การทำ Hardening Systems

วัตถุประสงค์หลักของการทำ Hardening Systems คือ การลดโอกาสการเกิด attack ที่จะเกิดขึ้นกับระบบภายนอก และลดโอกาสที่จะให้ attacker เข้ามาทำความเสียหายต่อระบบ

การทำ Hardening Systems ประกอบด้วย

• Disables and lock down unnecessary services
• Close all unnecessary ports
• Implement a standard operating system (OS) and application patching routine
• Implement security control on the OSs, the users and the network
• Manage the launching of application
• Implement antivirus filtering and updates of virus definitions
• Implement antispyware filtering and updates of spyware definitions

การปิด service ที่ไม่จำเป็น (บน Windows XP หรือ Windows Server ...)

Using the Computer Management Tool
After logging on as a Local Administrator, from the Start menu > Run > type services.msc

หรือ from the Start menu, select Control panel > Computer Management > services

โดยสามารถเลือกดู service dependencies โดย คลิกขวาที่ service > properties > Dependencies



จากนั้นก็เลือก disable หรือ manual service ที่ต้องการ

Identifying the Service Account Used to Start a Service
กำหนดว่าจะให้ service สามารถรันได้จาก user คนใด



Locking Down Services with Group Policy Objects (GPO)

1. After logging on as a Domain Administrator on either a domain controller or on a Windows XP system with Adminpak.msi installed, select Start Programs Administrative Tools, and launch Active Directory Users And Computers (ADUC).
   
   
2. Expand the domain object. Select and right-click on the Users OU. Select New Group.
   
   
3. Name the group Service Admins. Confirm that Group Scope is set to Global and that
   Group Type is set to Security. Click OK to create the security group. This group will now
   be populated with the elite group of domain administrators that you wish to allow to con-
   figure services.
   
   
   
4. In ADUC, select the domain name. Then right-click on the domain name and select New
   Organizational Unit.
   
   
5. Name the new organizational unit (OU) Hardened Servers. Click OK. Place into this OU the computer account objects for all servers you are attempting to harden with these GPOs.
6. Right-click on the Hardened Servers OU and select Properties. Select the Group Policy tab.
7. Click New and rename the new GPO Services Lockdown.
8. Click Edit,
9. Inside the new Services Lockdown GPO, in the left pane expand Computer Configuration
   Windows Settings Security Settings. Select System Services.
   
   
10. In the right pane, double-click the ClipBook service.
11. Select Define This Policy Setting, and then select Disabled. This configures the ClipBook
    service to disabled during system startup.
    
    
    
12. Click Edit Security. You must first add your elite group of administrators—the Service
    Admins global group—then remove the administrators from the access control list (ACL).
    To do this, first click Add.
13. In the resulting dialog box, click Advanced, then click Find Now and select the Service
    Admins global group.
    
14. Click OK twice. This adds the Service Admins global group to the Security For ClipBook
    ACL. Confirm that all Allow permissions are selected, except Special Permissions.
15. Select the Administrators Group in the Group Or User Names field. Click Remove.
    
    
    
16. Click OK to close the Security For ClipBook dialog box. Click OK in the ClipBook Prop-
    erties dialog box.
17. Close the GPO.

อ้างอิงจาก หนังสือ Security administrator "STREET SMARTS" a Real World Guide to CompTIA security+ skills, David R.Miller, SYBEX 2007