2013, p. 98). Third on Linux LargeCorp can look user
accounts which have already logged in. This can be achieved by using the faillog command, this
displays faillog records or sets the logins failure limits. Forth, one can disable root login; here
one should use sudo to execute root level command as when it is required, sudo enhances the
security of the operating system without having to share root password with other admins and
users. The command sudo provides simple tracking and auditing features. Lastly, an organization
needs to disable unwanted Linux services and daemons (FedoraLinux, 2019).
Document Page
Operating Systems and Application Security
9
Specifics for hardening window based operating system
To harden window based operating system, the very first technique is remove all the
executable and registry entries. By forgetting to remove unneeded executables and all the
registry entries usually allows a hacker to invoke something which has been previous disabled.
Second, LargeCorp needs to apply the appropriately restrictive permissions to services, end
points, and files. Inappropriate permissions usually gives an attacker permissions to an opening
Justified high level security design (Bragg, 2015, p. 79).
How to adapt the NIST frameworks
To adapt To NIST security controls to harden operating system, an organization needs to
adhere to several protocols. First is removing unnecessary programs as every program serve as
entrance point to a hacker. Second is use of service pack; this entails keeping the operating
system up-to date and installing the latest version. Patch and patch management; this makes that
the operating systems is patched regularly. Third is group policies which entails define what
groups can’t or can access and maintain these rules. Lastly configuration baselines; this involves
establishing measures and baselines on a schedule which is acceptable to both standard and
meeting organization needs (Conklin, et al., 2016, p. 79).
Part two: Implementation Plan
Overview of VMWare workstation
In this section, this paper will highlight how to go about implementing the above
discussed techniques using VMware workstation. To start with VMWARE is a hosted hypervisor
which runs on 64 bits version of Linux and windows operating system. The software enables
uses to set-up virtual machines on a single physical machine and use them simultaneously along
Document Page
Operating Systems and Application Security
10
with the actual machine. Each of the virtual machine has the ability of executing its own
operating system which includes versions of Microsoft windows, MS-DOS, BSD, and Linux.
VMWare workstation was first developed and sold by VMware Inc. which is one division of
Dell technologies. The initial release of the software was in 1999, where the programming
languages which was used was C programming language. One of the reasons as to why this
paper has gone for VMWare workstation is because it can save the state of virtual machine at
any instant. Other reasons is because, the software has high-performance that supports DirectX
10 and OpenGL. The software also support resolution display, and helpful snapshots. It also
offers cross-compatibility which can run across various platforms such as windows and Linux-
based. It also has the restricted access feature to virtual machine (SandiaNationalLaboratories,
2013, p. 47).
Figure 1: The look of VMWare workstation pro
The installed devices is as shown by the figure below
Figure 2: Samples virtual machines which have been installed

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Operating Systems and Application Security
11
Implementation 1: Strong passwords
To implement this feature is very simple since one only puts some restrictions on them.
Vmware workstation software has done a lot of work as one is able to share the VMs and even
apply restrictions. To apply password restriction one just goes on VM tab then settings as
shown , then options tab, then access control, then encryption control, and then encrypt. One is
then prompted to enter password and confirm by clicking Ok and the closing the Vmware
workstation console. This is shown by the figures shown below
Figure 3: Start by editing the virtual machine settings
Document Page
Operating Systems and Application Security
12
Figure 4: Start by editing the virtual machine settings
Document Page
Operating Systems and Application Security
13
By clicking on the encrypt button, encryption process starts which takes at most twenty
minutes to complete as shown by the figure below; incase one is using slow drive the process
might take a long period of time this is as shown by the diagram below

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Operating Systems and Application Security
14
Figure 5: Password encryption process
When the process is ready one can run the VMWARE virtual machine which is as shown by the
diagram below.
Figure 6: The appearance of VMware machine after encryption
Document Page
Operating Systems and Application Security
15
Implementation 2: Setting up of restrictions on VMs
As the name applies restrictions usually limits the usage of VM(s). Restrictions are done
on VMs because of licensing for a software. For production an organization needs to buy
VMware Horizon Felx product that provides centralized control for the VMs. This is done
opening settings for the organization VM and the enabling restrictions box. One can configure all
restrictions VMware workstation and then inputting restrictions password as shown by the figure
shown below
Figure 7: Putting restrictions
Implementation 3: Updating Virtual machines
From time to time one will be required to update the end-user virtual machines. There are
two major ways that one can use to provide updates. One is updating the guest operating system
and then providing an update to a pragma that is running in the guest operating system. Second is
through updating the virtual machine itself or its policies.
Document Page
Operating Systems and Application Security
16
Implementation 4: Configuring Virtual machine
Here one starts by configuring the display preferences. This controls the display settings
of all virtual machines. The procedure starts by selecting the edit feature then preference and
selecting display. One can then select one of the options which are autofit window; this option
resizes the application windows and autofit guest which changes the virtual machine settings to
match the application window.
Figure 8: Configuring Virtual machine

