Harden Systems Against Security Vulnerabilities
In addition to patching your systems, you have to make sure your systems are hardened (locked down) from the security vulnerabilities that patches can’t fix. Many people stop with patching, thinking their systems are secure, but that’s just not the case. Network administrators ignore recommended hardening practices from such organizations as the National Institute of Standards and Technology (NIST) and the Center for Internet Security, leaving many security holes wide open.
However, hardening systems from malicious attack is not foolproof, either. Because every system and every organization’s needs are different, there is no one-size-fits-all solution, so you have to strike a balance and not rely on any single option too much.
It’s a good idea to rescan your systems for vulnerabilities once your patches are applied.
You can implement hardening countermeasures for your network, computers, and even physical systems and people. These countermeasures work the best for the respective systems.
Implementing at least the basic security practices is critical. Whether installing a firewall on the network or requiring users to have strong passwords via a Windows domain GPO — you must address the basics if you want any modicum of security.
Beyond patching, if you follow countermeasures, add the other well-known security practices for network systems (routers, servers, workstations, and so on) that are freely available on the Internet, and perform ongoing security tests, you can rest assured that you’re doing your best to keep your organization’s information secure.