Manage Learn to apply best practices and optimize your operations.

Is there a reliable rationale behind system hardening?

Could you please provide a reliable source for hardening? I'm not looking for just a recipe, but an analysis rationale behind it: i.e. bash has been disabled due to a feature embedded which allows kernel level rights to be inherited from being a normal user with certain directory permission. Things along those lines would help determine whether a feature is really at high risk or can be managed. Everyone has a formula.
The reason so much information on system hardening is prescriptive is that there is so little agreement as to what the objectives really are.

What is hardening? Here are some options:

  1. Removal of all known and potential buffer overflow conditions
  2. Removal of all binaries that are not needed
  3. Application of basic Unix file system security from a paranoia perspective
  4. Ensuring that all unnecessary services are turned off
  5. Implementation of a secure firewall
  6. Design and implementation of a rigorous demiliterized zone architecture
  7. Implementation of extended auditing, reporting and analysis facilities
  8. Implementation of real-time exception reporting
  9. Implementation and enforcement of more secure user identity management and authentication facilities
  10. Implementation and configuration of all vital service in a chrooted jail
  11. Implementation of a fail-over and high availability infrastructure
  12. Implementation of a rigorous source address validation system
  13. Implementation of virus scanning and integrity validation process on all incoming remote data streams
I am sure there are more issues. This is NOT an exhaustive list.

Each of these subjects is wide and deep enough to warrant a book. There are many books on each subject. It is a complex subject -- the complexity of which is made intense as a result of extreme opinions on the relative merits and importance of each of these.

I do apologize for not answering your question; to me you're asking for the equivalent to a brief reference index to the universe: the past, the present and the hereafter. I wish I could give a more definitive answer in a shorter space but, like many others, I'm with you all the way.

Dig Deeper on Linux servers

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.