This portion of the guide will
only give basic recommendations instead of strict rules. The procedures and
examples here should give you the ability to apply security enhancement
techniques to a wider variety of server-based services and programs.
Some subjects of this chapter
have been discussed before. However, you will find more details and
explanations in this chapter. Selected general topics are:
Physical Security – Protection
of the server from environmental threats (people, laces,
things).
Security Policies and
Procedures – Server life cycle management, disk/media reclamation, backup and
archive security.
·
Systems
Monitoring – Procedures around event notification/management.
·
Systems
Automation – Mechanisms and/or procedures for automatic security measures.
·
Heuristics,
account control, security reporting and remediation, automated shutdown, etc.
·
Systems
Management – Methods to obtaining packages, verification and signing keys, patching
procedures and recommendations.
·
Securing
Network – Addition programs, ports and service wrappers – iptables, tcpwrappers,
services.
·
Remote
Access – extra SSH information and key federation. CA integration.
·
Common
Services – mail, NFS and automount.
·
Securing
the Kernel and Init Process – parameters, systemd targets, and boot scripts.
·
Access
Control – user/groups/permissions.
·
Password
Security and Warnings – Proper setup of passwords, banners and xinetd .
·
Miscellaneous
Security – Assorted security settings and miscellany.
·
Resources
– Web links, documentation and example references, HOWTOs and general
information, product links.
No comments:
Post a Comment