Assessment Description

Hardening a system provides an additional layer of security by removing access and possible vulnerabilities from the system. Security principles such as deter, deny, delay, and detect are used to reduce attack surfaces and possible vectors. Reference the “System Hardening” video as needed to complete the lab.

Provide screenshots of each step in Part 1. On each screenshot, include 1-2 sentences that summarize what the screenshot is illustrating. For Part 2, provide screenshots of the results. All the screenshots will be used to manage network configuration and sessions to ensure port security that will harden the Windows Server.

Part 1

In the virtual sandbox environment, you will perform the steps to harden a Linux distribution by doing the following:

• Add a Linux OS VM (Ubuntu, Kali, Parrot, or SecurityOnion).
• On the Linux VM, open a terminal and run apt-get install lynis
• To run Lynis, navigate to the correct directory and add ‘./’ in from of the command.
• ./lynis
• Run a basic scan. This may take several minutes.
• $ lynis audit system

Part 2

Access the Windows Server VM and perform the following hardening steps:

• Disable automatic administrative logon to the recovery console.
• Set a BIOS/firmware password to prevent unauthorized changes to the server startup settings.
• Configure the device boot order to prevent unauthorized booting from alternate media.
• Enable the Windows firewall in all profiles (domain, private, public) and configure it to block inbound traffic by default.
• Perform port blocking at the network setting level. Perform an analysis to determine which ports need to be open and restrict access to all other ports.
• Disable NetBIOS over TCP/IP and remove ncacn_ip_tcp.
• Check the Windows Defender settings.
• Configure allowable encryption types for Kerberos.
• Do not store LAN Manager hash values.
• Set the LAN Manager authentication level to allow only NTLMv2 and refuse LM and NTLM.
• Remove file and print sharing from network settings. File and print sharing could allow anyone to connect to a server and access critical data without requiring a user ID or password.
• Disable unneeded services. Most servers have the default install of the operating system, which often contains extraneous services that are not needed for the system to function and that represent a security vulnerability. Therefore, it is critical to remove all unnecessary services from the system.
• Remove unneeded Windows components. Any unnecessary Windows components should be removed from critical systems to keep the servers in a secure state.
• Enable the built-in Encrypting File System (EFS) with NTFS or BitLocker on Windows Server.
• Install an open-source antivirus program of your choice
• Run your antivirus program against your machine

Part 3

Examine the antivirus program you installed. Research potential faults and vulnerabilities within the program, including the open-source nature of the program.

Write a  lab report that includes a title page, table of contents, overview, and the required screenshots with summaries.

Describe the strengths and weaknesses associated with the open-source antivirus program you installed running in an enterprise network.