Operating Systems Hardening
The intent of the Operating Systems Hardening Knowledge Unit is to provide students with the ability to apply methods such as managing applications, services, and network ports to improve the robustness of operating systems.
Topics
- Removing unnecessary components
- User restrictions (access and authorizations)
- Describe, for a given OS, the steps necessary for hardening the OS with respect to various applications.
- Vulnerability Scanning
Outcomes
- Describe, for a given OS, the steps necessary for hardening the OS with respect to various applications.
- Securely install a given OS, remove or shut down unnecessary components and services, close unnecessary ports, and ensure that all patches and updates are applied.
- Vulnerability Scanning
KSA-T
Below are the Knowledge, Skills, Abilities and Tasks (KSA-T) identified as being required to perform this work role.
Learn More about the KAS-T's.
| ID |
DESCRIPTION |
| K0167 |
Knowledge of system administration, network, and operating system hardening techniques. |
| K0122 |
Knowledge of investigative implications of hardware, Operating Systems, and network technologies. |
| K0205 |
Knowledge of basic system, network, and OS hardening techniques. |
| K0206 |
Knowledge of ethical hacking principles and techniques. |
| K0310 |
Knowledge of hacking methodologies. |
| K0342 |
Knowledge of penetration testing principles, tools, and techniques. |
| K0572 |
Knowledge of the functions and capabilities of internal teams that emulate threat activities to benefit the organization. |
| K0177 |
Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks). |
| K0070 |
Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). |
| K0089 |
Knowledge of systems diagnostic tools and fault identification techniques. |
| K0106 |
Knowledge of what constitutes a network attack and a network attack??s relationship to both threats and vulnerabilities. |
| K0119 |
Knowledge of hacking methodologies. |
| ID |
DESCRIPTION |
| S0121 |
Skill in system, network, and OS hardening techniques. (e.g., remove unnecessary services, password policies, network segmentation, enable logging, least privilege, etc.). |
| S0242 |
Skill in interpreting vulnerability scanner results to identify vulnerabilities. |
| S0001 |
Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems. |
| ID |
DESCRIPTION |
| A0016 |
Ability to facilitate small group discussions. |
| A0017 |
Ability to gauge learner understanding and knowledge level. |
| A0092 |
Ability to identify/describe target vulnerability. |
