Few basic Steps for WIndows Server Hardening
Specific best practices differ depending on need, but addressing these ten areas before subjecting a server to the internet will protect against the most common exploits. Many of these are standard recommendations that apply to servers of any flavor, while some are Windows specific, delving into some of the ways you can tighten up the Microsoft server platform.
- User Configuration : Protect your credentials
- Network Configuration : Establish communications
- Features and Roles Configuration : Add what you need, remove what you don’t
- Update Installation : Patch vulnerabilities
- NTP Configuration : Prevent clock drift
- Firewall Configuration : Minimize your external footprint
- Remote Access Configuration : Harden remote administration sessions
- Service Configuration : Minimize your attack surface
- Further Hardening : Protect the OS and other applications
- Logging and Monitoring : Know what’s happening on your system
A quick Handy Windows Server checklist to cross check the security of the a newly installed server.[embeddoc url=”https://startuppitamah.com/wp-content/uploads/2019/12/Servers-hardening-checklist-1.xlsx” download=”all” viewer=”microsoft”]
How do l harden a web server?
Patch the server with the latest service packs from Microsoft before moving on to securing your web server software such as Microsoft IIS, Apache, PHP, or Nginx.
Harden system access and configure network traffic controls, including setting minimum password length, configure Windows Firewall, which allows you to implement functionality similar to iptables using traffic policy, set up a hardware firewall if one is available, and configure your audit policy as well as log settings.
Eliminate potential backdoors that can be used by an attacker, starting at the firmware level, by ensuring your servers have the latest BIOS firmware that is hardened against firmware attacks, all the way to IP address rules for limiting unauthorized access, and uninstalling unused services or unnecessary software.
Make sure all file system volumes use the NTFS filesystem, and configure file permissions to limit user permission to least privilege access. You should also install anti-virus software as part of your standard server security configuration, ideally with daily updates and real-time protection.
Linux Server Hardening
Overview of hardening steps
- Install security updates and patches
- Use strong passwords
- Bind processes to localhost
- Implement a firewall
- Keep things clean
- Security configurations
- Limit access
- Monitor your systems
- Create backups (and test!)
- Perform system auditing
Core principles of Linux system hardening
If we would put a microscope on system hardening, we could split the process into a few core principles. These include the principle of least privilege, segmentation, and reduction.
Principe of least privilege
The principle of least privileges means that you give users and processes the bare minimum of permission to do their job.
- When read-only access is enough, don’t give write permissions
- Don’t allow executable code in memory areas that are flagged as data segments
- Don’t run applications as the root user, instead use a non-privileged user account
This principle would applies to memory usage. Each process can only access their own memory segments.
This principle aims to remove something that is not strictly needed for the system to work. A process that does not have to run, should be stopped. Similar for unneeded user accounts or sensitive data that is no longer being used.
Use a security tool like Lynis to perform a regular audit of your system. Any findings are showed on the screen and also stored in a data file for further analysis. With an extensive log file, it allows to use all available data and plan next actions for further system hardening.