Friday, 21 April 2017

Top hardening tips for a safe operating system for every environment






1. AUTOMATIC OPERATING SYSTEM UPDATE

Automatically turn on the operating system update. 

I know it is not reassuring and it have not to complete control over what is being installed. 
The alternative  is that you have to carry out daily manual updates. 

There are certain configurations where you might not want to update automatically (databases, web servers ...).

2.  IT IS YOUR OPERATING SYSTEM

If you have only a computer at home, you should consider installing a separate operating system on your own partition for family and friends. Now certainly BS are more user-friendly and the granting of rights is also quite simple. But somehow these fellow users want to install something and need for  admin. 
And note: children and friends are clever - if they need rights, they will get them. The net is full with instructions for this.


3.DO NOT WORK AS ADMIN

Of Course,it is easier to work as root / administrator, but I would leave it. There is not such a thing as "sudo" or "run as an administrator". 

If you run the wrong program as an administrator (email attachments are very popular), you may have ruined your operating system with one click.


  4. SELECT THE CORRECT OPERATING SYSTEM

Many people say, "Hey Linux, this is much safer than Windows" - I believe after "Heartbleed", this sentence is not very credible. 

Even though I personally use Linux for the better operating system to work, this setting is not generally valid.

 It is important that you know how the system works (or at least one such person knows). It makes no sense to use a Linux system if you do not know how work package managers, services, etc. Conversely, you should not use Windows if you are not familiar with the administration.

5. STORAGE SERVICES

Many security gaps concern programs that are delivered, and these provide services. It is not very useful to install all services on the operating system on which you are working. It is more useful to provide virtual machines for specific services. Good examples are web servers, databases, mailserver, proxy, etc.
 The virtual machines can then be separated from the host by a firewall. The rule is quite simple -> The host has full access to the virtual machines, which have no access to the host.

 
Another advantage of this is that the machine boots faster because unnecessary services are not started. 


No comments:

Post a Comment