Scribd
Upload
43 views

Secure Configurations of Hardware and Software

This document provides guidelines for securely configuring hardware and software. It recommends running stable, patched software and removing outdated software. All remote administration should use secure channels. Strict configuration management should be used to build secure system images that are deployed for all new systems and used to re-image any compromised systems. Regular updates to these images should be incorporated into change management processes. Systems and network devices should be hardened, and management of network infrastructure should be separated and use secure connections.

Uploaded by

Venkata Ramana
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
43 views

Secure Configurations of Hardware and Software

This document provides guidelines for securely configuring hardware and software. It recommends running stable, patched software and removing outdated software. All remote administration should use secure channels. Strict configuration management should be used to build secure system images that are deployed for all new systems and used to re-image any compromised systems. Regular updates to these images should be incorporated into change management processes. Systems and network devices should be hardened, and management of network infrastructure should be separated and use secure connections.

Uploaded by

Venkata Ramana
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Secure Configuration of Hardware and Software

Issue Date June 14, 2022


Next Review Date June 13, 2023
Document Owner/Contact Mohammed Rafiuddin, CISO
Function(s) All
Geography Global

Version History:
Date of Change Version Change Details Change Done By Changes Approved By
June 14, 2012 1.0 New VRAB MORA
Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers

 Run a stable version of software and make sure it is fully patched. Remove outdated or older
software from the system.
 All remote administration of servers, workstation, network devices, and similar equipment
should be done over secure channels.
 Strict configuration management should be followed, building a secure image that is used to
build all new systems that are deployed.
 Any existing system that becomes compromised is re-imaged with the secure build.
 Regular updates to this image are integrated into the change management processes.
 Systems should be hardened, including underlying operating system and the applications
installed on the system.
 The master images must be stored on securely configured servers, with integrity checking
tools and change management to ensure that only authorized changes to the images are
possible.

Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
 Network devices should be managed using two-factor authentication and encrypted
sessions.
 The network infrastructure should be managed across network connections that are
separated from the business use of that network, relying on separate VLANs or, preferably,
on entirely different physical connectivity for management sessions for network devices.
 Network filtering technologies employed between networks with different security levels
(firewalls, network-based IPS tools, and routers with access controls lists) should be
deployed with capabilities to filter Internet Protocol version 6 (IPv6) traffic.
 If IPv6 is not currently being used it should be disabled.
 The latest stable version of a network device's inter-network operating system (IOS) or
firmware that contains critical security updates must be installed within 30 days of the
update being released from the device vendor.
 At network interconnection points—such as Internet gateways, inter-organization
connections, and internal network segments with different security controls—implement
ingress and egress filtering to allow only those ports and protocols with an explicit and
documented business need. All other ports and protocols should be blocked with default-
deny rules by firewalls, NIPS, and/or routers.
 All new configuration rules beyond a baseline-hardened configuration that allow traffic to
flow through network security devices, such as firewalls and network-based IPS, should be
documented and recorded in a configuration management system.

You might also like