Sateesh Naharani looks at the new hardening guidelines from CIS and discusses what steps someone should take to ensure that their Tomcat instances are hardened as per these guidelines while taking advantage of the MuleSoft Tomcat Tcat Server product. NIST, or a set of internal guidelines? What have been your experiences in these area and can you suggest ways to secure your servers beyond what CIS suggests? Edit: Fixed the link. Thanks Sateesh!
- Posted by: Sateesh Narahari
- Posted on: February 03 2010 09:47 EST
- Re: Hardening your application servers by Sateesh Narahari on February 03 2010 10:32 EST
- Re: Hardening your application servers by James Watson on February 04 2010 10:48 EST
- direct cis link by Cat Weazle on February 04 2010 10:52 EST
- DOD STIGS As Well by James House on February 04 2010 11:38 EST
Apologies for the broken link. The blog is here: http://blogs.mulesoft.org/is-your-tomcat-secure/ CIS website is www.cisecurity.org
Thanks for posting, this is great news. Hopefully we'll see more of this for other web/app servers. This kind of thing is particularly useful for people in IT departments with regulatory concerns.
U.S. DOD DISA (Defense Information Systems Agency) also publishes some security implementation guides. This includes documents relating application servers in general and additional documents specific to Tomcat and Weblogic. http://iase.disa.mil/stigs/checklist/index.html
U.S. DOD DISA (Defense Information Systems Agency) also publishes some security implementation guides.Thanks James for the STIG reference. Will check them out as well. I find STIG are very useful ( they are often very well researched, lot of effort goes into them), although I hear that they are too strict to follow for commercial organizations. I am curious if any of you in commercial IT are using STIG for hardening your infrastructure?
This includes documents relating application servers in general and additional documents specific to Tomcat and Weblogic.