Perform operating system hardening

URN: TECIS61341
Business Sectors (Suites): IT(Cyber Security)
Developed by: e-skills
Approved on: 30 Mar 2023

Overview

This standard is about performing operating system hardening.

Operating system (OS) hardening is the process of securing a server or computer system by minimising its attack surface, or surface of vulnerability, and potential attack vectors. It’s a form of cyberattack protection that involves closing system loopholes that are present in a standard  implementation, that cyber attackers can use to exploit the system and gain access to users’ data.

Performing operating system hardening involves removing or disabling unnecessary system applications, user accounts and other features that cyber attackers can exploit to gain access to organisational networks. The aim is to reduce the system’s attack surface. This attack surface often serves as the entry point for malicious cyber activities or hackers. OS hardening also includes patching and applying advanced security measures to protect a server’s OS by understanding system vulnerabilities, performing OS risk assessments to identify areas with the most risk and resolving risks unique to the OS environment.

This standard is for those who need to undertake operating system hardening as part of their duties.


Performance criteria

You must be able to:

  1. Evaluate organisational system needs to identify the types of endpoint devices used and the attack surface presented 

  2. Perform an audit of the existing system to determine current vulnerabilities that require remediation

  3. Review and apply organisational system hardening standards to plan elimination of unnecessary features
  4. Plan system hardening activities to prioritise scheduling of system vulnerability remediation

  5. Develop system patching procedures to specify timely application of Operating System (OS) patches and updates

  6. Install OS patches and updates in line with organisational procedures
  7. Remove unnecessary software, drivers, libraries or services in line with organisational procedures
  8. Encrypt the drive that stores and hosts the OS to increase protection in line with organisational procedures
  9. Review and limit access and authentication permissions in line with the Principle of Least Privilege (PoLP)
  10. Manage the creation and updating of privileges of user accounts in line with organisational procedures
  11. Delete or disable unnecessary user accounts in line with organisational procedures
  12. Change default passwords to exhibit improved password strength in line with organisational procedures
  13. Limit the privileges assigned to software applications running on the OS and restrict super-user privileges in line with organisational procedures
  14. Implement separation of duties for system administrators to reduce the risk of system damage
  15. Identify and disable all communication ports and protocols that are not required to close access points
  16. Identify and remove all development tools such as compilers from production OS in line with organisational procedures
  17. Validate and update endpoint security systems and firewalls in line with organisational procedures
  18. Produce system hardening reports to document the vulnerabilities identified, OS hardening activities undertaken and patching procedures implemented

Knowledge and Understanding

You need to know and understand:

  1. How to identify the OS features required by an organisation
  2. How to audit current OS implementations to identify vulnerabilities
  3. The basic principles of operating system hardening
  4. Industry standard OS hardening frameworks and standards used to guide hardening activities
  5. Security features of industry standard operating systems
  6. Operating system security principles and models
  7. How to classify OS hardening activities into categories of low, medium, and high impact
  8. How to rank OS hardening activities to align the sequence to the level of impact
  9. The steps involved in developing an OS hardening plan
  10. The organisational OS patching procedures and how to apply them
  11. The importance of timely application of OS patches and updates
  12. The steps involved in updating and patching organisational OS
  13. How to implement automatic updating of OS with patches and updates
  14. How to identify and remove unnecessary software, drivers, libraries and services from OS
  15. Why it is important to encrypt OS storage drives and how to implement this
  16. The principle of least privilege (PoLP) for managing user access and authentication and how to implement them
  17. How the operating system authenticates users and security domains so it can decide whether or not they can access certain resources
  18. How to manage the creation and updating of privileges of user accounts
  19. The importance of deleting or disabling unnecessary user accounts
  20. The importance of maintaining strong default and user set passwords
  21. The steps involved in implementing multiple administrator accounts with different sets of privileges
  22. How to maintain separation of duties to reduce the risk of serious damage
  23. The industry standard communication ports and protocols and how to identify them
  24. The steps involved in disabled ports and protocols that are not required
  25. The importance of separating development tools from production environments
  26. How to validate and update endpoint security systems and firewalls
  27. How to document the activities and outcomes of OS hardening

Scope/range


Scope Performance


Scope Knowledge


Values


Behaviours


Skills


Glossary


Links To Other NOS


External Links


Version Number

1

Indicative Review Date

30 Mar 2026

Validity

Current

Status

Original

Originating Organisation

ODAG Consultants Ltd.

Original URN

TECIS61341

Relevant Occupations

Information and Communication Technology Professionals

SOC Code

2135

Keywords

System hardening, operating system hardening