Chapter 9: Host Hardening

OVERVIEW

The concept of hardening a system is well known for its benefit of preventing, or at least mitigating, exploits for which the system has not been patched. System hardening is also well documented in numerous checklists, e-mail threads, sticky notes, pricey consultant recommendations, and vendor web sites. One would think that all of this information would lead to more secure systems. Unfortunately, it is quite obvious that the simple identification of a solution set does not solve a problem. The blatant application of a detailed checklist's recommendations leads to the unnecessary impression that security is designed to reduce functionality. Conversely, a vague checklist of security platitudes raises awareness for a problem that has already been identified.

One of the important pieces missing in host-based security deployment plans is a tool or set of tools to secure the system and faithfully repeat that configuration for many systems, preferably without your having to be physically present at the system console. This chapter focuses on simple tools that create a hardened system from a network perspective. Our goal for this chapter is not to discuss the differences in hardening a system that focuses on a single network service (such as a web server), serves as a workstation, or is designed to be a shared user environment (such as providing Unix shell accounts); instead, more importantly, the chapter informs you of some of the more powerful tools.

Tip 

If you still wish to review checklists and examine the most common security recommendations, check out the guidelines published by the NSA at http://www.nsa.gov/snac/. While these guidelines are comprehensive, blindly applying every recommendation may create a system that does not function well in a networked environment.



Anti-Hacker Tool Kit
Anti-Hacker Tool Kit, Third Edition
ISBN: 0072262877
EAN: 2147483647
Year: 2006
Pages: 175

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net