Answer:
* When we acquire a new server or desktop computer, do we follow a defined set of procedures to set it up?
* How do we “lock down” a new system? Do we:
Turn on or install software firewalls? • And/or use a hardware firewall? o Turn off unnecessary services (e.g. FTP on a desktop computer that doesn’t need to support this protocol)? o Rename administrator user names as appropriate? Change default passwords? o Follow product-specific advice or expert checkists on how to secure new servers and applications? (For instance, software vendors and outside experts offer white papers or checklists on how to secure, for instance, a Windows XP workstation or a Linux server.)
* Do we test new systems for security using tools such as the Microsoft Baseline Security Analyzer, etc?
* How do we “lock down” a new system? Do we:
Turn on or install software firewalls? • And/or use a hardware firewall? o Turn off unnecessary services (e.g. FTP on a desktop computer that doesn’t need to support this protocol)? o Rename administrator user names as appropriate? Change default passwords? o Follow product-specific advice or expert checkists on how to secure new servers and applications? (For instance, software vendors and outside experts offer white papers or checklists on how to secure, for instance, a Windows XP workstation or a Linux server.)
* Do we test new systems for security using tools such as the Microsoft Baseline Security Analyzer, etc?
Previous Question | Next Question |
Where is the password that I configure a service to start with stored? | Anti-Virus questions |