Server hardening refers to the actions performed to reduce the server OS and application attack surface. this is done by changing the default configurations of the system’s components (servers, applications, etc.) and removing unnecessary components. Out of the box, Server OS are more function-oriented rather than for security, which means that unnecessary functions are enabled. Default, insecure configurations reflect a potential attack vector.

A correlation between ATT&CK Mitigations and CIS Controls, often termed as a ‘high-level’ mapping, show case the count of mapped ATT&CK (Sub-)Techniques within each ATT&CK Mitigation. Additionally, it provides the total number of ATT&CK (Sub-)Techniques associated with the respective ATT&CK Mitigation. Mitre attack mapping accurately and consistently maps adversary behaviors relevant to ATT&CK techniques as part of cyber threat intelligence (CTI).

Group Policies are part of every Active Directory. Group Policy (GP) is designed to be able to change every system’s configurations, from list to most privileged layer. Since it is so fundamental in the network management process, it is also very powerful for attackers to use as an attack vector.

User Account Control (UAC) plays a crucial role in Windows security by mitigating the risk of malware. It accomplishes this by restricting the capacity of malicious code to run with administrator privileges. The CIS benchmark 2.3.17 for User Account Control (UAC) specifically addresses the security configuration settings related to UAC on Windows operating systems. We will discuss in this blog CIS benchmarks for.

In interactive login, users directly engage with the computer system through a user interface, commonly achieved by logging in via a graphical user interface (GUI) or a command line interface (CLI).

Windows Remote Desktop Service (RDS) is a component of Microsoft Windows that allows users to take control of a remote computer or a virtual machine that supports the Remote Desktop Protocol (RDP) via a network connection for RDP access. When enabling remote desktop access (RDP), it is crucial to implement strong passwords to thwart potential brute force attacks to ensure a secure remote desktop.

Optimally configuring “DisableIPSourceRouting” parameter enhances security by mitigating the risk of denial-of-service (DOS) attacks through packet spoofing. In such attacks, the goal is to inundate the target with high volumes of traffic, and using spoofed IP addresses makes it challenging to filter and identify the true source of the attack. Server hardening can be arduous. CSH by CalCom automates the process, learning your network to eliminate the need for testing.

Windows PowerShell is a powerful scripting language and a command-line executor developed by Microsoft to provide a better interface for system administrators to simplify managing and automating administrative tasks. PowerShell was launched in 2006 and has been a standard feature of the Windows operating system (OS) since Windows 7, enabling system administrators to simplify and automate administrative tasks while following essential security best practices.

Active Directory is most organizations’ primary identity storage, and is integral to an organization’s operating system. It is used to manage security principals, including user accounts, computers, servers, and other devices in the network. Since its launch 20 years ago, it has been integrated with numerous applications and systems and became one of the main foundations in the organization’s IT infrastructure.

The OSPF (Open Shortest Path First) protocol belongs to a category of IP Routing protocols and serves as an Interior Gateway Protocol (IGP) designed for the Internet. It is employed to disseminate IP routing details across a solitary Autonomous System (AS) within an IP network.