516    Chapter 8 • Infrastructure Security: System Hardening

                   Keep up with device-specific hotfixes, patches, and firmware upgrades to
                      maintain high availability and security


             Application Hardening

                   Follow best practices for hardening specific application-type servers such
                      as e-mail, FTP, and Web servers

                   Data repositories require more consideration, planning, and control of
                      access than other application servers
                   Application-specific fixes, patches, and updates are used in addition to OS
                      and NOS fixes.

             Exam Objectives

             Frequently Asked Questions



             The following Frequently Asked Questions, answered by the authors of this
             book, are designed to both measure your understanding of the Exam Objectives
             presented in this chapter, and to assist you with real-life implementation of
             these concepts.


             Q: What are the most important considerations as I begin to evaluate hardening
                 my systems?
             A: You should consider removing default access permissions, applying all known
                 security and OS and NOS patches, and evaluating the need for services and
                 protocols in your network.

             Q: What protocols should I eliminate?
             A: This depends on your system needs. Unnecessary protocols often include
                 NetBEUI, IPX/SPX, and NetBIOS dependent functions. Do not forget to
                 evaluate the underlying protocols, such as ICMP and IGMP, for removal as
                 well.

             Q: Everyone tells me that ACL settings are needed for devices.Why should I
                 worry about them?





          www.syngress.com