Page 25 - Security+ (635 notes by Nikkhah)
P. 25
Application hardening
401- Software applications on desktops and servers should be kept up to date with the latest
service packs, hotfixes, and security patches.
402- Security patches, hotfixes, or service packs must be thoroughly tested before installation.
403- Updates that provide only cosmetic changes need not be installed.
404- Appropriate access should be configured on applications.
405- Antivirus software should be run regularly with updated virus signatures. Web servers
406- The NOS must be secured properly, and it should be kept up to date.
407- Antivirus software should be used with updated virus signatures.
408- A web service should not be left in its default configurations.
409- Named accounts should not allow anonymous access to web servers.
410- User authentication should be processed using strong protocols, and all transactions
should be encrypted for e-commerce web servers.
411- Web servers should be placed inside a Demilitarized Zone (DMZ).
Email servers
412- The NOS over which the email services are running must be secured properly.
413- Antivirus software should be run regularly with updated virus signatures.
414- SMTP relay should be disabled as it can cause DoS attacks.
415- Users must be careful not to open suspicious attachments that may contain email viruses.
416- Usage of HTML email should be avoided.
417- Internet Messaging (IM) outside the organization should be monitored.
418- Email servers should be placed inside a DMZ.
FTP servers
419- FTP servers are permanently connected to the Internet and attract malicious users.
420- Filesystem security should be appropriately configured.
421- Access control, authentication, and authorization systems should be in place.
422- Audit policy should be implemented and security logs should be reviewed regularly.
423- FTP servers should be placed inside a DMZ.
www.hrnikkhah.com by : Hamid Reza Nikkhah Page 23
