Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Linux
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Securing Fedora Core 4

from [Michael Hallager] Network Security [Permanent Link]
Subject: Re: Securing Fedora Core 4
Date: Thu, 22 Sep 2005 18:17:58 +1200 
Hello.

I suggest that rather then going in 'boots and all' that you take some time to 
study and carefully consider the following:

1. What are the threats? (Threats aren't just network, they could be physical 
as well)
2. What are the appropriate methodolgies for hardening against these threats?
3. And importantly - what is SECURITY?
SECURITY is more a mindset and manner of operation then it is installaing a 
whole lot of software (which it appears doubtful to me that you understand 
the scope and opperation of the software that you list)

Having a perception of security, if devoid of reality (which you can only 
properly evaluate after careful consideration of points 1, 2 and 3 and a lot 
of experience) could be more dangerous then just leaving your system alone.

Kind regards,

Michael Hallager


I am trying develop a method to secure my servers.  I'll list the steps I
am going to take.  Can you please review and make any additional
suggestions.  Thank you.

Install & configure Tripwire  http://sourceforge.net/projects/tripwire/
Install & configure Snort     http://www.snort.org/
Install & configure Bastille  http://www.bastille-linux.org/
Install & configure LIDS      http://www.lids.org/
Install & configure modsecurity       http://www.modsecurity.org/
Install & configure chkrootkit        http://www.chkrootkit.org/
install dansguardian          http://www.dansguardian.org
install squid                 http://www.squid-cache.org/
Install & configure DCC               http://www.dcc-servers.net
Install & configure Pyzor     http://pyzor.sourceforge.net
Install & configure Razor     http://razor.sourceforge.net
install & configure Clamav    http://www.clamav.net
Install & configure MailScanner       
http://www.sng.ecs.soton.ac.uk/mailscanner/
Install & configure Ntop      http://www.ntop.org/
Install & configure Spamassassin      http://spamassassin.apache.org/
install root access email command
create a seprate /tmp partition and mount noexec, nosuid

   Configure Apache
configure for php safe mode
configure /internal web directory w/ access from private network only
configure /external web directory w/ password authentication

   Configure SSH
respond on alternate port
only allow me to logon

   Configure Fireall:
only allow access to ssh from my domains


-- 
Michael Hallager
networkStuff ltd
www.networkstuff.co.nz | p.09.839.1000 | m.029.638.7883
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Securing Fedora Core 4, AragonX
Next by Date:  RE: Securing Fedora Core 4, Charles Heselton
Previous by Thread:  Securing Fedora Core 4, AragonX
Next by Thread:  Re: Securing Fedora Core 4, Glenn Valenta (HDNet)
Indexes:  [Date] [Thread] [Top] [All Lists]