Phase 2
Hardening Systems
The objective of hardening a system is to reduce its attack surface minimizing the opportunities for an attacker to perform a successful exploit. Every system should be hardened to a standard, baseline level of security. The servers holding your most sensitive information assets and services should be hardened to a higher level.
In addition to implementing security controls, such as having and enforcing a security policy, physically securing your sensitive servers, providing regular user security-awareness training, implementing a strong password policy, and implementing security following the principle of least privilege, the hardening of systems should include configurations and controls such as the following: