You need to be prepared for new and existing threats as 2021 is rapidly approaching. You must think like hackers if you want to protect your system. We saw many attacks on companies like Experian South Africa and British Airlines, DigitalOcean and others in 2020. Although these companies have deployed security teams, hackers continue to exploit vulnerabilities.
To protect your environment, it is essential to have a solid foundation. Do not make it easy for criminals infiltrate your network.
These job roles include system administrators, network administrators and security engineers.
These seven things can help you protect your computer.
Install a proper base OS
Network hardening
Application hardening
Web server hardening
Web Application Hardening
Email Servers
DNS Servers hardening
1. Install a proper base OS
Non-essential services – It is important that an operating environment only runs the services necessary to complete the task it has been assigned. It is not necessary to have HTTP and SMTP services running on a system unless it is being used as a web server or mail server.
Patches and fixes – It’s an ongoing task to ensure that all operating systems are updated with the most recent vendor-supplied patches, bug fixes, and other security updates (often referred to collectively as security updates).
Password Management – Most operating systems provide options for the enforcement and management of strong passwords. These options will prevent users from creating weak passwords that can be easily guessed. Additional security measures include the requirement of frequent password changes and the disabling user accounts following repeated unsuccessful login attempts.
Unnecessary accounts: Unneeded and unneeded user accounts should be removed from the operating system. It is also important to keep track of employee turnover in order to disable accounts when employees leave.
File and Directory Protection – Access Control Lists (ACLs), and file permissions must be used to strictly control files and directories.
File and File System encryption – Some file systems support the encryption of files and folders. It is important that all partitions on a disk are formatted with encryption features (NTFS for Windows) to protect sensitive data.
Enable Logging – It is crucial that the operating system is set up to log all activity, errors and warnings.
This is important as logs can be used to identify malicious events in a system. This is an important step as security controls can fail, so it’s necessary to be able check for bad events. Hackers can disable audits and use overwriting techniques to conceal their malicious acts, which can make our job more difficult. We must also back up the log.
File Sharing – Disable all file sharing.
2. Network hardening
Network hardening is the process of eliminating as many security risks and threats as possible. Here are some network-hardening techniques.
Update Software and Hardware – Network hardening is a continuous process of updating all router firmware and software with the most recent vendor-supplied patches.
Password Protection – Most routers or wireless access points offer a remote management interface that is accessible over the network. It is important that these devices are protected by strong passwords. These are some basic password rules and guidelines.
Unnecessary Services and Protocols – All unneeded protocols and services should be disabled and ideally removed form any hosts on the network. In a pure TCP/IP network environment, this could be an example.