Critical Control 3: Secure Configurations for PCs and Servers

Critical Control 3: Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers
Most systems are installed with a default installation and not properly hardened for the organization that is using the software or device. Therefore hardened images need to be created for each of the devices and software an organization deploys. Only by having proper configuration management with tested and validated images, can an organization have a reasonable level of security. Not only is configuration management critical but the images must be properly maintained through a strict change control process. Also, since new threats are coming out on a regular basis the secure image must be updated with new patches and vulnerabilities components removed or properly configured.
In securing a system it is important to remember the principle of least privilege. First, you want to limit the number of systems that are visible from the Internet or other public networks. Second, close any ports that are not required for the system to operate. Third, turn off any services and remove any unnecessary components that are not needed for the system to function.
Key test to perform to check compliance with this control:
WARNING: Always be careful when making changes to systems. This should be done only with approval and only on development or test systems. Never make unapproved changes to any production systems.
1) Scan several servers and see if they have the same ports and services (continue reading...)