1 files changed, 0 insertions, 212 deletions

diff --git a/doc/book-enea-nfv-access-user-hardening-guide/doc/guidelines_hardening_linux.xml b/doc/book-enea-nfv-access-user-hardening-guide/doc/guidelines_hardening_linux.xml
deleted file mode 100644
index 46245da..0000000
--- a/doc/book-enea-nfv-access-user-hardening-guide/doc/guidelines_hardening_linux.xml
+++ /dev/null
@@ -1,212 +0,0 @@
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
-<chapter id="linux_hardening">
-  <title>Guidelines on How to Harden a Linux System</title>
-
-  <para>In order to effectively create apt security layers to harden your
-  system correctly, you must first analyze your needs and answer several
-  ideas/questions which are detailed below.</para>
-
-  <orderedlist>
-    <listitem>
-      <para><emphasis role="bold">Analyzing and defining Roles for your
-      system</emphasis></para>
-
-      <itemizedlist>
-        <listitem>
-          <para>What purpose does the system have?</para>
-        </listitem>
-
-        <listitem>
-          <para>What security risks apply to the system?</para>
-        </listitem>
-
-        <listitem>
-          <para>Is it host/server? Does it need to do remote access? Public
-          use?</para>
-        </listitem>
-
-        <listitem>
-          <para>How hardened the system need to be? (This depends on what role
-          it has).</para>
-        </listitem>
-      </itemizedlist>
-    </listitem>
-
-    <listitem>
-      <para><emphasis role="bold">Review Policies and
-      Compliances</emphasis></para>
-
-      <para>What policies and compliances must your system adhere to? Examples
-      of possible standards and polices, among many others, are:</para>
-
-      <itemizedlist>
-        <listitem>
-          <para>PCI DSS (confidentiality of credit card consumer data)</para>
-        </listitem>
-
-        <listitem>
-          <para>HIPAA (protects patient data in health care system)</para>
-        </listitem>
-
-        <listitem>
-          <para>FISMA (Federal Information Security Management Act)</para>
-        </listitem>
-
-        <listitem>
-          <para>ISO 27001 family (Information Security Management
-          Systems)</para>
-        </listitem>
-      </itemizedlist>
-    </listitem>
-
-    <listitem>
-      <para><emphasis role="bold">Keep the Software
-      up-to-date</emphasis></para>
-
-      <para>Apply software updates and security fixes regularly. Upgrade as
-      soon a new version is available. It is easier to hack a system which is
-      running publicly known vulnerable software but this can be avoided.
-      Linux provides all necessary tools to keep the system updated. All
-      security updates should be reviewed and applied as soon as
-      possible.</para>
-    </listitem>
-
-    <listitem>
-      <para><emphasis role="bold">Mandatory Access Control
-      (MAC)</emphasis></para>
-
-      <para>SELinux, TOMOYO, SMACK (Simplified Mandatory Access Control
-      Kernel).</para>
-    </listitem>
-
-    <listitem>
-      <para><emphasis role="bold">Memory Protection and ASLR
-      </emphasis></para>
-
-      <para>There are two major mechanisms in place to protect memory access
-      which turned on by default on most x86-64 Linux systems. The first is
-      the so-called NX bit, which is a setting that gives finer-grained
-      permissions to mapped memory regions. The second is address space layout
-      randomization (ASLR) which randomizes where certain parts of a program
-      are loaded into memory. For further reading on this, see <ulink
-      url="https://eklitzke.org/memory-protection-and-aslr">here</ulink>.</para>
-    </listitem>
-
-    <listitem>
-      <para><emphasis role="bold">Block unauthorized access to a network and
-      Restrict Access</emphasis></para>
-
-      <itemizedlist>
-        <listitem>
-          <para>Enable the firewall (see what rules are already configured
-          iptables -L)</para>
-        </listitem>
-
-        <listitem>
-          <para>Use Intrusion Detection/Intrusion Prevention</para>
-        </listitem>
-
-        <listitem>
-          <para>Disable unused accounts, create user groups and domain
-          policy</para>
-        </listitem>
-
-        <listitem>
-          <para>Remove unused/unsecure/obsolete software</para>
-        </listitem>
-
-        <listitem>
-          <para>Disable unused services</para>
-        </listitem>
-
-        <listitem>
-          <para>Restrict remote access and administration</para>
-        </listitem>
-      </itemizedlist>
-    </listitem>
-
-    <listitem>
-      <para><emphasis role="bold">Use tools to detect
-      vulnerabilities</emphasis></para>
-
-      <itemizedlist>
-        <listitem>
-          <para>Vulnerability scanner, such as Nessus, SAINT, OpenVAS.</para>
-        </listitem>
-
-        <listitem>
-          <para>Network analyzer, such as Nmap, Wireshark.</para>
-        </listitem>
-
-        <listitem>
-          <para>Baseline Analyzer, such as Bastille which can view OS
-          configuration and try to optimize.</para>
-        </listitem>
-      </itemizedlist>
-    </listitem>
-
-    <listitem>
-      <para><emphasis role="bold">Create a Secure logging
-      System</emphasis></para>
-
-      <para>Create a secure Linux logging system that can be expanded to other
-      types of systems for secure logging. By using logs, data can be
-      collected in order to discern why a server crashed. If the server is
-      unrecoverable, remote logs allow you the ability to see what happened
-      prior to the crash, even without the system running. If the crash was
-      related to an intrusion, any information that describes how the system
-      was compromised can help determine new approaches so further intrusions
-      can be prevented.</para>
-    </listitem>
-
-    <listitem>
-      <para><emphasis role="bold">Backup &amp; recovery</emphasis></para>
-
-      <para>If a system is compromised, the first concern is how to recover.
-      To ensure that there is something to recove, backup the data and
-      configurations continually.</para>
-    </listitem>
-
-    <listitem>
-      <para><emphasis role="bold">Physical Security</emphasis></para>
-
-      <para>No matter how many security features may be implemented, there is
-      always a way that an attacker with physical access to the system
-      (hardware and software) may by-pass them. To make this as difficult as
-      possible, there are several actions that can be taken to provide a
-      degree of security against an attacker with physical access to the
-      machine:</para>
-
-      <itemizedlist>
-        <listitem>
-          <para>Make sure unauthorized persons don&rsquo;t have easy access to
-          the hardware and software.</para>
-        </listitem>
-
-        <listitem>
-          <para>Prevent an attacker from booting from another disk/USB.</para>
-        </listitem>
-
-        <listitem>
-          <para>Set permissions and login restrictions as well as a firmware
-          password. It is also important to set a secondary bootloader
-          password (LILO or GRUB) to prevent malicious users from
-          booting.</para>
-        </listitem>
-
-        <listitem>
-          <para>Encrypt disks before they are installed.</para>
-        </listitem>
-      </itemizedlist>
-    </listitem>
-
-    <listitem>
-      <para><emphasis role="bold">Review Process</emphasis></para>
-
-      <para>Review your security process and security policies often, and
-      continually seek to improve them.</para>
-    </listitem>
-  </orderedlist>
-</chapter>
\ No newline at end of file