[ale] Security

J.M. Taylor jtaylor at onlinea.com
Mon Mar 24 19:13:04 EST 2003 

George,

SANS is a great place to start, they have some excellent beginner's guides
http://www.sans.org/resources/

Security awareness is picking up, but for the most part I've been really
disappointed in general overview type books (like Cisco, Linux and Solaris
general admin guides, and programming books as well). I think it's getting
better but I still would recommend going to security-specific websites and
books first.

I just got Bob Toxen's book today too, looking forward to reading it, it
looks excellent. :)

Security, in my experience, means keeping in mind some pretty basic things
in everything you do:

1) Know your machine.  Know what services run on it and why, what programs
run on it and what they do.  Set up more logging than what's there by
default and *monitor* the logs.  Take the time to document everything.

2) Eliminate anything that's not necessary.  Don't run things you don't
need, don't listen on ports you don't need to, don't have users in
/etc/passwd that aren't necessary (and remember to remove their entries in
/etc/shadow too), don't have programs SUID and SGID if you don't need to.
Don't install packages on setup that you don't need...you can always add
them later, but it can be a real pain to remove them on many distros.

3) Stay up to date with what's going on.  Get on bugtraq, CERT and other
security mailing lists that are specific to the things you run. Patch
anything that needs patching immediately.

4) If possible, put things where The Bad Guys aren't expecting them.  If
you run ssh, don't run it on port 22.  If you run a web server that
doesn't need to be accessed by the whole world, don't run it on port 80. 
The idea is, unless you're being targeted specifically, most bad guys run
automated tools looking for exploits on zillions of machines.  They'll
scan the usual port for whatver they're launching and move on if it's not
found.  This doesn't mean you don't need to patch, it just means you have
*time* to patch.

Everything else is details. Google is your bestest friend, compiling from
source is your second-bestest friend, and not trusting anybody is your
third bestest friend.  Maybe not in that order. ;)

Good luck and feel free to mail me off-list if I can be of any assistance.
I'm not a professional security person like Bob or Jonathan, but I do have
a lot of experience in securing linux boxen and networks and I'm happy to
help out with the details.

Good luck
jenn



George Johnson said:
> I just got Bob Toxen's book in from Amazon today.  That one, for the
> most part, is over my head for now.  Where should one start in learning
> computer security?  I would guess network books like Cisco and O/S books
> like Linux and Solaris?  Any help would be appreciated.
>
> George



_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list