Generic Hardening

Download document-> Generic Hardening doc

Hardening:

Hardening is the process of securely deploying systems with the practice of ‘least privilege’. Hardening includes:

  • Understanding what you actually need to run on the system
  • Documentation (Policy, Standards & Guidelines)
  • Operating systems
  • Virtual servers
  • Coding
  • Application settings
  • Database setup & configuration
  • Network devices
  • Portable device

Platform hardening:

Platforms are depended upon to deliver data in a secure, reliable fashion. There must be assurance that data integrity, confidentiality and availability are maintained. One of the required steps to attain this assurance is to ensure that the platforms are installed and maintained in a way that prevents unauthorized access, unauthorized use, and disruptions in service

DEFINITIONS

  • Hardened System
    • (H) Is the final state we are trying to achieve
  • Baseline OS Hardening
    • (Bos) Is the Baseline Operating System hardening
  • Application / System Function Hardening
    • (Af) Is any hardening of applications that may reside on top of the operating system, such as Apache, IIS, Oracle or specific functions, such as File/Print, DNS/DHCP, etc
  • Base Hardening
    • Base hardening = Baseline Operating System Hardening + Application or System Function hardening
    • (B) = (Bos) + (Af)
  • Custom Hardening
    • (C)Is any additional hardening applied to the system, such as’ Specialized Security Limited Functionality’ settings, DMZ settings, addition system service settings (KIOSK, Bastion Host, etc), custom OS specific security controls(TCPWrappers, Bastille, etc.)
  • Virtual System (Needs Host OS)
    • (C)Is the Virtual Machine hardening
  • Is the Virtual Machine hardening
    • (VOS) Is the Virtual Server hardening – VM Ware ESXi

Hardening Formula

Putting System Hardening into a mathematical formula:

H = Hardened System

B = Base Hardening

C = Custom Hardening

So…

H = B+C

Hardened System or Secure Deployment

Custom Hardening

Application / Function Hardening

Baseline OS Hardening

In the layered security

Hardened System or Secure Deployment

Baseline OS Hardening

Application / Function Hardening

Custom Hardening

Baseline OS Hardening

Virtual Server Hardening

Hardening Virtual Systems

For Virtual Operating System:

H = Hardened System

Vos = Virtual OS Hardening

B = Base Hardening

C = Custom Hardening

So…

H = Vos+B+C

Also stated as layered security:

Hardened System or Secure Deployment

Virtual OS Hardening

Custom Hardening

Application / Function Hardening

Baseline OS Hardening

Advertisements

Published by

Shafiq Alibhai

http://shafiq.in

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s