6 Important OS Hardening Steps to Protect Your Small Business IT Investment

Proper patch management is critical to protecting data and uptime, but it’s just one of many security considerations. With Ransomware-as-a-Service and Angler, Bedep and Neutrino exploit kit adoption on the rise, Small Businesses must strengthen their defenses against outside attack. When attempting to compromise a device or network, malicious actors look for any way in. Unbeknownst to many small- and medium-sized businesses, operating system vulnerabilities provide easy access. In order to provide you with peace of mind, safeguard your sensitive information and differentiate your security services from the competition, here are six ways to harden your operating systems:

Definition of OS Hardening

So what is OS hardening exactly? Here is one definition from a Search Security column:

When you harden a box, you’re attempting to make it bulletproof. Ideally, you want to be able to leave it exposed to the general public on the Internet without any other form of protection. This isn’t a box you’ll use for a wide variety of services. A hardened box should serve only one purpose–it’s a Web server or DNS or Exchange server, and nothing else. You don’t typically harden a file and print server, or a domain controller, or a workstation. These boxes need too many functions to be properly hardened.

Another definition is a bit more liberal:

Hardening of the OS is the act of configuring an OS securely, updating it, creating rules and policies to help govern the system in a secure manner, and removing unnecessary applications and services. This is done to minimize a computer OS’s exposure to threats and to mitigate possible risk.

6 OS Hardening Tips

While different operating systems have their own intricacies, there are recommended practices that apply universally. This list is not all-inclusive and you may implement additional best practices when applicable. However, in order to minimize clients’ risk of suffering a cyber-attack, adhere to the following protocol:

1. Programs clean-up –

Remove unnecessary programs. Every program is another potential entrance point for a hacker. Cleaning these out helps you limit the number of ways in. If the program is not something the company has vetted and “locked down,” it shouldn’t be allowed. Attackers look for backdoors and security holes when attempting to compromise networks. Minimize their chances of getting through.

2. Use of service packs –

Keep up-to-date and install the latest versions. It’s that simple. No one thing ensures protection, especially from zero-day attacks, but this is an easy rule to follow.

3. Patches and patch management –

Planning, testing, implementing and auditing patches should be part of a regular security regimen. Make sure the OS is patched regularly, as well as the individual programs on the client’s computer.

4. Group policies –

Define what groups can or can’t access and maintain these rules. Sometimes, it’s simply user error that leads to a successful cyber-attack. Establish or update user policies and ensure all users are aware and comply with these procedures. For example, everyone should be implementing strong passwords, securing their credentials and changing them regularly.

5. Security templates –

Groups of policies that can be loaded in one procedure; they are commonly used in corporate environments.

6. Configuration baselines –

Baselining is the process of measuring changes in networking, hardware, software, etc. To create a baseline, select something to measure and measure it consistently for a period of time. Establish baselines and measure on a schedule that is acceptable to both your standard for maintaining security and meeting your clients’ needs.

12 Must know tricks to Unlocking the power of Windows 10

Here’s a peak of what’s inside!

 Click the below link to instantly download the guide!

12 Must know tricks to Unlocking the power of  Windows 10

Troubleshooting Tips Every Small Business Should Know.

Here’s a peak of what’s inside!

Everything you need to know to secure your business.

Here’s a peak of what’s inside!

Why do I need to complete the form?

Your information is safe with us. We don’t sell or give away any of your contact information. The below form helps us better understand you and your needs. Our goal is to give you peace of mind on your computers and network so you can focus on your business. Have any questions? Let us know! We would love to help.

By supplying your contact information, you authorize OC Technology Solutions to contact you with further information.

Artigen Corp., an Artificial Intelligence and Virtual Reality software development and marketing company, selects OC Technology Solutions LLC as their primary resource for computer hardware, software, and networking equipment to build out multiple departments. Artigen depends on OC Tech’s product knowledge, manufacturer program expertise, and configuration capabilities to help streamline and simplify the mostly chaotic and expensive technology purchasing processes.

See what they can do at www.artigencorp.com

Recently upgrade to Windows 10? Seasoned Windows 10 veteran?

There’s always more to learn!

Check out our latest video to learn time saving tips and tricks using the Windows 10 Start Menu.

(To view the video, please visit this page on a desktop or laptop)

April 12th. Memorize that date.

In case you haven’t heard, a security vulnerability called Badlock was recently discovered in Windows and Samba. While the nature of the bug has not yet been revealed, patches along with details of the flaw will be released next week on April 12th. Ever since news of the vulnerability broke in March, hackers have been salivating at the mouth, ready to pounce. Indeed, some may have already discovered the bug. Since attackers will be eagerly awaiting the disclosure, once patches are released next week, Windows and Samba users must immediately patch their systems to prevent exploitation.

Badlock Bug Background (Details TBD)

“Please get yourself ready to patch all systems on this day. We are pretty sure that there will be exploits soon after we publish all relevant information.”

This warning comes straight from the official Badlock website and speaks to the growing anticipation within the cybercrime community. Although we don’t know where the Badlock bug lives, InfoWorld is attempting to connect dots by sharing hints given by SerNet, the Samba consulting company responsible for the Badlock website. Since Badlock implicates Windows and Samba users, it is likely that it “has something to do with the SMB protocol, used to read and write files over the local network, or Common Internet File System (CIFS), the SMB implementation used in Windows.” As a result, it may be reasonable to expect that any software using SMB will be impacted. Johannes Loxen, SerNet’s CEO, even spread speculation that with Badlock, attackers could obtain administrative access to local networks because the vulnerability would mean “admin accounts for everyone on the same LAN.” Again, nothing is certain, but even contemplating the implications of such an uncertainty should light a fire underneath you. Managing Badlock has to be priority one.

How You Can Prepare for April 12th

“Thinking will not overcome fear but action will.” ~W. Clement Stone~

You may be thinking that you don’t have to worry about Badlock until April 12th since you don’t know what it is you’re dealing with. Ever since Stefan Metzmacher, a member of the international Samba Core Team, discovered and reported the bug, there’s been a lot of hype around Badlock and what it means for users. Some even question the point of announcing the presence of a vulnerability weeks before MSPs and IT service providers can correct it. Still, all should take advantage of this 20-day advanced notice. As far as which patches will be available, the Badlock website lists Samba 4.4, Samba 4.3 and Samba 4.2. It is also important to note that all Windows machines are expected to be impacted.

If you’re a TotalCare Client…

In response, we will bypass our standard patch testing procedure and will whitelist this patch immediately upon its release so that it is available to you, our TotalCare Managed Services clients. To complete the patch installation, OC Tech will complete the following:

1. Ensure and/or update your patching policy to take place on Tuesday, April 12, 2016.

or

2. Be prepared to manually patch your Windows machines on April 12, 2016 as soon as the patch is whitelisted by our NOC.

We will continue to provide more specific information as it is made available, but wanted to make sure you know that we are preparing accordingly. For more information on Badlock, visit http://badlock.org/.

Access the data you need, when you need it.

OC Tech is proud to announce our partnership with O’Grady Homes! We’re grateful for the opportunity to manage, maintain and support OG Home’s entire IT infrastructure including security, collaboration and cloud storage.

O’Grady Homes was founded by Chris O’Grady and stands as an extraordinary example of integrity and success in the local construction industry. With 25 years of fine custom home building experience, Chris O’Grady and the O’Grady Homes team provide expert guidance through every phase of design, planning and construction.

Looking to build new or remodel? Check them out at www.oghomes.com!