- Program Clean-up
Checking the list of executables and associated registry entries, and removing unrecognized and unused ones, minimizes the digital surface open for attack and prevents malware.
- Disable all unnecessary services
Disabling all unnecessary services will prevent dormant and disguised bots from taking over the system.
- Clean up the Start-up programs
Cleaning up the list of programs that automatically get launched on system start-up prevents ad-bots, adware, spy-bots, and worms.
- Apply appropriately restrictive permissions to files, services, endpoints and registry entries.
Inappropriate permissions could give an attacker an opening. The ability to launch CMD.EXE as “LocalSystem,” for example, is a classic backdoor.
- Install Service packs
Installing service-packs and regular patches, and repeating all the hardening steps after each patch cycle, keeps the system vulnerabilities at a minimum.11