Project 10: Harden Assets and New Systems
By hardening configurations of network components, systems, applications, and user accounts organizations can dramatically reduce their risk.
This also ensures consistency in deployment and maintenance by providing system administrators with a road map that can be applied to each new and existing device.
Most importantly, this prevents new vulnerabilities are not introduced into the environment.
Configuration guidelines should be developed in accordance with industry best practices while accounting for specific environmental needs.
When completed these configuration guidelines should become the baseline for all new equipment and the goal for all hardening efforts of currently deployed technology.
Configuration guidelines should include:
• Removal of default accounts and unneeded services/software
• Password standards
• Patch management
• Version control
• Account creation and removal
• Testing and approval for new software or hardware
Determining what is appropriate for your operating environment takes time, coordination, and diligence. Most people are resistant to change so expect to get some push back from just about everyone.
Initially users won't like creating strong passwords and system administrators won't be happy about version control, but with time they will learn to adapt and understand how these guidelines will create a more secure environment.
