Could you please provide a reliable source for hardening? I'm not looking for just a recipe, but an analysis rationale behind it: i.e. bash has been disabled due to a feature embedded which allows kernel level rights to be inherited from being a normal user with certain directory permission. Things along those lines would help determine whether a feature is really at high risk or can be managed. Everyone has a formula.
The reason so much information on system hardening is prescriptive is that there is so little agreement as to what the objectives really are.
What is hardening? Here are some options:
- Removal of all known and potential buffer overflow conditions
- Removal of all binaries that are not needed
- Application of basic Unix file system security from a paranoia perspective
- Ensuring that all unnecessary services are turned off
- Implementation of a secure firewall
- Design and implementation of a rigorous demiliterized zone architecture
- Implementation of extended auditing, reporting and analysis facilities
- Implementation of real-time exception reporting
- Implementation and enforcement of more secure user identity management and authentication facilities
- Implementation and configuration of all vital service in a chrooted jail
- Implementation of a fail-over and high availability infrastructure
- Implementation of a rigorous source address validation system
- Implementation of virus scanning and integrity validation process on all incoming remote data streams
Each of these subjects is wide and deep enough to warrant a book. There are many books on each subject. It is a complex subject -- the complexity of which is made intense as a result of extreme opinions on the relative merits and importance of each of these.
I do apologize for not answering your question; to me you're asking for the equivalent to a brief reference index to the universe: the past, the present and the hereafter. I wish I could give a more definitive answer in a shorter space but, like many others, I'm with you all the way.
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.