Operating System - HP-UX
1748235 Members
3230 Online
108759 Solutions
New Discussion юеВ

Re: What is OS hardening !

 
SOLVED
Go to solution
bond007
Advisor

What is OS hardening !


Hi All,

Couls you give me some info about OS hardening ? What is that exactly ?

Thanks in advance,

Bond
12 REPLIES 12
Zigor Buruaga
Esteemed Contributor

Re: What is OS hardening !

Hi,

A good definition:

"An Overview of OS Hardening
Philosophy

Out of the box, nearly all operating systems are configured insecurely. The idea of OS hardening is to minimize a computer's exposure to current and future threats by fully configuring the operating system and removing unnecessary applications."

Extracted from http://www.infosec.csusb.edu/info/practices/os-hardening/overview.html

Regards,
Zigor
Zigor Buruaga
Esteemed Contributor

Re: What is OS hardening !

Hi again,

You may also want to take a look at HP-UX Bastille:

http://docs.hp.com/en/5990-6737/ch07s06.html

I forgot to mention this in my first reply, no points please.

Regards,
Zigor
Bill Hassell
Honored Contributor

Re: What is OS hardening !

One additional reference is Kevin Steves' most excellent paper "Building a Bastion Host":

http://www.windowsecurity.com/whitepaper/unix_security/Building_a_Bastion_Host_Using_HPUX_11.html

This will provide a very high level of security, typically needed for Internet-facing systems. Be sure to read the details and test the results to make sure your applications still function correctly in a high security environment.


Bill Hassell, sysadmin
Chan 007
Honored Contributor

Re: What is OS hardening !

Bond,

OS hardning is bastionising this system.

This is normally applicable for those servers that are planned for Internet facing systems. Normally placed in upper and lower DMZs (Demitraised Zone).

This is to ensure that the systems should not provide any possibility for hacker to access.

Normal points considered

1. No users logging (only root)

2. Not in your normal campus LAN

3. Stop IP forwarding

4. No additional s/w loaded only OS with specific application

Chan
Steven E. Protter
Exalted Contributor

Re: What is OS hardening !

Shalom Bond,

Simply put its making it harder for someone to hack the system. Key word is hard.

It involves not running unneeded services and deamons, making permissions on critical files and directories less permissive.

The bastion document is the best guide to system hardening.

An important, oft ignored area is patching. Quite often hackers find a way to overload or otherwise breach a normal daemon like httpd or named and gain root accesss.

These attacks are detected and often HP and other OS venders come up with revised versions of the various binary programs. If you don't patch, you miss out.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Sivakumar TS
Honored Contributor

Re: What is OS hardening !


Hi,

http://www.hp.com/products1/unix/operating/security/

The above link has info about the HPUX security.

Hope this helps.

Siva.
Nothing is Impossible !
Sivakumar TS
Honored Contributor

Re: What is OS hardening !

This has a more generic info...

http://www.infopeople.org/resources/security/general_security/os_hardening.html
Nothing is Impossible !
Ralph Grothe
Honored Contributor
Solution

Re: What is OS hardening !

Though the mentioned Bastion Host document is quite a good reference it is by now somewhat dated.
Meanwhile there have established more sophisticated methods to harden a server.

One more recent project is Bastille that aids you in hardening your system.
Originally a Linux spin off it is now also supported by HP

http://hp.sourceforge.net/

Then after you have hardened your system you could run Nessus checks against it.

http://www.nessus.org/

Also this has been ported by HP

http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXIEXP1111


Yet a more stringent sandboxing is followed by Role Based Access Control (RBAC)

http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=AccessControl


or projects like SELinux look very promising

http://www.nsa.gov/selinux/

SELinux is particularily well integrated in RedHat's Fedora or RHEL.
But it is still work in progress.
Added to the Discretionary Access Control (DAC) usual Unix systems offer comes Mandatory Access Control (MAC)
where one sets up a set of policies for every subject (e.g. process) that minutely detail what actions (e.g. opening files, appending to them, starting child procs etc.) may be taken on what objects (e.g. files, directories, other processes).
Madness, thy name is system administration
A. Clay Stephenson
Acclaimed Contributor

Re: What is OS hardening !

One tried and true method of OS Hardening is to heat the box to a bright red color and then quench it in oil. After this treatment, no intruder will be able to access any of your valueable data.
If it ain't broke, I can fix that.