Hackers take advantage of errors in software code to attack and take over computers. These vulnerabilities are specifically targeted by attackers. Software vendors correct errors in their code by releasing patches. Applying patches is one of the most effective measures to improve the security of a computer system.
Patching implement Windows Update Server Services to manage, monitor and control the deployment of Windows patches. This free Windows application.
Administrator or admin access is a level of access where the user has full, complete or unrestricted access to the entire system and all its data. Users with administrative access pi privileges for operating systems and applications can make significant changes to their configuration and operation, bypass critical security settings and access sensitive ' information.
Make sure Users do not have Local Admin to Machines and Administers have a specific login for Domain Admin Tasks for Logging and Auditing
Consider implementing a system for managing and storing logs from key infrastructure services are periodically copied to an external system for long term storage and access.
We recommend that at least the last 3 months logging information is on hand for immediate analysis and that at least the last 12 months of logging data can be retrieved when required for analysis.
Limited Retention of Logs Logging should be enabled across all systems and logs retained for a reasonable period to allow investigation and review of events that have occurred in the past.
The lack of available logging information makes any subsequent investigation into an incident that occurred in the past very difficult to perform.
Network segmentation is the act of splitting a network into many "sub networks" or areas. Segmentation segregates and protects company data and systems and limits attackers' lateral movements between computers and across the network.
There should be an segmentation between internal network and internet accessible computers. Should an internet facing computer be compromised by attackers the rest of the company network will be easily accessible.
Consider implementing network segmentation. At a minimum, internet facing systems should be segregated from the internal network by creating a demilitarised zone or DMZ.
Network access to administer computers, firewalls, switches and routers is not restricted. Any computer on the network can connect to any other computer on the network and potentially access services that are only meant to be accessed by IT administrators.
Access to administration ports should be restricted to only certain network addresses and/or computer systems.
This can be achieved through network segmentation and/or by implementing IP address restrictions for accessing administration functions such as SSH, remote desktop or web based administration portals.