AIX Security Expert security hardening

Edit online

Security hardening protects all elements of a system by tightening security or implementing a higher level of security.

Security hardening helps ensure that all security configuration decisions and settings are adequate and appropriate. Hundreds of security configuration settings might have to be changed to harden the security of an AIX® system.

AIX Security Expert provides a menu to centralize effective common security configuration settings. These settings are based on extensive research on properly securing UNIX systems. Default security settings for broad security environment needs (High Level Security, Medium Level Security, and Low Level Security) are provided, and advanced administrators can set each security configuration setting independently.

Configuring a system at too high a security level might deny services that are needed. For example, telnet and rlogin are disabled for High Level Security because the login password is sent over the network unencrypted. If a system is configured at too low a security level, the system can be vulnerable to security threats. Since each enterprise has its own unique set of security requirements, the predefined High Level Security, Medium Level Security, and Low Level Security configuration settings are best suited as a starting point for security configuration rather than an exact match for the security requirements of a particular enterprise.

The practical approach to using AIX Security Expert, is to establish a test system (in a realistic test environment) similar to the production environment in which it will be deployed. Install necessary business applications and run AIX Security Expert via the GUI. The AIX Security Expert will analysis this running system in this trusted state. Depending on the security options you chose, AIX Security Expert will enable port scan protection will be enabled, turn on auditing, block network ports that are not in use by the business applications or other services, along with many other security settings. After re-testing with these security configurations in place, the system is ready to be deployed in a production environment. Also, the AIX Security Expert XMLfile defining the security policy or configuration of this system can be easily be used to implement the exact same configuration on similar systems in your enterprise.

For more information on security hardening, see NIST Special Publication 800-70, NIST Security Configurations Checklist Program for IT Products.