Security Basics mailing list archives

Re: Server hardening

From: "Adam Pal" <pal_adam () gmx net>
Date: Tue, 24 Mar 2009 17:08:31 +0100

Hi Venky,

The question is, can you define a global procedure for hardening a server, or is it an individual task?

I think you can take general statements like "business use only", "must have and not nice to have" to set up a 
procedure, but a step-by-step description would be imho. the wrong approach.

It would be prefferably to do the first step define the task of the server, make it as dedicated as possible and throw 
away everything else not needed, starting from browser up to particular services.

Depending on the amount of platforms which are to be hardened, it might be usefull to write a small script which will 
reduce the server to a zero-configuration.


You write you need clear and understandable steps. This can be done by getting an external consultant to set up a small 
manual, or by hire quallified IT staff.

I doubt, that it in a few minutes there can be set up the "list" you are requesting. 


Best regards,

Adam Pal
-------- Original-Nachricht --------

Datum: 20 Mar 2009 07:04:12 -0000
Von: venkatesh.selvaraju () gmail com
An: security-basics () securityfocus com
Betreff: Server hardening

Folks,



Can someone suggest the procedures an administrator needs to follow for
hardening servers?



I understand the hardening procedures varies depending upon the role of
the server e.g Windows servers hosting exchange, sharepoint, database,
activedirectory etc.



Googling results in plethora of links on this topic but I need clear and
precise steps for better and easier understanding for implementation. Not
sure if this is the right forum to post this question. Any help you provide
is greatly appreciated.



Cheers,

Venky

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec
Institute's Ethical Hacking class. 
Totally hands-on course with evening Capture The Flag (CTF) exercises,
Certified Ethical Hacker and Certified Penetration Tester exams, taught by an
expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------


-- 
Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger01

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. 
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified 
Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------

Current thread:

Server hardening venkatesh . selvaraju (Mar 24)
- RE: Server hardening Corey Bobb (Mar 24)
- Re: Server hardening exzactly (Mar 24)
- Re: Server hardening Adam Pal (Mar 24)
- <Possible follow-ups>
- Re: Server hardening aaaa (Mar 25)
- RE: Server hardening Chitre, Salil (Mar 25)