Hardening dilemma

December 14, 2009 — Leave a comment

When you have to secure a system you probably have come to the dilemma ‘Which method is the best? Bastille or manual hardening?’ at least I did it.

Bastille is a very good option, it will ease the process and you can even use the “Install Time Security” during the installation of new systems or use the configuration files in an already runing system (the files are in /etc/opt/sec_mgmt/bastille/configs/defaults), but some time ago I decide that it didn’t suit my needings since I like to mantain the control of the whole process.

If you really want to be sure that every corner in your systems is properly secured and monitored it is worthwhile to spend some time studiying your severs and the services running and its dependencies. After the compilation of all that data you can develop a generic security policy and use it as starting-point to customize the security of every server.

In the end of course this is up to you, you must choose whatever suits better your needings.



No Comments

Be the first to start the conversation!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s