Hardening: Theory and General Practice
(Page 1 of 6 )
Hardening is the process of protecting a system against unknown threats. This book by Jonathan Hassell (
Hardening Windows, Apress, ISBN: 1-59059-266-2) is designed to provide a quick and easy checklist-style reference for system administrators who need to anticipate attacks and compromises. This chapter looks at the theories behind security and hardening a system, and how you can take very general approaches to overall organizational security before investigating specific hardening practices on your Windows client and server machines.
"You should be exactly as paranoid as it is cost-effective to be."
—Scott Collins
These are wise words from security expert Scott Collins, and they serve as the underlying motivation behind this book.
Computer security seems to be making the news a lot lately. Almost every week, malevolent forces crawl out of the woodwork to take down high-profile websites. Companies lose millions of dollars and suffer damage to computer systems. As a result, large companies spend thousands of dollars on security systems and products to protect the doors to their corporate networks. Microsoft recently bore the brunt of two intruder attacks on its web properties. The result was hours of downtime and decreased customer confidence.
It’s hard to know the number of intruders currently threatening the computer realm. Many systems administrators and users have built up a tolerance to attempted hacking. They have accepted intruders as the norm, as by-products of using a directly connected system. Many attempts, whether successful or not, go unnoticed by users. Internet security experts agree, though, that the number of attempts at security breaches is increasing, as is the sophistication and efficiency of the attempts. To keep up, vendors and security hardware manufacturers struggle to plug the security holes that intruders uncover and exploit with today’s easy-to-use system-cracking tools.
An intruder attack is only one facet of security with which you should be concerned. Viruses are another big security threat; the fact that they spread easily only increases their infestations. For example, worm viruses spread when users open email attachments, which cause the virus to email itself to the user’s entire contact list. Other Trojan horse viruses can come into your system and leave a back door for intruders who will use your computer to make countless attacks on other users’ machines.
Helping you learn how to protect your computing environment from these various threats is the purpose of this book. System administrators all around the world know the Internet is a hostile environment. They can’t tell when a hacker will attempt to gain access to the SQL server, but they can bet that there will be an attempt soon. Because the operating system is vital to a computer’s functioning, and because it’s the only layer between the machine’s available resources and its users, it’s critical that the OS resists compromise.
Hardening is this process of protecting a system against unknown threats. System administrators harden against whatever they think could be a threat. This book is designed to provide a quick and easy checklist-style reference for system administrators who need to anticipate those attacks and compromises. You’ll need to harden Windows NT, 2000, XP, and Server 2003 against these threats. And in this chapter, I’ll look at the theories behind security and hardening a system, and how you can take very general approaches to overall organizational security before investigating specific hardening practices on your Windows client and server machines.
 This chapter is from Hardening Windows, by Jonathan Hassell (Apress, 2004, ISBN: 1-59059-266-2). Check it out at your favorite bookstore today.
Buy this book now. |
Next: What Is Security? >>
More Windows Security Articles
More By Jonathan Hassell
