Requires Free Membership to View
The reason so much information on system hardening is prescriptive is that
there is so little agreement as to what the objectives really are.What is hardening? Here are some options:
- Removal of all known and potential buffer overflow conditions
- Removal of all binaries that are not needed
- Application of basic Unix file system security from a paranoia perspective
- Ensuring that all unnecessary services are turned off
- Implementation of a secure firewall
- Design and implementation of a rigorous demiliterized zone architecture
- Implementation of extended auditing, reporting and analysis facilities
- Implementation of real-time exception reporting
- Implementation and enforcement of more secure user identity management and authentication facilities
- Implementation and configuration of all vital service in a chrooted jail
- Implementation of a fail-over and high availability infrastructure
- Implementation of a rigorous source address validation system
- Implementation of virus scanning and integrity validation process on all incoming remote data streams
Each of these subjects is wide and deep enough to warrant a book. There are many books on each subject. It is a complex subject -- the complexity of which is made intense as a result of extreme opinions on the relative merits and importance of each of these.
I do apologize for not answering your question; to me you're asking for the equivalent to a brief reference index to the universe: the past, the present and the hereafter. I wish I could give a more definitive answer in a shorter space but, like many others, I'm with you all the way.
This was first published in August 2003
Join the conversationComment
Share
Comments
Results
Contribute to the conversation