(S) Server Hardening
A collection of tools, techniques, and best practices to reduce vulnerability in technology applications, systems, infrastructure, firmware, and other areas.
With the goal of reducing security risk by eliminating potential attack vectors and condensing the system’s attack surface.
What is server hardening?
The most secure form of disposal of data.
What is physical destruction?
Even before you lock down the servers, in fact, before you even turn them on for the first time, you should ensure that there is one on the doors of your server room.
What is door locks?
This backup technique ensures all data is backed up and the archive bit has been reset.
What is a full or normal backup?
This plan considers all aspects that could essentially be affected by disaster and prioritizes them.
What is a business continuity plan?
Keeping security patches up to date is part of which aspect of server hardening?
What is OS Hardening?
When the server room is too dry you run the risk of this.
What is electrostatic discharge or ESD?
Utilizing scanning technology, this type of physical security identifies who you are.
What is bio-metric security measures?
This backup technique ensures all data is backed up and the archive bit has NOT been reset.
What is a copy backup?
This plan captures every possible disaster scenario that could happen, and then lays out what are the steps to get the business back up and running again.
What is a disaster recovery plan?
These are the three broad aspects of server hardening.
What is OS hardening, application hardening, and hardware hardening?
An Uninterruptible Power Supply is meant to allow Server administrators to do this with servers in the event of an outage
What is a graceful shutdown?
Locking the door to the server room is a good first step, but someone could break in, or someone who has authorized access could misuse that authority. You need a way to know who goes in and out and when.
What is video surveillance or log book?
This backup type creates a mirror copy of the source data. When a source file is deleted, that file is also deleted in the mirror backup automatically.
What is a mirror backup?
This backup site type that features an equipped data center but no customer data.
What is a warm site?
A setting in found in the BIOS that controls whether a computer in a low power state can connect to the network. If a network signal comes to the computer, its boots up.
What is Wake-on-LAN or WOL?
An image of deleted data still remains on a hard drive when I do this.
What is a soft wipe?
Who I am, What I have, what I know keeps me secure. I use this technology to combine all of these things to ensure I am the only one who sees my data.
What is multi-factor authentication?
This captures only the changes made since the last incremental backup. Saves both time and storage space, and ensures that your backup is up to date.
What is incremental backup?
This data replication method uses multiple servers that are acting or providing one service as a single entity. If one server goes down, other servers are acting as backups
What is server-to-server replication?
Implementing a BIOS Password pertains to this to this aspect of server hardening.
What is hardware hardening?
This security feature of PDU's associates a PDU with a rack and signals an alarm if a server is accessed.
What is a case alarm?
I am like NSX but a physical representation.
What is a mantrap?
This captures only the changes made since the last full backup, not since the last differential backup. This requires more storage space, but ensures an easier, more reliable restore.
What is a differential backup?
This document combines both a business continuity plan and a disaster recovery plan.
What is a business impact analysis?