- Stable software updates whether it be on client machines or servers they are very essential. Having the machine up on the current patches and updates will close the window of vulnerability an attacker may have with an unpatched system.
- Removing unnecessary applications and services. If one has a home with two windows and one door the entry points for an attacker to break in are limited. Removing the services that are unneeded will once again close that window of possible attack.
- Change the defaults. For ease of use after installation default passwords and default paths are set for basic configuration setup. Changing the default passwords helps prevent automatic software or an attacker getting an easy access. Changing the default paths can also help by adding some security through obscurity. Some attacks go after hard coded paths so changing the defaults will leave them guessing.
- Audit your server. This allows you to stay a step ahead of the attackers by being able to find and patch the vulnerabilities before they can be exploited. Depending level of audit you may find flaws in software that the manufacturer has yet to catch.
- Use heavy logging. A good amount of detail is useful in a post-exploitation scenario. Log monitoring applications can help parse through it all and can apply alerts to certain filters.
- Firewalls & Anti-Virus. Firewalls can monitor and apply filters such as TCP blocking to only allow traffic on the ports that are needed, whether internal or external. Anti-Virus can prevent from known signature malware from compromising the machine.
- Use Windows IIS lock down tool. This is an application released by Microsoft as a tool designed to provide security templates. It turns off features for you in an attempt to limit the area of attack.
- Secure the administrator account. Seeing as this it the total control account implementing complex passwords will avoid dictionary attacks and basic brute force attempts. Limiting login attempts and applying blocks to the firewall can help prevent rapid or automated attacks against the account.
Please follow and like us: