Discussions

News: Hardening your application servers

  1. Hardening your application servers (5 messages)

    Sateesh Naharani looks at the new hardening guidelines from CIS and discusses what steps someone should take to ensure that their Tomcat instances are hardened as per these guidelines while taking advantage of the MuleSoft Tomcat Tcat Server product. NIST, or a set of internal guidelines? What have been your experiences in these area and can you suggest ways to secure your servers beyond what CIS suggests? Edit: Fixed the link. Thanks Sateesh!

    Threaded Messages (5)

  2. Apologies for the broken link. The blog is here: http://blogs.mulesoft.org/is-your-tomcat-secure/ CIS website is www.cisecurity.org
  3. Thanks for posting, this is great news. Hopefully we'll see more of this for other web/app servers. This kind of thing is particularly useful for people in IT departments with regulatory concerns.
  4. direct cis link[ Go to top ]

    http://cisecurity.org/en-us/?route=downloads.show.single.tomcat.100
  5. DOD STIGS As Well[ Go to top ]

    U.S. DOD DISA (Defense Information Systems Agency) also publishes some security implementation guides. This includes documents relating application servers in general and additional documents specific to Tomcat and Weblogic. http://iase.disa.mil/stigs/checklist/index.html
  6. Re: DOD STIGS As Well[ Go to top ]

    U.S. DOD DISA (Defense Information Systems Agency) also publishes some security implementation guides.

    This includes documents relating application servers in general and additional documents specific to Tomcat and Weblogic.


    http://iase.disa.mil/stigs/checklist/index.html
    Thanks James for the STIG reference. Will check them out as well. I find STIG are very useful ( they are often very well researched, lot of effort goes into them), although I hear that they are too strict to follow for commercial organizations. I am curious if any of you in commercial IT are using STIG for hardening your infrastructure?