IS3110 U5D1
Risk Assessment and Risk Mitigation Control
By
Thomas Fletcher
IS3110
There are several different types of controls that you can take advantage of for securing your servers. Below are official guidelines from the (National Institute for Standards and Technology), or NIST.
Securing the Server Operating System
This is extremely important. If an OS has a know vulnerability and is not patched, it could lead to many problems. Once an OS is installed, applying needed patches or upgrades to correct for known vulnerabilities is essential. Any known vulnerabilities an OS has should be corrected before using it to host a server or otherwise exposing it to malicious users. Below are some ways to harden the server OS.
Remove unnecessary services, applications, and network protocols to reduce exploits on applications you commonly are not using.
Configure OS user authentication to minimize unwanted intrusion.
Configure resource controls appropriately to ensure that information is going to whom it should go to.
Securely Installing Server Software
This is a lot like hardening the OS in respect that you are making sure that software stays up to date to ensure that known exploits are being addresses. Any unnecessary applications, services, or scripts that are installed should be removed immediately once the installation process is complete. Below are some things that you can do to harden software.
Install the server software either on a dedicated host or on a dedicated guest OS if virtualization is being employed.
Apply any patches or upgrades to correct for known vulnerabilities in the server software.
Create a dedicated physical disk or logical partition (separate from OS and server application) for server data, if applicable.
Remove or disable all services installed by the server application but not required (e.g., gopher, FTP, HTTP, remote administration)
Install and Configure Additional Security Controls
This could be anything that you would like to
By
Thomas Fletcher
IS3110
There are several different types of controls that you can take advantage of for securing your servers. Below are official guidelines from the (National Institute for Standards and Technology), or NIST.
Securing the Server Operating System
This is extremely important. If an OS has a know vulnerability and is not patched, it could lead to many problems. Once an OS is installed, applying needed patches or upgrades to correct for known vulnerabilities is essential. Any known vulnerabilities an OS has should be corrected before using it to host a server or otherwise exposing it to malicious users. Below are some ways to harden the server OS.
Remove unnecessary services, applications, and network protocols to reduce exploits on applications you commonly are not using.
Configure OS user authentication to minimize unwanted intrusion.
Configure resource controls appropriately to ensure that information is going to whom it should go to.
Securely Installing Server Software
This is a lot like hardening the OS in respect that you are making sure that software stays up to date to ensure that known exploits are being addresses. Any unnecessary applications, services, or scripts that are installed should be removed immediately once the installation process is complete. Below are some things that you can do to harden software.
Install the server software either on a dedicated host or on a dedicated guest OS if virtualization is being employed.
Apply any patches or upgrades to correct for known vulnerabilities in the server software.
Create a dedicated physical disk or logical partition (separate from OS and server application) for server data, if applicable.
Remove or disable all services installed by the server application but not required (e.g., gopher, FTP, HTTP, remote administration)
Install and Configure Additional Security Controls
This could be anything that you would like to