Implementing Security, Part I: Hardening your Windows Servers
- Setting Proper Expectations
- Hardening Systems
Setting Proper Expectations
This article gives you a starting point for building a secure Internet connection. General security could easily cover an entire book. Specific topics in security, such as Public Key Infrastructure (PKI), IP Security for IPv4 and IPv6 (IPSec), Virtual Private Networks (VPNs), or a specific vendor's firewall implementation could all be (and indeed are) volumes all their own.
The goal here is to provide the absolute basics necessary to secure your Internet connection. Additional reading will be required, depending on the equipment you purchase and the infrastructure you build. Additional effort on your part will be required. Security is a constant effort; the only thing guaranteed is that you won't be 100% secure 100% of the time.
You will need to spend some time with your internal security policies. You'll be using resources such as my earlier article, "Assessing Your Security Needs," and RFC 2196: "The Site Security Handbook." You should now have a good handle on the threat model as well as an idea of what you're protecting and whom you are protecting it from. Properly defining your threat model and internal security policies gives you a framework within which you can begin to build and maintain your organization's integrity.
A Basic Security Primer
These books can help you a great deal in designing and implementing your security:
Firewalls and Internet Security: Repelling the Wily Hacker, by Bill Cheswick and Steve Bellovin. Published by Addison Wesley. ISBN 0-201-63357-4
Building Internet Firewalls, by D. Brent Chapman and Elizabeth Zwicky. Published by O'Reilly Books. ISBN 1-56592-124-0
Practical Internet & UNIX Security, by Simson Garfinkel and Gene Spafford. Published by O'Reilly Books. ISBN 1-56592-148-8