-
Hardening your application servers (5 messages)
- Posted by: Sateesh Narahari
- Posted on: February 03 2010 09:47 EST
Sateesh Naharani looks at the new hardening guidelines from CIS and discusses what steps someone should take to ensure that their Tomcat instances are hardened as per these guidelines while taking advantage of the MuleSoft Tomcat Tcat Server product. NIST, or a set of internal guidelines? What have been your experiences in these area and can you suggest ways to secure your servers beyond what CIS suggests? Edit: Fixed the link. Thanks Sateesh!Threaded Messages (5)
- Re: Hardening your application servers by Sateesh Narahari on February 03 2010 10:32 EST
- Re: Hardening your application servers by James Watson on February 04 2010 10:48 EST
- direct cis link by Cat Weazle on February 04 2010 10:52 EST
- DOD STIGS As Well by James House on February 04 2010 11:38 EST
- Re: DOD STIGS As Well by Sateesh Narahari on February 04 2010 13:49 EST
-
Re: Hardening your application servers[ Go to top ]
- Posted by: Sateesh Narahari
- Posted on: February 03 2010 10:32 EST
- in response to Sateesh Narahari
Apologies for the broken link. The blog is here: http://blogs.mulesoft.org/is-your-tomcat-secure/ CIS website is www.cisecurity.org -
Re: Hardening your application servers[ Go to top ]
- Posted by: James Watson
- Posted on: February 04 2010 10:48 EST
- in response to Sateesh Narahari
Thanks for posting, this is great news. Hopefully we'll see more of this for other web/app servers. This kind of thing is particularly useful for people in IT departments with regulatory concerns. -
direct cis link[ Go to top ]
- Posted by: Cat Weazle
- Posted on: February 04 2010 10:52 EST
- in response to Sateesh Narahari
-
DOD STIGS As Well[ Go to top ]
- Posted by: James House
- Posted on: February 04 2010 11:38 EST
- in response to Sateesh Narahari
U.S. DOD DISA (Defense Information Systems Agency) also publishes some security implementation guides. This includes documents relating application servers in general and additional documents specific to Tomcat and Weblogic. http://iase.disa.mil/stigs/checklist/index.html -
Re: DOD STIGS As Well[ Go to top ]
- Posted by: Sateesh Narahari
- Posted on: February 04 2010 13:49 EST
- in response to James House
U.S. DOD DISA (Defense Information Systems Agency) also publishes some security implementation guides.
Thanks James for the STIG reference. Will check them out as well. I find STIG are very useful ( they are often very well researched, lot of effort goes into them), although I hear that they are too strict to follow for commercial organizations. I am curious if any of you in commercial IT are using STIG for hardening your infrastructure?
This includes documents relating application servers in general and additional documents specific to Tomcat and Weblogic.
http://iase.disa.mil/stigs/checklist/index.html