Phase 2

Hardening Systems

The objective of hardening a system is to reduce its attack surface minimizing the opportunities for an attacker to perform a successful exploit. Every system should be hardened to a standard, baseline level of security. The servers holding your most sensitive information assets and services should be hardened to a higher level.

In addition to implementing security controls, such as having and enforcing a security policy, physically securing your sensitive servers, providing regular user security-awareness training, implementing a strong password policy, and implementing security following the principle of least privilege, the hardening of systems should include configurations and controls such as the following:

• Disable and lock down unnecessary services
• Close all unnecessary ports
• Implement a standard operating system (OS)– and application-patching routine
• Implement security controls on the OSs, the users, and the network
• Manage the launching of applications
• Implement antivirus filtering and updates of virus definitions
• Implement antispyware filtering and updates of spyware definitions

In addition to the tools presented here, many tools are available to help you, the security administrator, perform tasks related to analyzing, understanding, and hardening your systems. Websites with several handy tools include the following:

• Gibson Research Corporation (www.grc.com/default.htm)
• GFI Software (www.gfi.com/)
• Sysinternals (www.sysinternals.com/)

Microsoft’s Windows Defender application and its newer version named Windows Security Essentials, found at www.microsoft.com/security/products/mse.aspx, provide a wealth of system information as well.

The tasks in this phase map to Domains 1, 3, and 6 in the objectives for the CompTIA Security+ exam (www.comptia.org/certifications/listed/security.aspx).