Security hardening for production
Hardening is a general term that is used to describe the measures that are taken to enhance your system security against potential threats and risks in production. Harden your Open Liberty server configuration, application configuration, and network to reduce vulnerabilities and prevent security intrusions.
Different types of security intrusions can threaten different parts of your system. You can employ best practices to make each part less vulnerable. Security intrusions and vulnerabilities can be broken down into different groups:
Operating system intrusions occur when users with local access attempt to cause damage or extract sensitive information. One example of this type of intrusion is malware. If malware is introduced into a system, unauthorized users might be able to access the server configuration and its contents. For more information, see Server configuration security hardening.
Network intrusions occur when unauthorized users monitor or alter network traffic. Replay attacks and man-in-the-middle (MITM) attacks are two examples of network intrusions. For more information, see Network security hardening.
Application configuration intrusions occur when external users run applications that derive or inherit privileges that they are not authorized to have. One example of this type of intrusion happens when an application inherits the identity of the server, giving the application unauthorized permissions. For more information, see Application configuration security hardening.
The Center for Internet Security (CIS) benchmarks are a collection of industry-wide cybersecurity standards to configure networked digital resources and ensure their compliance with the established best practices for security and privacy. Open Liberty maintains security hardening guidelines that comply with the CIS benchmark standards.
You can access the benchmarks on the CIS IBM WebSphere Benchmarks page. Complete the information form to download the benchmarks.
If you have a free CIS user account, you can open tickets to address any questions or concerns with the benchmarks in the Liberty benchmarks user portal.