Operating system area |
Security Implementation |
Users and groups: |
- Assign the lowest level of access for each user or group that allows them to perform their jobs
- Carefully examine any default accounts and remove, reset, or rename them as appropriate
- Create special accounts for public servers that access resources through the operating system
|
File system: |
- Tightly secure individual directories and programs on your system
- Partition the physical disk on a program or functional needs basis
- Restrict a service or daemon's access to only a specific partition
|
System defaults: |
- Change all default settings
- Locate support accounts (created by the manufacturer for system access in case of a problem)
|
Bugs (known vulnerabilities): |
- Contact the operating system vendor for known problems when loading an operating system for the first time or upgrading an existing one
- Monitor your operating system vendor's website to keep abreast of security problems
- Obtain patches, fixes, and workarounds for problems as they arise
|
Remove unnecessary system services: |
Remove any operating system service that you do not specifically require |
Operating system specific areas: |
- Implement security measures that are operating system specific, such as:
- Securing the registry in Windows NT
- Enabling shadow passwords in UNIX systems
|
Policies: |
Ensure that you have established operating system policies, such as minimum password length, maximum password age, restricted logins, and so on. |