Overview
Get an overview of techniques for hardening security in EFA.
Learn about security hardening guidance for Extreme Fabric Automation (EFA), with an emphasis on the installation and usage of open source security tools to achieve a hardened operational security stance. It is assumed that you have some basic knowledge of security principles and operations of the Linux operating system and associated technologies.
Note: This document assumes that EFA has been installed in secure mode and is operational. For details on how to achieve this, refer to the Extreme Fabric Automation Administration Guide, 3.1.0 , which includes details on EFA security options and commands.
The following security hardening topics included in this document:
- CIS-CAT security hardening: Details of a custom python script from Extreme Networks that hardens the underlying operating system.
- Iptables firewall: Securing the EFA networking stance.
- Grub boot loader security: How to set a hardened security posture for Grub.
- System auditing with
auditd
: Instructions for monitoring various aspect of system runtime activities. - OSSEC HIDS installation and usage: A broad set of indicators relevant for host intrusion detection.
- Authenticated NTP: How to ensure that NTP communications are authenticated.
- Secure DNS: Details about encrypted DNS communications.
- Detecting rootkits with
rkhunter
: Specialized run time checks for various types of Linux rootkits.