Looking for resources/guidance on hardening a JBoss installation on windows for production use.
Asked
Active
Viewed 4,491 times
2 Answers
1
I am going to assume you are using Jboss in a standard N-tier configuration.
(1) Harden Windows http://iase.disa.mil/stigs/stig/windows_server_2008_security_guide.pdf http://iase.disa.mil/stigs/stig/win2k-XP-03-vista-addendumv6r1-052107.doc
(2) Harden Jboss http://iase.disa.mil/stigs/stig/application-services-stig-v1r1.pdf
Remember to address the embedded Tomcat via the Application services STIG
(3) Harden associated Webservers http://iase.disa.mil/stigs/stig/Web-Server-STIG-V6R1.pdf
(4) Harden associated Databases http://iase.disa.mil/stigs/stig/database-stig-v8r1.zip
(5) Consider Defense in Depth Add maybe a web application firewall http://www.owasp.org/index.php/Web_Application_Firewall
Below are some suggestions for your network
(6) Add a file integrity tool such as Samhain or Tripwire
(7) Ensure you have syslog enabled, going to a syslog server, with Splunk looking at everything.
(8) Use a network intrusion detection system, maybe something in an easy package to run like Security Onion. Connect it to your syslog and Splunk
Brennan
- 1,398
- 6
- 18
0
You don't state the JBoss version nor what the server will be doing nor if it will be facing the web, so there's not much we can tell.
Basically you should start by removing all the services you don't need. You can find some guidance here. The idea is that you need to remove everything except what's really necessary.
If the server will be web facing, block all ports but the ones you need (80 probably). Also, probably not a good idea to run as admin!
Guillaume
- 135
- 1
- 8