Whenever a system is configured make sure you know exactly what is running and also what is necessary to allow the system to perform its intended function.
*This article was taken from our HIPAA Guide. For more information on this topic, download our free HIPAA Guide.
“Permitting anything unnecessary to remain on a system can open you up to additional risk.”
Whenever a system is configured make sure you know exactly what is running and also what is necessary to allow the system to perform its intended function. Disable all unnecessary services, ports, and protocols. Don’t assume you need all those services running, double-check.
A lot of industry hardening standards exist that you can use to help secure all your systems. Pick one that works for your environment and modify it to your needs. The key is to only use what is necessary, not what is convenient and easy to set up.
Some examples of some minimum hardening practices include removing or disabling default accounts and passwords, using the system for a single role, securing wireless settings, and not using shared accounts. Don’t forget to harden all devices in scope for HIPAA.
Use automated tools where possible. These tools can help you track all your systems and alert you on any unpatched or outdated system. Also, keep your processes up to date and in use. Really use your processes and keep individuals trained on how to keep systems hardened.
.svg)
