ck
lo
yc
IC34 EXAM COMPLETE
ud
QUESTIONS AND CORRECT
DETAILED ANSWERS (VERIFIED
ANSWERS) A+ GRADED
St
,What is System Hardening?
The process of securing a system by reducing its attack surface
Reducing available vectors of attack typically includes:
Removal of unnecessary software Removal of unnecessary user accounts Strong
access controls (e.g. multifactor authentication)
Disabling or removal of unnecessary services
Installing security patches
What Types of Systems or Devices Can Be Hardened?
ck
Nearly anything that is configurable! Operating Systems
Databases
Applications
Managed switches
Routers firewalls
lo
Communication gateways Modems .
PLCs, RTUs
IEDs
VFDs
yc
OS Hardening Guidance
NIST SP 800-123 "Guide to General Server Security" .
ud
Microsoft Security Guides
Center for Internet Security's (CIS) Security Benchmarks
Defense Information Systems Agency's "Security Technical Implementation Guides"
(DISA STIGs)
Security Guides from Automation Suppliers
Yokogawa
St
Emerson -
Honeywel
Siemens -
others
Basic Steps to Secure an Operating System
Patch and update the OS/
Remove or disable unnecessary services, applications, and network protocols
, Configure OS user authentication . Configure access controls appropriately Install and
configure additional security
controls
Test the security of the OS
Examples of Unnecessary Software/Services
Games
Device drivers for hardware not included
Messaging services
Servers or clients for unused internet or remote access services
ck
Software compilers (except from non-production, development machines) Software
compilers for unused languages
Unused protocols and services .
Unused administrative utilities, diagnostics, management and system management
functions .
lo
Test and sample programs or scripts . Unused productivity suites and word processing
utilities
Unlicensed tools and shareware Universal Plug and Play services
yc
CIS Security Configuration
Recommended technical control rules/values for hardening operating systems,
middleware and software applications, and network devices;
ud
Accepted by government, business, professionals worldwide .
Downloaded several hunsreds thoudand times per year
Distributed free of charge by CIS in .PDF format
St
Also available in XCCDF, a machine readable XML format
Used by thousands of enterprises as a basis for security configuration policies and the
de facto standard for IT configuratiob best practices.
https://www.cisecurity.org/
Center for Internet Security (CIS)
Windows Benchmarks Linux Benchmarks Windows Server 2000Amazon Linux
Windows Server 2003CentOS Linux . Windows Server 2008Debian Linux Windows
lo
yc
IC34 EXAM COMPLETE
ud
QUESTIONS AND CORRECT
DETAILED ANSWERS (VERIFIED
ANSWERS) A+ GRADED
St
,What is System Hardening?
The process of securing a system by reducing its attack surface
Reducing available vectors of attack typically includes:
Removal of unnecessary software Removal of unnecessary user accounts Strong
access controls (e.g. multifactor authentication)
Disabling or removal of unnecessary services
Installing security patches
What Types of Systems or Devices Can Be Hardened?
ck
Nearly anything that is configurable! Operating Systems
Databases
Applications
Managed switches
Routers firewalls
lo
Communication gateways Modems .
PLCs, RTUs
IEDs
VFDs
yc
OS Hardening Guidance
NIST SP 800-123 "Guide to General Server Security" .
ud
Microsoft Security Guides
Center for Internet Security's (CIS) Security Benchmarks
Defense Information Systems Agency's "Security Technical Implementation Guides"
(DISA STIGs)
Security Guides from Automation Suppliers
Yokogawa
St
Emerson -
Honeywel
Siemens -
others
Basic Steps to Secure an Operating System
Patch and update the OS/
Remove or disable unnecessary services, applications, and network protocols
, Configure OS user authentication . Configure access controls appropriately Install and
configure additional security
controls
Test the security of the OS
Examples of Unnecessary Software/Services
Games
Device drivers for hardware not included
Messaging services
Servers or clients for unused internet or remote access services
ck
Software compilers (except from non-production, development machines) Software
compilers for unused languages
Unused protocols and services .
Unused administrative utilities, diagnostics, management and system management
functions .
lo
Test and sample programs or scripts . Unused productivity suites and word processing
utilities
Unlicensed tools and shareware Universal Plug and Play services
yc
CIS Security Configuration
Recommended technical control rules/values for hardening operating systems,
middleware and software applications, and network devices;
ud
Accepted by government, business, professionals worldwide .
Downloaded several hunsreds thoudand times per year
Distributed free of charge by CIS in .PDF format
St
Also available in XCCDF, a machine readable XML format
Used by thousands of enterprises as a basis for security configuration policies and the
de facto standard for IT configuratiob best practices.
https://www.cisecurity.org/
Center for Internet Security (CIS)
Windows Benchmarks Linux Benchmarks Windows Server 2000Amazon Linux
Windows Server 2003CentOS Linux . Windows Server 2008Debian Linux Windows
