I’m pretty adamant that once a machine is actually needed to do real work, heavy security measures need to be taken to isolate, quarantine, and protect the files & applications running on a host/server. of course that goes without saying to anyone in the I.T. industry, so I figured I’d share some documentation to help along the way to proper digital hygiene.
The NSA is quite helpful when it comes to the documentation, and has been for over 10 years.
Here is one document for OSX 10.4+ hardening: https://www.nsa.gov/ia/_files/os/applemac/I731-006R-2007.pdf
Information on Wireless LAN intrusion detection: https://www.nsa.gov/ia/_files/factsheets/I732-011-2008.pdf
Hardening of RHEL5 (also applies to 6 for the most part): https://www.nsa.gov/ia/_files/factsheets/rhel5-pamphlet-i731.pdf
Data Execution prevention on Windows: https://www.nsa.gov/ia/_files/factsheets/I733-TR-043R-2007.pdf
SELinux documentation for Red Hat 6: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux
A good addendum to the NSA OSX lockdown procedures (post-NSA documentation, for newer versions): http://www.macworld.com/article/2048160/how-the-nsa-snoop-proofs-its-macs.html
“Panther” through “Snow leopard” OS X security documentation from Apple: https://www.apple.com/support/security/guides/
“Little Stitch” OS X Firewalling utility: http://www.macupdate.com/app/mac/10426/little-snitch
A few tidbits of things that can be done with OS X to harden (these are pretty straight forward, but worth a read): http://laketa.com/how-i-setup-my-mac-when-doing-a-fresh-install-of-os-x/
Windows 7 hardening & countermeasures: http://download.microsoft.com/download/B/D/8/BD827E3F-2C24-4DD5-965B-C21F8101E477/ThreatsAndCounterMeasures.pdf
Windows Baseline security: http://technet.microsoft.com/en-us/library/cc526440.aspx
Let’s face it, some people run Windows XP (I do in VM for some software!) This is a good security guide: https://www.nsa.gov/ia/_files/os/winxp/NSA_Windows_XP_Security_Guide_Addendum.pdf
Information about IPv6 and security within: https://www.nsa.gov/ia/_files/factsheets/Factsheet-IPv6.pdf