Blogs >> Technology >>
Host Hardening, Part 1
As I mentioned in a previous post, it is imperative your corporate smart guys maintain security of your servers by removing or disabling unnecessary services, applications, and user accounts, and installing the latest software patches. Although disabling services and applications is a practice largely confined to corporate devices, the rest of us should understand user account management and software patching, and how they apply to our home systems.
Services
Services such as file sharing and remote access can be exploited. It may sound obvious, but you probably do not want folks accessing these boxes remotely. OK, you might have a need for remote maintenance. But there are more secure methods than the native remote access services. You definitely do not want file sharing enabled on these devices.
Applications
It may sound obvious, but you will want to remove unneeded applications from servers which are dedicated to a task which does not require those applications. For example, your email server probably does not need to have Internet Explorer installed. If it’s not there, no one can exploit any flaws inherent with the application. So remove it.
Services
Services such as file sharing and remote access can be exploited. It may sound obvious, but you probably do not want folks accessing these boxes remotely. OK, you might have a need for remote maintenance. But there are more secure methods than the native remote access services. You definitely do not want file sharing enabled on these devices.
Applications
It may sound obvious, but you will want to remove unneeded applications from servers which are dedicated to a task which does not require those applications. For example, your email server probably does not need to have Internet Explorer installed. If it’s not there, no one can exploit any flaws inherent with the application. So remove it.
Next time I'll discuss user accounts and patching.
|