Network Security

1
Understanding Operating System Hardening

Module 4 UNDERSTANDING OPERATING

SYSTEM HARDENING

At the end of this chapter, students will:

1. Understand the importance of mitigating system security threats and
how it helps the overall security of the network.
2. Learn about operating system hardening

Overview
Following best practices about operating system hardening and application security has a
huge impact in securing the whole network or system. System hardening is the idea of removing or
eliminating unnecessary software and features of a system. The reason behind this lies in the reality
that the more software you installed on a system and the more installed features of the operating
system, the more vulnerabilities exists, the more ways the hacker can get into your system.

MITIGATING SYSTEM AND NETWORK SECURITY THREATS

Understanding Operating System Hardening

Operating System hardening is the process of eliminating and removing of
unnecessary features of the operating system, deactivating unnecessary services and
disabling unused accounts. The main purpose of removing unnecessary features from the
system is to lessen the attack surface. This attack surface are the components of a system
that the hacker can hack into in order to gain access on your system, therefore you need to
reduce the amount of software that is running on your device.

There are several numbers of task that you need to know and perform to harden your
system. Mostly, it’s about removing unneeded components, removing unnecessary software,
disabling unwanted services and disabling unused accounts. This chapter discuss some of
the core steps to harden your system.

Figure 1 shows the difference between not hardened vs hardened operating system
by not having too many installed applications to reduce attack surface.

Course Module
 Figure 1

Figure 1.1 Not Hardened Operating System Figure 1.2 Hardened Operating System

1. Uninstall Unnecessary Software

Uninstalling unnecessary software from the system is the first step in
hardening your system. You should remove unnecessary third-party software that
might be installed on your system. Once you purchased a new computer, there will be
some of preinstalled software that you will never use. From a network security
administrator’s point of view, the system should be reformatted, install new copy of
operating system and manually install necessary software that you only needed. If
you cannot reinstall fresh copy of an operating system, you must review all the
installed software and remove any application that you are not going to use.

Remember that Windows operating system have a minimal features or roles

installed, you can always uninstall any third-party applications from Windows 7/8
or even in Server 2008/2012 operating systems.

Following are the steps on how to remove or uninstall unnecessary software

or application on your system.

1. On a Windows 7 or Server
2008 system, click the
Start button and choose or
type Control Panel.
 Network Security
3
Understanding Operating System Hardening

2. Once in the Control Panel, look for Programs and click

“Uninstall a program”

3. Then, a list of installed application will be displayed. In order to

remove an application, just select it and choose Uninstall.

4. A message box will appear asking if you want to completely

remove the software, just click Yes

Course Module
 To uninstall and remove some features of the operating system that
will not going to be use in Windows 7/8 or Server 2008/2012, just follow these
steps:
1. On a Windows 7 or Windows Server 2008 system, you need to click
the Start button and choose Control Panel. If you are using Windows
8 and Server 2012, just type control panel while on the Start screen
and then choose the Control Panel from the search results.
2. When you are in the Control Panel, click Programs.
3. Under the Programs, choose “Turn Windows features on or off”
4. The Server Manager will be launched. Look for the left side of the
window and select Features.
5. There will be two links, just choose Remove features.
6. Once clicked, the list of Windows features installed on your system
will be displayed. To uninstall any features, just turn off the check
box and after all the unwanted features have been unchecked,
choose Remove.

Figure 2 Adding or removing Features of operating system in Windows Server 2008

 Network Security
5
Understanding Operating System Hardening

2. Disable Unnecessary Services

Once you have uninstalled or remove all the unwanted software, you should
now focus to the services (Windows) that are running in the background on your
system. Each service has a certain functionality to the operating system. Following
are the most commonly found services on Windows system:
▪ Print Spooler service- It is a software service that manages the process of
printing in the Windows environment. It accepts print jobs from the
computer and responsible for making sure that printer resources are
present. It also manages the order in which printing jobs are sent to the
print queue for printing.
▪ Workstation service- This service is responsible for handling connections
to a remote network resources. This service provides network connections
and communications capability allowing your system to connect to any
shared folder on another system.
▪ Server service- It allows you to share files and printers on your computer.
This service will allow others to connect to shred folders on your system.
Without this service, you can't share any of your resources.
▪ Messenger service- This service is responsible for sending messages to
other computers or users. It transmits net send and Alerter service
messages between the clients and servers.

