{"id":166,"date":"2011-06-18T15:42:00","date_gmt":"2011-06-18T15:42:00","guid":{"rendered":"https:\/\/belayclientstaging.zone\/securityeverafter\/2011\/06\/18\/control-3-secure-configurations-for-hardware-and-software-on-laptops-workstations-and-servers\/"},"modified":"2011-06-18T15:42:00","modified_gmt":"2011-06-18T15:42:00","slug":"control-3-secure-configurations-for-hardware-and-software-on-laptops-workstations-and-servers","status":"publish","type":"post","link":"https:\/\/securityeverafter.com\/control-3-secure-configurations-for-hardware-and-software-on-laptops-workstations-and-servers\/","title":{"rendered":"Control 3 &#8211; Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers"},"content":{"rendered":"<p>Control 3 builds on the previous two controls, <a href=\"http:\/\/www.securityeverafter.com\/2011\/05\/control-1-inventory-of-authorized-and.html\">Inventory of Authorized and Unauthorized Devices<\/a> <br \/>and <a href=\"http:\/\/www.securityeverafter.com\/2011\/05\/control-2-inventory-of-authorized-and.html\">Inventory of Authorized and Unauthorized Software<\/a>.<\/p>\n<p>The intent of this control is to develop secure configurations for your systems and montior for any deviation from this standard. To implement this control, you must invest in some manual work in making configuration standards and then regular and automated comparison to these standards using readily available tools.<\/p>\n<p>The real work in this control starts by reviewing configuration guides from several expert sources. These resources have detailed guides that explain the security considerations of each setting. It is a considerable amount of effort to review these documents in detail, however going through this process will help you better understand your system settings. It will also undoubtedly make you more aware of the importance better protecting your systems from attackers.<\/p>\n<p><u>Guides that will help<\/u>:<\/p>\n<ul>\n<li>The Center for Internet Security has <a href=\"http:\/\/benchmarks.cisecurity.org\/en-us\/?route=default\">hardening guides<\/a>.<\/li>\n<li>Apple Mac OS X Security <a href=\"http:\/\/www.apple.com\/support\/security\/guides\/\">configuration guides<\/a>.<\/li>\n<li>NSA <a href=\"http:\/\/www.nsa.gov\/ia\/guidance\/security_configuration_guides\/index.shtml\">security configuration guides<\/a>.<\/li>\n<\/ul>\n<p><u>Tools that will help<\/u>:<\/p>\n<ul>\n<li>Microsoft Baseline Security Analyzer (<a href=\"http:\/\/technet.microsoft.com\/en-us\/security\/cc184923\">MBSA<\/a>). <\/li>\n<li>MBSA <a href=\"http:\/\/www.microsoft.com\/downloads\/en\/details.aspx?FamilyId=3B64AC19-3C9E-480E-B0B3-6B87F2EE9042&amp;displaylang=en\">Scripting Samples<\/a>.<\/li>\n<li><a href=\"http:\/\/www.tenable.com\/\">Tenable<\/a> <a href=\"http:\/\/www.tenable.com\/products\/nessus\">Nessus<\/a> config baseline scans are an excellent way to know if changes to the standard configuration are made.<\/li>\n<li>Windows Server Update Services (<a href=\"http:\/\/technet.microsoft.com\/en-us\/windowsserver\/bb332157.aspx%20\">WSUS<\/a>) with daily status reports<\/li>\n<li>Microsoft <a href=\"http:\/\/www.microsoft.com\/downloads\/en\/details.aspx?FamilyID=5534BEE1-3CAD-4BF0-B92B-A8E545573A3E\">Security Compliance Manager.<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Control 3 builds on the previous two controls, Inventory of Authorized and Unauthorized Devices and Inventory of Authorized and Unauthorized Software. The intent of this control is to develop secure configurations for your systems and montior for any deviation from this standard. To implement this control, you must invest in some manual work in making [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[20,21,22],"tags":[],"jetpack_publicize_connections":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Control 3 - Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers - Security Ever After - vCISO<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/securityeverafter.com\/control-3-secure-configurations-for-hardware-and-software-on-laptops-workstations-and-servers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Control 3 - Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers - Security Ever After - vCISO\" \/>\n<meta property=\"og:description\" content=\"Control 3 builds on the previous two controls, Inventory of Authorized and Unauthorized Devices and Inventory of Authorized and Unauthorized Software. The intent of this control is to develop secure configurations for your systems and montior for any deviation from this standard. To implement this control, you must invest in some manual work in making [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/securityeverafter.com\/control-3-secure-configurations-for-hardware-and-software-on-laptops-workstations-and-servers\/\" \/>\n<meta property=\"og:site_name\" content=\"Security Ever After - vCISO\" \/>\n<meta property=\"article:published_time\" content=\"2011-06-18T15:42:00+00:00\" \/>\n<meta