34,333
edits
Changes
→Operating System Hardening
* '''Patches and Fixes''' - As an ongoing task, it is essential that all operating systems be updated with the latest vendor supplied patches and bug fixes (usually collectively referred to as ''security updates'').
* '''Password Management''' - Most operating systems today provide options for the enforcement of strong passwords. Utilization of these options will ensure that users are prevented from configuring weak, easily guessed passwords. As an additional level levels of securityinclude enforcing the regular changing of passwords and the disabling of user accounts after repeated failed login attempts. * '''Unnecessary accounts''' - All guest, unused and unnecessary user accounts must be disabled or removed from operating systems. It is also vital to keep track of employee turnover so that accounts can be disabled when employees leave an organization. * '''File and Directory Protection''' - Access to files and directories must be strictly controlled through the use of Access Control Lists (ACLs) and file permissions. * '''File and File System Encryption''' - Some filesystems provide support for encrypting files and folders. For additional protection of sensitive data it is important to ensure that all disk partitions are formatted with a file system type with encryption features (NTFS in the case of Windows). * '''Enable Logging''' - It is important to ensure that the operating system is configured to log all activity, errors and warnings. * '''File Sharing''' - Disable any unnecessary file sharing. == Network Hardening ==
