Securing Operating Systems


You can implement various operating system security measures to ensure that passwords are protected.

Regularly perform these low‐tech and high‐tech password‐cracking tests to make sure that your systems are as secure as possible — perhaps as part of a monthly, quarterly, or biannual audit of local and domain passwords.

Windows
The following countermeasures can help prevent password hacks on Windows systems:

✓Some Windows passwords can be gleaned by simply reading the cleartext or crackable ciphertext from the Windows Registry. Secure your registries by doing the following:
  •  Allow only administrator access.
  •  Harden the operating system by using well– known hardening best practices, such as those from SANS (www.sans.org), NIST (http://csrc.nist.gov) and the Center for Internet Security Benchmarks/Scoring Tools (www.cisecurity.org).
 ✓Keep all SAM database backup copies secure. 
 ✓Disable the storage of LM hashes in Windows for passwords that are shorter than 15 characters. For example, you can create and set the NoLMHash registry key to a   value of 1 under  HKEY_LOCAL_MACHINESYSTEMCurrentControl SetControlLsa. 
 ✓Use local or group security policies to help eliminate weak passwords on Windows systems before they’re created. 
✓Disable null sessions in your Windows version or enable the Windows Firewall.
 ✓In Windows XP and later versions, enable the Do Not Allow Anonymous Enumeration of SAM Accounts and Shares option in the local security   policy.

Linux and UNIX
The following countermeasures can help prevent password cracks on Linux and UNIX systems:

✓Ensure that your system is using shadowed MD5 passwords. 
✓Help prevent the creation of weak passwords. You can use either the built‐in operating system password filtering (such as cracklib in Linux) or a password‐auditing program (such as npasswd or passwd+). 
✓Check your  /etc/passwd  file for duplicate root UID entries. Hackers can exploit such entries to gain backdoor access.

NOTE: This is for educational purpose only we are not responsible for any type of inconvenience caused by reader.

Share This:

Be the first to comment

Leave a Reply

Your email address will not be published.


*