Re: Linux Hardening

From: Stefan Knecht <knecht.stefan_at_gmail.com>
Date: Wed, 25 Mar 2015 03:43:12 +0700
Message-ID: <CAP50yQ-q3TppNYj2eOP_gtbU8VpVe+gJcZ9hQh-uMUJcDVd_0w_at_mail.gmail.com>

George, I think you should be asking yourself what you are trying to achieve or secure. Applying random security standards isn't going to solve a specific problem.

Think about what you want to protect, and what the extent of "discomfort" is, that you're willing to accept in order to achieve the relevant security that makes your clients / managers feel safe. Nowadays, security knows virtually no limits. The only real limit is your imagination, and your budget.

PCI/DSS, Sarbanes Oxley, and whatever other standards may exist; they exist to serve a specific purpose. Securing a system that has nothing whatsoever to do with credit cards according to PCI/DSS makes little to no sense.

I think if you're looking for very specific recommendations you would be better off stating what you're trying to protect, and from what kind of attack vectors. That would enable the list's readers to provide you with advise in relation to your actual situation.

Stefan

On Wed, Mar 25, 2015 at 12:48 AM, George <georgelza_at_gmail.com> wrote:

> Hi Mladen
>
> Thanks, It seems everyone lists that document as the main source.
>
> Let me ask the more security guys a different question, what is the
> different security standards.
> I know of PCI, POPI, Serbians Oxley,
>
> G
>
> On Tue, Mar 24, 2015 at 7:42 PM, Mladen Gogala <
> dmarc-noreply_at_freelists.org> wrote:
>
>> On 03/24/2015 10:56 AM, George wrote:
>>
>>> Hi guys
>>>
>>> Does anyone have a good white paper that covers how/what to change to
>>> harder a Linux OS.
>>>
>>> G
>>>
>>> --
>>> You have the obligation to inform one honestly of the risk, and as a
>>> person
>>> you are committed to educate yourself to the total risk in any activity!
>>>
>>> Once informed & totally aware of the risk,
>>> every fool has the right to kill or injure themselves as they see fit!
>>>
>>
>> There is an official, fairly extensive, paper published by the NSA:
>>
>> https://www.nsa.gov/ia/_files/os/redhat/NSA_RHEL_5_GUIDE_v4.2.pdf
>>
>> The paper can be found on the government's official page about securing
>> operating systems:
>>
>> https://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/
>> operating_systems.shtml#linux2
>>
>>
>> --
>> Mladen Gogala
>> Oracle DBA
>> http://mgogala.freehostia.com
>>
>> --
>> http://www.freelists.org/webpage/oracle-l
>>
>>
>>
>
>
> --
> You have the obligation to inform one honestly of the risk, and as a person
> you are committed to educate yourself to the total risk in any activity!
>
> Once informed & totally aware of the risk,
> every fool has the right to kill or injure themselves as they see fit!
>

--
http://www.freelists.org/webpage/oracle-l

Received on Tue Mar 24 2015 - 21:43:12 CET

This message: [ Message body ]
Next message: Sheehan, Jeremy: "increasing COMPATIBLE parameter"
Previous message: George: "Re: Linux Hardening"
In reply to: George: "Re: Linux Hardening"
Next in thread: George: "Re: Linux Hardening"
Reply: George: "Re: Linux Hardening"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message