Skip to main content

Server Hardening Fundamentals

Course

Intro Video

Photo of Johnathan Toler

Johnathan Toler

Security Training Architect I

Length

03:06:59

Difficulty

Beginner

Videos

36

Course Details

Servers across many organizations provide a multitude of services including some of which are critical infrastructure for keeping a company running. There are a variety of server types such as email, financial data, application databases and file and print servers that need to have safeguards in place to protect these assets not only from threats coming from outside of the organization, but insider threats as well. This course is for those Security and System Administrators that may not have the experience or exposure for implementing some of these baseline controls or those that simply need a refresher. The course itself will not be able to cover everything and is not intended to include servers that are used for maintenance or remote connection accessibility. We want the audience to walk away with a better knowledge and understanding to get you started or open up the collaboration and discussions with those helping to make these decisions from your own communities and organizations. It is assumed that learners have a basic understanding of system and network security and can navigate around the Linux and Windows operating systems. Security is everyone’s job and there is a vast amount of public resources available that can help assist in finding your needs.

Syllabus

Server Hardening Fundamentals

Course Introduction

What to Expect

00:04:05

Lesson Description:

This video outlines what to expect when it comes to server hardening fundamentals.It emphasizes on important topics to ensure safeguards are being put in place with security being the priority focus and ensuring a succesful deployment.

Getting Started

About the Author

00:00:52

Lesson Description:

Professional life: I have over 20 years of IT experience and my current role as a Training Architect has to be one of the best experiences! I have served in various roles, including System Engineer, Technical Project Manager, Technology Consultant, and a few leadership roles along the way.

Setting Up Servers

Windows Server 2019 Overview and Key Features (Optional)

00:02:16

Lesson Description:

This video briefly covers some of the key feature enhancements for Windows Server 2019, which also includes some additonal information on Advanced Threat Protection (ATP).

Kali Linux Overview and Key Features (Optional)

00:00:50

Lesson Description:

This lesson offers a quick optional overview of Kali Linux and how this distribution plays a role in digital forensics and penetration.

Threats, Vulnerabilities, and Risks

Types of Threats and Threat Actors

00:16:38

Lesson Description:

In this lesson, it is important to be able to differentiate between some of the potential threats and threat actors that play a role in trying to exploit vulnerabilities on the systems and assets we are trying to protect. Knowing this information can not only help determine indicators of compromise "IOC" and change the way we respond to these threats but also create opportunities to harden and secure these assets before it becomes a problem.

Determining Vulnerabilities

00:09:52

Lesson Description:

In this video, we will take you on a high-level overview on some of the basic concepts and ways in which we determine vulnerabilities. Several paths can be taken through automated tools and online publications. We will show you examples on both, and hopefully, this can assist in determining what fits best for your organization.

Risk Assessments and Mitigation

00:04:28

Lesson Description:

This video covers a very high-level description of risk assessment and mitigation and introduces a few core publications that can be used to describe some of the core concepts when it comes to the risk management framework.

Security Categorization and Objectives on Information Systems

00:07:14

Lesson Description:

It is important to understand some of the qualifying attributes of the servers and assets in an environment, as this will help define the types of controls that might need to be put in place based on specific criteria. This is a high-level overview that explains some of these details with the expectation that someone with less experience can walk away with a better understanding of the underlining attributes that may be applied to classify systems and servers based on prioritization.

Conclusion

00:06:27

Lesson Description:

In this video we are wrapping up and concluding section two, and running through a quick review of what was covered throughout Threats, Vulnerabilities and Risks.

Server Security

Installation and Planning Helps Achieve Security Success

00:11:02

Lesson Description:

Understanding what is at stake when it comes to the planning and implementation of security controls is a strong focus in this video. This shapes an outline of basic security principles that should be taken into consideration and can help promote a strong security mindset. Security should be one of the first thoughts when tackling implementation, and should not occur after the work has been completed. By then, it may be too late and prove too costly!

Roles and Responsibilities of Security Staff

00:03:08

Lesson Description:

This video is a brief overview on most industry-standard roles and responsibilities of security staff. It is a good idea to have a base understanding of your organizational layout in the event you need to reach out for help or communicate information during a major incident or event.

Server Management Practices and Policies

00:04:01

Lesson Description:

This video demonstrates from a high level the importance of documenting, and keeping a strong, controlled policy when it comes to change management, risk assessments to lower risk levels and ensuring these systems are consistent with configuration controls across the enterprise.

System Security Plan

00:05:56

Lesson Description:

This video describes some of the key attributes for defining the functionality of a well-constructed security plan and some of the controls this involves in order to make it efficient and successful for an organization.

