It’s always fun to get new things, but before you go plugging all those enterprise holiday gifts into your data center, be sure you have them optimized for security. Server hardening is essentially creating a security baseline before introducing new machines that haven’t been configured with security as a priority to the mix. IT Knowledge Exchange recently moved its servers from hosted to in-house, replacing all of our hardware with brand new servers, so this is a subject we’ve been dealing with firsthand. After moving our infrastructure to our Tier1 data center and adding some redundancy, we were curious as to what our users are doing in their own data centers. We asked our members and here’s what we got:
Carlosdl suggests proper preparation with a list.
- Get the latest updates to all applications on the server.
- Lock/disable/delete unnecessary user accounts.
- Change all default passwords and configurations.
- Download antivirus and antispyware software.
- Configure the OS to lock after a certain amount of inactivity.
He suggests several considerations as well: What will your password complexity policy be? How will you enforce it? What services will you audit and when? When will you review the event log?
Want something a little more concrete to help you out? Carlos provided a link to the Microsoft Security Compliance Manager, which provides “centralized security baseline management features, a baseline portfolio, customization capabilities, and security baseline export flexibility.”
Labnuke99 recommended taking a look at the CIS security benchmarks, which provides suggestions for hardening criteria for various platforms such as recommendations for technical controls rules and values for hardening of OSes, middleware and software applications and network devices. The benchmarks come as a free PDF and are agreed upon by hundreds of security pros worldwide.
Thanks to everyone who threw their two cents into the ring, and keep the suggestions and ideas coming! Leave them in the comments or send me an email at Melanie@ITKnowledgeExchange.com.