Chapter 8 - Infrastructure Security: System Hardening

Abstract

This chapter explains the hardening methods and techniques that can be applied on various OS-based, network-based, application-based systems. Operating system (OS) hardening includes locking down file systems and methods for configuring file systems properly to limit access and reduce the possibility of a breach. Many OS default configurations do not provide an optimum level of security, because priority is given to those who need access to data. Even so-called “secure” OSs may have been configured incorrectly to allow full access. Thus, it is important to modify OS settings to harden the system for access control. Controlling access is an important element in maintaining system security. The most secure environments follow the “least privileged” principle, which states that users are granted the least amount of access possible that still enables them to complete their required work tasks. Many network-based devices, such as routers and switches, must be secured to stop unauthorized individuals from updating the firmware installed on them, or modifying or installing configurations such as access control lists (ACLs). Disabling unneeded services and protocols on a network and disabling the services that are not required can make the network more secure. Application-based hardening explores the fundamentals of securing domain name server (DNS), dynamic host control protocol (DHCP), databases, and other applications, systems, and services on a network.