OS Hardening

• Every service is a point of entry

  • Turn off unneeded services
  • Wrap needed services (limit access by IP address)
  • Audit source code

• Every setuid/setgid binary may give up privileges

  • Audit source
  • Turn off setuid/setgid bit

Previous slide

Next slide

Back to first slide

View graphic version