Professional Documents
Culture Documents
Rajashekar Rudrapati
Date: 07/17/2021
2
network, a device, an operating system, and individual applications can all be hardened. The
by frequent operating system updates make hardening management difficult. The ICS lifetime
model is used to present system hardening. This comprises duties such as hardening
configuration design, implementation and testing, and system hardening maintenance. Two
PowerShell scripts have been created to facilitate the implementation and maintenance of the
We have a variety of control choices for each service that exists on a Windows system.
We can also turn off the option's starting so that it doesn't run at all. The general plan is to run as
few services as feasible. Another option is to launch services using accounts with lower
privileges. All default services execute in the context of the Local System account, which has
full system access. Disabling unused and unneeded services is the most important layer of the
security onion. This is perhaps the most difficult thing to get right, owing to Microsoft's
appalling lack of documentation on each service's full function and dependencies. The settings
detailed below are automatically applied when you choose to use the automated hardening
feature in setup. All of the following settings appear under the Computer Configuration >
On a Windows 2003 Server, secpol.msc can be used to view most of these parameters.
By default, however, not all MSS parameters are visible. For information on accessing all of the
available security options in the Microsoft Local Security Settings panel, see Threats and
Countermeasures: Security Settings in Windows Server 2003 and Windows XP, accessible at
microsoft.com (Headquarters, 2009). We need to make sure that the audit logs have enough
3
room for the audits that will be generated. This is especially crucial if the system will be shut
down if an audit fails. We should set up the systems to manage your current log capacity plus
50% more. It's also a good idea to establish a rotation policy. This should be in line with any
The basic software that handles things like input, output, display, memory management,
and all the other duties required to support the user environment and associated programs is the
system that incorporates extra features and functionalities to help connect computers and devices
The user account that is used on a daily basis should not belong to the Administrators
local group. Change the network type to public network discovery disabled, as well as prevent
file and printer sharing. All inbound connections are automatically terminated, ensuring that no
one on the network may access anything on the computer. Protect personal files by filtering
outgoing traffic and programs. Remote assistance and remote desktop connections should be
Network Access Protection (NAP) restricts network resource access based on the identity
of a client computer and compliance with corporate governance policies. NAP enables network
managers to set granular network access levels depending on a client's identification, group
membership, and degree of compliance with company standards. Read-only domain controllers
can be constructed and deployed in high-risk areas, but they can't be changed to add new users,
References
Headquarters, A. (2009). Security Best Practices Guide for Cisco Unified ICM/Contact Center
systems (Master's thesis).