Open IT Forum: What are your suggestions for server hardening?

6345 pts.
Tags:
Network security
Network Security Management
Network Security Policies
Open IT Forum
Server Hardware
Server Security
Do you have a checklist or a favorite set of server hardening tools in your arsenal? Share with us what you think are the most important considerations when creating a server security baseline. Be sure to include what hardware and software you're using! Helpful suggestions and innovative ideas will you earn you a whopping 100 knowledge points! Hurry, the Xbox contest is coming to a close...

Answer Wiki

Thanks. We'll let you know when a new response is added.

my side we use hardening guide for windows, sql and as400

Discuss This Question: 7  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Labnuke99
    Checkout the CIS security benchmarks - this is a very extensive list of suggested hardening criteria for many platforms. Per the CIS website:
    The Security Configuration Benchmarks are distributed free of charge to propagate their worldwide use and adoption as user-originated, de facto standards.
    
    The CIS Benchmarks are the only consensus-based, best-practice security configuration guides both developed and accepted by government, business, industry, and academia.
    
    The Benchmarks are:
    
    •Recommended technical control rules/values for hardening operating systems, middleware and software applications, and network devices;
    •Unique, because the recommendations are defined via consensus among hundreds of security professionals worldwide;
    •Downloaded several hundred thousand times per year;
    •Distributed free of charge by CIS in .PDF format (many benchmarks are also available to CIS Members in XCCDF, a machine-readable XML format for use with benchmark audit tools and Members' custom scripts);
    •Used by thousands of enterprises as the basis for security configuration policies and the de facto standard for IT configuration best practices.
    32,960 pointsBadges:
    report
  • carlosdl
    These are some basic actions that should be taken independently of the platform: -Don't connect the server to an unsecure network until it has been properly hardened -Install the latest service pack for the OS and all applicable updates to the applications running on it. -Lock/disable/delete any unnecessary user accounts -Stop and disable any unnecessary services/daemons -Change all default passwords and default configurations (OS and applications) -Use the principle of least privilege regarding user accounts. -Set a password complexity policy -Configure the OS to lock the session after certain inactivity period. -Install and configure a software firewall -Install antivirus/antispyware software -Consider enabling auditing of some events -Consider setting a policy to review event logs periodically ----------------- Melanie, can you share with us what ITKE did to harden the new servers ? ;-)
    69,175 pointsBadges:
    report
  • carlosdl
    Forgot to post this link: Microsoft Security Compliance Manager: "Brief Description The Microsoft Security Compliance Manager provides centralized security baseline management features, a baseline portfolio, customization capabilities, and security baseline export flexibility to accelerate your organization’s ability to efficiently manage the security and compliance process for the most widely used Microsoft technologies".
    69,175 pointsBadges:
    report
  • Subhendu Sen
    From my point of view.... Preparing the Infrastructure: A server should never be installed without a purpose. Usually, the purpose is to provide one or more network services to a group of users. The server and the services it provides must be placed in a proper environment. Customize / Minimize Server installation: Like most distros, they provide a minimal installation option. At the time of installation, can select this options during the initial installation process and it will install a minimal build on the system. Selection the Services: After installation, be aware that most distros initialize a lot of unnecessary services. To overcome this, use the built-in configuration management tool to reconfigure services. Remember, the CMT varies from one distro to another. Remote Management: Be extra careful, when configuring remote service. : This i s an important service will to retain is the secure shell (SSH), which allows secure remote management of hosts. Firewall: This is very crucial stage, and do restrict the services, that can provide more safe zone for the server. Password Policy: one of the best defense against compromise of a user account is a solid password policy. Ensure that users understand that simple passwords are easily guessable and should not be used. Keep Packages up-to-date: Proactive policy is the best choice line of defense; it is always better to anticipate a disaster than to have to recover from one which could have been prevented (A very popular proverb is there, "Prevention is better than cure"). One of the best things can do to protect host from attack is keep them up-to-date. Thanks !
    27,880 pointsBadges:
    report
  • mpez0
    The US DoD Information Assurance Support group offers Security Technical Information Guides that provide the checklists for computer security from the US Government.
    630 pointsBadges:
    report
  • mpez0
    The US DoD Information Assurance Support group offers Security Technical Information Guides that provide the checklists for computer security from the US Government.
    630 pointsBadges:
    report
  • MelanieYarbrough
    [...] adding some redundancy, we were curious as to what our users are doing in their own data centers. We asked our members and here’s what we got: Carlosdl suggests proper preparation with a [...]
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following