Question

Discuss system hardening strategies and techniques including updates and patches, default logon/passwords, anonymous access, removal of unneeded services, separation of production and development environments, and settings such as password length and complexity by answering the following questions: What hardening guidelines or standards are you familiar with? What steps have you taken to harden systems? What function do each of the strategies discussed serve? Research and provide a web link to an article regarding system hardening practices.

Answer 1

Research and discussion about system hardening practices, strategies, guidelines, techniques, and standards such as updates and patches, default logon or passwords, anonymous access, removal of unneeded services, separation of production and development environments, and settings such as password length and complexity:

The hardening guidelines or standards familiar with are:
* Updates and patches, default logon or passwords, anonymous access, removal of unneeded services, separation of production and development environments, and settings such as password length and complexity.

Steps to be taken to harden systems and the function each of the strategies discussed serve is:

* Updates and patches: Always first, update the Operating System's (OS's) software, security, functionalities' features, and supporting files. Always update and upgrade device drivers, OSs, applications (web and mobile), stand-alone software, use as much SaaS (Software as a Service) applications and software as possible, also download and apply critical security patches to the systems, especially for database software and servers. This system hardening practice, strategy, guideline, technique, or standard always keeps a system update-to-date with all the system vulnerabilities, bugs, errors, secured from attacks by maintaining a database of viruses, malware, and other attack threats going on in this world and applying necessary critical security patches to the system. Also, the updates will have better and enhanced functionalities of a system.

* Default login or passwords: Always first change the old and/or the default logon or password to a new lengthy, a right combination of alphanumeric and symbols, complex password or passphrase (advisable) which, only you can remember and guess, but not others or any other hacking software or system in this world for many thousands or millions of years.

Again, this strategy secures the system from any kind of hack by attackers, making them difficult or impossible to guess, crack, or even brute force a system's password.

* Anonymous access: One should distinguish and differentiate between the requirements for username specific and anonymous login accesses to systems, applications, software, and grant or deny anonymous access to web applications accordingly. Anonymous accesses should be given to systems which do not have much critical information, data, resources, assets to be stolen, cracked, or hacked. Only general services or public information should be made available for users as anonymous or using anonymous accesses and logins. The default security policy of a system should be such that, it restricts anonymous access with no rights given to such accesses unless administrators explicitly make the anonymous access service available. This function serves minimum availability and accessibility to users for systems for basic and utmost needed tasks to be completed. This also, ensures, any anonymous person accessing a system anonymously does not and cannot access more information, data, or services than what he/she is allowed to, per the anonymous users' accesses.

* Removal of unneeded services: Remove all unneeded services, processes, software, hardware, networks, applications, files, etc, that are outdated, not being used, irrelevant, illegitimate, etc, so they don't clutter and stop the users from using the system for their much-needed services. Also, the system's performance will be better.
Also, removal of unneeded services reduces the system's attack surface to a large extent, and the users would not have to keep updating, upgrading, and applying any critical security patches, maintain, manage, monitor, and administer those unneeded services often.

* Separation of production and development environments: Always, separate production from development environments, to avoid any confusion, value the production environments, and test, play, explore, and even break the development and test environments. Following this would keep the production environment always running and secure, in turn running the business, and generating revenue. Also, any attack occurring in the development environment would not affect the production environment.

* Settings such as password length and complexity: Always, ensure the system's password is lengthy, complex, has a proper combination of alphanumeric and symbols, and change passwords as frequently as possible. Passwords should be at least 8 characters long and recommended would be 12 to 16 characters long. Do not use English dictionary words, personal information such as date of birth, place of birth, pet's or spouse's name, etc.

This strategy again, simply secures a system from being hacked, attacked, and passwords cracked simply by guessing, when the software is used to do so, or even when carries out a brute-force attack.

These system hardening guidelines in general, get rid of as many security threats and risks as possible, reduces a system's attack surface, making it secure and safeguards it from any attack, crack, or hack. The more the functions a system delivers, provides, offers, or services to the clients, or users, or other services, processes, and resources, the larger the vulnerability surface, and as a best practice, a system offering a single function would be more secure than one offering multi-functions.