Web System Hardening in 3 Easy Steps
Posted 05 Aug, 2020
Author - 'Folu Karunwi
Web System Hardening in 3 Easy Steps
To harden a computer system means to make it more difficult for a malicious hacker to attack. In formal terms, system hardening means reducing the attack surface.
The attack surface is the combination of all the points where an attacker may strike.
Many computer systems by default have an exceptionally large attack surface. This is because a lot of software is installed with too many permissions and as many functions as possible. System hardening, therefore, is basically all about skimming down options.
We will look at 3 hardening process steps that you can take.

Step 1. Operating System Hardening
The base level of system hardening is taking care of operating system security. A hardened operating system lets you avoid a lot of security threats.
To harden the operating system of your server:
·       Uninstall all unnecessary software. Each program may have a potential vulnerability that may allow the attacker to escalate the attack. This includes, for example, even unnecessary compilers/interpreters, because they may enable the attacker to create reverse shells.
·       Remove all unnecessary user accounts and make sure that user accounts that are used to run services do not have excessive privileges. For example, if you use a user account to run your web server, it may not need shell access at all, and it should have minimal privileges.
·       To avoid unauthorized access, require strong passwords as part of access control (but do not require regular password changes; such practices were found to be less secure) or use key-based authentication.
·       Turn on detailed logging if you can afford the resources. The more details you have in your logs, the easier it will be to analyze the logs after an attack.
·       Enable automatic OS patching or enable patch notifications. Security patches are of critical importance and installing them automatically is more secure.
Note that the above general tips apply to all operating systems: Linux/UNIX, Microsoft Windows, macOS, and any others. However, specific cases may apply to specific systems. For example, on Windows, you may additionally want to focus on group policies.
Step 2. Network Hardening
Network hardening spans beyond the server and often includes additional network devices. However, on the level of the server that you are managing, there is already a lot that you can do to improve network security.
To harden the network connections on your server:
·       Shut down and uninstall all unnecessary services if they are not used on this server. For example, FTP, telnet, POP/SMTP, and more. This will let you eliminate all unnecessary open network ports.
·       Enforce strong firewall rules. If this is a dedicated web server, make sure that the only incoming connections that are allowed are web connections and potentially administrative connections (e.g. SSH).
·       If you can afford the resources, monitor outgoing connections for potential reverse shells.
A lot of network hardening is already done when you harden the OS. However, if you are not the only person with access to the server, it is a good idea to safeguard against someone else opening unsafe network connections.
Step 3. Continuous Hardening
The most important thing to realize about hardening is that it is a never-ending process. You should perform regular system hardening check-ups to make sure that your security configuration is up to date, all the security measures are still in place, and there are no new threats to your information security. Such new threats may come from other users of the server, the developers of web applications, or simply due to vulnerabilities found in existing software.
Luckily, part of the process can be automated. For example, you may use patch management software to make sure that your key software is always up to date. You may also run scheduled scans using a web vulnerability scanner to make sure that new and updated web applications do not introduce cybersecurity threats.
The best way to do it is to maintain a hardening checklist, which you create initially with your first hardening exercise and then modify as you discover new ways to make your system less prone to attacks.

Source: Acunetix

Share this post
teapotNG is an online trading platform of Teaplant Nigeria Limited. RC 1411634