6 Important OS Hardening Steps to Protect Your Small Business IT Investment

Proper patch management is critical to protecting data and uptime, but it’s just one of many security considerations. With Ransomware-as-a-Service and Angler, Bedep and Neutrino exploit kit adoption on the rise, Small Businesses must strengthen their defenses against outside attack. When attempting to compromise a device or network, malicious actors look for any way in. Unbeknownst to many small- and medium-sized businesses, operating system vulnerabilities provide easy access. In order to provide you with peace of mind, safeguard your sensitive information and differentiate your security services from the competition, here are six ways to harden your operating systems:

Definition of OS Hardening

So what is OS hardening exactly? Here is one definition from a Search Security column:

When you harden a box, you’re attempting to make it bulletproof. Ideally, you want to be able to leave it exposed to the general public on the Internet without any other form of protection. This isn’t a box you’ll use for a wide variety of services. A hardened box should serve only one purpose–it’s a Web server or DNS or Exchange server, and nothing else. You don’t typically harden a file and print server, or a domain controller, or a workstation. These boxes need too many functions to be properly hardened.

Another definition is a bit more liberal:

Hardening of the OS is the act of configuring an OS securely, updating it, creating rules and policies to help govern the system in a secure manner, and removing unnecessary applications and services. This is done to minimize a computer OS’s exposure to threats and to mitigate possible risk.

6 OS Hardening Tips

While different operating systems have their own intricacies, there are recommended practices that apply universally. This list is not all-inclusive and you may implement additional best practices when applicable. However, in order to minimize clients’ risk of suffering a cyber-attack, adhere to the following protocol:

1. Programs clean-up –

Remove unnecessary programs. Every program is another potential entrance point for a hacker. Cleaning these out helps you limit the number of ways in. If the program is not something the company has vetted and “locked down,” it shouldn’t be allowed. Attackers look for backdoors and security holes when attempting to compromise networks. Minimize their chances of getting through.

2. Use of service packs –

Keep up-to-date and install the latest versions. It’s that simple. No one thing ensures protection, especially from zero-day attacks, but this is an easy rule to follow.

3. Patches and patch management –

Planning, testing, implementing and auditing patches should be part of a regular security regimen. Make sure the OS is patched regularly, as well as the individual programs on the client’s computer.

4. Group policies –

Define what groups can or can’t access and maintain these rules. Sometimes, it’s simply user error that leads to a successful cyber-attack. Establish or update user policies and ensure all users are aware and comply with these procedures. For example, everyone should be implementing strong passwords, securing their credentials and changing them regularly.

5. Security templates –

Groups of policies that can be loaded in one procedure; they are commonly used in corporate environments.

6. Configuration baselines –

Baselining is the process of measuring changes in networking, hardware, software, etc. To create a baseline, select something to measure and measure it consistently for a period of time. Establish baselines and measure on a schedule that is acceptable to both your standard for maintaining security and meeting your clients’ needs.