Questions tagged [hardening]
the process of tightening security on a system.
284 questions
2votes
1answer
51views
Automated auditing of device image based on CIS Hardening Image Benchmark
I recently discovered the CIS Hardening Image Benchmarks and they seem very useful for auditing the baseline image of a device. However, these CIS Benchmarks are very in-depth and are around 1,300 ...
0votes
0answers
58views
What's next for hardware-level security features?
Seems like there's been a lot of hardware-enabled security features released for x64 in the last few years. MPX (albeit that's since been deprecated), MBEC, CET with indirect branch control and shadow ...
1vote
0answers
30views
Is this CIS CAT Lite rule applicable to Windows 10?
The CIS CAT Lite tool fails a rule and has the following note: "This Group Policy path is provided by the Group Policy template <...>.admx that is included with the Microsoft Windows 11 ...
- 131
0votes
0answers
116views
Ubuntu 24.04 and SUID
I'm trying to understand SUID privilege escalation and I'm trying to recreate some issues. But both all my scripts and binaries drop the SUID-Bit and get executed with the user with which I'm ...
- 29
2votes
1answer
72views
sshd HostKey hardcoding implementation
We are performing regular reinstallations of our systems which keeps on changing the servers sshd private keys due to regeneration at the end of the OS installation. Due to this our automated systems ...
- 21
0votes
1answer
335views
Port knocking through NAT for self-hosted server
I decided to move to self-hosting because it is cheaper. What I want to host: My personal website Some apps for fun Maybe later a Honeypot I have my old laptop acting as the main host. It has Ubuntu ...
-2votes
2answers
225views
How to learn to secure Web Applications? [closed]
The server is based on Linux and applications are based on Android and iOS. I was looking through "Linux Hardening Guide" as someone recommended it to me in order to harden Linux servers. I ...
- 161
0votes
1answer
200views
Do I need to study how to find security flaws in order to harden my Linux server?
I'm wondering this. I am planning to resolve Vulnerability Assessment and Penetration Testing reports. Do I need to learn how to do such attacks in order to harden the server? Or don't I?
- 161
0votes
1answer
138views
OS/DB Hardening Checklist Drafting Process
We are looking into reviewing our organization OS/DB hardening checklist (done by predecessor). We're aware that there are various benchmarks out there like CIS & STIG to guide on that, and the ...
- 3
1vote
1answer
116views
Theoretical unbreakable security for a single compute instance/machine [closed]
UPDATE : i know i modify the post significantly, will try to not do that anymore. Please read from scratch Let's imagine we have a machine that holds customer private keys to various crypto assets, ...
- 111
1vote
1answer
431views
Rowhammer mitigations in current hardware and software
I've been looking into rowhammer attacks and mitigations and there are two (what seem to be) mitigations that I've seen that are actually implemented in currently available hardware and software, but ...
1vote
3answers
745views
Understanding FDE: Is the encrypted Linux protected against a compromised boot volume?
I use this initramfs-based FDE on my headless server. My motivation is to secure my system against physical tampering. I am aware that securing an untrusted hardware is not possible. This question is ...
- 113
4votes
1answer
617views
Why should I re-generate a server's SSH host keys?
This server hardening guide suggests re-generating the RSA and ED25519 host keys. What is the advantage of re-generating the default key?
- 141
2votes
1answer
366views
Why should I disable insecure SSH hostkeys if I never plan on using them?
A number of articles suggest removing insecure (broken) SSH key types in order to have a more secure server. In practice, if I only connect to the server with secure key types, why should I bother ...
- 141
1vote
0answers
110views
Is there any guideline or procedure for 4G hardware equipement (4G landline phone and home Wifi router) security audit/assessment?
I need to perform a security audit/assessment on 4G LTE hardware equimements : 4G landline wireless phone (not android OS but with many features such as WiFi hotspot) 4G Wifi home router Is there ...
- 379
