SlideShare a Scribd company logo
1 of 9
Download to read offline
1
10 Tips for Hardening Your System
Raphy Bitton | CISSP, CCSK
Head of Infrastructure Division & Global CISO @ Comsec
2018 © Comsec Global
Meet Raphy Bitton
About Raphy Bitton
Head of Infrastructure Division & Global CISO @ Comsec
• Expertise in infrastructure security
• Consultant for secured architecture and hardening
• As CISO, responsible for Comsec’s security
• Holds valuable certifications such as CISSP and CCSK
Major Risks
You may find your private and sensitive information out in the
wild. this information includes your own and your clients’ as
well
Your data may be altered by an unauthorized entity and harm
its assurance and accuracy
Breach to a business critical system may cause denial-of-
service to the service it delivers
Confidentiality01
Integrity02
Availability03
4
1| Network Segmentation
2| Install Patches
10 Tips for System Security
Segmentation is the core process of hardening
• Separate system from other networked devices
• Make sure segmentation is enforced by a firewall
• Separate your web server, application server and
database server from one each other
Every software has its vulnerabilities. They are
discovered and exploited on a daily basis.
• Patch critical updates immediately
• Patch Important updates on regular basis
• Patch 3rd party installed applications
5
3| Change Default Values
4| Reduce Attack Surface
10 Tips for System Security
Default values are published in the wild. Everyone can
access it and use it against you.
• Change port numbers
• Change management IP/URL
• Change username and password
• Change banners/error messaged disclosing technical
information
Every service or feature that is unnecessary may be
used as a backdoor to your data.
• Disable unnecessary services and features
• Remove unnecessary applications
• Remove unnecessary code libraries
6
5| Set Account/Password Policy
6| Turn Audit On
10 Tips for System Security
Accounts and their passwords are the key to your
systems and data. Protect it.
• Complex your passwords (8 characters long containing
A-Z, a-z, 0-9 and special characters)
• Set maximum failed login attempts
• Change your password every 4 months and do not
repeat an old password
Audit will help you to maintain security in real time and
investigate breaches.
• Audit access to objects (folder, application, server)
• Audit security events (login, permissions granting)
• Audit group membership of privileged groups
• Audit use of privileged accounts
7
7| Use Encryption
8| Access Control
10 Tips for System Security
Protect your data from unauthorized access.
• Encrypt your data at rest (hard disk,
thumb drive, cloud, backup media)
• Encrypt your data in transit (transferring
data to/from systems)
If you don’t need it, don’t enable it.
• Restrict access to system files and confidential data
• Restrict remote access to management interfaces
• Restrict access to managment tools (CMD, PowerShell, bash)
8
9| Set Idle Timeout
10| Create Backups
10 Tips for System Security
Disconnect automatically all open connections when timed
out.
• Automatically disconnect all local sessions (login, console)
• Automatically disconnect remote sessions (RDP, SSH)
• Enable password protected ‘screen saver’
Hardening your system will not make it unbreakable. Prepare
for the worst.
• Develop backup plan according to system criticality
• Backup both system configuration and data
• Restore from backup periodically to validate it’s integrity
• Store backup media off-site
9
Want to Know More?
+972 (0)3-9234277
raphyb@comsecglobal.com
Yegia Kapayim St. 21D, P.O. Box 3474,
Petach-Tikva, Israel, 49130
www.comsecglobal.com

More Related Content

What's hot

Improve Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMImprove Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMAlienVault
 
CIO Cloud Security Checklist
CIO Cloud Security ChecklistCIO Cloud Security Checklist
CIO Cloud Security ChecklistDruva
 
Oracle database 12c security and compliance
Oracle database 12c security and complianceOracle database 12c security and compliance
Oracle database 12c security and complianceFITSFSd
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMAlienVault
 
Connect security to your business with mc afee epo software
Connect security to your business with mc afee epo softwareConnect security to your business with mc afee epo software
Connect security to your business with mc afee epo softwarewardell henley
 
ONI Assure Insight Brochure fv
ONI Assure Insight Brochure fvONI Assure Insight Brochure fv
ONI Assure Insight Brochure fvCarl Pollard
 
Survival of the Fittest: How to Build a Cyber Resilient Organization
Survival of the Fittest: How to Build a Cyber Resilient OrganizationSurvival of the Fittest: How to Build a Cyber Resilient Organization
Survival of the Fittest: How to Build a Cyber Resilient OrganizationTripwire
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextAlgoSec
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsAlienVault
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceQualys
 
ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToJim Gilsinn
 
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5AlienVault
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides finalAlienVault
 
Cloud native patterns antipatterns
Cloud native patterns antipatternsCloud native patterns antipatterns
Cloud native patterns antipatternsMartin Stemplinger
 
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...Qualys
 
Configuring Data Sources in AlienVault
Configuring Data Sources in AlienVaultConfiguring Data Sources in AlienVault
Configuring Data Sources in AlienVaultAlienVault
 
Top PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s PerspectiveTop PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s PerspectiveAlgoSec
 
