by Hal Flynn
In todays company, the fast pace of business puts the speedy deployment of technology resources in the critical path. Staff often work late hours and overtime to keep with the stride of evolving business needs and requirements. However, rapid deployment often involves cutting corners. Sometimes, these corners are in planning. Other times, these corners are design.
The most commonly overlooked and compromised portion of an implementation in rapid deployment is security. All too often, servers are racked, operating system loaded, and recommended patch clusters installed within a few hours. Shortly thereafter vendors arrive with application software, or database administrators install their respective software and populate their databases. After the installation of the application software, the server is tested, and placed into production.
Yet while the systems may have been patched, what's to prevent exposure to newly developed bugs after the system has been placed into a production status? What insurance is there that a system will be less exposed when maintenance and patching is done only during the next scheduled outage window, or when approved by change management?
This document outlines the creation a of Diamond in the Rough, a server hardened to network intruders attempting to gain access through service exploits, both known and unknown. This document is not intended to detail the hardening of a system for local users, nor is it intended to provide the final say in what services should and should not be permitted on production systems. In this text we will examine services that run by default, and discuss both the benefits and drawbacks of disabling these services. As shutting down every service isn't always possible, approaching systems with a regimented security paradigm and justification of business needs will help determine exactly what is needed in your environment. It is impossible to create one model that applies to all systems. The purpose of each system varies as widely as people and personalities. In essence, the goal is to mine the raw stone. You, the jeweler, polish and cut the stone into a fine piece, deciding how you want it to look.
This article originally appeared on SecurityFocus.com -- reproduction in whole or in part is not allowed without expressed written consent.