teapotNG
Web System Hardening in 3 Easy Steps
Posted 05 Aug, 2020
Author - 'Folu Karunwi
Web System Hardening in 3 Easy Steps
 
To harden a computer system means to make it more difficult for a malicious hacker to attack. In formal terms, system hardening means reducing the attack surface.
The attack surface is the combination of all the points where an attacker may strike.
Many computer systems by default have an exceptionally large attack surface. This is because a lot of software is installed with too many permissions and as many functions as possible. System hardening, therefore, is basically all about skimming down options.
We will look at 3 hardening process steps that you can take.

Step 1. Operating System Hardening
The base level of system hardening is taking care of operating system security. A hardened operating system lets you avoid a lot of security threats.
To harden the operating system of your server:
·       Uninstall all unnecessary software. Each program may have a potential vulnerability that may allow the attacker to escalate the attack. This includes, for example, even unnecessary compilers/interpreters, because they may enable the attacker to create reverse shells.
·       Remove all unnecessary user accounts and make sure that user accounts that are used to run services do not have excessive privileges. For example, if you use a user account to run your web server, it may not need shell access at all, and it should have minimal privileges.
·       To avoid unauthorized access, require strong passwords as part of access control (but do not require regular password changes; such practices were found to be less secure) or use key-based authentication.
·       Turn on detailed logging if you can afford the resources. The more details you have in your logs, the easier it will be to analyze the logs after an attack.
·       Enable automatic OS patching or enable patch notifications. Security patches are of critical importance and installing them automatically is more secure.
Note that the above general tips apply to all operating systems: Linux/UNIX, Microsoft Windows, macOS, and any others. However, specific cases may apply to specific systems. For example, on Windows, you may additionally want to focus on group policies.
  
Step 2. Network Hardening
Network hardening spans beyond the server and often includes additional network devices. However, on the level of the server that you are managing, there is already a lot that you can do to improve network security.
To harden the network connections on your server:
 
·       Shut down and uninstall all unnecessary services if they are not used on this server. For example, FTP, telnet, POP/SMTP, and more. This will let you eliminate all unnecessary open network ports.
·       Enforce strong firewall rules. If this is a dedicated web server, make sure that the only incoming connections that are allowed are web connections and potentially administrative connections (e.g. SSH).
·       If you can afford the resources, monitor outgoing connections for potential reverse shells.
A lot of network hardening is already done when you harden the OS. However, if you are not the only person with access to the server, it is a good idea to safeguard against someone else opening unsafe network connections.
 
Step 3. Continuous Hardening
The most important thing to realize about hardening is that it is a never-ending process. You should perform regular system hardening check-ups to make sure that your security configuration is up to date, all the security measures are still in place, and there are no new threats to your information security. Such new threats may come from other users of the server, the developers of web applications, or simply due to vulnerabilities found in existing software.
Luckily, part of the process can be automated. For example, you may use patch management software to make sure that your key software is always up to date. You may also run scheduled scans using a web vulnerability scanner to make sure that new and updated web applications do not introduce cybersecurity threats.
The best way to do it is to maintain a hardening checklist, which you create initially with your first hardening exercise and then modify as you discover new ways to make your system less prone to attacks.




Source: Acunetix



Comments
Share this post
Recent Posts
Risk Assessment
View Post
Strategic Management
View Post
How Startups Could Get a Shift Due To COVID-19
View Post
Improving Employee Experience In An Organization
View Post
Tips to Build A Powerful DIY Home Office Network.
View Post
Micromanagement: What not to do as Managers/Employers during this COVID19 Pandemic.
View Post
Tips to avoid burnout as a remote worker.
View Post
Recurring Revenue
View Post
Preparing Your Business for a Post-Pandemic World.
View Post
Pricing Strategy
View Post
Tech and Digitalisation After COVID-19 Pandemic
View Post
Importance of SWOT Analysis for Business Strategic Planning
View Post
Positioning Your Business For Sustainability
View Post
Identifying Customer Needs
View Post
The Importance of Data for Your Social Strategy
View Post
Tips on how to write a CV that will get you interviews.
View Post
SMEs and Business Partnerships
View Post
Web System Hardening in 3 Easy Steps
View Post
Funding Challenges Start-ups Face and How to Solve Them
View Post
Email Security Awareness: Email Phishing Attacks
View Post
ContactUs
www.teapotng.com
enquiries@teapotng.com
AboutUs
Company
Blog
Terms And Privacy
Privacy Policy
Terms of Use
Use of Cookies
Terms and Conditions
teapotNG is an online trading platform of Teaplant Nigeria Limited. RC 1411634