Linux:
• Set a BIOS password: Prevents users from altering BIOS settings.
• Set a GRUB password: Stops users from altering the GRUB bootloader.
• Deny Root Access: Rejecting root access minimizes the probability of intrusions.
• Sudo Users: Make sudo users and assign limited privileges to invoke commands.
• TCP wrappers: Apply a rule for the SSH daemon to allow only trusted hosts to access the server, and deny all others. Apply similar rules for other services like FTP and SSH.
• Firewalld/iptables: Configure firewalld and iptables rules for incoming traffic to the server. Include the specific port, source IP, and destination IP and allow, reject or deny ICMP requests for the public and private zones.
• Antivirus: Install antivirus software and update it regularly.
• Secure and Audit Logs: Monitor and check the logs regularly.
• Log Rotation: Keep the logs for a limited period of time in order to keep sufficient disk space for important operations.
Windows:
• Set the BIOS password: Prevents users from altering BIOS settings.
• Antivirus: Install antivirus software and update it regularly.
• Configure Firewall Rules: Prevent unauthorized parties from accessing your systems.
• Deny Administrator Login: Limit users’ ability to make changes that could increase your systems’ vulnerabilities.