![]() For example, CIS has been shown to eliminate 80-95% of known vulnerabilities. Most of all you should use Security Benchmarks/Policies which describe consensus best practices for the secure configuration of target systems.Ĭonfiguring your systems in compliance eliminates the most common vulnerabilities. For me, CIS and the STIGs compliances are about the best prescriptive guides - but of course you can choose a different one (e.g. There are a lot of great GNU/Linux hardening policies available to provide safer operating systems compatible with security protocols. These lists exist to give a false sense of security and aren't based on authority standards. In my opinion, you should drop all non-industry policies, articles, manuals, and others especially on production environments and standalone home servers. Why is it important? Please read a great, short article that explains the hardening process step by step by Michael Boelen. You need to harden your system to protect your assets as much as possible. It's always a balance between ease of use and protection. and security teams and require changes to the default configuration according to industry benchmarks.Īlso for me, hardening is the fine art of doing the right things, even if they don't always look to have a big impact. The process of hardening servers involves both IT ops. It’s up to you to prepare for each eventuality and set up systems to notify you of any suspicious activity in the future. Out of the box, Linux servers don’t come "hardened" (e.g. Simply speaking, hardening is the process of making a system more secure. If you are not sure what to do please see Policy Compliance. This guide contains my comments that may differ from certain industry principles. The requirements are derived from the (NIST) 800-53 and related documents. Red Hat Enterprise Linux 7 Security Technical Implementation Guide (STIG) Government Commercial Cloud Services (C2S) baseline inspired by CIS v2.1.1Ĭ2S for Red Hat Enterprise Linux 7 v0.1.43. The Practical Linux Hardening Guide use following OpenSCAP configurations: some hardening rules/descriptions can be done better.it's not exhaustive about Linux hardening.based on a minimal RHEL7 and CentOS 7 installations.contains also non-related rules with C2S/CIS.include a lot of security tips from the C2S/CIS.One of the main goals is to create a single document covering internal and external threats. This guide also provides you with practical step-by-step instructions for building your own hardened systems and services. It is not an official standard or handbook but it touches and uses industry standards. The Practical Linux Hardening Guide provides a high-level overview of hardening GNU/Linux systems. Security Content Automation Protocol (SCAP).Payment Card Industry Data Security Standard (PCI-DSS).National Institute of Standards and Technology (NIST).Security Technical Implementation Guide (STIG).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |