OS and Application Security Strategy
Operating systems’ vulnerabilities keep on emerging, but regular patches are introduced to fix them. Windows CryptoAPI spoofing and Remote Desktop Gateway (RD Gateway) are examples of vulnerabilities in the Windows operating system. CryptoAPI spoofing vulnerability is prevalent in 32 and 64-bit operating systems running on Windows 10. RD Gateway is a denial of service vulnerability that target systems using RDP. Local memory vulnerability (CVE-2017-15126) and Linux Kernel Netfilter:xt_TCPMSS are two common vulnerabilities in Linux operating system.
While operating system patches are the best way of correcting vulnerabilities, anti-malware applications can also be used to prevent and deal with operating system vulnerabilities (Souppaya & Scarfone, 2013). Sophos is a Linux antivirus that supports on-demand and real-time scanning for Linux computers. The organizations can use Kaspersky antivirus for Windows operating system.
A network intrusion detection system (NIDS) monitors the wired network and detect an attacker targeting the organization system. NIDS achieves this by monitoring network traffic to identify malicious traffic (Asif, Khan, Taj, Naeem, & Yakoob, 2013, April). Although NIDS is perfect in protecting the network infrastructure, it does not identify host-level vulnerabilities.
A validity control strategy helps protect a web-based application by ensuring only valid data is entered and processed. This strategy is critical in handling data input forms. Authorization is another control strategy that ensures the web-based application is accessed by authorized users only.
Operating system (OS) security hardening helps make the system secure from attackers. Program cleanup tools and auditing patch management software would be essential in the organization’s OS security hardening procedure. The program cleanup tool helps in reducing unnecessary applications that might have security vulnerabilities that might compromise the company network. Patch management helps get critical operating system updates meant to fix possible bugs.
Asif, M. K., Khan, T. A., Taj, T. A., Naeem, U., & Yakoob, S. (2013, April). Network intrusion detection and its strategic importance. 2013 IEEE Business Engineering and Industrial Applications Colloquium (BEIAC) (pp. 140-144). IEEE.
Souppaya, M., & Scarfone, K. (2013). Guide to enterprise patch management technologies. NIST Special Publication, 800, 40.