We we will need to follow some basic guidelines As soon as we want to strengthen the safety of the server operating system. For hardening or bending down an operating system (OS) we first start with safety baseline. Then remove any unnecessary services, protocols or applications, maintain our OS patched and we must make sure that we’re using file systems which supports security.Generally, we should put in antivirus software, intrusion detection applications or other kinds of security services which may be necessary to provide the protection we need for our environment. These could be installed on the OS itself or could be set up to defend the communication.
We ought to also configure access control to limit access to authorized users and also to deny access to unauthorized users. We should configure auditing to track the environment for all activities. Also, we need to make certain we examine the audit trails to search for undesirable or malicious types of actions or action patterns.
We should disable or reconfigure any default accounts might be found on the system. Regular backups should be configured by us and also test those copies often to make sure we are protected in the machine collapse.
We should maintain documentation about our system and setup. This will help simplify the process and the process later on.
Security baseline is an organizational security policy that establishes a common set of security conditions that systems in our organization must comply with. Baseline is a security template which is used to configure systems or which is used to examine system against a standard that is required.
Baselines may explain security mechanisms as well as the configuration. We ought to deploy security baseline for virtually any operating systems we would like to secure.
File System Security
We should make sure we are using. In Windows environment, we ought to use the NTFS file system (New Technology File System). Characteristics it supports contain access control record on individual folders and objects, auditing on every item, also supports Encrypted File System (EFS). EFS allows for encryption of files. Windows OS also supports File Allocation Table file system or the FAT file system. FAT doesn’t support any sort of security attributes whatsoever.
We ought to adhere to the principle of least privilege when assigning access to resources and files on the computer system in addition to making sure we use a file system that encourage security. The principle of least privilege states that we should give the user privileges and rights they need to perform their work jobs, and nothing else.
We must also address security updates or system upgrades when hardening OS. We should make sure that when security updates are published we employ them . But, we must test upgrades before they’re deployed on manufacturing systems. Just because a patch has been published, it does not mean it cause a problem or won’t harm our environment.
There are several types of patches or upgrades . 1 form is. Service package is a collection of fixes that are hot that acts as a deployable patch which we are able to apply to deal with issues all at once. Service packs are thoroughly tested and therefore are less likely to cause damage to our system.
Another way to harden our OS would be to remove unneeded services. We disable or ought to uninstall . If we do not require any other type of application, protocol or service or an application, we ought to eliminate it. Every piece of software on the system is another vulnerability, yet another possible communication route that may allow an attack. When removing services in order to function we have to be sure to check dependencies before transferring.
Network hardening should be organized around our company security policy. From this we can design and generate a security score which determines the minimum requirements you would like to deploy across the environment.
We ought to remove services, application and any unneeded protocols . We ought to continue to keep our servers and workstations on the network.
Physical access control should be maintained by us over all points in the network. We should deploy border and communication safety controls, such as remote access solutions, secure PBX systems, firewalls, intrusion detection applications, etc..
We monitor the action and ought to research all action going across the network. Because Web is a source of assault attempts or intrusion attempts we should also consider controlling Internet access.
Keep in mind so as to provide the best security that some network devices, like switches and routers, may require updates. However, it should be always tested by us before we deploy them in a production environment.
We need to attempt to avoid single points of failures so that when one device fails, our entire network isn’t grounded to a stop, once we design our network.
We ought to use access control list on the network devices so as to control access.