立即注册  找回密码
 立即注册
CeraNetworksBGVM服务器主机交流会员请立即修改密码Sharktech防护
查看: 70|回复: 1

RAKsmart 安全建议

[复制链接]

RAKsmart 安全建议

[复制链接]

53

主题

42

回帖

369

积分

中级会员

积分
369
rakswift

53

主题

42

回帖

369

积分

中级会员

积分
369
2015-3-5 23:35:13 | 显示全部楼层 |阅读模式
I.              Migrate To Modern Operating Systems.

a)      Migrate all workstations and servers off of Windows 2000, XP, Vista, NT and 2003 effective immediately to Windows 8 or Windows 2012 Server.

b)      Consider migration of Windows 2008 to Windows 2012 when possible.

c)      Consider migration from Windows 7 to Windows 8.1 when possible.


II.     Border Security Protection

a)      Use a Firewall in front of all computing resources. When possible, avoid directly attaching any computer to the Internet with a publicly facing IP address.

b)      Consider setting up a De-Militarized Zone (DMZ) in front of your private network to properly isolate internal assets from assets at the border gateway (ie: mail servers, web servers, etc).


III.     Secure Passwords

a)      Always use at least 12-16 character passwords with a 4-6 month rotation cycle.

b)      Never set a user account so the password does not expire except the in the case of a service account.


IV.     User Accounts

a)      Do not mix Administrator and Non-Administrator level account levels. Setup a separate account for administration and only use that account for administration purposes. Never enable or use email from an administrator account.

b)      Do not mix service accounts and user accounts. Service accounts should be exclusively used for software processes.



V.     WiFi

a)      Always use WPA-PSK wherever possible.

b)      Limit WiFi access point range by turning down the radio power whenever possible to prevent over penetration into nei**oring structures/offices.

c)      Consider RADIUS for WiFi authentication whenever possible. This allows the WiFi to authenticate users individually to a Windows Active Directory Domain Controller.


  VI.     Mobile Device Security

a)      Implement encryption such as Bitlocker on all mobile devices such as Laptops running Windows.


VII.     Advanced Mitigation Strategies

a)      Enable Application Whitelisting.

b)      Enable Microsoft’s Enhance Mitigation Toolkit (EMET).

          http://support.microsoft.com/kb/2458544

c)      Enable ASLR and DEP on all assets.
回复

使用道具 举报

53

主题

42

回帖

369

积分

中级会员

积分
369
rakswift 楼主

53

主题

42

回帖

369

积分

中级会员

积分
369
2015-3-6 12:02:38 | 显示全部楼层
中文版

http://club.raksmart.com/?m=201503
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Archiver|小黑屋|HS2V主机综合交流论坛

GMT+8, 2024-11-26 03:36 , Processed in 0.017599 second(s), 3 queries , Gzip On, Redis On.

Powered by Discuz! X3.5

© 2001-2024 Discuz! Team.

快速回复 返回顶部 返回列表