Project Phoenix

User Tools

Site Tools

Trace:
serveradministration

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
serveradministration [2021/08/22 12:19]
matthews 		serveradministration [2021/08/22 12:21] (current)
matthews
Line 1: Line 1:
 ====== Best Practices for Server Hardening ====== ====== Best Practices for Server Hardening ======
-  * Audit your existing systemsCarry out a comprehensive audit of your existing technology. Use penetration testing, vulnerability scanning, configuration management, and other security auditing tools to find flaws in the system and prioritize fixes. Conduct system hardening assessments against resources using industry standards from NIST, Microsoft, CIS, DISA, etc. +===== Audit your existing systems ===== 
-  Create a strategy for systems hardeningYou do not need to harden all of your systems at once. Instead, create a strategy and plan based on risks identified within your technology ecosystem, and use a phased approach to remediate the biggest flaws. +Carry out a comprehensive audit of your existing technology. Use penetration testing, vulnerability scanning, configuration management, and other security auditing tools to find flaws in the system and prioritize fixes. Conduct system hardening assessments against resources using industry standards from NIST, Microsoft, CIS, DISA, etc. 
-  Patch vulnerabilities immediatelyEnsure that you have an automated and comprehensive vulnerability identification and patching system in place. + 
-  Network hardeningEnsure your firewall is properly configured and that all rules are regularly audited; secure remote access points and users; block any unused or unneeded open network ports; disable and remove unnecessary protocols and services; implement access lists; encrypt network traffic. +===== Create a strategy for systems hardening ===== 
-  Server hardeningPut all servers in a secure datacenter; never test hardening on production servers; always harden servers before connecting them to the internet or external networks; avoid installing unnecessary software on a server; segregate servers appropriately; ensure superuser and administrative shares are properly set up, and that rights and access are limited in line with the principle of least privilege. +You do not need to harden all of your systems at once. Instead, create a strategy and plan based on risks identified within your technology ecosystem, and use a phased approach to remediate the biggest flaws. 
-  Application hardeningRemove any components or functions you do not need; restrict access to applications based on user roles and context (such as with application control); remove all sample files and default passwords. Application passwords should then be managed via an application password management/privileged password management solution, that enforces password best practices (password rotation, length, etc.). Hardening of applications should also entail inspecting integrations with other applications and systems, and removing, or reducing, unnecessary integration components and privileges. + 
-  Database hardeningCreate admin restrictions, such as by controlling privileged access, on what users can do in a database; turn on node checking to verify applications and users; encrypt database information—both in transit and at rest; enforce secure passwords; introduce role-based access control (RBAC) privileges; remove unused accounts; +===== Patch vulnerabilities immediately ===== 
-  Operating system hardeningApply OS updates, service packs, and patches automatically; remove unnecessary drivers, file sharing, libraries, software, services, and functionality; encrypt local storage; tighten registry and other systems permissions; log all activity, errors, and warnings; implement privileged user controls. +Ensure that you have an automated and comprehensive vulnerability identification and patching system in place. 
-  Eliminate unnecessary accounts and privilegesEnforce least privilege by removing unnecessary accounts (such as orphaned accounts and unused accounts) and privileges throughout your IT infrastructure.+ 
 +===== Network hardening ===== 
 +Ensure your firewall is properly configured and that all rules are regularly audited; secure remote access points and users; block any unused or unneeded open network ports; disable and remove unnecessary protocols and services; implement access lists; encrypt network traffic. 
 + 
 +===== Server hardening ===== 
 +Put all servers in a secure datacenter; never test hardening on production servers; always harden servers before connecting them to the internet or external networks; avoid installing unnecessary software on a server; segregate servers appropriately; ensure superuser and administrative shares are properly set up, and that rights and access are limited in line with the principle of least privilege. 
 + 
 +===== Application hardening ===== 
 +Remove any components or functions you do not need; restrict access to applications based on user roles and context (such as with application control); remove all sample files and default passwords. Application passwords should then be managed via an application password management/privileged password management solution, that enforces password best practices (password rotation, length, etc.). Hardening of applications should also entail inspecting integrations with other applications and systems, and removing, or reducing, unnecessary integration components and privileges. 
 + 
 +===== Database hardening ===== 
 +Create admin restrictions, such as by controlling privileged access, on what users can do in a database; turn on node checking to verify applications and users; encrypt database information—both in transit and at rest; enforce secure passwords; introduce role-based access control (RBAC) privileges; remove unused accounts; 
 + 
 +===== Operating system hardening ===== 
 +Apply OS updates, service packs, and patches automatically; remove unnecessary drivers, file sharing, libraries, software, services, and functionality; encrypt local storage; tighten registry and other systems permissions; log all activity, errors, and warnings; implement privileged user controls. 
 + 
 +===== Eliminate unnecessary accounts and privileges ===== 
 +Enforce least privilege by removing unnecessary accounts (such as orphaned accounts and unused accounts) and privileges throughout your IT infrastructure.
  
   * [[ServerAdminLinux|Linux]]   * [[ServerAdminLinux|Linux]]
   * [[ServerAdminWindows|Windows]]   * [[ServerAdminWindows|Windows]]
serveradministration.1629634768.txt.gz · Last modified: 2021/08/22 12:19 by matthews

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki