Security Best Practices

The Information Security Office (ISO) has compiled a list of best practices for Windows, Linux, and Solaris operating systems. Please look for your operating system from the list below and follow the guidelines to enhance your computer’s security.

Windows Best Practices

  • Subscribe to security websites, such as Microsoft’s Technet
  • Insure that all critical data is stored on NTFS partitions
  • Verify that the Administrator account has a strong password
    • Prevent Null user sessions
  • Unbind unnecessary protocols
  • Remove additional OS installations. Install only what you need
  • Always install the latest security patches available from the vendor.
    • Update your operating system regularly – crackers take advantage of vulnerabilities reported by vendors
  • Disable unnecessary services. Run only the services that are necessary
  • Turn off auto run for CD-ROM
  • Review security event logs on a regular basis
  • Make frequent backups
  • Turn on the built-in firewall
  • Install anti-malware software

Linux Best Practices

  • Subscribe to security websites and mailing lists (e.g. www.securityfocus.com  , www.linuxsecurity.com  )
  • Change or disable passwords for all default accounts
  • Make sure you choose a secure password for the root
  • Install sudo to enhance control over root access
  • Always install the latest security patches available from the vendor.
    • Update your operating system regularly – crackers take advantage of vulnerabilities reported by vendors
  • If you are using Red Hat Linux, use up2date to update your system packages
  • If you are using Debian, use apt-get to update your system packages
  • Disable all network services in /etc/inetd.conf and enable only those you need
  • If you are using Redhat, make sure to disable the linuxconf line in inetd.conf (if it exists)
  • Check your runlevel startup files to make sure things you don’t want are not starting up.    
    • Example: For System V-like systems, this would be in /etc/rcX.d, where X is the value of the runlevel your system boots into by default.   For BSD-like systems, this would be in /etc/rc.common or /etc/rc.
    •   Check your system documentation if unsure of your init system.
  • Disable RPC (portmap, etc) unless you need Sun services such as NFS
  • Disable LPD unless you need to use the machine for printing purposes
  • Install Secure Shell (Open SSH) for remote access
  • Consider using tcp wrappers to control access to your machine over the network
  • Remove /etc/hosts.equiv
  • Control remote access to system by modifying /etc/hosts.allow and /etc/hosts.deny
  • Make sure you are running the latest version of Sendmail. You may consider using Postfix, Qmail, or Exim
  • If you are running an ftp daemon, consider using Proftpd
  • Make frequent backups

Solaris Best Practices

  • Subscribe to security web sites (e.g. www.securityfocus.com  )
  • Change or disable passwords for all default accounts
  • Make sure you choose a secure password for root
  • Always install the latest security patches available from the vendor.
    • Update your operating system regularly – crackers take advantage of vulnerabilities reported by vendors
  • Disable all network services in /etc/inetd.conf and enable only those you need
  • Remove startup scripts for sendmail and web servers if you don’t need those services
    • Make sure you are running the latest version of Sendmail. You may consider using Postfix
  • You should be especially careful with the r-services. They are often not needed and can pose a significant security risk
  • Use the Secure Shell (SSH) instead of telnet
  • Control access to your machine by installing both tcp wrapper and Wietse Venema’s version of portmap for SunOS or rpcbind for Solaris
    • These utilities cover different groups of network services, so you need both of them
  • Run syslog, and save the output
  • Consider installing and running swatch, which will notify you when specified events happen. Even if you decide not to run swatch, syslog output can be very useful in tracing an incident once it happens
  • Remove /etc/hosts.equiv
  • Do not have a .rhosts file without good reason
  • If you are running ftp daemon, consider using Proftpd
  • Make frequent backups