Security checklist for system administrators
- Scan systems for all known vulnerabilities, including system's default configurations and passwords. Compare system configuration files against a baseline for changes.
- Apply security patches when they are available from the software vendors. Depending upon the risk, you may decide on how soon you have to install those patches. Sometimes applying patches may involve downtime of the systems.
- Monitor systems for suspicious user behavior, including both administrative and non-privileged users.
- Audit systems for malicious or excessive user authorizations.
- Monitor systems for indicators of compromise resulting from the exploitation of vulnerabilities.
- Apply threat intelligence on new vulnerabilities to improve the security posture against advanced targeted attacks.
- Review application logs for warning and error messages for service start up errors, database errors and un-authorized application installation. Also, check for invalid logons and un-authorized user creations.
- Review security log for warning and error messages for invalid logons, un-authorized user creations and files deletion.
- Run Anti-Virus scan on all persistent storages.
- Always check system for any unnecessary services running.
- Perform and verify that successful backup of the system including data files has been completed.
- Define comprehensive security baselines for systems and continuously monitor for compliance violations and remediate detected deviations
