There are some industry security practices we can refer to for the secure configuration of the infrastructure. Here we will introduce three practices: the Center for Internet Security benchmarks, Security Technical Implementation Guides (STIGs), and the OpenSCAP Security Guide.