[Peaches4U]

Quote

A hardened approach to system security

Hardening software to prevent security breaches is coming back into fashion. And, yes, it's worth the trouble.
Glenn Phillips, president of Pelham, Ala.-based Forté, says that the dedicated Windows workstations his company sells to hospital emergency room administrators must not only be secure, but absolutely tamperproof as well. After all, lives depend on the machines' flawless operation.

Phillips and others who need to create highly secure workstations or servers are turning to hardening to create a virtual steel wall against intruders. The hardening process involves removing nonessential tools and utilities from an operating system or application, any of which could be used to help an attacker gain unauthorized access to system settings or data. The approach can be used to substitute for or, more commonly, complement other security practices and technologies, such as network firewalls.

Hardening is a technique that's been around since the earliest days of networked computers, but it gradually fell into disuse as software vendors boosted the security of their products and IT managers adopted new security technologies and practices.

Hardening basics

Chase Carpenter, a manager in Microsoft's Windows Server unit, says a hardening strategy should focus on the following tactics:

Reducing the attack surface

* Remove nonessential tools and features.

* Disable unnecessary services and protocols.

* Remove or secure file shares.

Restricting user access

* Limit the number of user accounts.

* Curb access rights.

Protecting against known and theoretical attacks

* Configure common security settings.

* Apply necessary patches and updates.

* Use encryption where possible to protect critical data.

Using available tools to detect attacks

* Configure the system to log appropriate and inappropriate user access.

* Configure the system to make it difficult or impossible for attackers to cover their tracks.

-- John Edwards

http://www.pcadvisor...ty/?zk=security