A winner system needs to be hardened in order to avoid a variety of security risks. Here are 10 hardening tips that will simplify your security challenge.
2. Meet Raphy Bitton
About Raphy Bitton
Head of Infrastructure Division & Global CISO @ Comsec
• Expertise in infrastructure security
• Consultant for secured architecture and hardening
• As CISO, responsible for Comsec’s security
• Holds valuable certifications such as CISSP and CCSK
3. Major Risks
You may find your private and sensitive information out in the
wild. this information includes your own and your clients’ as
well
Your data may be altered by an unauthorized entity and harm
its assurance and accuracy
Breach to a business critical system may cause denial-of-
service to the service it delivers
Confidentiality01
Integrity02
Availability03
4. 4
1| Network Segmentation
2| Install Patches
10 Tips for System Security
Segmentation is the core process of hardening
• Separate system from other networked devices
• Make sure segmentation is enforced by a firewall
• Separate your web server, application server and
database server from one each other
Every software has its vulnerabilities. They are
discovered and exploited on a daily basis.
• Patch critical updates immediately
• Patch Important updates on regular basis
• Patch 3rd party installed applications
5. 5
3| Change Default Values
4| Reduce Attack Surface
10 Tips for System Security
Default values are published in the wild. Everyone can
access it and use it against you.
• Change port numbers
• Change management IP/URL
• Change username and password
• Change banners/error messaged disclosing technical
information
Every service or feature that is unnecessary may be
used as a backdoor to your data.
• Disable unnecessary services and features
• Remove unnecessary applications
• Remove unnecessary code libraries
6. 6
5| Set Account/Password Policy
6| Turn Audit On
10 Tips for System Security
Accounts and their passwords are the key to your
systems and data. Protect it.
• Complex your passwords (8 characters long containing
A-Z, a-z, 0-9 and special characters)
• Set maximum failed login attempts
• Change your password every 4 months and do not
repeat an old password
Audit will help you to maintain security in real time and
investigate breaches.
• Audit access to objects (folder, application, server)
• Audit security events (login, permissions granting)
• Audit group membership of privileged groups
• Audit use of privileged accounts
7. 7
7| Use Encryption
8| Access Control
10 Tips for System Security
Protect your data from unauthorized access.
• Encrypt your data at rest (hard disk,
thumb drive, cloud, backup media)
• Encrypt your data in transit (transferring
data to/from systems)
If you don’t need it, don’t enable it.
• Restrict access to system files and confidential data
• Restrict remote access to management interfaces
• Restrict access to managment tools (CMD, PowerShell, bash)
8. 8
9| Set Idle Timeout
10| Create Backups
10 Tips for System Security
Disconnect automatically all open connections when timed
out.
• Automatically disconnect all local sessions (login, console)
• Automatically disconnect remote sessions (RDP, SSH)
• Enable password protected ‘screen saver’
Hardening your system will not make it unbreakable. Prepare
for the worst.
• Develop backup plan according to system criticality
• Backup both system configuration and data
• Restore from backup periodically to validate it’s integrity
• Store backup media off-site
9. 9
Want to Know More?
+972 (0)3-9234277
raphyb@comsecglobal.com
Yegia Kapayim St. 21D, P.O. Box 3474,
Petach-Tikva, Israel, 49130
www.comsecglobal.com