Skip to main content

Secure the Operating System Layer

We recommend these best practices for hardening your operating system.

  • Check and install Windows updates.

  • Apply the latest patches and updates.

  • Remove or disable unnecessary services and software.

  • Assign minimal permissions to system users.

  • Enable auditing.

  • Follow any additional OS-level hardening steps recommended by the security/IT teams at your organization.

  • Adjust the Windows Schannel configuration to limit access to insecure protocols and cipher suites, and to set preferred cipher suite order.

    • You can modify the Schannel configuration manually via the registry and group policy editor (see Secure Channel - Win32 apps).

    • Or you can use the third-party tool IIS Crypto (For example, Nartac Software - IIS Crypto. If you decide to use IIS Crypto, their built-in ‘Best Practices’ template is a great starting point.).

Contact your operating system vendor for additional recommended best practices for hardening your operating system.