Ask the Expert

Is there a reliable rationale behind system hardening?

Could you please provide a reliable source for hardening? I'm not looking for just a recipe, but an analysis rationale behind it: i.e. bash has been disabled due to a feature embedded which allows kernel level rights to be inherited from being a normal user with certain directory permission. Things along those lines would help determine whether a feature is really at high risk or can be managed. Everyone has a formula.

Requires Free Membership to View

The reason so much information on system hardening is prescriptive is that there is so little agreement as to what the objectives really are.

What is hardening? Here are some options:

  1. Removal of all known and potential buffer overflow conditions
  2. Removal of all binaries that are not needed
  3. Application of basic Unix file system security from a paranoia perspective
  4. Ensuring that all unnecessary services are turned off
  5. Implementation of a secure firewall
  6. Design and implementation of a rigorous demiliterized zone architecture
  7. Implementation of extended auditing, reporting and analysis facilities
  8. Implementation of real-time exception reporting
  9. Implementation and enforcement of more secure user identity management and authentication facilities
  10. Implementation and configuration of all vital service in a chrooted jail
  11. Implementation of a fail-over and high availability infrastructure
  12. Implementation of a rigorous source address validation system
  13. Implementation of virus scanning and integrity validation process on all incoming remote data streams
I am sure there are more issues. This is NOT an exhaustive list.

Each of these subjects is wide and deep enough to warrant a book. There are many books on each subject. It is a complex subject -- the complexity of which is made intense as a result of extreme opinions on the relative merits and importance of each of these.

I do apologize for not answering your question; to me you're asking for the equivalent to a brief reference index to the universe: the past, the present and the hereafter. I wish I could give a more definitive answer in a shorter space but, like many others, I'm with you all the way.

This was first published in August 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: