Summary

In this chapter, we examined a number of methods that can be implemented to protect your server environment. Starting with the premise that if something is not being used, discard it, we further refined our approach by implementing firewalls to restrict network traffic.

Server hardening techniques can be further enhanced by placing exposed applications into containers using tools such as chroot and UML. The resulting compromise of these services restricts the exposure to the containment object.

The number of threats to a computing environment is considerable. Implementing simple physical security measures such as using switches instead of hubs is not sufficient. Network architecture should encompass the physical wiring, the nodes, and the networks (both wired and wireless) used in an organization. Leveraging network subnets and filtering rules can help isolate known allowed traffic patterns within an organization. Out-of-pattern events will therefore become more noticeable and, one hopes, lead to faster investigation. Intrusion detection tools with automatic log file parsing and reporting capabilities should be deployed to provide an early-warning system.

Keeping the target profile of a server environment to a minimum is a continuous process. New applications bring along new features and new vulnerabilities. Old, trusted applications are often found to have long-hidden flaws. Vigilance is the key to properly defending an environment. Knowing where to look for the latest threat vectors is just as important. A number of sources for threat information have been listed throughout this chapter; many more are listed in Appendix B, "Resources."