Most security administrators are familiar with the estimate that 90% of successful Web server penetrations could have been prevented by simple administrative safeguards, such as monitoring security bulletins and maintaining an adequate patch level. Indeed, you've probably read numerous articles and tips like this one offering you ideas on how to increase your security posture. But how often do you put these ideas into practice?
Fortunately, there are a number of wonderful resources out there for administrators seeking to quickly ramp up the security posture of their protected systems. If you simply commit to spending a few hours each week tackling a few of the most common vulnerabilities, you'll quickly make great strides towards improving your network security. Let's take a look at some of the more useful security benchmarks available today:
Microsoft's Security Checklists offer operating system and application-specific advice in an easy-to-understand manner. Their site includes almost 20 different checklists and resource guides designed for various Microsoft products.
One of the best sources around for security benchmarks is the Center for Internet Security. They offer baseline configurations for operating systems, applications and network devices and also provide benchmark assessment tools. These automated tools check various Windows/Unix operating systems for known vulnerabilities and provide you with a security "score."
The SANS Top 20 Most Critical Internet Security Vulnerabilities list is continuously updated by SANS and the FBI to include what they judge to be the greatest threats out there. If you only have time to fix a few things, this should be your shopping list.
If you're running Unix systems on your network, you'll probably want to read the CERT UNIX Security Checklist. It provides four detailed sections offering advice on securing the basic Unix operating system, major Unix services, specific versions of Unix and basic patching.
Application developers should check out the Web Application Security Checklist on Enterprise IT Planet. This checklist provides a decent template for incorporating security into Web applications.
All of these benchmarks and checklists offer you a great starting point for enhancing the security of your environment. However, keep in mind that security is more than just checking a bunch of boxes -- it's a state of mind!
More Information
Learn how to harden a Web server and apply countermeasures to prevent hackers from breaking into a network.
Take an in-depth look at how Web sites are attacked and how to reduce the likelihood that an attack is successful.
About the Author
Mike Chapple, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles including the CISSP Prep Guide and Information Security Illuminated.
Rate this Tip
To rate tips, you must be a member of SearchSecurity.com. Register now
to start rating these tips. Log in if you are already a member.
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.