The main reason why we discuss some of these services is that as a network
security administrator, you are responsible for hardening a system. To do that, you
must get a list of services running on a system and evaluate which services are
needed. If a service is not needed, you can disable this through the Service console in
Windows on a single device. If you wish to disable services for many computers, you
could do this by centrally disable services using Group policy in an Active Directory
domain. In order to view all the list of services available in Windows, just follow these
steps:

1. On the Windows
system, choose
Start then type
Administrative
Tools. Or you can
click Control Panel
and choose
System and
Security and look
for Administrative
Tools

Course Module
2. There’s a list of Administrative Tools that will be displayed. Just click Services
to show all the services in your system.

3. Choose any services on the list. If you wish to stop a specific service, just right-
click and then choose Stop or simply look to the left side of the window and
click link Stop to disable the service.
 Network Security
7
Understanding Operating System Hardening

4. To make sure that the service will not automatically start the next time your
system boots up, you must also change the startup type to Disabled and click
OK.

3. Disable or Remove Unnecessary Accounts

This is one of the aspects that has been overlooked by a user or administrator
in hardening a system, to disable any unused accounts. If you don’t want to delete an
account because you are just considering in transferring it to a new employee or user
for them to use, you can just disable it temporarily. This will help you restrict the
previous user of that account to have any access on your system or files.
Following are the steps that you can follow on how to disable an account
in Windows.
1. In Windows 7, choose Start then click Control Panel. Look for
System Security and click the Administrative Tools. It will show
you the list off all the tools available. Double-click the Computer
Management.

Course Module
 2. Once you are in the Computer Management console, expand the
“Local Users and Groups” on the left side of the window.

3. To see the list of user accounts on the system, select the Users
folder.

4. Right-click the user you want to disable and choose Properties.

5. In the properties window, select the “Account is disabled”
option and click OK.
4. Patch System
One of the key next steps you take to harden the system is to make sure that
you patch your system. When patching, you are applying software fixes to known
bugs in the software running on your system. These bugs in the software are what the
hackers are taking advantage of to gain access to the system. If you are not patching
your system, then you can be sure that your system can be compromised by a hacker.

Following are the recommended patches that you should familiarized with.
1. Security hot- fix
 Network Security
9
Understanding Operating System Hardening

A security hot-fix is a critical security update that you should

always apply to your system as soon as possible because the
vulnerability opens the system to some serious security risks.
2. Patch
A patch is a fix to a specific problem in software or operating
system code that is not required to be applied immediately
because the risk in security is not as severe as that addressed by a
hot-fix.
3. Service pack
A service pack is an update for a product that includes patches
and security hot-fixes, from the time the product was released by
the vendors up to the time of the service pack. Since the service
pack includes all the updates, you won’t need to install each patch
individually even if you uninstall it.

5. Password Protection
Password protection feature is a final practice that you should always
incorporate into your system hardening procedure. You need to make sure that you
also protecting the CMOS setup program so that unauthorized changes cannot occur.
Make sure also that the system will ask for a password when the operating system
loads. This method ensures that no systems log on automatically when system boots
up because most of the system nowadays will ask for a username and password which
is much secured than a password alone.

Course Module
 Network Security
11
Understanding Operating System Hardening

References and Supplementary Materials

Online Supplementary Reading Materials

1. Windows 7 – How to properly uninstall programs;

https://support.microsoft.com/en-us/help/2601726; January 2020
2. What Is a Print Spooler?; https://www.techwalla.com/articles/what-is-a-print-
spooler ; January 2020
3. 10 Windows XP services you should never disable;
https://www.techrepublic.com/blog/10-things/10-windows-xp-services-you-
should-never-disable/; January 2020
4. What does the Server Service do?;
https://www.techrepublic.com/forums/discussions/what-does-the-server-
service-do/; January 2020

Course Module