What is computer information system
The major system hardening methods and strategies that I am familiar with are updates and patches, default login, passwords and removal of services not required. It is always imperative to keep application software and operating systems up to date. This helps eliminate the weak points that make computer and information systems susceptible to attack and exploitation. Through the update and patches strategy, users download updates to add current features to the software. Operating systems require hotfixes, patches and services packs to be robust and secure from vulnerable attacks. In the event of security attacks, the perpetrators compromise routers, switches, servers and workstations. Updating the systems help in hardening the systems mentioned, making them robust to withstand diverse forms of currently technological attacks (Verizon Business Risk Team, 2009).
The second strategy involves the use of default login passwords to log into different systems. While using this method, it is easy to utilise unique default passwords. When users sign into to the systems for the first time, the default password can be changed. Moreover, I can also ensure restricted access to default passwords.
Anonymous strategies exist as forms of hardening. Using an access strategy that promotes anonymity, I can give particular users access rights to read only, edit only, make changes only. Hence, users can perform a single right. I can restrict file and directory access using file permissions and access control lists which may be anonymous to the users. Encrypting file systems and network systems ensure the protection of sensitive data in storage or transit. Removing unnecessary user accounts from the operating systems provide improved protection.
The third strategy involves removing services not necessary for particular operations. Unnecessary services and applications use processing power and available space on hard disks or solid state disks (Verizon Business Risk Team, 2009). Such applications and services are also susceptible to the operating system. For instance, most of the instant messaging applications are not necessary for the working environment. Because some may contain backdoors for easy accessibility by attackers, it is important to remove them. The strategy of removing unneeded services and applications helps in eliminating unnecessary services from running on computers and using resources unnecessarily. The computer has reduced workload, hence runs faster and efficiently. Separation of production and development environments is an important method of hardening. This strategy ensures that only necessary applications are allowed to run.
Settings such as password length and complexity help in hardening computer systems. Most of the modern operating systems provide users with password management and enforcement options (Verizon Business Risk Team, 2009). Using the pre-existing options prevent users from configuring weak or easy to guess passwords. There are also additional security levels to enforce regular password modifications and mechanisms to disable long in options when users fail some login attempts provided. These settings serve as means to ensure reduced opportunities for exploiting security systems for malicious attack purposes. Settings incorporating complex passwords and appropriate lengths for passwords help prevent malicious attacks from impersonating and valid users and attacking the systems. Strong passwords prevent loss of data, exposure to vulnerable security issues and corruption of sensitive data and information.
International organization standards (ISO), NIST and ANSI, have published guidelines and standards for system hardening (Rothman, 2016). The main hardening guidelines or standards that I am familiar with include Center for Internet Security (CIS) consensus model and Federal Desktop Core Configuration (FDCC) standard. CIS has a working group model responsible for establishing best system hardening practices, which are tested and feedback provided used to enforce recommended strategies, such as the use of intrusion detection systems and security patches. FDCC also enforces hardening standards on government computer systems. Most of the products used to scan for susceptibility, including IDS are supported by CIS and FDCC hardening standards (Rothman, 2016).
There are some steps to harden systems. The first step to hardening involves securing the computer to limit physical accessibility. Verizon Business Risk Team (2009) found that data breach occurs internal and external factors. One of the major internal factors is the physical threat, representing 15%. Since gaining physical entry to computer systems makes it easy to carry out malicious attacks, restricting physical access to physical locations of the computers should be a priority.
Planning, testing, executing and auditing passwords, needed application and network services, patches, access rights and separation of production and development environments should be done properly. The security team needs to ensure the procedure runs at predetermined periods to avoid security breaches. I need to define group policies regarding which groups can access resources, at what time and to what level. In some cases, errors made by users result in security breaches. Therefore, I can put in place user policies to ensure high rates of compliance, which in turn reduces the susceptibility of systems to malicious attacks, internally and externally. I can also enforce base configuration lining. Baselining involves monitoring changes or modifications in hardware, software, network and other computer system resources. Establishment of baselines helps in maintaining high-security standards.
Rothman, M. (2016). Is There a Published Standard or Guideline for System Hardening? Retrieved from searchsecurity.techtarget.com: http://searchsecurity.techtarget.com/answer/Is-there-a-published-standard-or-guideline-for-system-hardening
Team, V. B. (2009). 2008 Data Breach Investigations Report. Verizon. Retrieved from http://www.verizonenterprise.com/resources/security/databreachreport.pdf