System Assessmentand Hardening Concepts

In an ideal world, everything deployed would be secure, meet a corporate baseline, and never have an error introduced in the process. In the real world, that is not the case. In order to determine at a granular level where you are versus where you need to be, you must take inventory. IT inventory should include a snapshot of how a system or device is configured and operating.

The first step is to identify all of the hosts by hardware and software types and versions. Next, perform a host assessment on a sampling, or all if numbers allow. The host assessment will be unique for each type of technology. The elements reviewed, however, do fall into a finite number of categories. These categories are best divided among network devices and hosts, and in the case of software-based firewalls, you will need a combination of both. There are a multitude of automated tools to aid in assessing your hosts. A popular and widely adopted set can be found at the Center for Internet Security's web site, http://www.cisecurity.org. Using broader vulnerability assessment tools as well will give you a view of particular systems from a true vulnerability standpoint. You can find some great free tools listed in the "Must-Have Free (or Low Cost) Tools" section of the Reference Center.

The following table identifies the major areas that should be reviewed to measure your current posture. These focus only on the host-specific aspects and not on any external factors that should also be addressed, such as environmental.

Devices			Host
Firmware version 	OS version
User access controls 	Patch level
Services 		Access controls/password
Access control lists 	Review of services
Logging 		User accounts
			File permissions
			File sharing
			Host integrity
			Logging
			Network controls
			Application versions and configuration
			(These are unique steps, highlighted in
			the "Checklists" section for mail, Web, FTP, and DNS.)