top of page
  • Writer's pictureDragoon Security Group

Nine Web Server Hardening Actions to Take Now

I don’t care for FUD, I do however support due care and diligence to address an organization’s service and reputational risks.

A small federal agency’s website has been defaced tonight, allegedly by Iranian Threat Actors though the attack has not been validated to have originated from Iran.

Regardless of the source, this should serve as an advisory to harden public facing servers and web applications.

Hardening is the management of configuration, access control, network settings and server environment, including applications, in order to improve the overall security of an organization’s IT infrastructure and mitigation of inherent risk to the organization.

Nine basic hardening actions to consider include:

  • Ensure default credentials are removed and use a unique, complex password

  • Activate Multi-Factor Authentication

  • Validate configurations against vendor and industry standards

  • Remove or disable unnecessary services, especially remote access

  • Scan for vulnerabilities and push security updates

  • Deploy firewalls to create a DMZ from internal systems

  • Monitor logs for intrusions

  • Create and protect data backups

  • Implement load balancers and Denial of Service Protection

47 views0 comments

Recent Posts

See All

Small Town But Not Too Small To Fail

After a chaotic summer of coordinated ransomware attacks against municipal governments, resulting in disruption of critical services to citizens, some refreshing news from Rhode Island of a small town

60 Minutes on Ransomware

While I’m glad this issue is gaining national attention, this piece was very defeatist. Companies wouldn’t accept a thief walking in and taking tens of thousands of dollars from the register. Yet beca


Post: Blog2_Post
bottom of page