System Lockdown Policy
This system lockdown policy is an internal IT policy and defines a general process that should be used to lock down servers and workstations.
This policy is designed to minimize risk to organizational resources and data by establishing a process for increasing the security of servers and workstations by stopping unneeded services and testing for vulnerabilities.
3.0 Server Lockdown and Hardening
This section describes a general process used to lock down servers. When they are initially installed and configured. Types of servers or equipment that need hardening include but are not limited to file sharing servers, email servers, Web servers, FTP servers, DNS servers, DHCP servers, Database servers, Domain controllers, Directory servers, Network devices such as firewalls, routers, and switches.
- List services that will be required to run on the server. Examples include:
- List services that are running on the server and turn off any that the administrator is sure are not needed.
- Do a port scan on the server - Use a security tool to test and determine any ports that the server is responding to.
- Shut down any services that are not on the required list of services for the server. Especially remember to shut down services listed in Appendix A - Services Recommended for Shutdown
- Remove any unnecessary programs, services, and drivers from the server especially those not loaded by default on the server.
- Patch the server with the latest patches and patch all services running on the server.
- Disable or change the password of any default accounts on the server or related to any operating services.
- Be sure all passwords used to access the system or used by services on the system meet minimum requirements including length and complexity parameters.
- Be sure all users and services have minimum required rights and do not have rights to items not needed.
- Be sure file share and file permissions are as tight as possible.
- Perform a vulnerability assessment scan of the server.
- Patch or fix any vulnerabilities found.
- Where appropriate, install and run additional security programs such as:
All this software should have the latest updates installed.
- Anti-virus - Install and perform latest update of software and virus definitions.
- Intrusion detection software - Some approved host based intrusion detection software is recommended to be run on all servers.
- Change of system and system files detection
- Set security parameters on all software such as where anti-virus programs will scan, how often it will scan, and how often it will get virus definition updates.
- Enable audit logging to log any unauthorized access.
- Perform another vulnerability assessment scan of the server, and fix any discrepancies.
- Take additional account management security measures including:
- Disable the guest account
- Rename default administrator accounts
- Set accounts for minimum possible access
- Be sure all accounts have passwords meeting minimum complexity and length rules.
- Test the server to be sure all desired services are operating properly.
Since locking down servers is critical to the security of the organization and everyone, this policy must be enforced by management through review and auditing.