Summary

Hardening systems is not an easy task. You can find a plethora of information on the subject, but the vast majority of it seems to be geared toward military systems used in incredibly hostile environments. In addition, there is a definite belief that the more settings you make, the better off you are. In this chapter, we tried to dispel some of these myths and instead focus on the things that will significantly impact your security. If you have a home system behind a hardware firewall, you probably do not need to make any of these changes. If you are looking at configuring data center servers sitting behind firewalls with restrictions on who they can receive requests from, you may only need a few. The second-most important rule is to analyze the security needs of your system and then select a reasoned set of steps that mitigate threats you care about instead of making as many changes as you can just so you can say you have done something. The most important rule is to test, test, and re-test, before you roll things out. Most of the people recommending security tweaks have not tested them themselves to any great extent, much less understand what they would break in your environment.