I can provide expert administration for your Linux and Windows systems.
From setup and configuration to maintenance and troubleshooting,
I can ensure that your systems are running smoothly and efficiently.
Linux Servers
Remove unnecessary packages
Controlling File Permissions & Attributes
Kernel Security
Network Intrusion Detection
Checking Package Integrity
Configure TCP Wrappers
Install and Configure TripWire
Configure Syslog
DNS Security
Detect weak password with John the Ripper
Verify no accounts have empty passwords
Set Password rules
Disable USB devices
Check which services are started at boot time
Set GRUB boot loader password
Configure SSH securely
Disable telnet
Configure sysctl securely....
Windows Servers
Install the lastest service packs and hotfixes from Microsoft
Enable password complexity requirements
Do not grant any users the 'act as part of the operating system' right
Restrict the ability to access this computer from the network to Administrators and Authenticated Users
Restrict local logon access to Administrators
Configure Windows Firewall to restrict remote access services (VNC, RDP,etc...) to authorized organization-only networks
Configure allowable encryption types for Kerberos
Set LAN Manager authentication level to only allow NTLMv2 and refuse LM and NTLM
Disallow users from creating and logging in with Microsoft accounts....
Firewall
Update the router to the lastest firmware version
Enable stateful packet inspection
Disable remote management of the router
Create multiple authentication for administrators
Check if all management access from the Internet off , if it does not have a clear business need. At most , HTTPS and PING should be enabled....
Routers
Do not use Default password for your router
Enable port forwarding and IP filtering for your router
To really prevent local admin access, limit the LAN IP address to a single IP address that is both outisde the DHCP range and not normally assigned
Make sure the remote administration settings are turned off by default
Check if the port number can be changed remotely...
Switches
Create an Enable Secret Password Encrypt Passwords on the device
Create separate local accounts for User Authentication Configure Maximum Failed Authentication Attempts
Restrict Management Access to the devices to specific Ips only
Restrict and Secure SNMP Access
Enable Logging for Monitoring, incident response and auditing. You can enable logging to an internal buffer of the device or to an external Log server...