Because security cannot be guaranteed, you're unlikely to find a tool that can verify that your system is 100% secure. However, there are tools out there that can help you. These tools check whether your OS configuration matches the industry's current best practice and allow you to demonstrate compliance with an accepted security standard. The Center for Internet Security (CIS) is a forerunner at defining consensus best-practice security configurations for Internet-connected computers. CIS works with organizations, information security professionals and auditors until they all agree on security configuration specifications that represent a prudent level of due care. Their free Benchmark and Scoring Tools provide a quick and easy way to evaluate your system and compare its level of security against their minimum due care security benchmarks. Various reports show you how to harden both new and active systems while monitoring them to ensure that security settings continuously conform to the configuration specified in the benchmark.
CIS Benchmarks enumerates security configuration settings and actions that "harden" your system. They are unique, not because the settings and actions are unknown, but because consensus among security professionals worldwide has defined these particular configurations. The CIS Level-I Benchmarks set a prudent level of minimum due care, while CIS Level-II Benchmarks vary depending on architecture and server function. The Level-I Benchmark settings can be applied with little security knowledge, as they are unlikely to cause an interruption of service to the operating system or the applications that run on it. However, the CIS Level-II Benchmarks should be used by system administrators who know how to apply them to the operation systems and applications running in their environment.
CIS's benchmark tools for FreeBSD, Linux and Solaris can be downloaded at http://www.cisecurity.org/benchmarks.html. Commercial software tools that check systems for conformity with CIS benchmarks are also available from Altiris. Their SecurityExpressions tools for Solaris, Linux and HP-UX operating systems have been certified by CIS and can be found at http://www.pedestal.com/products/se/.
This was first published in August 2005