Ciberseguridad y Gestión de Redes [CGR 102-103] Docente:

Rayner Durango E.

Práctica de Laboratorio 5
Hardening with Windows Policy
and Open Source Tools

Fecha: 2/6/2023

Grupo: 5.

Integrantes:

John Nelson Tobar Giraldo

Henry De La Torre Vera

Materia: Ciberseguridad

Paralelo: 102

Profesora: Rayner Durango

Tipo de trabajo: ☐ Individual ☐ Grupal

Objetivo
Implementar directivas de grupo del sistema operativo Windows y linux para evitar el acceso físico y
remoto al computador.

1|9
 Ciberseguridad y Gestión de Redes [CGR 102-103] Docente:
Rayner Durango E.

In relation to the security policy in each of the layers of the operating system, its use in both
Windows and Linux is described below:

1. S.O Boot: The security policy at this layer refers to the authenticity and integrity of the
bootloader, which is the program responsible for starting the operating system. On
Windows, the policy is supported by the Secure Boot system, which uses a chain of trust
to verify the authenticity and integrity of the boot loader. On Linux, the GRUB bootloader
allows you to verify the integrity of the kernel using a checksum (hash) or digital
signature. In addition, on Linux, Trusted Boot (Tboot) allows the construction of a secure
system that verifies the state of the platform at various layers before handing over control
to the operating system.
• BIOS PASSWORD
• USB Ports(External)
• DHCP Client (MAC Filtering)
• Auth 802.1x
• TPM (Trusted Platform Module)
• BITLOCKER (HD)

2. Loading S.O: The security policy at this layer refers to the protection of the dynamic
loading mechanisms of the operating system. On Windows, security policy is enforced by
checking the digital signatures of device drivers before allowing them to load. On Linux,
security policy is enforced by checking the digital signature of kernel modules before
loading them.
• Anti’Malware (Example: Rookit)
• DNS Client (SRV Locator)
• Network Encryption (IPSEC)
• Host Firewall
• Computer Authentication (Domain)

3. Access to S.O: The security policy in this layer refers to the access to the operating
system by users and applications. Both operating systems have authentication and
authorization policies that allow users and applications to gain access to specific system
resources. On Windows, security policy is handled by user and group accounts, while on
Linux, users and groups are stored in specific files on the system.
• Privilege Level (Basic, Intemediate, Full Control)
• Allow log on locally
• Allow log on Remote
• Database Encryption
• Auditing

2|9
 Ciberseguridad y Gestión de Redes [CGR 102-103] Docente:
Rayner Durango E.

4. Application: The security policy at this layer refers to the security of applications and
their interaction with the operating system. Operating systems can set policies that allow
or restrict application access to certain system resources, such as files, network sockets,
and devices. In Windows, security policy is enforced by security rules and permissions
set on system objects, such as files and services.
• Allow/Deny Settings O.S.
• APP Permissions(ACL)
• APP Encryption (EFS, Digital Certificate)
• Deny run APP (Privilege Level)

5. Data: At the data layer, the policy is used to set permissions and restrictions related to
access and manipulation of data stored in the operating system. On Windows, this is
accomplished through file and folder permissions policies, data encryption policies,
backup and recovery policies, and network security policies to protect data in transit. On
Linux, file system-based access control policies (such as the ext4 file system) and data
encryption policies can be used to ensure the confidentiality, integrity, and availability of
data stored on the system.
• Storage Encryption (Bitlocker)
• Data Permissions(ACL)
• Data Auditing

Security policy and tools to use for Windows and Linux.

Tools and technologies used in Windows include:
The main tool used to manage and configure security policies in Windows is the Group Policy
Editor. This tool is integrated into the professional and business versions of Windows and allows
you to define and apply security policies at the domain, computer or user level.

OS Boot:

3|9
 Ciberseguridad y Gestión de Redes [CGR 102-103] Docente:
Rayner Durango E.

• Configure mandatory login passwords.

• Disable the option to boot from external devices (such as USB or DVD) to prevent
booting of unauthorized operating systems.
• Set Secure Boot authentication to ensure that only digitally signed and trusted boot
components are loaded.

