查看: 1838|回复: 1

RAKsmart 安全建议

发表于 2015-3-5 23:39:40 | 显示全部楼层 |阅读模式

I.              Migrate To Modern Operating Systems.

a)      Migrate all workstations and servers off of Windows 2000, XP, Vista, NT and 2003 effective immediately to Windows 8 or Windows 2012 Server.

b)      Consider migration of Windows 2008 to Windows 2012 when possible.

c)      Consider migration from Windows 7 to Windows 8.1 when possible.

II.     Border Security Protection

a)      Use a Firewall in front of all computing resources. When possible, avoid directly attaching any computer to the Internet with a publicly facing IP address.

b)      Consider setting up a De-Militarized Zone (DMZ) in front of your private network to properly isolate internal assets from assets at the border gateway (ie: mail servers, web servers, etc).

III.     Secure Passwords

a)      Always use at least 12-16 character passwords with a 4-6 month rotation cycle.

b)      Never set a user account so the password does not expire except the in the case of a service account.

IV.     User Accounts

a)      Do not mix Administrator and Non-Administrator level account levels. Setup a separate account for administration and only use that account for administration purposes. Never enable or use email from an administrator account.

b)      Do not mix service accounts and user accounts. Service accounts should be exclusively used for software processes.

V.     WiFi

a)      Always use WPA-PSK wherever possible.

b)      Limit WiFi access point range by turning down the radio power whenever possible to prevent over penetration into neighboring structures/offices.

c)      Consider RADIUS for WiFi authentication whenever possible. This allows the WiFi to authenticate users individually to a Windows Active Directory Domain Controller.

  VI.     Mobile Device Security

a)      Implement encryption such as Bitlocker on all mobile devices such as Laptops running Windows.

VII.     Advanced Mitigation Strategies

a)      Enable Application Whitelisting.

b)      Enable Microsoft’s Enhance Mitigation Toolkit (EMET).

c)      Enable ASLR and DEP on all assets.
 楼主| 发表于 2015-3-6 12:06:09 | 显示全部楼层
您需要登录后才可以回帖 登录 | 用户.注册



Processed in 0.122804 second(s), 16 queries , Gzip On.

Powered by Comsenz Discuz! platform.

© 2012-2016 中国主机联盟 专业IDC交流平台,提供服务器、VPS云主机、虚拟主机、域名技术交流及优惠信息

快速回复 返回顶部 返回列表