The Ethical Hacker Network - Auotmated Hardening Tools

Latest Additions

Who's Online

EH-Net News Feeds

Latest Additions

crossover

Newbie

Offline

Posts: 21

Auotmated Hardening Tools

« on: June 28, 2010, 06:54:08 PM »

Hello All ! I'm looking for Automated Tools for Hardening( servers/routers). Any ideas? I know that NIST provides SCAP files but i don't know how to run.

http://cisecurity.org/en-us/?route=downloads.audittools


	Logged

Bane

Guest

Re: Auotmated Hardening Tools

« Reply #1 on: June 29, 2010, 03:31:44 PM »

Unfortunatelly, there is only one free tool left for SCAP, that I am aware of. Fortunatelly, it works pretty well. The tool is Secutor Prime.

http://www.threatguard.com/downloads.htm


	Logged

sil

Hero Member

Offline

Posts: 536

Re: Auotmated Hardening Tools

« Reply #2 on: June 30, 2010, 09:08:40 AM »

SCAP provides validation of tools whether or not the companies providing the tools offer them at a cost or for free are a different story. CISecurity offers their tools at an extremely low cost. It used to be free once upon a time but bandwidth costs money so I don't see a problem with them charging. Especially when its about $300.00

What SPECIFICALLY are you looking to lock down though? The NSA has some pretty good "readme's" along with certain scripts for different types of servers. For example, Win2k3, 2K servers are covered as are desktop variants. For versions of Solaris, I would go with Titan however, with the newer releases of Solaris (lower than 10) you will have to modify Titan to run. Using the same scripts and principals off of Titan, you could port it and run it on the RH family (CentOS, Fedora) unsure about Debian variants.

What is it *specifically* you're looking to lockdown. Routers differ, I could point you to a Cisco hardening guide only to find out you wanted a Juniper guide.


	Logged

http://www.infiltrated.net/mgz/puppylecter.jpg

sil

Hero Member

Offline

Posts: 536

Re: Auotmated Hardening Tools

« Reply #3 on: June 30, 2010, 10:56:03 AM »

See... A little more clarity makes a lot more sense. So you're looking for a method to lock down multiple components on an enterprise network that consists of Ciscos, Windows, etc...

Now the question becomes... To what degree do you want to lock them down? Let me tell you a little story here... 12 years ago, a company called Security Dynamics (Intrusion) came out with a cool program called Kane Security... Provided pretty much all you asked for on most Windows and Novell systems. At the time I was a security engineer @ a dotcom company which was an MSSP. Kane was "the tool" to have. Offered C2 level security if you needed it...

Being the pain I was back then, I decided to "automate" security processes. I ran Kane on a NT 4 Server Enterprise Edition (they were about a year old back then). Man!!! Did I have security!!! So much security, I couldn't print, couldn't copy and paste, couldn't pretty much do anything. I hadn't taken the time to determine to WHAT EXTENT I needed things secured to. Fun fun fun.

Anyhow, here are some links however, I suggest you create a gameplan instead of relying on too many tools. You'll find at the end of the day its easier to build your own scripts, programs, etc., based on your specific criteria.

NSA Cisco Hardening Guides March 2009
http://www.nsa.gov/ia/_files/routers/cis_securityguides.zip

Microsoft Windows Hardening Tips and Scripts
http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml#microsoft

RHEL Hardening
http://people.redhat.com/sgrubb/files/hardening-rhel5.pdf

Still Secure VAM (if you want to spend some cash)
http://www.stillsecure.com/vam/index.php

Babel Enterprise
http://babelenterprise.com/index.php?lang=en&sec=Babel&sec2=militarizacion

Personally, I would (as stated) probably take a 50k foot view, install something like OSSIM to see what I currently have, where I need to be, and go from there. With OSSIM, you could just script fixes into your risky machines with wmic, python, etc..