Hi Stefan It's not me trying to do this, I got a client that bought 2 ODA's, yes they are a Bank and def fall under PCI. So my question was, what would PCI require? is there a white paper stating the requirements for linux and maybe also the database? and then for me a broader question, we have these standards, each with their own requirement, is a similar document available per standard as per the above PCI request. I see the NSA document as a large encompassing lock everything down, and not necessarily what the customer need, they just need to adhere to in this case, PCI. G On Tue, Mar 24, 2015 at 10:43 PM, Stefan Knecht <knecht.stefan@xxxxxxxxx> wrote: > George, I think you should be asking yourself what you are trying to > achieve or secure. Applying random security standards isn't going to solve > a specific problem. > > Think about what you want to protect, and what the extent of "discomfort" > is, that you're willing to accept in order to achieve the relevant security > that makes your clients / managers feel safe. Nowadays, security knows > virtually no limits. The only real limit is your imagination, and your > budget. > > PCI/DSS, Sarbanes Oxley, and whatever other standards may exist; they > exist to serve a specific purpose. Securing a system that has nothing > whatsoever to do with credit cards according to PCI/DSS makes little to no > sense. > > I think if you're looking for very specific recommendations you would be > better off stating what you're trying to protect, and from what kind of > attack vectors. That would enable the list's readers to provide you with > advise in relation to your actual situation. > > > Stefan > > > > > On Wed, Mar 25, 2015 at 12:48 AM, George <georgelza@xxxxxxxxx> wrote: > >> Hi Mladen >> >> Thanks, It seems everyone lists that document as the main source. >> >> Let me ask the more security guys a different question, what is the >> different security standards. >> I know of PCI, POPI, Serbians Oxley, >> >> G >> >> On Tue, Mar 24, 2015 at 7:42 PM, Mladen Gogala < >> dmarc-noreply@xxxxxxxxxxxxx> wrote: >> >>> On 03/24/2015 10:56 AM, George wrote: >>> >>>> Hi guys >>>> >>>> Does anyone have a good white paper that covers how/what to change to >>>> harder a Linux OS. >>>> >>>> G >>>> >>>> -- >>>> You have the obligation to inform one honestly of the risk, and as a >>>> person >>>> you are committed to educate yourself to the total risk in any activity! >>>> >>>> Once informed & totally aware of the risk, >>>> every fool has the right to kill or injure themselves as they see fit! >>>> >>> >>> There is an official, fairly extensive, paper published by the NSA: >>> >>> https://www.nsa.gov/ia/_files/os/redhat/NSA_RHEL_5_GUIDE_v4.2.pdf >>> >>> The paper can be found on the government's official page about securing >>> operating systems: >>> >>> https://www.nsa.gov/ia/mitigation_guidance/security_ >>> configuration_guides/operating_systems.shtml#linux2 >>> >>> >>> -- >>> Mladen Gogala >>> Oracle DBA >>> http://mgogala.freehostia.com >>> >>> -- >>> //www.freelists.org/webpage/oracle-l >>> >>> >>> >> >> >> -- >> You have the obligation to inform one honestly of the risk, and as a >> person >> you are committed to educate yourself to the total risk in any activity! >> >> Once informed & totally aware of the risk, >> every fool has the right to kill or injure themselves as they see fit! >> > > -- You have the obligation to inform one honestly of the risk, and as a person you are committed to educate yourself to the total risk in any activity! Once informed & totally aware of the risk, every fool has the right to kill or injure themselves as they see fit!