Highest Voted 'hardening' Questions - Server Fault Stack Exchange

2

votes

2 answers

Searching For a Desktop Security Software to harden Windows machines, anybody?

I'm a network administrator of a small/medium network. I'm looking for a software (Free or Not) which can harden Windows Computers (XP And Win7) for the propose of hardening standalone desktop computers (not in domain network). Note: The computers…

asked Jun 23 '11 at 11:44

MosheH

21
2

2

votes

2 answers

General guide for securing windows server 2008

Is there a guide for securing windows server 2008? I seem to remember reading a MS doc on how to harden a Win2k server, but I can not find a publication for win2k8.

windows-server-2008 security hardening

asked Jan 04 '11 at 14:42

CLJ

333
2
4
15

2

votes

1 answer

Benefits of separating operating system files from user files onto different partitions

I am in the process of hardening a CentOS box, and came across an article that suggested mounting these filesystems onto different partitions: /usr /home /var and /var/tmp /tmp I was wondering what exactly this accomplishes, in terms of securing…

security centos hardening

asked Apr 29 '10 at 17:43

user58852

1

vote

1 answer

Which IPv4/6 ICMP types should I drop to block ping?

I'm using ufw. I want to block pings for IPv4 and IPv6. I've read guides by ubuntu as well as hosting companies I use, and answers on StackExchange sites. Advice is always to edit /etc/ufw/before.rules and DROP these types of icmp requests: -…

ubuntu ufw hardening

asked Sep 02 '19 at 10:06

lonix

896
10
23

1

vote

0 answers

How to configure Dovecot to disable NIST's curves and still rertain EECDH?

I am interested in configuring Dovecot's TLS so as to retain forward secrecy, but eliminate all of NIST's elliptic curves. Besides being subject to side channel attacks, in some quarters there is a general distrust of NIST's curves and other…

ssl dovecot hardening

asked Dec 16 '18 at 22:40

Kurt Fitzner

280
1
9

1

vote

1 answer

Windows 10: Kerberos settings not found

In our company, we want to configure our Windows-based infrastructure compliant to the IASE SCAP specifications, e.g., the Microsoft Windows Server 2016 STIG Benchmark. In this document, there is the rule that Computer Configuration >> Policies >>…

hardening windows-10

asked Nov 22 '18 at 08:31

Patrick Stoeckle

13
4

1

vote

0 answers

Solaris 11 Auditing, audit_control file cannot be found

First of all I would like to say I'm not a Linux/Solaris guy, but just assigned task to look at 1 particular item in hardening checklist, so thinking to seek help here to understand more. From the current checklist there are these command…

solaris auditd hardening

asked Feb 27 '18 at 10:59

nlks

132
2
3
12

1

vote

1 answer

Hardening TLS web server Apache settings

OS: GNU/Linux Debian 9.2, fully updated. Under the title Hardening TLS web server Apache settings I mean the following: disabling TLS 1.0, already done with this setting: SSLProtocol -all +TLSv1.1 +TLSv1.2 in the following…

ssl apache-2.4 hardening

asked Nov 25 '17 at 12:34

Vlastimil Burián

499
6
20

1

vote

1 answer

How to secure a 'public' sftp?

I have a server which enables some users of my services to upload files using SFTP. When I talk about users, I can neither be sure who they are nor how many have access. I have set up the access as follows: SFTP (SSH) access with username and…

ssh security sftp hardening

asked Apr 16 '16 at 13:08

q9f

640
3
10
21

1

vote

3 answers

ipv6 on Ubuntu server - how do I secure?

On our Ubuntu server, ipv4 & ipv6 are enabled. We have taken these steps so far. Enabled iptables & ip6tables Copied the rules exactly from our iptables to ip6tables Do we need to make additional adjustments to ip6tables? Assuming our server is…

ubuntu iptables ipv6 ipv4 hardening

asked Aug 15 '13 at 19:38

csi

1,555
7
23
42

1

vote

1 answer

Outlook 2010 Security Settings and Hardening

We are looking at rolling out Outlook 2010 in the near future. What recommendations, guides, settings, tools, etc. would you recommend to secure and harden the installation and usage of Outlook 2010? What works and what does not work? Note: I am…

security outlook outlook-2010 hardening

asked Jul 10 '12 at 21:53

John

2,276
7
44
60

1

vote

8 answers

Turning off FTP

I'm setting up a new debian server and I don't need FTP so I want to remove it. According to netstat -tap, ftp isn't listening on anything. However when I do a port scan (nmap) externally it says the ftp port is open (21). inetd isn't starting…

security debian ftp hardening

asked Jul 13 '09 at 14:35

Malfist

807
3
10
22

1

vote

2 answers

How to block users from seeing others processes?

Generally it's one of the functionalities of (For example) grsecurity - user sees only his own processes, and not all others. But - I'd prefer to avoid installing grsecurity - perhaps something like this can be done in a simpler way? I'm using Linux…

linux security debian hardening grsec

asked Nov 20 '10 at 11:35

user13185

1

vote

4 answers

Server setup - Removing unnecessary Ubuntu 10.4 LTS packages

When setting a system up as a server with Ubuntu 10.4LTS, what packages are unnecessary and could be removed (to help harden the system)? For example, I'm confident the gcc package can (and should) be removed. What other packages in the default…

ubuntu security ubuntu-10.04 hardening

asked Jun 22 '10 at 16:04

Brian M. Hunt

181
3
17

1

vote

3 answers

Picking up a lot of failed authentications for various accounts

My server is getting a lot of various failed authentication attempts for various accounts. The most common one (that I've seen ) or the root account. I have since enabled Fail2Ban and ran several rootkit / malware checks to ensure I wasn't…

ubuntu security ssh authentication hardening

asked May 18 '10 at 00:56

Josh K

454
1
6
18

Questions tagged [hardening]