Server Application Hardening, unlike other system centric hardening, focuses on using the application rather than the application itself.  Server to server and client to server transactions must remain secure.  Like roadworks and policing, a route between destinations that are both secure does not mean the route itself is.  Have a current application inventory and know what systems are used, how they are used, and the traffic they do and do not accept.  Be wary of legacy cryptographic elements and dependent legacy systems.  Consider both internal and external transactions and evaluate a Web Application Firewall solution.  Undertake vulnerability assessments against applications.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s