name=\"author\" content=\"Russell\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@russelleubanks\" \/>\n<meta name=\"twitter:site\" content=\"@russelleubanks\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Russell\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/securityeverafter.com\/control-3-secure-configurations-for-hardware-and-software-on-laptops-workstations-and-servers\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/securityeverafter.com\/control-3-secure-configurations-for-hardware-and-software-on-laptops-workstations-and-servers\/\"},\"author\":{\"name\":\"Russell\",\"@id\":\"https:\/\/securityeverafter.com\/#\/schema\/person\/38dd34bdece8068be18430e4c96ce5f3\"},\"headline\":\"Control 3 &#8211; Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers\",\"datePublished\":\"2011-06-18T15:42:00+00:00\",\"dateModified\":\"2011-06-18T15:42:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/securityeverafter.com\/control-3-secure-configurations-for-hardware-and-software-on-laptops-workstations-and-servers\/\"},\"wordCount\":220,\"commentCount\":4,\"publisher\":{\"@id\":\"https:\/\/securityeverafter.com\/#organization\"},\"articleSection\":[\"Automation\",\"Operational Security\",\"SANS Top 20 Controls\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/securityeverafter.com\/control-3-secure-configurations-for-hardware-and-software-on-laptops-workstations-and-servers\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/securityeverafter.com\/control-3-secure-configurations-for-hardware-and-software-on-laptops-workstations-and-servers\/\",\"url\":\"https:\/\/securityeverafter.com\/control-3-secure-configurations-for-hardware-and-software-on-laptops-workstations-and-servers\/\",\"name\":\"Control 3 - Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers - Security Ever After - vCISO\",\"isPartOf\":{\"@id\":\"https:\/\/securityeverafter.com\/#website\"},\"datePublished\":\"2011-06-18T15:42:00+00:00\",\"dateModified\":\"2011-06-18T15:42:00+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/securityeverafter.com\/control-3-secure-configurations-for-hardware-and-software-on-laptops-workstations-and-servers\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/securityeverafter.com\/control-3-secure-configurations-for-hardware-and-software-on-laptops-workstations-and-servers\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/securityeverafter.com\/control-3-secure-configurations-for-hardware-and-software-on-laptops-workstations-and-servers\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/securityeverafter.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Control 3 &#8211; Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/securityeverafter.com\/#website\",\"url\":\"https:\/\/securityeverafter.com\/\",\"name\":\"Security Ever After - CISO\",\"description\":\"vCISO\",\"publisher\":{\"@id\":\"https:\/\/securityeverafter.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/securityeverafter.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/securityeverafter.com\/#organization\",\"name\":\"Security Ever After\",\"url\":\"https:\/\/securityeverafter.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/securityeverafter.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/i0.wp.com\/securityeverafter.com\/wp-content\/uploads\/2020\/04\/SECURITY-e1589664916497.jpg?fit=1169%2C826&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/securityeverafter.com\/wp-content\/uploads\/2020\/04\/SECURITY-e1589664916497.jpg?fit=1169%2C826&ssl=1\",\"width\":1169,\"height\":826,\"caption\":\"Security Ever After\"},\"image\":{\"@id\":\"https:\/\/securityeverafter.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/russelleubanks\",\"https:\/\/www.linkedin.com\/in\/russelleubanks\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/securityeverafter.com\/#\/schema\/person\/38dd34bdece8068be18430e4c96ce5f3\",\"name\":\"Russell\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/securityeverafter.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8567bffe1f64223494326650c53f921b?s=96&r=pg\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8567bffe1f64223494326650c53f921b?s=96&r=pg\",\"caption\":\"Russell\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Control 3 - Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers - Security Ever After - vCISO","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/securityeverafter.com\/control-3-secure-configurations-for-hardware-and-software-on-laptops-workstations-and-servers\/","og_locale":"en_US","og_type":"article","og_title":"Control 3 - Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers - Security Ever After - vCISO","og_description":"Control 3 builds on the previous two controls, Inventory of Authorized and Unauthorized Devices and Inventory of Authorized and Unauthorized Software. The intent of this control is to develop secure configurations for your systems and