.

Auotmated Hardening Tools

<<

crossover

Newbie
Newbie

Posts: 21

Joined: Thu Apr 01, 2010 1:39 pm

Post Mon Jun 28, 2010 6:54 pm

Auotmated Hardening Tools

Hello All ! I'm looking for Automated Tools for Hardening( servers/routers). Any ideas? I know that NIST provides SCAP files but i don't know how to run.

http://cisecurity.org/en-us/?route=downloads.audittools
<<

Bane

Post Tue Jun 29, 2010 3:31 pm

Re: Auotmated Hardening Tools

Unfortunatelly, there is only one free tool left for SCAP, that I am aware of. Fortunatelly, it works pretty well. The tool is Secutor Prime.

http://www.threatguard.com/downloads.htm
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Wed Jun 30, 2010 9:08 am

Re: Auotmated Hardening Tools

SCAP provides validation of tools whether or not the companies providing the tools offer them at a cost or for free are a different story. CISecurity offers their tools at an extremely low cost. It used to be free once upon a time but bandwidth costs money so I don't see a problem with them charging. Especially when its about $300.00

What SPECIFICALLY are you looking to lock down though? The NSA has some pretty good "readme's" along with certain scripts for different types of servers. For example, Win2k3, 2K servers are covered as are desktop variants. For versions of Solaris, I would go with Titan however, with the newer releases of Solaris (lower than 10) you will have to modify Titan to run. Using the same scripts and principals off of Titan, you could port it and run it on the RH family (CentOS, Fedora) unsure about Debian variants.

What is it *specifically* you're looking to lockdown. Routers differ, I could point you to a Cisco hardening guide only to find out you wanted a Juniper guide.
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Wed Jun 30, 2010 10:56 am

Re: Auotmated Hardening Tools

See... A little more clarity makes a lot more sense. So you're looking for a method to lock down multiple components on an enterprise network that consists of Ciscos, Windows, etc...

Now the question becomes... To what degree do you want to lock them down? Let me tell you a little story here... 12 years ago, a company called Security Dynamics (Intrusion) came out with a cool program called Kane Security... Provided pretty much all you asked for on most Windows and Novell systems. At the time I was a security engineer @ a dotcom company which was an MSSP. Kane was "the tool" to have. Offered C2 level security if you needed it...

Being the pain I was back then, I decided to "automate" security processes. I ran Kane on a NT 4 Server Enterprise Edition (they were about a year old back then). Man!!! Did I have security!!! So much security, I couldn't print, couldn't copy and paste, couldn't pretty much do anything. I hadn't taken the time to determine to WHAT EXTENT I needed things secured to. Fun fun fun.

Anyhow, here are some links however, I suggest you create a gameplan instead of relying on too many tools. You'll find at the end of the day its easier to build your own scripts, programs, etc., based on your specific criteria.

NSA Cisco Hardening Guides March 2009
http://www.nsa.gov/ia/_files/routers/ci ... guides.zip

Microsoft Windows Hardening Tips and Scripts
http://www.nsa.gov/ia/guidance/security ... #microsoft

RHEL Hardening
http://people.redhat.com/sgrubb/files/h ... -rhel5.pdf

Still Secure VAM (if you want to spend some cash)
http://www.stillsecure.com/vam/index.php

Babel Enterprise
http://babelenterprise.com/index.php?la ... tarizacion

Personally, I would (as stated) probably take a 50k foot view, install something like OSSIM to see what I currently have, where I need to be, and go from there. With OSSIM, you could just script fixes into your risky machines with wmic, python, etc..
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Wed Jun 30, 2010 11:23 am

Re: Auotmated Hardening Tools


Return to General Certification

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software