Defensive Measures at Operating System Layer
This is the second layer of the defense in depth model. The defensive measures that have to be taken at this layer are:
* Keep up-to-date security patches and update releases for Operating System.
* Make a boot/ERD disk and keep it current
* Install and keep updated Antivirus software
* Install and keep updated Antispyware software
* Harden Operating System by turning off unnecessary services and features
Keep up-to-date security patches and update releases for Operating System
The most important program that runs on a computer is Operating System. Every general-purpose computer must have an Operating System to run other programs. Operating System perform basic tasks, such as recognizing input from the keyboard, sending output to the monitor, keeping track of files and folders on the disk and controlling peripheral devices such as disk drives and printers. Some of the common Desktop Operating Systems are Windows (9x, NT Workstation, 2000 Professional, XP Home Edition & Professional Edition) and Linux workstation etc.
Application software sits on top of Operating system because it is unable to run without the Operating System. Application software (also called end-user programs) includes word processor like MS Word, databases like SQL or Oracle etc.
It is the most essential task that every user has to do as it is repetitive ongoing activity. Every time vulnerability is explored the vendors releases the respective patch and that has to be installed immediately after release. If not, that might be an open door to exploit the system.
The user should subscribe the security newsletter from the respective vendors, whose software he is using. Accordingly, whenever a security patch or a hotfix (A Patch or Hotfix is a small program released by the vendor which fixes up the software for known bugs and vulnerabilities.)is being released the user will be intimated and can act accordingly.
Now days, the every application has the feature to update automatically through Internet. The user should cautiously configure the respective applications.
Using Windows Update
Windows Update is a Microsoft Web site that provides updates for Windows operating system software and Windows-based hardware. Updates address known issues and help protect against known security threats. The patches, hot fixes and service packs released by the Microsoft Corporation are free of cost.
When any user visit the Windows Update Web site i.e. http://www.windowsupdate.com , Windows Update scans the user’s computer and tells which updates are missing and should be applied to his system. The user chooses the updates that he wants to install and how to install them.
“Windows Update” uses the following categories:
• High priority: Critical updates, security updates, service packs, and update rollups that should be installed as soon as they become available and before user install any other updates.
• Software (optional): Non-critical fixes for Windows programs, such as Windows Media® Player and Windows Journal Viewer 5.
• Hardware (optional): Non-critical fixes for drivers and other hardware devices, such as video cards, sound cards, scanners, printers, and cameras.
Optional updates address minor issues or add non-critical functionality to user’s
computer. It is more important to install high priority updates so that the user’s computer gets the latest critical and security-related software.
Difference between Express and Custom Windows Update?
• Express (recommended) displays all high priority updates for user’s computer so that he can install them with one click. This is the quickest and easiest way to keep user’s computer up to date.
• Custom displays high priority and optional updates for user’s computer. User must review and select the updates that he wants to install, one by one.
Automatic Update is a feature that works with Windows Update to deliver critical and security-related updates as they become available. When the user turns on Automatic Updates (recommended), Windows automatically looks for high priority updates for user’s computer. Windows recognizes when the user is online and uses the Internet connection to search for downloads from the Windows Update Web site. An icon appears in the system tray each time new updates are available.
Users have to decide how and when the updates are installed. Sometimes, some updates require the user to accept an End User License Agreement (EULA), answer a question about the installation process, or restart the computer before the user can install them.
Automatic Updates delivers only high priority updates. To get optional updates, the user still needs to visit the Windows Update Web site.
Microsoft releases Windows patch on the second Tuesday of each month, so to be safe, checks for the updates manually every couple of weeks. As there may be a lag between when a patch is available and when Windows Update pushes it to the user’s system (as the system has been off for more than a few days).
MBSA is Microsoft Baseline Security Analyzer version 2.1 gives the ability to assess the administrative vulnerabilities present on one or multiple systems. MBSA scans the specified computers and then generates a report that contains details for each computer about the security checks that MBSA performed, the results, and recommendations for fixing any problems. In addition to checking for misconfiguration that might cause security problems in the operating system, user can check for security problems in Microsoft SQL Server and Microsoft Internet Information Services (IIS). User can also determine whether a computer has the most current Microsoft Windows and Microsoft
Office updates installed, and can check for security updates, update rollups, and service packs for other products hosted by the Windows Update site.
Below steps are mentioned that how to scan your computer for vulnerabilities see figure 7, figure 8 & figure 9.
1. Open MSBA Double-click on Scan a computer see figure-7.