MSP Blog Logo

BDR

Business Growth

Cybersecurity

Help Desk

MDM

RMM

Sales & Marketing

Subscribe

Empowering Your MSP Business to Grow and Prosper—One Post at a Time

5 Ways to Improve Your MSP Service Level Agreement (SLA)

Featured Post

5 Ways to Improve Your MSP Service Level Agreements (SLAs)

SLAs are the foundation of your MSP business. They are essential to building strong client relationships and must be clear, reasonable and well-constructed.

Read Now

6 Important OS Hardening Steps to Protect Your Clients

Posted November 9, 2016by Hunter Smith

6 Important OS Hardening Steps to Protect Your Clients.jpg

According to the 2016 Duo Trusted Access Report, fifty-three percent of Mac OS users are running either the fully patched, latest version of OS X, or the previous version, compared to thirty-five percent of Windows users on Windows 10 and 8.1. That means the majority of these operating systems are outdated.

As you know, proper patch management is critical to protecting client data and uptime, but it's just one of many security considerations. With Ransomware-as-a-Service and Angler, Bedep and Neutrino exploit kit adoption on the rise, MSPs must strengthen client defenses against outside attack. When attempting to compromise a device or network, malicious actors look for any way in. Unbeknownst to many small- and medium-sized businesses, operating system vulnerabilities provide easy access. In order to provide clients with peace of mind, safeguard their sensitive information and differentiate your security services from the competition, here are six ways to harden customers' operating systems: 

Definition of OS Hardening

So what is OS hardening exactly? Here is one definition from a Search Security column:

When you harden a box, you're attempting to make it bulletproof. Ideally, you want to be able to leave it exposed to the general public on the Internet without any other form of protection. This isn't a box you'll use for a wide variety of services. A hardened box should serve only one purpose--it's a Web server or DNS or Exchange server, and nothing else. You don't typically harden a file and print server, or a domain controller, or a workstation. These boxes need too many functions to be properly hardened.

Another definition is a bit more liberal:

Hardening of the OS is the act of configuring an OS securely, updating it, creating rules and policies to help govern the system in a secure manner, and removing unnecessary applications and services. This is done to minimize a computer OS's exposure to threats and to mitigate possible risk. 


6 OS Hardening Tips

While different operating systems have their own intricacies, there are recommended practices that apply universally. This list is not all-inclusive and you may implement additional best practices when applicable. However, in order to minimize clients' risk of suffering a cyber attack, adhere to the following protocol: 

1. Programs clean-up – Remove unnecessary programs. Every program is another potential entrance point for a hacker. Cleaning these out helps you limit the number of ways in. If the program is not something the company has vetted and "locked down," it shouldn’t be allowed. Attackers look for backdoors and security holes when attempting to compromise networks. Minimize their chances of getting through.

2. Use of service packs – Keep up-to-date and install the latest versions. It’s that simple. No one thing ensures protection, especially from zero-day attacks, but this is an easy rule to follow. 

3. Patches and patch management – Planning, testing, implementing and auditing patches should be part of a regular security regimen. Make sure the OS is patched regularly, as well as the individual programs on the client's computer.

See also: Updates to Microsoft's Patching Process and the Impact on MSPs

4. Group policies – Define what groups can or can’t access and maintain these rules. Sometimes, it’s simply user error that leads to a successful cyber attack. Establish or update user policies and ensure all users are aware and comply with these procedures. For example, everyone should be implementing strong passwords, securing their credentials and changing them regularly. 

5. Security templates – Groups of policies that can be loaded in one procedure; they are commonly used in corporate environments.

6. Configuration baselines – Baselining is the process of measuring changes in networking, hardware, software, etc. To create a baseline, select something to measure and measure it consistently for a period of time. Establish baselines and measure on a schedule that is acceptable to both your standard for maintaining security and meeting your clients' needs.

See also: 8 Vulnerabilities You Didn't Know Existed in Your System Configuration


Looking for additional information?

There’s really no end to how much you can do to protect your clients’ environments, however this list should help get you started. Sometimes, it’s the little changes that can make the biggest difference. Teach your clients the importance of OS hardening and the value of keeping their systems up-to-date. Ultimately, they will rely on you to keep them educated and informed on security best practices.

Handpicked for you:
Get-Cybersecurity-Tips-for-Employees-The-Complete-Guide-to-Secure-Behavior-Online-and-in-the-Office-eBook

As Chief Information Officer (CIO), Hunter is expected to take Continuum's IT operations to the next level of performance as our company continues its rapid growth and expansion. Most recently, Hunter served as Senior Vice President and Chief Technology Officer for Acadian Asset Management. Prior to Acadian, Hunter held positions at Plymouth Rock Companies as Director of Enterprise Technology Services as well as positions at Hobbs/Madison, MFS Investment Management and CSC Consulting. Hunter has a bachelor’s degree in computer science from Dartmouth College. He is responsible for all IT resources for Continuum’s U.S. and India locations.

RMM 101: Must-haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus