Overview

Learn about security hardening guidance for Extreme Fabric Automation (EFA), with an emphasis on the installation and usage of open source security tools to achieve a hardened operational security stance. It is assumed that you have some basic knowledge of security principles and operations of the Linux operating system and associated technologies.

Note: This document assumes that EFA has been installed in secure mode and is operational. For details on how to achieve this, refer to the Extreme Fabric Automation Administration Guide, 3.1.0 , which includes details on EFA security options and commands.

The following security hardening topics included in this document:

• CIS-CAT security hardening: Details of a custom python script from Extreme Networks that hardens the underlying operating system.
• Iptables firewall: Securing the EFA networking stance.
• Grub boot loader security: How to set a hardened security posture for Grub.
• System auditing with auditd: Instructions for monitoring various aspect of system runtime activities.
• OSSEC HIDS installation and usage: A broad set of indicators relevant for host intrusion detection.
• Authenticated NTP: How to ensure that NTP communications are authenticated.
• Secure DNS: Details about encrypted DNS communications.
• Detecting rootkits with rkhunter: Specialized run time checks for various types of Linux rootkits.