montior for any deviation from this standard. To implement this control, you must invest in some manual work in making [&hellip;]","og_url":"https:\/\/securityeverafter.com\/control-3-secure-configurations-for-hardware-and-software-on-laptops-workstations-and-servers\/","og_site_name":"Security Ever After - vCISO","article_published_time":"2011-06-18T15:42:00+00:00","author":"Russell","twitter_card":"summary_large_image","twitter_creator":"@russelleubanks","twitter_site":"@russelleubanks","twitter_misc":{"Written by":"Russell","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/securityeverafter.com\/control-3-secure-configurations-for-hardware-and-software-on-laptops-workstations-and-servers\/#article","isPartOf":{"@id":"https:\/\/securityeverafter.com\/control-3-secure-configurations-for-hardware-and-software-on-laptops-workstations-and-servers\/"},"author":{"name":"Russell","@id":"https:\/\/securityeverafter.com\/#\/schema\/person\/38dd34bdece8068be18430e4c96ce5f3"},"headline":"Control 3 &#8211; Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers","datePublished":"2011-06-18T15:42:00+00:00","dateModified":"2011-06-18T15:42:00+00:00","mainEntityOfPage":{"@id":"https:\/\/securityeverafter.com\/control-3-secure-configurations-for-hardware-and-software-on-laptops-workstations-and-servers\/"},"wordCount":220,"commentCount":4,"publisher":{"@id":"https:\/\/securityeverafter.com\/#organization"},"articleSection":["Automation","Operational Security","SANS Top 20 Controls"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/securityeverafter.com\/control-3-secure-configurations-for-hardware-and-software-on-laptops-workstations-and-servers\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/securityeverafter.com\/control-3-secure-configurations-for-hardware-and-software-on-laptops-workstations-and-servers\/","url":"https:\/\/securityeverafter.com\/control-3-secure-configurations-for-hardware-and-software-on-laptops-workstations-and-servers\/","name":"Control 3 - Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers - Security Ever After - vCISO","isPartOf":{"@id":"https:\/\/securityeverafter.com\/#website"},"datePublished":"2011-06-18T15:42:00+00:00","dateModified":"2011-06-18T15:42:00+00:00","breadcrumb":{"@id":"https:\/\/securityeverafter.com\/control-3-secure-configurations-for-hardware-and-software-on-laptops-workstations-and-servers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/securityeverafter.com\/control-3-secure-configurations-for-hardware-and-software-on-laptops-workstations-and-servers\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/securityeverafter.com\/control-3-secure-configurations-for-hardware-and-software-on-laptops-workstations-and-servers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/securityeverafter.com\/"},{"@type":"ListItem","position":2,"name":"Control 3 &#8211; Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers"}]},{"@type":"WebSite","@id":"https:\/\/securityeverafter.com\/#website","url":"https:\/\/securityeverafter.com\/","name":"Security Ever After - CISO","description":"vCISO","publisher":{"@id":"https:\/\/securityeverafter.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/securityeverafter.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/securityeverafter.com\/#organization","name":"Security Ever After","url":"https:\/\/securityeverafter.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/securityeverafter.com\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/securityeverafter.com\/wp-content\/uploads\/2020\/04\/SECURITY-e1589664916497.jpg?fit=1169%2C826&ssl=1","contentUrl":"https:\/\/i0.wp.com\/securityeverafter.com\/wp-content\/uploads\/2020\/04\/SECURITY-e1589664916497.jpg?fit=1169%2C826&ssl=1","width":1169,"height":826,"caption":"Security Ever After"},"image":{"@id":"https:\/\/securityeverafter.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/russelleubanks","https:\/\/www.linkedin.com\/in\/russelleubanks\/"]},{"@type":"Person","@id":"https:\/\/securityeverafter.com\/#\/schema\/person\/38dd34bdece8068be18430e4c96ce5f3","name":"Russell","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/securityeverafter.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8567bffe1f64223494326650c53f921b?s=96&r=pg","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8567bffe1f64223494326650c53f921b?s=96&r=pg","caption":"Russell"}}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/posts\/166"}],"collection":[{"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/comments?post=166"}],"version-history":[{"count":0,"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/posts\/166\/revisions"}],"wp:attachment":[{"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/media?parent=166"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/categories?post=166"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/securityeverafter.com\/wp-json\/wp\/v2\/tags?post=166"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}