1 / 10

Additional Hardening Guidelines

Additional Hardening Guidelines. Automating Host-Hardening Steps. If you expect to deploy more than one system in your organization, it often makes sense to automate the OS installation process, configuring the OS in a locked-down manner as part of the base build.

lillianhernandez
Download Presentation

Additional Hardening Guidelines

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Additional Hardening Guidelines

  2. Automating Host-Hardening Steps • If you expect to deploy more than one system in your organization, it often makes sense to automate the OS installation process, configuring the OS in a locked-down manner as part of the base build. • You can accomplish this with Windows through the use of techniques such as Unattended Answer Files (UAF) and Remote Installation Services (RIS). • A similar approach works with UNIX-based systems as well.

  3. Automating Host-Hardening Steps • For instance, the Sun Solaris "JumpStart" mechanism allows you to create a custom profile for the system that begins with Solaris Core System Support Software Group (abbreviated as SUNWCreq), along with any additional packages your host may require.

  4. Automating Host-Hardening Steps • In situations where beginning with a minimalist OS build is impossible or impractical, you will have to remove unneeded programs, libraries, and configuration files after installing the OS. • A number of freely available tools can help you automate these host-hardening steps as well as. • The following list includes some of the more popular utilities of this nature that are available for free: • Security Configuration and Analysis snap-in for the Microsoft Management Console (MMC)

  5. Automating Host-Hardening Steps • The Center for Internet Security's tools and benchmarks for tuning your host's configuration to industry best practices (http://www.cisecurity.org) • Titan Security Toolkit, for Solaris, Linux, and Free BSD (http://www.fish.com/titan) • Bastille Hardening System, for Linux, HP-UX, and Mac OS X (http://www.bastille-linux.org) • Solaris Security Toolkit (JASS), for Solaris (http://wwws.sun.com/software/security/jass)

  6. Automating Host-Hardening Steps • If a hardening toolkit does not meet your needs, you can replace or augment it with a collection of your own scripts that perform the steps you would need to take if locking down the host's configuration by hand.

  7. Common Security Vulnerabilities • The SANS Top 20 Vulnerabilities list (http://www.sans.org/top20) provides a concise and authoritative summary of the most often compromised vulnerabilities. • The purpose of creating this list was to help administrators start securing their hosts against the most common threats, without feeling overwhelmed by the task. • Understanding the vulnerabilities in the system's configuration goes a long way toward helping to arm your hosts against them.

  8. Hardening Checklists • Many great resources on the Internet contain detailed information on hardening various operating systems. • For example, numerous software vendors provide security guidelines or step-by-step instructions on their websites. • A general resource with many papers related to operating system, network, and application security is the SANS Reading Room, located at http://www.sans.org/rr.

  9. Hardening Checklists • You can also find the following free OS hardening documents, helpful in defining procedures for securing your own hosts: • National Security Agency (NSA) publishes well-researched security configuration guides for a variety of operating systems, applications, and network devices (http://www.nsa.gov/snac). • The Center for Internet Security offers several checklists and benchmarking tools to rate security of Windows and UNIX hosts (http://www.cisecurity.org).

  10. Hardening Checklists 3. Microsoft offers a number of checklists and guides for hardening Windows-based systems (http://www.microsoft.com/technet/security/topics/hardsys). 4. Sun provides a variety of guidelines for securing Solaris and Linux-based environments (http://wwws.sun.com/software/security/blueprints). 5. SANS Institute publishes several step-by-step guides for hardening Windows and UNIX-based hosts (http://store.sans.org).

More Related