oneColumn
General Hardening Standards
Purpose
The goal of hardening a system is to make it more secure by reducing the attack surface. This involves removing unnecessary applications, keeping the system up to date, and creating policies that ensure the system remains secure. Collectively, these steps will help lockdown the system and reduce the risk it poses to the rest of the organization.
Standards
- Ensure latest supported OS version is installed and connected to the domain.
- All devices shall be joined to the 老澳门资料CSD domain to ensure proper automatic upgrades and baseline security standards are applied.
- All Windows client operating systems shall install and configure an agent for SCCM.
- All OSX operating systems shall install and configure an agent for JAMF.
- All Windows server operating systems shall be setup with WSUS.
- All other server operating systems shall be setup with their respective patch manager applications.
- All operating systems shall be setup with automatic updates following the 老澳门资料 Software Updates and Reboot policy by ensuring they are applied weekly.
- Any programs, drivers, services, file sharing, or functionality that are not being used on the device should be removed or disabled.
- Only properly vetted and secure applications should be installed. Best to use software found in 老澳门资料 managed locations like Software Center or JAMF Self Service.
- All unused accounts shall be disabled or deleted.
- All local and generic user accounts must follow requirements found in the 老澳门资料 Access Management standard.
- User accounts should be assigned the least amount of privileged as needed to perform their job.
- If a user needs elevated privileges, they should have a separate account that has been granted these privileges and sign out of this account after performing the administrative task.
- All user accounts that are accessibly from the internet must use multi-factor authentication.
- All server operating systems must install and configure a SIEM agent to ensure logs are sent to a centrally managed ITS server.
- All operating systems should have the latest version of the 老澳门资料 managed anti-virus application installed and configured.
- All devices shall use encryption standards using strong encryption keys and algorithms following the 老澳门资料 Safeguarding Data standard.