Addressing the Cyber-Security Landscape
Addressing the Cyber-Security LandscapeAddressing the Cyber-Security Landscape
Addressing the Cyber-Security LandscapeePlus
 
Microsegmentation for enterprise data centers
Microsegmentation for enterprise data centersMicrosegmentation for enterprise data centers
Microsegmentation for enterprise data centersNarendran Vaideeswaran
 

What's hot (19)

Improve Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USMImprove Threat Detection with OSSEC and AlienVault USM
Improve Threat Detection with OSSEC and AlienVault USM
 
CIO Cloud Security Checklist
CIO Cloud Security ChecklistCIO Cloud Security Checklist
CIO Cloud Security Checklist
 
Oracle database 12c security and compliance
Oracle database 12c security and complianceOracle database 12c security and compliance
Oracle database 12c security and compliance
 
Improve Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USMImprove Situational Awareness for Federal Government with AlienVault USM
Improve Situational Awareness for Federal Government with AlienVault USM
 
Connect security to your business with mc afee epo software
Connect security to your business with mc afee epo softwareConnect security to your business with mc afee epo software
Connect security to your business with mc afee epo software
 
ONI Assure Insight Brochure fv
ONI Assure Insight Brochure fvONI Assure Insight Brochure fv
ONI Assure Insight Brochure fv
 
Survival of the Fittest: How to Build a Cyber Resilient Organization
Survival of the Fittest: How to Build a Cyber Resilient OrganizationSurvival of the Fittest: How to Build a Cyber Resilient Organization
Survival of the Fittest: How to Build a Cyber Resilient Organization
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
 
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and ExploitsMeltdown and Spectre - How to Detect the Vulnerabilities and Exploits
Meltdown and Spectre - How to Detect the Vulnerabilities and Exploits
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and Compliance
 
ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How To
 
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
 
Incident response live demo slides final
Incident response live demo slides finalIncident response live demo slides final
Incident response live demo slides final
 
Cloud native patterns antipatterns
Cloud native patterns antipatternsCloud native patterns antipatterns
Cloud native patterns antipatterns
 
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
Webcast Series #3: GDPR Deadline Readiness and Impact to Global Organizations...
 
Configuring Data Sources in AlienVault
Configuring Data Sources in AlienVaultConfiguring Data Sources in AlienVault
Configuring Data Sources in AlienVault
 
Top PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s PerspectiveTop PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
Top PCI Pitfalls and How to Avoid Them: The QSA’s Perspective
 
Addressing the Cyber-Security Landscape
Addressing the Cyber-Security LandscapeAddressing the Cyber-Security Landscape
Addressing the Cyber-Security Landscape
 
Microsegmentation for enterprise data centers
Microsegmentation for enterprise data centersMicrosegmentation for enterprise data centers
Microsegmentation for enterprise data centers
 

Similar to 10 tips for hardening your system

Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowNuuko, Inc.
 
Cyber security series administrative control breaches
Cyber security series   administrative control breaches Cyber security series   administrative control breaches
Cyber security series administrative control breaches Jim Kaplan CIA CFE
 
Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!MarketingArrowECS_CZ
 
ITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdfITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdfThangDang53
 
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11Waqas Ahmed Nawaz
 
Securing the cloud and your assets
Securing the cloud and your assetsSecuring the cloud and your assets
Securing the cloud and your assetsMarcus Dempsey
 
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirementsMySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirementsOlivier DASINI
 
ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10Irsandi Hasan
 
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptx
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptxTckhjhhjbbggujvg Day13-Post-Exploitation.pptx
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptxAlfredObia1
 
Building a Security Operations Center
Building a Security Operations CenterBuilding a Security Operations Center
Building a Security Operations CenterLymanAlphaBlob
 
Mailjet Security Presentation 2017
Mailjet Security Presentation 2017Mailjet Security Presentation 2017
Mailjet Security Presentation 2017Mailjet
 
Supporting Contractors with NIST SP 800-171 Compliance
Supporting Contractors with NIST SP 800-171 ComplianceSupporting Contractors with NIST SP 800-171 Compliance
Supporting Contractors with NIST SP 800-171 ComplianceSolarWinds
 
Slide Deck CISSP Class Session 5
Slide Deck CISSP Class Session 5Slide Deck CISSP Class Session 5
Slide Deck CISSP Class Session 5FRSecure
 
Modern Data Security with MySQL
Modern Data Security with MySQLModern Data Security with MySQL
Modern Data Security with MySQLVittorio Cioe
 
Ch 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesCh 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesSam Bowne
 

Similar to 10 tips for hardening your system (20)

Biznet Gio Presentation - Database Security
Biznet Gio Presentation - Database SecurityBiznet Gio Presentation - Database Security
Biznet Gio Presentation - Database Security
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should Know
 
Cyber security series administrative control breaches
Cyber security series   administrative control breaches Cyber security series   administrative control breaches
Cyber security series administrative control breaches
 
Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!Využijte svou Oracle databázi na maximum!
Využijte svou Oracle databázi na maximum!
 
ITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdfITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdf
 
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
 
W982 05092004
W982 05092004W982 05092004
W982 05092004
 
Securing the cloud and your assets
Securing the cloud and your assetsSecuring the cloud and your assets
Securing the cloud and your assets
 
C days2015
C days2015C days2015
C days2015
 
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirementsMySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
MySQL Day Paris 2018 - MySQL & GDPR; Privacy and Security requirements
 
ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10ITE v5.0 - Chapter 10
ITE v5.0 - Chapter 10
 
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptx
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptxTckhjhhjbbggujvg Day13-Post-Exploitation.pptx
Tckhjhhjbbggujvg Day13-Post-Exploitation.pptx
 
Building+a+Security+Operations+Center.ppt
Building+a+Security+Operations+Center.pptBuilding+a+Security+Operations+Center.ppt
Building+a+Security+Operations+Center.ppt
 
Building a Security Operations Center
Building a Security Operations CenterBuilding a Security Operations Center
Building a Security Operations Center
 
Mailjet Security Presentation 2017
Mailjet Security Presentation 2017Mailjet Security Presentation 2017
Mailjet Security Presentation 2017
 
Supporting Contractors with NIST SP 800-171 Compliance
Supporting Contractors with NIST SP 800-171 ComplianceSupporting Contractors with NIST SP 800-171 Compliance
Supporting Contractors with NIST SP 800-171 Compliance
 
CISA Training - Chapter 5 - 2016
CISA Training - Chapter 5 - 2016CISA Training - Chapter 5 - 2016
CISA Training - Chapter 5 - 2016
 
Slide Deck CISSP Class Session 5
Slide Deck CISSP Class Session 5Slide Deck CISSP Class Session 5
Slide Deck CISSP Class Session 5
 
Modern Data Security with MySQL
Modern Data Security with MySQLModern Data Security with MySQL
Modern Data Security with MySQL
 
Ch 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesCh 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS Vulnerabilites
 

Recently uploaded

activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 

Recently uploaded (20)

activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 

10 tips for hardening your system

  • 1. 1 10 Tips for Hardening Your System Raphy Bitton | CISSP, CCSK Head of Infrastructure Division & Global CISO @ Comsec 2018 © Comsec Global
  • 2. Meet Raphy Bitton About Raphy Bitton Head of Infrastructure Division & Global CISO @ Comsec • Expertise in infrastructure security • Consultant for secured architecture and hardening • As CISO, responsible for Comsec’s security • Holds valuable certifications such as CISSP and CCSK
  • 3. Major Risks You may find your private and sensitive information out in the wild. this information includes your own and your clients’ as well Your data may be altered by an unauthorized entity and harm its assurance and accuracy Breach to a business critical system may cause denial-of- service to the service it delivers Confidentiality01 Integrity02 Availability03
  • 4. 4 1| Network Segmentation 2| Install Patches 10 Tips for System Security Segmentation is the core process of hardening • Separate system from other networked devices • Make sure segmentation is enforced by a firewall • Separate your web server, application server and database server from one each other Every software has its vulnerabilities. They are discovered and exploited on a daily basis. • Patch critical updates immediately • Patch Important updates on regular basis • Patch 3rd party installed applications
  • 5. 5 3| Change Default Values 4| Reduce Attack Surface 10 Tips for System Security Default values are published in the wild. Everyone can access it and use it against you. • Change port numbers • Change management IP/URL • Change username and password • Change banners/error messaged disclosing technical information Every service or feature that is unnecessary may be used as a backdoor to your data. • Disable unnecessary services and features • Remove unnecessary applications • Remove unnecessary code libraries
  • 6. 6 5| Set Account/Password Policy 6| Turn Audit On 10 Tips for System Security Accounts and their passwords are the key to your systems and data. Protect it. • Complex your passwords (8 characters long containing A-Z, a-z, 0-9 and special characters) • Set maximum failed login attempts • Change your password every 4 months and do not repeat an old password Audit will help you to maintain security in real time and investigate breaches. • Audit access to objects (folder, application, server) • Audit security events (login, permissions granting) • Audit group membership of privileged groups • Audit use of privileged accounts
  • 7. 7 7| Use Encryption 8| Access Control 10 Tips for System Security Protect your data from unauthorized access. • Encrypt your data at rest (hard disk, thumb drive, cloud, backup media) • Encrypt your data in transit (transferring data to/from systems) If you don’t need it, don’t enable it. • Restrict access to system files and confidential data • Restrict remote access to management interfaces • Restrict access to managment tools (CMD, PowerShell, bash)
  • 8. 8 9| Set Idle Timeout 10| Create Backups 10 Tips for System Security Disconnect automatically all open connections when timed out. • Automatically disconnect all local sessions (login, console) • Automatically disconnect remote sessions (RDP, SSH) • Enable password protected ‘screen saver’ Hardening your system will not make it unbreakable. Prepare for the worst. • Develop backup plan according to system criticality • Backup both system configuration and data • Restore from backup periodically to validate it’s integrity • Store backup media off-site
  • 9. 9 Want to Know More? +972 (0)3-9234277 raphyb@comsecglobal.com Yegia Kapayim St. 21D, P.O. Box 3474, Petach-Tikva, Israel, 49130 www.comsecglobal.com