Security Basics mailing list archives
Re: Server hardening
From: "Adam Pal" <pal_adam () gmx net>
Date: Tue, 24 Mar 2009 17:08:31 +0100
Hi Venky, The question is, can you define a global procedure for hardening a server, or is it an individual task? I think you can take general statements like "business use only", "must have and not nice to have" to set up a procedure, but a step-by-step description would be imho. the wrong approach. It would be prefferably to do the first step define the task of the server, make it as dedicated as possible and throw away everything else not needed, starting from browser up to particular services. Depending on the amount of platforms which are to be hardened, it might be usefull to write a small script which will reduce the server to a zero-configuration. You write you need clear and understandable steps. This can be done by getting an external consultant to set up a small manual, or by hire quallified IT staff. I doubt, that it in a few minutes there can be set up the "list" you are requesting. Best regards, Adam Pal -------- Original-Nachricht --------
Datum: 20 Mar 2009 07:04:12 -0000 Von: venkatesh.selvaraju () gmail com An: security-basics () securityfocus com Betreff: Server hardening
Folks, Can someone suggest the procedures an administrator needs to follow for hardening servers? I understand the hardening procedures varies depending upon the role of the server e.g Windows servers hosting exchange, sharepoint, database, activedirectory etc. Googling results in plethora of links on this topic but I need clear and precise steps for better and easier understanding for implementation. Not sure if this is the right forum to post this question. Any help you provide is greatly appreciated. Cheers, Venky ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
-- Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger01 ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- Server hardening venkatesh . selvaraju (Mar 24)
- RE: Server hardening Corey Bobb (Mar 24)
- Re: Server hardening exzactly (Mar 24)
- Re: Server hardening Adam Pal (Mar 24)
- <Possible follow-ups>
- Re: Server hardening aaaa (Mar 25)
- RE: Server hardening Chitre, Salil (Mar 25)