# ID Number Name Section Group

1 TTMR/161/16 Mesafint Dagnew

2 TTMR/058/16 Belay Jemere
3 TTMR/044/16 Awlachew W/micheal 2 2
4 TTMR/236/16 Yohannes Birhanu
Group members
5 TTMR/039/16 12/1/2024
 Outline
1 of 12
Introduction to OS Security
Operating System Security Principles
OS Hardening techniques
Secure Key Applications
Maintain Security
Securing Unix/Linux Systems
Securing Windows Systems
Maintain Security in Virtualized Systems

12/1/2024
 Introduction to operating system Security
2 of 12
• OS security safeguards the foundation of IT infrastructure by protecting the OS
against unauthorized access, data breaches and malware.
System Security Planning OS Hardening
1 The first step is to carefully plan the 2 Involves configuring the OS to minimize
system deployment, considering the vulnerabilities and enhance security,
purpose, users, and security including removing unnecessary
requirements. services and protocols.

Application Security Security Maintenance

3 Securing applications involves 4 Ongoing security maintenance is
configuring them properly, crucial, including regular patching,
implementing encryption logging, and data backup to mitigate
technologies, and ensuring their threats and maintain a secure
integrity. environment.
12/1/2024
 OS Security Principles
3 of 12
Defense in Depth Application/user OS Security layers
Multiple layers of security to OS/Kernel
protect against threats physical
Least Privilege
Users should have minimal
access rights.
whitelisting
Only allow approved apps
to run

Patch Management
Regularly fix vulnerabilities in
operating systems and software
12/1/2024
 OS Hardening Techniques
4 of 12
1 initial Setup and Patching 2 Remove Unnecessary Services
Install the OS in a secure Disable or remove any services,
environment, minimizing the number applications, and protocols that are not
of packages installed, and promptly essential for the system's functionality
apply all critical security patches. to reduce the attack surface.

3 User permissions 4 Logging and monitoring

Implement least privilege principle for enable logging to track access and detect
user access rights. anomalies

5 Install Additional Security Controls 6 Test System Security

Consider installing and configuring Regularly test the security of the
additional security tools such as anti- operating system to ensure that the
virus software, host-based firewalls, and implemented measures are effective &
intrusion detection systems. identify any vulnerability.

12/1/2024
 Application security : post hardening
,
5 of 12
Encryption Technology
Install and Patch Implement encryption technologies to
Install only the essential applications, protect sensitive data both in transit and at
keep them updated with the latest rest, using protocols like TLS/SSL and
secure versions, and enable automatic encrypting file systems.
updates whenever possible.

Application Configuration
Set up applications correctly by
enabling only the necessary features
and reviewing and adjusting default
settings to improve security.

12/1/2024
 Application configuration best practices
, 6 of 12
Remove Defaults Secure configurations
 Ensure default settings and accounts  Follow security best practices for
are disabled or changed to prevent application configurations to eliminate
unauthorized access potential vulnerabilities

Regular updates  Minimize permissions

 Keep applications UpToDate with Grant user only the necessary
the latest security patches and permissions needed to perform their
updates released by vendors functions limiting exposure

Audit Logs
 Implement logging mechanisms to
monitor access changes to
application for security oversight
12/1/2024
 Security Maintenance
7 of 12
• an ongoing process that ensures the continued security of your systems.
Logging
Set up detailed logging to track system
events, network activity, and application
actions, helping you detect and
investigate security issues
Security testing
Conduct periodic security testing, using
checklists, vulnerability scanning tools,
and penetration testing to identify and
address weaknesses
Data Backup and Archive
Regularly back up your data to protect against data
loss due to hardware failures, software errors, or
malicious attacks. 12/1/2024
 Linux/Unix Security
8 of 12
Patch Management Remote access control
 Regularly apply security patches to  Limit Remote access using firewalls
minimize vulnerability exposure and access policies

Configuration files Service Limitation

 Securely configure important system  disable unnecessary services to reduce
files to enhance overall security attack surfaces and vulnerabilities

User permissions Backup strategy

 Implement strict user access controls  Establish regular backup procedures
to prevent unauthorized access to safeguard against data loss

Logging and monitoring Using a chroot jail restricts a service's

 Enable logging to track activities and  access to a specific directory, isolating it
identify potential security threats from the rest of the system
12/1/2024
 Windows Security
9 of 12
,
1 Patch Management
Ensure timely installations of critical
updates to minimize vulnerabilities
within the windows operating system

2 User Permissions
Implement least privilege access
controls for users and regularly
review permissions to reduce attack
vectors

3 firewall configurations
Utilize the built-in windows firewall
to restrict unauthorized access and
monitor incoming and outgoing traffic
4 Security Testing 12/1/2024
 Linux/Unix Security VS Windows Security
10 of 12
Security Measure Unix/Linux Windows
Use apt, yum, or dnf for updates; Use Windows Update or WSUS;
Patch Management
automate with cron. enable auto-updates.
User Administration Use sudo for admin tasks; manage Use UAC for admin control; manage
and Access Control permissions with chmod and ACLs. users via Active Directory.
Logging and Log Use syslog/journald; rotate logs with Use Event Viewer; set log size
Rotation logrotate. limits.
Application and Configure apps securely with Use Group Policy to enforce secure
Service SELinux or AppArmor; disable configurations; disable unused
Configuration unnecessary services services.
Remote Access Secure SSH with keys, disable root Use Remote Desktop with MFA,
Controls login, and limit access by IP. strong passwords, and restricted
access.
Security Testing Test with tools like Lynis or Use MBSA, Nessus, or similar tools.
Metasploit. 12/1/2024
 Virtualization Security
11 of 12
• Securing virtualized systems requires addressing the security of the hypervisor, guest
operating systems, and the virtualized infrastructure.

Guest OS Isolation Guest OS Monitoring Virtualized Environment Security

Ensure that programs The hypervisor has privileged Secure the virtualized environment,
running within a guest access to guest OSs, so it must including VM images and snapshots,
OS are isolated from be trusted and secured to to prevent unauthorized access and
other guests and the prevent malicious use of this modification.
hypervisor, preventing access.
unauthorized access and Securing Virtualization Systems
Secure the hypervisor, guest OSs, and
data breaches.
virtualized infrastructure,
implementing appropriate security
measures for each layer. 12/1/2024
Summary
12 of 12

12/1/2024
“Secure Your OS Today”

12/1/2024