Question

Discuss system hardening strategies and techniques including updates and patches, default logon/passwords, anonymous access, removal of unneeded services, separation of production and development environments, and settings such as password length and complexity by answering the following questions:

What hardening guidelines or standards are you familiar with?
What steps have you taken to harden systems?
What function do each of the strategies discussed serve?
Research and provide a web link to an article regarding system hardening practices.

Answer 1

Answer1)

I am aware of all the hardening guidelines mentioned in the question. Starting with updates means that a company of software release new version with new facilities and features if previous older version to make things easy and attractive. Patches are also released by company so that the bugs in their system can't be compromised by attacker. Default login password are those credentials which set to default by any company. Removal of unneeded services means that services which are not used by anyone should be removed as they can be used by attacker to attack the system as they are not much secured by company. Password length is very important as long password make hacker difficult to guess and break.

Answer 2 and 3)

I have taken lot of steps to harden system which are as follows along with their strategies-

1) I have renamed and and disabled built in account like administrator to some other name because if by chance attacker get access of system so he will not able to recognize which is admin account.

2) I have also added a long password to access my bios because if attacker get an access of my bios then he will change the boot sequence and increase the chances of attack vector on my system.

3)I have also removed unwanted and unknown application from my system because they may contain virus and can cause harm.

Answer 4)https://www.tracesecurity.com/blog/articles/system-hardening-guidelines