Monday, 16 December 2013

OSSEC Server System Hardening

Your Intrusion Detection System is only as secure as the system it is build upon. From the official OSSEC Host-Based Intrusion Detection Guide, the following are tips for hardening your server's OS:

Some guidelines to remember for OSSEC HIDS server operating system hardening:
  • The system must be dedicated to the OSSEC HIDS server and provide no other services to the network.
  • Unnecessary software must never be installed on the server.
  • All non-OSSEC HIDS ports must be blocked.
  • If SSH access is required to the system, it must be restricted to other secure hosts.
  • If used, the WUI must only be accessible from other secured hosts.
  • The OSSEC HIDS server system must not be part of the main network authentication domain.
  • All documented techniques for hardening the chosen operating system must be followed before installing the OSSEC HIDS.
These suggestions are all intended as preventative measures to reduce the risk of unauthorized access. They also make rootkit and Trojan installation extremely difficult even during a major incursion into your network.
There are many resources available for system hardening. Thankfully, the OSSEC HIDS server does not run on Windows platforms so system hardening is not complicated. Here are some starting points for Linux system hardening:

No comments:

Post a Comment