IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [hardening]

the process of tightening security on a system.

By shoring up our defenses we hope to prevent unauthorized access and maintain one or more of The 5 Pillars. When we speak of "hardening" something we are often referring to the process of tightening security on a system by way of editing configurations. It can, however, also involve spreading out and practicing good Defense in Depth.

271 questions
105
votes
11 answers

Best practices for Apache Server hardening?

What are some best practices, recommendations, required reading for securing an Apache Server?
Eric Warriner
  • 3,251
  • 3
  • 24
  • 20
97
votes
8 answers

How can I protect my internet-connected devices from discovery by Shodan?

There's been a lot of buzz around this recent CNN article about Shodan, a search engine that can find and allow access to unsecured internet-connected devices. Shodan runs 24/7 and collects information on about 500 million connected devices and…
Aarthi
  • 901
  • 1
  • 9
  • 10
89
votes
9 answers

Hardening Linux Server

We have already had questions on here about Hardening Apache, Hardening PHP and Securing SSH. To continue this trend I am interested in what steps people take to harden Linux servers. As in what steps do people always take when setting up a new…
Mark Davidson
  • 9,367
  • 6
  • 43
  • 61
71
votes
12 answers

Why block outgoing network traffic with a firewall?

In terms of a home network, is there any reason to set up a router firewall so that all outgoing ports are blocked, and then open specific ports for things such as HTTP, HTTPS, etc. Given that every computer on the network is trusted, surely the…
Alex McCloy
  • 813
  • 1
  • 7
  • 5
55
votes
8 answers

Keeping secrets from root on Linux

I am looking for ways to harden a linux system so that even when gaining full root access (through legit or non-legit means), some secrets remain inaccessible. But first a little background. Many of the different linux security models (SELinux,…
Nakedible
  • 4,501
  • 4
  • 25
  • 22
46
votes
4 answers

Does adding a password to BIOS prevent malware from infecting it?

I'm looking into ways of hardening a computer's security. One of the things is the BIOS. Does adding a password to the BIOS prevent malware from infecting it? I have seen this article: Protecting the BIOS from malware but it doesn't mention…
user148283
  • 493
  • 1
  • 4
  • 7
45
votes
8 answers

What methods are available for securing SSH?

What methods are available for securing SSH?
Olivier Lalonde
  • 5,039
  • 8
  • 31
  • 35
42
votes
7 answers

Best practices for securing an android device

Does anyone have any suggestions on securing an Android device? I'm not particularly interested in enterprise level software - I'm looking to secure my own ZTE Blade phone which has a lot of personal information on it. Question taken from:…
Chris Dale
  • 16,119
  • 10
  • 56
  • 97
40
votes
6 answers

Secure Linux Desktop

I'm looking for hints about secure linux desktops. Securing servers is no problem. Most recent Software Updates, run only the services required etc. But what about desktops? I'm thinking about details like Noscript for Firefox. ASLR, PIE and similar…
chris
  • 401
  • 1
  • 5
  • 3
33
votes
6 answers

Most secure way to partition linux?

I recently acquired a netbook to play with, and I want to install Kali Linux so I can start learning about network security and exploit development. I want to use this to learn as much about security as I can. What is the best way to partition a…
TestinginProd
  • 908
  • 3
  • 9
  • 14
32
votes
20 answers

How can I prevent my kids from bypassing my computer restrictions?

My son has a downloaded copy of Ubuntu that he uses to "break" into my computer, bypassing Vista. I have two questions: Can this damage my computer or corrupt my files? (I have lots of pictures) Is there a way for me to block this disc from working…
Brenda
32
votes
3 answers

Why doesn't Linux randomize the address of the executable code segment?

I've recently been learning about how ASLR (address space randomization) works on Linux. At least on Fedora and Red Hat Enterprise Linux, there are two kinds of executable programs: Position Independent Executables (PIEs) receive strong address…
D.W.
  • 98,420
  • 30
  • 267
  • 572
29
votes
4 answers

What are the toughest SSH daemon settings in terms of encryption, handshake, or other cryptographic settings?

I work heavily with SSH and SFTP, to be specific between two machines, both of which have their SSH port open on a public IP address. What are the toughest SSH daemon settings in terms of encryption, handshake, or other cryptographic settings in…
LinuxSecurityFreak
  • 1,562
  • 2
  • 18
  • 32
28
votes
3 answers

How to secure a MongoDB instance?

Does anybody have experience with securing/hardening MongoDB server? Check lists or guides would be welcome.
AaronS
  • 2,575
  • 5
  • 22
  • 26
28
votes
9 answers

How can I protect a WordPress installation?

How do you go about protecting a default WordPress installation? What checklist do you use, best practices, tips and tricks, etc? Any recommendations on plugins, third-party tools are welcome.
Nuno Morgadinho
  • 383
  • 2
  • 6
1
2 3
18 19