Loading OS:

• Set a BIOS or UEFI password to prevent unauthorized access to system settings.

• Enable driver signing to ensure that only signed and trusted drivers are loaded during the
operating system startup process.

Access OS:

• Establish strong password policies and require periodic password changes.

4|9
 Ciberseguridad y Gestión de Redes [CGR 102-103] Docente:
Rayner Durango E.

• Configure the local user account to lock out after a certain number of failed login
attempts.
• Set inactive account lockout policies to ensure accounts are locked after a period of
inactivity.

Application:

• Restrict the installation of unauthorized software using software restriction policies.

• Set application execution control policies to allow only trusted and authorized
applications to run.
• Configure firewall policies to allow or block application access to the network based on
established rules.

Data:

• Set disk encryption policies to protect data stored on hard drives.

5|9
 Ciberseguridad y Gestión de Redes [CGR 102-103] Docente:
Rayner Durango E.

• Set file and folder permissions to restrict access to sensitive data and ensure that only
authorized users can access and modify those files.

Tools and technologies used in Linux include:

1. Mandatory Access Control (MAC): In Linux, frameworks such as SELinux (Security-
Enhanced Linux) and AppArmor are used to implement Mandatory Access Control

6|9
 Ciberseguridad y Gestión de Redes [CGR 102-103] Docente:
Rayner Durango E.

(MAC) at the system level. These frameworks allow you to define detailed policies that
specify what actions processes and users can perform on the system.

2. Firewall: Linux has tools like iptables and nftables to configure firewall rules. These
packet filter rules protect network traffic by allowing or blocking certain types of
connections based on established policies.

3. File and directory permissions: To manage file and directory permissions, Linux uses the
discretionary access control (DAC) model. This allows you to establish who has access,
read, write or execute on specific files and directories.

7|9
 Ciberseguridad y Gestión de Redes [CGR 102-103] Docente:
Rayner Durango E.

4. Security updates: Linux also benefits from package management systems, such as apt
or yum, which make it easy to install security updates and patches. This ensures that the
system is protected against known vulnerabilities and that it is kept up to date in terms of
security.

The difference between the two platforms with the security implemented
When it comes to security, Windows and Linux have differences in their architecture. Windows is
a closed and proprietary system, while Linux is open source. Windows uses a layered approach

8|9
 Ciberseguridad y Gestión de Redes [CGR 102-103] Docente:
Rayner Durango E.

to security, with measures such as the security model based on user accounts and group
policies. Instead, Linux is based on the philosophy of security by design, using mechanisms
such as mandatory access control and role-based access control systems.
When it comes to vulnerabilities and attacks, Windows is usually more vulnerable due to its
popularity, although measures like Windows Defender have been taken to improve security. On
the other hand, Linux has historically been less affected by malware and attacks due to its
modular architecture and community code review.
Permission and user management is also different in both systems. Windows uses an access
control structure based on user accounts and group policies, while Linux offers advanced
systems like SELinux and AppArmor for more granular access control.

Bibliographic
• Jorba, J., & Pid_00212472, E. (n.d.). Administración de seguridad. Retrieved June 16,
2023,
fromhttps://openaccess.uoc.edu/bitstream/10609/61266/4/Administraci%C3%B3n%20av
anzada%20del%20sistema%20operativo%20GNU_Linux_M%C3%B3dulo4_Administrac
i%C3%B3n%20de%20seguridad.pdf
• Jerónimo Asensio Fernández, junio2014, Banco De Pruebas De Seguridad Para Plataformas ,
from c5771.pdf (upct.es).
• Grupos de seguridad de Active Directory, Microsoft 2023, from Grupos de seguridad de
Active Directory | Microsoft Learn
• Entendiendo SELinux - Security Enhanced Linux. Slidershare 2023. From Entendiendo SELinux -
Security Enhanced Linux (slideshare.net)
• Herramienta de copia de seguridad para Linux. iOrigen la revista 2023. From
https://iorigen.com/tecno/herramienta-de-copia-de-seguridad-para-linux/
• Webedia./ 2023. Cómo cifrar un disco duro con BitLocker en Windows 10 From Cómo cifrar un
disco duro con BitLocker en Windows 10 (xataka.com)

9|9