server hardening policy sample

, modify the account default description to prevent the account is easily recognized. 4. Record these changes in a secure location. Note: The built-in Administrator account can be renamed through Group Policy. Because you must choose a unique name for your environment, these settings are not configured in any of the security templates provided in this guide. In the three environments defined in this guidance, you can configure the account: Rename admi

member server hardening procedures." The following table lists all the IPSEC filters that can be created on the IIS server in the Advanced Security environment defined in this guidance. Service Agreement Source Port Target Port Source Address Destination Address Operation Mirror Terminal Services Tcp All 3389 All ME Allow Is HTTP

those modules.Locate the code that contains loadmodule in the Httpd.conf. To close these modules, simply add a # sign before the line of Code. To find a module that is running, you can use the following statement:grep loadmodule httpd.confThe following modules are usually activated and are not large: mod_imap, mod_include, mod_info, mod_userdir, mod_status, mod_cgi, mod_autoindex13. Clear the default annotations from httpd.confThe default httpd.conf file in Apache 2.2.4 has more than 400 lines.

compromise scenarios. Use SELinux and other Linux security extensions whenever possible to enforce network and program restrictions. For example, SELinux provides a security policy for the Linux kernel.#5.1, SELinuxSELinux provides a flexible set of access controls (Mac:mandatory access control), labeled MAC Next application or process that runs under a user with associated permissions. Using your Mac's kernel protection can protect your system from

Next, continue to describe some of the Linux server Security configuration.#6, strong password policy. When we use the Useradd, Usermod command to create or maintain user accounts, ensure that strong password policies are always applied. For example, a good password includes at least 8 characters, including letters, numbers, and special strings, capitalization, and so on. Use a tool such as "John the Ripper

Write in front:When you get a server, don't worry about deploying apps, security is a top priority. If you sort the order, the Linux system can be secured by following several steps. This article is mainly for the enterprise common CentOS system, Ubuntu system slightly different can be Baidu query.1. System User Optimization2. System service Optimization3.SSH Access Policy4. Firewall configuration1. System User OptimizationNote: When we perform system

Server security Settings 1, the system disk and site placement disk must be set to NTFS format, easy to set permissions. 2, the system disk and site placement disk in addition to administrators and system user rights are removed. 3, enable Windows with a firewall, only to retain useful ports, such as remote and Web, FTP (3389, 80, 21), and so on, there are mail server to open 25 and 130 ports. 4

verification, the operation is as follows: [email protected] ~]# rpm-va....l ... c/etc/pam.d/system-auths.5 ... c/etc/security/limits.confs.5....t c/etc/sysctl.confs.5....t/etc/sgml/docbook-simple.cats.5....t c/etc/login.defss.5 .... . c/etc/openldap/ldap.confs.5....t c/etc/sudoers 6. Re-install the system Recovery dataIn many cases, the compromised system is no longer trusted, so the best way to do this is to back up the data on the server