Tag: hardening

Hardening, Microsoft Windows server 2016

Windows Server Hardening – Account Policies

The following were tested on Windows Server 2016 (Screenshots included). Account Policies Password Policy 1. Ensure ‘Enforce password history’ is set to ’24 or more password(s) Description: This policy setting determines the number of renewed, unique passwords that have to be associated with a user account before you can reuse an old password. The value …

Active Directory, Microsoft Windows Server 2003, Microsoft Windows Server 2008, Microsoft Windows Server 2012

Active Directory Security Hardening: Domain Admin Honeypot

Rename the account It’s a good idea to name the account like any other user account. That means giving it a real name, like Johnny Cash, with a username that matches your naming convention, say “jcash.” Remove description Next, you want to remove the default description for the built-in Administrator, which is “Built-in account for …

Debian

Hardening SSH on Debian

Open a terminal Open file /etc/ssh/sshd_config sudo nano /etc/ssh/sshd_configsudo nano /etc/ssh/sshd_config Change the listen port Port 65002Port 65002 Deny root Login PermitRootLogin noPermitRootLogin no Make sure that users with empty passwords are not allowed to login to the system PermitEmptyPasswords noPermitEmptyPasswords no Allow certain users to have access via ssh AllowUsers user1 user2AllowUsers user1 user2 …

Debian

Hardening Apache2 on Debian 8

Disable Apache Web Server Signature sudo nano /etc/apache2/apache2.confsudo nano /etc/apache2/apache2.conf Add the following two lines at the end of Apache config file: ServerSignature Off ServerTokens ProdServerSignature Off ServerTokens Prod Hide PHP Version sudo nano /etc/php5/apache2/php.inisudo nano /etc/php5/apache2/php.ini Make sure that expose_php option is off. expose_php = Offexpose_php = Off Disable Directory Browsing Globally sudo a2dismod …

Debian

Owncloud Security Hardening on Debian

Hardening owncloud folders permissions Open a terminal Create a new file nano ~/config_owncloud_permsnano ~/config_owncloud_perms Contents Paste the following into config_owncloud_perms file: #!/bin/bash ocpath=’/var/www/owncloud’ htuser=’www-data’ htgroup=’www-data’ rootuser=’root’   printf "Creating possible missing Directories\n" mkdir -p $ocpath/data mkdir -p $ocpath/assets mkdir -p $ocpath/updater   printf "chmod Files and Directories\n" find ${ocpath}/ -type f -print0 | xargs -0 …

Databases, MSSQL

Hardening a SQL Server

Below are some quick tips that you should follow to secure your SQL Server. Secure sa account with a strong password. Do not use LocalSystem or Administrator accounts for SQL Service. Apply all service packs, updates and hot fixes to Windows system and SQL Server. Delete setup files after installation. Review all passwords for all …

Apache, Linux

Securing Apache Part 1

The following tips are things you can do to make your apache server more secure. Before you begin to follow the tips below, locate your apache’s configuration files first. Common places for apache’s configuration files are: /etc/apache2/apache2.conf, /etc/apache2/httpd.conf and /etc/apache2/sites-enabled/000-default. Before you make any changes, MAKE BACKUP COPIES OF YOUR FILES. Here we go: 1. …