I'm wondering if anybody here would be interested in seriously hardening your computer, with tools your tax dollars have already paid for?
NIWC Atlantic SCAP Compliance Checker
The tool and the compliance rules are for hardening the security of both popular operating systems and applications.
It lives in a family of tools considered compliance tools, i.e. to be in compliance you reconfigure parts of your OS or, say, web browser, to mainly disable anything that is considered weak security. There's a separate family of tools called vulnerability scanners that scan hosts looking for weaknesses.
The web site has links to the tools and content, and links to several youtube videos to explain the tool.
I use it for Red Hat Linux, and it'll take me about 2.5 days to harden a system from a fresh install to around the 95% rating.
But, programmatic hardening has improved over the years. Nowadays you could get a lot of hardening done using
Red Hat's built-in openscap, and Ansible hardening playbooks to get to 90% if you click the right boxes during the installation.
However:
- I'm dealing with a heterogeneous environment, so I have to think about the feasability and impact of every rule. You wouldn't have that constraint.
- You could ignore the PKI rules; you won't have a DoD PKI set up.
- The NIWC tool *only* scans. It cannot and will not make any change to your OS or application.
People pay money to buy an antivirus product, or an AV plus web filter product. It may be 50% effective.
There are real security tools out there that your tax dollars have already paid for. You just don't know where to find them.
NIWC Atlantic SCAP Compliance Checker
The tool and the compliance rules are for hardening the security of both popular operating systems and applications.
It lives in a family of tools considered compliance tools, i.e. to be in compliance you reconfigure parts of your OS or, say, web browser, to mainly disable anything that is considered weak security. There's a separate family of tools called vulnerability scanners that scan hosts looking for weaknesses.
The web site has links to the tools and content, and links to several youtube videos to explain the tool.
I use it for Red Hat Linux, and it'll take me about 2.5 days to harden a system from a fresh install to around the 95% rating.
But, programmatic hardening has improved over the years. Nowadays you could get a lot of hardening done using
Red Hat's built-in openscap, and Ansible hardening playbooks to get to 90% if you click the right boxes during the installation.
However:
- I'm dealing with a heterogeneous environment, so I have to think about the feasability and impact of every rule. You wouldn't have that constraint.
- You could ignore the PKI rules; you won't have a DoD PKI set up.
- The NIWC tool *only* scans. It cannot and will not make any change to your OS or application.
People pay money to buy an antivirus product, or an AV plus web filter product. It may be 50% effective.
There are real security tools out there that your tax dollars have already paid for. You just don't know where to find them.