Top hardening tips for a safe operating system for every environment
1. AUTOMATIC OPERATING SYSTEM
Automatically turn on the operating system update.
I know it is not reassuring and it have not to complete control
over what is being installed.
The alternative is that you have to carry out daily manual
There are certain configurations where you might not want to
update automatically (databases, web servers ...).
2. IT IS YOUR OPERATING SYSTEM
If you have only a computer at home, you should consider
installing a separate operating system on your own partition for family and
friends.Now certainly BS are
more user-friendly and the granting of rights is also quite simple.But somehow these fellow users want to
install something and need for admin. And note: children and friends are clever - if they need rights,
they will get them.The net is
full with instructions for this.
3.DO NOT WORK AS ADMIN
Of Course,it is easier to work as root /
administrator, but I would leave it.There
is not such a thing as "sudo" or "run as an administrator".
If you run the wrong program as an administrator (email
attachments are very popular), you may have ruined your operating system with
4. SELECT THE CORRECT OPERATING SYSTEM
Many people say, "Hey Linux, this is much safer than
Windows" - I believe after "Heartbleed", this sentence is not
Even though I personally use Linux for the better operating system
to work, this setting is not generally valid.
It is important that you know how the system works (or at least
one such person knows).It makes
no sense to use a Linux system if you do not know how work package managers,
services, etc. Conversely, you should not use Windows if you are not familiar
with the administration.
Many security gaps concern programs that are delivered, and these
provide services.It is not very
useful to install all services on the operating system on which you are
working.It is more useful to
provide virtual machines for specific services.Good examples are web servers,
databases, mailserver, proxy, etc.
The virtual machines can then be separated
from the host by a firewall.The
rule is quite simple -> The host has full access to the virtual machines,
which have no access to the host.
Another advantage of this is that the machine boots faster because
unnecessary services are not started.