How to Use Operating System Security to Prevent Getting Hacked
You can implement various operating system security measures to prevent hacks and ensure that passwords are protected. Regularly perform these low-tech and high-tech password-cracking tests to make sure that your systems are as secure as possible — perhaps as part of a monthly, quarterly, or biannual audit.
The following countermeasures can help prevent password hacks on Windows systems:
Some Windows passwords can be gleaned by simply reading the cleartext or crackable ciphertext from the Windows Registry. Secure your registries by doing the following:
Allow only administrator access.
Harden the operating system by using well-known hardening best practices, such as those from SANS (www.sans.or), NIST (http://csrc.nist.gov), the Center for Internet Security Benchmarks/Scoring Tools (www.cisecurity.org), and the ones outlined in Network Security For Dummies by Chey Cobb.
Keep all SAM database backup copies secure.
Disable the storage of LM hashes in Windows for passwords that are shorter than 15 characters.
For example, you can create and set the NoLMHash registry key to a value of 1 under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa.
Use local or group security policies to help eliminate weak passwords on Windows systems before they’re created.
Disable null sessions in your Windows version.
In Windows XP and later versions, enable the Do Not Allow Anonymous Enumeration of SAM Accounts and Shares option in the local security policy.
Linux and UNIX
The following countermeasures can help prevent password cracks on Linux and UNIX systems:
Ensure that your system is using shadowed MD5 passwords.
Help prevent the creation of weak passwords. You can use either the built-in operating system password filtering (such as cracklib in Linux) or a password-auditing program (such as npasswd or passwd+).
Check your /etc/passwd file for duplicate root UID entries. Hackers can exploit such entries to gain backdoor access.