Six OS Hardening Tips - the value of keeping your systems up-to-date

…is your IT Support provider adhering to universal protocol?

 

Definition of OS Hardening

So what is OS hardening exactly? Here is one definition from a Search Security column:

When you harden a box, you’re attempting to make it bulletproof. Ideally, you want to be able to leave it exposed to the general public on the Internet without any other form of protection. This isn’t a box you’ll use for a wide variety of services. A hardened box should serve only one purpose–it’s a Web server or DNS or Exchange server, and nothing else. You don’t typically harden a file and print server, or a domain controller, or a workstation. These boxes need too many functions to be properly hardened.

Another definition is a bit more liberal:

Hardening of the OS is the act of configuring an OS securely, updating it, creating rules and policies to help govern the system in a secure manner, and removing unnecessary applications and services. This is done to minimize a computer OS’s exposure to threats and to mitigate possible risk.

The following 6 tips is not exhaustive, and you may want to consider implementing additional system hardening best practices when applicable. But, if you want to minimise the risk of suffering a cyber attack ensure your IT Support provider is at least ticking the following boxes:

1. Programs clean-up– Remove unnecessary programs. Every program is another potential entrance point for a hacker. Cleaning these out helps you limit the number of ways in. If the program is not something your company has vetted and “locked down,” it shouldn’t be allowed. Attackers look for back-doors and security holes when attempting to compromise networks. Minimise their chances of getting through.
2. Use of service packs– Keep up-to-date and install the latest versions. It’s that simple. No one thing ensures protection, especially from zero-day attacks, but this is an easy rule to follow. 
3. Patches and patch management– Planning, testing, implementing and auditing patch management software should be part of a regular security regimen. Make sure the OS is patched regularly, as well as the individual programs on your computer.
4. Group policies– Define what groups can or can’t access and maintain these rules. Sometimes, it’s simply user error that leads to a successful cyber attack. Establish or update user policies and ensure all users are aware and comply with these procedures. For example, everyone should be implementing strong passwords, securing their credentials and changing them regularly. 
5. Security templates– Groups of policies that can be loaded in one procedure; they are commonly used in corporate environments.
6. Configuration baselines– Base-lining is the process of measuring changes in networking, hardware, software, etc. To create a baseline, select something to measure and measure it consistently for a period of time. Establish baselines and measure on a schedule that is acceptable to both your IT providers standard for maintaining security and meeting your companies needs.

Speak to us if you are unsure of your companies protections against attacks, and remember to remind your employees to stay alert and vigilant at all times. 0845 094 0010.