General guidelines for securing server operating system and networks
When we want to strengthen this system’s security, we all need to adhere to a few basic guidelines. For hardening or locking down an operating system (OS) we first start with safety baseline. Then we have to be certain that we’re using file systems that supports security, maintain our OS patched and eliminate any services, protocols or applications.
Generally, we should install antivirus software, intrusion detection applications or other kinds of security services which may be essential to provide the protection we want for our surroundings. These may be installed to protect the communication or could be set up on the OS itself.
We ought to configure access control to restrict access to authorized users and to deny access. We should also configure auditing to monitor all actions in the surroundings. Additionally, we must make sure that we review the audit trails to look for unwanted or malicious kinds of action patterns or activities.
We ought to disable or reconfigure any default accounts may be present on the system. We ought to configure dependable, regular backups and also test those copies to ensure we’re protected from the machine failure.
We ought to maintain documentation regarding configuration and our system. This will help simplify the process and the process that is update in the future.
Security baseline is an organizational security policy which determines a basic set of security requirements that all systems in our business need to comply with. Baseline is a security template which is used to configure systems or which is used to examine system contrary to a standard.
Baselines may explain the configuration in addition to security mechanisms. We should deploy security baseline for any systems we would like to secure.
File System Security
We ought to make sure we are using. Features it supports include access control record on individual folders and objects, auditing on each object, also supports Encrypted File System (EFS). EFS allows for encryption of files. Windows OS also supports File Allocation Table file system or the FAT file system. FAT does not support any type of security attributes at all.
We ought to follow the principle of least privilege when assigning access to resources and files on the computer system in addition to making sure we use a file system which encourage security. The principle of least privilege states that we need to give the user privileges and rights they will need to perform their work jobs, and nothing else.
We must also address security upgrades or system updates, when hardening OS. We should make certain that if security updates are released we employ them as soon as possible. However, we should always test updates on a nonproduction system before they’re deployed on production systems. It doesn’t mean it create a problem or won’t damage our environment, Simply because a patch has been published.
There are several types of patches or updates . 1 form is. Service pack is a collection of fixes that functions which we are able to apply to deal with multiple issues all at one time. Service packs are thoroughly analyzed and are likely to cause damage.
Another way to harden our OS would be to get rid of unneeded services. We should disable or uninstall . If we don’t require an application, protocol or service or some other sort of software, we should get rid of it. Every additional piece of software on the machine is yet another potential communication path that may enable an assault, another possible vulnerability. However, when eliminating services in order to function, we must make certain before transferring any solutions which are needed by other providers that you check dependencies.
Network hardening should be coordinated around our organization security policy. From this we can design and generate a security baseline that determines the requirements that you would like to deploy across the entire atmosphere.
We should always remove application, any unnecessary protocols and services on the systems that are inside the system. We ought to keep our servers and workstations on the system secure as well.
Access control should be maintained by us over all points in the network. We should deploy border and communication security controllers, such as remote access services, secure PBX systems, firewalls, intrusion detection applications, etc..
We track the activity and ought to audit all action. Because Internet is a source of assault efforts or intrusion attempts, we should also look at controlling Internet access.
Keep in mind so as to provide the security that some network devices, such as routers and switches, may require updates. We must always test it until we deploy them.
Once we design our network so that when one device ever fails, our entire network isn’t grounded to a stop we need to attempt to avoid single points of failures.We ought to use access control list on our network devices so as to control access to ports, protocols and systems.