RSSThe five basic goals of system configuration
December 20th, 2006In an article by Bruce Byfield, Configuration: the forgotten side of security, I was one of several people interviewed about proactive security. In response to one question about best practices for configuring UNIX systems, I provided five goals that I use in building systems. I did not think that it would be included in the article or even a section.
Here are the goals:
1) Build for a specific purpose and only include the bare minimum needed to accomplish the task.
2) Protect the availability and integrity of data at rest.
3) Protect the confidentiality and integrity of data in motion.
4) Disable all unnecessary resources.
5) Limit and record access to necessary resources.
These goals are intentionally generic. The specifics on implementation vary based on the operating system and software used. There many security configuration guides for every operating system available. The problem is that these documents are outdated quickly. (I am intimately familiar with this problem having written one for Solaris [PDF] and updated it three times.) Having a generic set of goals help guide the implementation regardless of the systems and software used.
2 Comments
Comments RSS TrackBack Identifier URI
Leave a comment
Martin, you forgot the most important goal of all: leave behind a clear set of docs on what you did. If you don't do this, what's the poor guy who has to maintain or fix the box going to do? Scratch his head while he puzzles out what the box is suppoed to do and how it was set up to do it?
In this tip, information security expert Kevin Beaver outlines various security tests you can perform, along with tools you can use to ethically hack your storage systems and uncover vulnerabilities you might not have discovered otherwise.