Out of the box, nearly all operating systems are configured insecurely. The idea of OS hardening is to minimize a computer's exposure to current and future threats by fully configuring the operating system and removing unnecessary applications.
The Information Security Office recommends using a Center for Internet Security Benchmark (a step-by-step document) as a guide to hardening your operating system. The Center for Internet Security is a non-profit organization that provides Benchmarks and Scoring Tools to improve the security of several operating systems and applications.
Harden your OS off-line as much as possible to minimize exposure.
Major milestones, as well as CSUSB specific configuration steps, are listed below.
- Disconnect from Network
- Install from a Trusted Source, usually a CD/DVD
- Apply Patches, off-line if possible
- Install Applications, off-line if possible
- Follow a CIS Benchmark
- Disable or Restrict Services — the benchmark will help
- Configure Periodic (Automatic) Updates
- Install CSUSB Root Certificate
- Be Cyber Safe!!