Stealth Hardened Linux
The foundation of the Stealth Secure Platform, the hardened
Linux creates a reliable, secure and high performance
environment for mission critical network applications
to run on. Optimized to run on minimal hardware resources,
the code is streamlined to achieve minimum size and maximum
efficiency. Features that may create intrusion vulnerabilities
or 'backdoors' that can be exploited have also been eliminated.
User-friendly, pre-packaged tools allow for easy deployment,
administration and updates.
Stealth Hardened Linux utilizes well known Linux sources
and is compliant with all international standards.
Methodology used to minimize vulnerabilities on the
Stealth platform:
Minimize system vulnerabilities:
a. Remove or disable unnecessary software programs
– sendmail, XWindows, ftp etc.
b. Disable unnecessary processes and services – echo,
icmp, imap etc.
c. Remove compilers, development packages and documentation
files
d. Allow remote login only through SSH
e. Configure Syslog and Log Analyzer
Restrict system, file access
and commands:
f. Lock down system access - set root login time outs,
set minimum password length and configuration rules
g. Disable commands and control mounting of file systems
h. Restrict file access – single user access to /etc/services
; /etc/securetty
i. Eliminate hidden, unowned and group / world writeable
files
j. Lockdown file systems and system binaries
Control user access and rights:
k. Allow only root access to scripts and lockdown
root access – remove ‘s’ bits from root-owned
programs; disable console program access
l. Manage / remove default user groups
m. Allow only one ‘super user’ connection with
root access at any given time
Test, verify and remedy:
n. Test vulnerabilities and apply patches – conduct
comprehensive threat and risk assessment (TRA) and apply
remedies to identified issues. |
| |