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Operating Systems and Application Security
17
Implementation 5: Cloning the Virtual machine
Cloning assists in creating more space for other machines. To do this once just opens
Vmware workstation, then right clicks the machine that one wants to create a copy if and the
scrolls down to manage and then click clone as shown by the figures below
Figure 9: Choosing the current state in the virtual machines
Document Page
Operating Systems and Application Security
18
Figure 10: creating a full clone
Figure 11: Providing a name for the new virtual machine
Document Page
Operating Systems and Application Security
19
Figure 12: Finishing up the cloning process
Implementation 6: disabling unnecessary services
To disable unnecessary services can range from deleting those virtual machines which are
not in use or which are deemed redundant. To do this one juts right clicks on the virtual machine
and then click remove as shown by the figure below
Figure 13: Removing unnecessary services

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Operating Systems and Application Security
20
Implementation 7: NATting in Virtual machines
Selecting the desired VM machine and then open settings then select hardware and then NAT as
shown by the screenshot below
Figure 14: NATting implementation
Continue to ping the virtual machine as shown by the figure below
Document Page
Operating Systems and Application Security
21
Figure 15: Pinging NATting implementation
Implementation 8: Bridged Network in Virtual machines
Click virtual machines settings, hardware and the check the box bridged network as shown by
the figure below
Document Page
Operating Systems and Application Security
22
Figure 16: Bridged Implementation
Ping the bridged network as shown by the figure below

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Operating Systems and Application Security
23
Figure 17: Pinging Bridged Virtual machine network
Implementation 9: Access control
The encryption feature of virtual machines can protect sensitive information on virtual
machines. This is done by just clicking virtual machine settings for one of Virtual machines and
then options and encrypt access control as shown by the figure below
Document Page
Operating Systems and Application Security
24
Figure 18: Access control
After encryption it will appear as shown by figure shown below
Figure 19: After encryption of the access control
Document Page
Operating Systems and Application Security
25
Implementation 10: Basic configuration
First basic configuration is in the workspace section.as shown by the figure below, this
research decided to change the default location for virtual machines
Figure 20: Workspace configuration

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Operating Systems and Application Security
26
References
Bragg, R., 2015. Hardening Windows systems. 4th ed. New York: Mac Grow grill Press.
Cardwell, K., 2016. Building Virtual Pentesting Labs for Advanced Penetration Testing - Second
Edition.. 1st ed. New York: Packt Publishing.
Conklin, W. A., White, G. B., Williams, D. & Davis, R., 2016. Principles of computer security.
3rd ed. New York: McGraw Hill.
FedoraLinux, 2019. 40 Linux Server Hardening Security Tips. [Online]
Available at: https://www.cyberciti.biz/tips/linux-security.html
[Accessed 30th September 2019].
Hassell, J., 2017. Hardening Windows. 3rd ed. Chicago: John & Wiley Press.
Mani, V., 2016. Reducing Cyber Attacks through effective hardening techniques. [Online]
Available at: https://www.linkedin.com/pulse/reducing-cyber-attacks-through-effective-
hardening-techniques-mani
[Accessed 30th September 2018].
Pollei, R., 2013. Debian 7 : System Administration Best Practices.. 3rd ed. New York: Packt
publishers.
SandiaNationalLaboratories, 2013. Windows NT Workstation Performance Evaluation Based on
Pro. 4th ed. Chicago: Springer Press.
Smith, H., 2019. 6 Important OS Hardening Steps to Protect Your Clients. [Online]
Available at: https://www.continuum.net/blog/6-important-steps-to-harden-your-clients-
Document Page
Operating Systems and Application Security
27
operating-systems
[Accessed 30th September 2019].
Turnbull, J., 2013. Hardening Linux. 1st ed. New York: Springer Press.
1 out of 27
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]