Introduction to System Hardening Basic Security Configuration

Session 17
==========
Introduction to System Hardening
Basic Security Configuration
Automated Security Analyzers – Lynis
Basics Of Shell Scripting

Introduction to System Hardening
================================
Hardening is usually a process of securing the system by reducing its surface of vulnerability.
A system in which 5 different services are running.
5 systems in which 5 services are running, one service per system.
More chances of comporomising is in first setup.

Critical Systems —> On which servers, database, APIs are running
Non-Critical Systems –> In House PC, Reception Systems
Hardware system –> Sensors, CCTV, Biometric

VAPT –> We scan the systems accordingly.
Professionals will deal with Critical System
Little Experience Will deal with Non-Critical System
Freshers|Noobez will deal will Hardware System

Why We need System Hardening?
=============================
To secure
To patch
To prevent the system from being compromised

All the organisation use AD (Active Directory) system for securing their devices and network. But they cannot fulfil the requirements for securing the whole system completely. There is always a gap, because they cannot configure the system manualy. Here we as system auditors come into existance for completely Configuring the system manually.

What are the things we need to keep in mind.
1. Software Patching
2. Outdated Applications and versions
3. OS Updated or not
4. Minimum Information revealing

How will you secure your system
1. Update The System
2. Password Protected
3. Acha khasa Anti-Malware
4. Firewall
5. IDS and IPS
6. Closing the services and Ports
7. Disabling Autorun
8. Disabling USB
9. Passwords

_____________________________________________________
|Sr. No | Task | Location | P. Status | Current Status |
——————————————————
1. |Openiing firewall | Start-> Control Panel -> System Security -> Firewall | Disabled | Enables

msconfig
regedit
Group Policy –> gpedit.msc
secpol –> security policies

We create a checklist for all different OS
Windows 10 –> 350 Controls

Hard Wire Coding
Universal Coding

ISO 27001 Compliance
ISMS –> Information Security Management System,
Most widely used ISO Compliance Bible

–> CISO
–> CIO
Lead Auditor
HIPAA

Tools for scaning
=================
1. SPARTA –> GUI Based
2. LYNIS –> CLI Based tool, for unix/linux based Systems

Shell Scipting
==============
MS OS –> .exe
Linux –> .sh

MS OS –> Notepad, Wordpad
Linux –> vi, vim, leafpad, gedit, nano

nano filename.sh
Edit it and save it
chmod +x filename.sh
chmod 777 filename.sh

./filename.sh

Tool
====

Shell SCripting
—————

Tool -> netdiscover

Tool -> nmap

Linux OS –

Editor -> gedit | nano | leafpad | vi | vim etc

Extension : .sh
chmod 777 file.sh
./file.sh
file name —-> scann.sh

#/bin/bash/
ping www.google.com

—-exit——
chmod 777 scann.sh

netdiscover -> machines are runing in my network

#/bin/bash/
ping -c 1 172.16.3.134 |grep “64 bytes”
ping -c 1 172.16.3.136 |grep “64 bytes”
ping -c 1 172.16.3.137 |grep “64 bytes”
ping -c 1 172.16.3.145 |grep “64 bytes”

192.168.0.23
192.168.0.0-192.168.0.255

working of for loop
——————–
for(i = 0; i < 10;i++)
{
print i;
}

0
1
2
3
4
5
6
7
8
9

i value –> 1-255
192.168.0.i

192.168.0.1
192.168.0.2
192.168.0.3
**.**.**.**
192.168.0.255

192.168.0.12
192.168.0.0-192.168.0.255
192.168.0.1
192.168.0.2
192.168.0.3

for Loop Implementation

for ip in $(seq 1 255);do
ping -c 1 172.16.3.$ip | grep “64 bytes”
done

ping -c 1 192.168.0.1 | grep “64 bytes”
ping -c 1 192.168.0.2 | grep “64 bytes”
ping -c 1 192.168.0.3 | grep “64 bytes”

ping -c 1 192.168.0.255 | grep “64 bytes”

Test.sh file
Using for loop

#/bin/bash/
for ip in $(seq 1 255);do
ping -c 1 172.16.3.$ip |grep “ttl” |cut -d ” ” -f4 |cut -d “:” -f1
done

64 bytes from 192.168.0.5: icmp_seq=1 ttl=64 time=1.59 ms

cut -d ” ”
64
bytes
from
192.168.0.5:
icmp_seq=1
ttl=64
time=1.59
ms

https://pastebin.com/kyaZpqLz

2 comments on “Introduction to System Hardening Basic Security Configuration
  1. Aw, this was a very nice post. In idea I would like to put in writing like this additionally – taking time and precise effort to make a very good article… but what can I say… I procrastinate alot and under no circumstances appear to get one thing done.

  2. Adina Waight says:

    Thank you for the auspicious writeup. It in fact was a amusement account it. Look advanced to more added agreeable from you! However, how could we communicate?

Leave a Reply

Your email address will not be published. Required fields are marked *

*