Human Resources Requirements

00:03:54

Lesson Description:

This video describes the importance of human resources and how it relates to server security. It is vital to determine staffing needs and ensure the right role is matched to the right skill set without disrupting the confidentiality, integrity, and availability of these systems.

Conclusion

00:02:22

Lesson Description:

In this video, we are wrapping up and concluding section three, and running through a quick review of what was covered throughout Server Security.

Securing the Operating System

Patching and Upgrading the Operating System

00:02:39

Lesson Description:

This video is a quick snapshot of some of the key concepts that should be taken into consideration when patching and upgrading the operating system.

Hardening and Securely Configuring the Operating System

00:01:36

Lesson Description:

This video is a quick overview, explains at a high level some of the suggestions that should be considered when first implementing and configuring the operating system.

Remove or Disable Unnecessary Services, Applications, and Network Protocols

00:03:18

Lesson Description:

In this section, we discuss the importance of removing or disabling unnecessary services, applications, and protocols. Leaving these services turned on could not only pose a security risk but includes the possibility of impacting performance or degrading the state of a system.

Configure Operating System User Authentication

00:11:07

Lesson Description:

In this video, we go over some of the best practices when it comes to configuring the OS for authentication and what this implies as it pertains to security posture.

Additional Control Considerations

00:02:35

Lesson Description:

In this video, we talk about the benefits of adding additional controls; however, also stressing the need to exercise caution on implementation approaches as to not impact production environments.

Conclusion

00:03:57

Lesson Description:

In this video, we wrap up section two, and quickly review what we covered throughout Threats, Vulnerabilities, and Risks.

Securing the Server Software

Software Security Recommendations

00:04:39

Lesson Description:

In this video, we describe the most common recommendations when it comes to applying security during the software installation process.

Configuring Access Controls

00:03:34

Lesson Description:

In this short overview, we talk about the best approaches for access controls, including some of the extra layering of security that can help improve the security posture.

Resource Constraints and Mitigation Recommendations

00:06:26

Lesson Description:

This video introduces concepts on how to approach some of the resource constraints within the OS and some of those caused by intentional means from a Denial-of-Service (DoS) attack.

Authentication and Encryption Technologies

00:06:28

Lesson Description:

This video covers the importance of authentication and encryption and describes some of the basics at a high level.

Conclusion

00:04:54

Lesson Description:

In this video we are wrapping up and concluding section five, and running through a quick review of what was covered throughout Securing the Server Software.

Maintaining the Security of a Server

It Starts with Logging

00:03:32

Lesson Description:

This video emphasizes the importance of logging and is a starting point in maintaining server security.

Logging Requirements

00:03:08

Lesson Description:

This video runs through some basic scenarios that can be implemented when it comes to logging, offering a few suggestions, and best practices in order to achieve success.

Reviewing and Retaining Log Files

00:03:49

Lesson Description:

Understanding "what" and "why" we are logging is important. This video captures a few essential facts surrounding this information and brings out key attributes that should be worked into a regular log review plan.

Automated Log File Analysis Tools

00:04:26

Lesson Description:

This video describes some concepts of logging and references Security and Information Event Management (SIEM) technologies, and how this works in conjunction with Syslog as the standard format that is used for many of these systems.

Server Backup Types, Procedures and Policies

00:08:04

Lesson Description:

This video describes the process of file retention through various means of backups, the importance of these backup procedures, and how this information needs to be included in your organization's backup policy.

Recovering from a Security Compromise

00:08:39

Lesson Description:

This video enables a learning opportunity into the world of incident response following a compromise with some of the common procedures used to take it through the Incident Response Lifecycle and assist with the recovery phase efforts.

Continuous Security Testing

00:11:24

Lesson Description:

Once this security implementation has been finalized and a server is ready for production, it will be important to adhere to your organization's policy when it comes to the continuous testing and efforts for maintaining the highest levels of security and the safeguard for these systems. This video addresses some actionable items when vulnerability and penetration tests are used to maintain these levels.

Conclusion

00:04:26

Lesson Description:

In this video, we wrap up section six and quickly review what we covered throughout Maintaining the Security of a Server.

Wrapping Up

Additional Resources

00:03:10

Lesson Description:

This video provides additional online resources when it comes to security and some of the topics discussed in this Server Hardening Fundamentals course.

What's Next?

00:01:50

Lesson Description:

This video provides a quick scenario into some of the course options, whether security focus in mind or the desire to pursue some of the other technology pillars offered at Linux Academy.