1. Patch Management
   1. Key Terms: Patch & Hotfix
      1. Patch:
         1. A set of changes to a computer program or its supporting data designed to update, fix, or improve it.
         2. This includes fixing security vulnerabilities and other bugs, with such patches usually being called bugfixes or bug fixes, and improving the usability or performance.
      2. Hotfix:
         1. Originally defined as a patch to an individual OS or application to fix a single problem, installed live while the system was up and running, and without a reboot necessary. However, this term has changed over time and varies from vendor to vendor.
   2. Patch Management:
      1. The planning, testing, implementing, and auditing of patches.
   3. The patch management process consists of four phases:
      1. Planning:
         1. Deciding whether a patch is necessary, and whether it is compatible with the organization's technology. If so, a plan should be created to test and implement the patch.
         2. Microsoft Baseline Security Analyzer (MBSA) can let you know if a patch is necessary.
      2. Testing:
         1. Before deploying a patch, test it in a planned environment.
      3. Implementing:
         1. If the test is successful, the patch is deployed to the necessary systems.
      4. Auditing:
         1. Periodically, a sample of the systems are audited. This ensures no negative effects to the system have been caused by the patch.
2. Principle of Least Functionality
   1. When an organization configures computers and other information systems to provide only the essential functions.
   2. Using this method, a security administrator will restrict applications, services, ports, and protocols.
   3. These official frameworks describe the concept of least functionality:
      1. NIST CM-7:
         1. https://nvd.nist.gov/800-53/Rev4/control/CM-7
      2. US DoD Instruction 8551.01:
         1. http://www.dtic.mil/whs/directives/corres/pdf/855101p.pdf
   4. Disabling Unnecessary Ports and Services
      1. Disable Unnecessary Hardware:
         1. Disable optical drives.
         2. Disable USB ports.
         3. Configure the virtual BIOS boot priority for hard drive first.
      2. These types of programs should be removed to protect your organization:
         1. Instant Messaging Programs
         2. Remote Procedure Call (RPC) and Remote Desktop Connection Programs
            1. Note: Port 3389
         3. Previous versions of programs that have been updated to new versions
         4. Applications that require notifications and Internet connectivity, which run behind the scenes and compete for processor and RAM resources
3. Trusted Operating System (TOS)
   1. To be considered secure, operating systems should have support for multilevel security, and be able to meet government requirements. An operating system that meets these criteria is known as a Trusted Operating System (TOS).
   2. Examples of certified Trusted Operating Systems include Windows 7, OS X 10.6, FreeBSD (with the TrustedBSD extensions), and Red Hat Enterprise Server.
   3. To be considered a TOS, the manufacturer of the system must have strong policies concerning updates and patching.
4. Application Whitelisting and Blacklisting
   1. Application Blacklisting
      1. A basic access control mechanism that allows through all elements except those explicitly mentioned. Those items on the list are denied access.
      2. Common items placed on an application blacklist may include:
         1. Email Addresses (Anti-Spam Filters)
            1. Most email providers have a anti-spam feature that essentially blacklists certain email addresses if they are deemed unwanted.
         2. Usernames and Passwords (System or Website Blacklists)
            1. Systems or websites blacklist certain reserved usernames that may not be chosen by the user populations. These reserved usernames are commonly associated with built-in system administration functions.
            2. Password blacklists are applied to prevent users from choosing passwords that are easily guessed or are well known and could lead to unauthorized access by malicious parties.
         3. URLs, IP Addresses, and Domain Names (Web Browser or DNS Blacklists)
            1. The goal of a blacklist in a web browser is to prevent the user from visiting a malicious or deceitful web page via filtering locally.
            2. A common web browsing blacklist is Google's Safe Browsing, which is installed by default in Firefox, Safari, and Chrome.
   2. Application Whitelisting
      1. The practice of identifying entities that are provided a particular privilege, service, mobility, access or recognition. Entities on the list will be accepted, approved and/or recognized. All other entities are denied.
      2. Common Use Cases:
         1. Data Loss Prevention Systems
         2. Email Clients
         3. Web Content Filters
         4. Applications with features that may leak data in unwanted ways:
            1. GPS
            2. Camera
            3. OAuth Federated Authentication
            4. Social Media Links
5. Disable Default Accounts and Passwords
   1. Networking devices are initially installed with a default set of user credentials. This default account should be changed to a new name, because attackers are aware of default account names.
   2. By renaming the default account, or by removing it altogether, you add a layer of security that makes it more difficult for an attacker to figure out which account has administrative access to the device.
   3. If any guest accounts exist, it is recommended that you disable these accounts.
   4. More important than the account name or the username is the password. If you have to use a guest account, set a complex password.