This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
serveradministration [2021/08/22 12:16] matthews created |
serveradministration [2021/08/22 12:21] (current) matthews |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | Best Practices for Server | + | ====== |
+ | ===== Audit your existing systems ===== | ||
+ | Carry out a comprehensive audit of your existing technology. Use penetration testing, vulnerability scanning, configuration management, and other security auditing tools to find flaws in the system and prioritize fixes. Conduct system hardening assessments against resources using industry standards from NIST, Microsoft, CIS, DISA, etc. | ||
+ | |||
+ | ===== Create a strategy for systems hardening ===== | ||
+ | You do not need to harden all of your systems at once. Instead, create a strategy and plan based on risks identified within your technology ecosystem, and use a phased approach to remediate the biggest flaws. | ||
+ | |||
+ | ===== Patch vulnerabilities immediately ===== | ||
+ | Ensure that you have an automated and comprehensive vulnerability identification and patching system in place. | ||
+ | |||
+ | ===== Network hardening ===== | ||
+ | Ensure your firewall is properly configured and that all rules are regularly audited; secure remote access points and users; block any unused or unneeded open network ports; disable and remove unnecessary protocols and services; implement access lists; encrypt network traffic. | ||
+ | |||
+ | ===== Server hardening ===== | ||
+ | Put all servers in a secure datacenter; never test hardening on production servers; always harden servers before connecting them to the internet or external networks; avoid installing unnecessary software on a server; segregate servers appropriately; | ||
+ | |||
+ | ===== Application hardening ===== | ||
+ | Remove any components or functions you do not need; restrict access to applications based on user roles and context (such as with application control); remove all sample files and default passwords. Application passwords should then be managed via an application password management/ | ||
+ | |||
+ | ===== Database hardening ===== | ||
+ | Create admin restrictions, | ||
+ | |||
+ | ===== Operating system hardening ===== | ||
+ | Apply OS updates, service packs, and patches automatically; | ||
+ | |||
+ | ===== Eliminate unnecessary accounts and privileges ===== | ||
+ | Enforce least privilege by removing unnecessary accounts (such as orphaned accounts and unused accounts) and privileges throughout your IT infrastructure. | ||
* [[ServerAdminLinux|Linux]] | * [[ServerAdminLinux|Linux]] | ||
* [[ServerAdminWindows|Windows]] | * [[ServerAdminWindows|Windows]] |