6.9 Harden host operating system

Information

The host operating system should be securely configured, disabling unnecessary services,
ensuring ACLs on resources such as files, directories and network shares as restrictive as
possible and ensuring it is up-to-date with relevant patches. A patching process should be
in place to ensure operating system patches are applied in a timely manner.

Rationale:

Although the database host is likely to be located on the Intranet it may have applications
connecting to it from DMZs and partner networks in addition to the threat of a malicious
user that has valid albeit low privileged domain credentials. Hardening the operating
system will serve the purposes of making it harder for an attacker to compromise the data
within the database via an operating system attack and also harder for an attacker to fully
compromise the host from the database itself.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

1. Follow the guidance in the relevant CIS benchmark for the host operating system.

See Also

https://workbench.cisecurity.org/files/1612