Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

Vendor NewsFeed

More Vendor NewsFeed »

Letters
F E A T U R E  
Vulnerability Assessment Scanners

  January 8, 2001
  By Brooke Paul

Security Hardening and Certification

When deploying servers, you should have a process for security hardening and certification. This process will provide a standardized image that will improve not only security but also the quality of your system deployment process. The first step to putting this process in place is to develop a standard OS image for a given set of hardware. This standard image should be the "least common denominator" that you would use for a deployment and should not contain any special applications, such as database or Web services. A good start is to deploy a server using your current process, and then harden it using documented procedures for system security:

  • Hewlett-Packard Co. HP-UX: people.hp.se/stevesk/bastion.html

  • Linux: www.sans.org/newlook/publications/index.htm

  • Microsoft Windows NT: www.sans.org/newlook/publications/ntstep.htm

  • Novell NetWare: www.nwc.com/1120/1120ws1.html

  • Sun Microsystems Solaris: www.sans.org/newlook/resources/hard_solaris.htm

Hardening procedures for other operating systems can be obtained from the vendor. Some vendors can provide prehardened or "trusted" versions of their OSes.

Once you have created and tested your hardened image, you can use it as part of your standard deployment process. That process should follow five steps:

  1. Install your standard, hardened image.

  2. Add applications to provide the functionality the server needs (for example, database, application, Web and firewall).

  3. Add binary checksum software (and potentially host-based firewall or intrusion-detection software).

  4. Complete a vulnerability analysis on system (security certification step).

  5. Deploy the system into your environment.

Step 4 is a certification step that reduces the probability that the system you are about to deploy will add vulnerabilities into your environment. The quality of this certification is directly related to the quality of the vulnerability assessment product you use. Your vulnerability-assessment tools should also be used periodically to examine the systems you have deployed into your environment. This on-going security certification will help keep you ahead of any vulnerabilities that may develop because of new exploits or changes in systems configuration after deployment.

-- Brooke Paul


   Page: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | Next Page

Research and Reports

Hypervisor Derby
August 2011
Network Computing: August 2011

Video


WATCH: Box.net CEO Aaron Levie Takes On Microsoft

WATCH: HP Chairman Ray Lane: Focus On Innovation

WATCH: How OpenFlow Changes Networking


View All Videos
Previous Page First Page Second Page Third Page Next Page

Most Popular

Stories Blogs

More Stories »

Featured Whitepapers

Featured Reports

BlogRoll

TechWeb Careers