• Dragoon Security Group

Nine Web Server Hardening Actions to Take Now

I don’t care for FUD, I do however support due care and diligence to address an organization’s service and reputational risks.


A small federal agency’s website has been defaced tonight, allegedly by Iranian Threat Actors though the attack has not been validated to have originated from Iran.


Regardless of the source, this should serve as an advisory to harden public facing servers and web applications.


Hardening is the management of configuration, access control, network settings and server environment, including applications, in order to improve the overall security of an organization’s IT infrastructure and mitigation of inherent risk to the organization.


Nine basic hardening actions to consider include:

  • Ensure default credentials are removed and use a unique, complex password

  • Activate Multi-Factor Authentication

  • Validate configurations against vendor and industry standards

  • Remove or disable unnecessary services, especially remote access

  • Scan for vulnerabilities and push security updates

  • Deploy firewalls to create a DMZ from internal systems

  • Monitor logs for intrusions

  • Create and protect data backups

  • Implement load balancers and Denial of Service Protection



Recent Posts

See All

60 Minutes on Ransomware

While I’m glad this issue is gaining national attention, this piece was very defeatist. Companies wouldn’t accept a thief walking in and taking tens of thousands of dollars from the register. Yet beca

 

803-298-4500

Chapin, SC

  • Twitter
  • Facebook
  • Instagram

©2017 by Dragoon Security Group