Shrinking an organization’s attack surface is the primary purpose for server hardening. It is argued that an attack is an eventuality, so the less “surface” available to attack the more difficult it will be to compromise a system. Attackers are trying to gain access, so access is what you are trying to deny. Different types of access to a server should be considered including physical, user, and application. Server hardening is what denies that access using the following techniques.
- Equipment such as servers and routers should be stored separately in a room with controlled access to a limited group of people.
- A best practice baseline should be set for things like user rights, network traffic, user’s groups, remote access, deactivate autoplay, use of strong passwords, disabling vssaexe, and registry keys
- Disabling legacy protocols such as NTLMv1, TLS 1.0, and SMBv1 assure access cannot be obtained through outdated technologies
- Ensure a secured configuration for PowerShell exists to keep attackers from using lateral movement and escalating their privileges.
- Implementing a standardized creation method for sharing/NTSF permissions files and folders, and continuously maintaining permissions degradation will ensure users that do not need access do not have it.
- Software hardening, firewall configurations, and port usage control. For example, server settings, proper port assignment and closure, and blocking known malicious TOR sites reduce available attack vectors.
- Browser policy best practice and following CIS Benchmarks along with a up to date well configured antivirus helps prevent avenues of access.
All these things can help reduce the attack surface and keep attackers out of your system. Though not considered server hardening, constant testing, monitoring, and patching are important in maintaining security also. This is only a part of a total plan to an in depth security approach. Always stay ahead of the game.
Leave a comment