Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Linux
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Securing Fedora Core 4

from [Glenn Valenta (HDNet)] Network Security [Permanent Link]
Subject: Re: Securing Fedora Core 4
Date: Thu, 22 Sep 2005 23:54:42 -0600
I Concur!
It's nice to see someone with a sense of sanity to security. Also remember that these tools will need to be maintained. The logs reviewed often.

Michael Hallager wrote: 
Hello.

I suggest that rather then going in 'boots and all' that you take some time to study and carefully consider the following:

1. What are the threats? (Threats aren't just network, they could be physical as well)
2. What are the appropriate methodolgies for hardening against these threats?
3. And importantly - what is SECURITY?
SECURITY is more a mindset and manner of operation then it is installaing a whole lot of software (which it appears doubtful to me that you understand the scope and opperation of the software that you list)

Having a perception of security, if devoid of reality (which you can only properly evaluate after careful consideration of points 1, 2 and 3 and a lot of experience) could be more dangerous then just leaving your system alone.

Kind regards,

Michael Hallager


I am trying develop a method to secure my servers.  I'll list the steps I
am going to take.  Can you please review and make any additional
suggestions.  Thank you.

Install & configure Tripwire        http://sourceforge.net/projects/tripwire/
Install & configure Snort   http://www.snort.org/
Install & configure Bastille        http://www.bastille-linux.org/
Install & configure LIDS    http://www.lids.org/
Install & configure modsecurity     http://www.modsecurity.org/
Install & configure chkrootkit      http://www.chkrootkit.org/
install dansguardian            http://www.dansguardian.org
install squid                   http://www.squid-cache.org/
Install & configure DCC             http://www.dcc-servers.net
Install & configure Pyzor   http://pyzor.sourceforge.net
Install & configure Razor   http://razor.sourceforge.net
install & configure Clamav  http://www.clamav.net
Install & configure MailScanner     http://www.sng.ecs.soton.ac.uk/mailscanner/
Install & configure Ntop    http://www.ntop.org/
Install & configure Spamassassin    http://spamassassin.apache.org/
install root access email command
create a seprate /tmp partition and mount noexec, nosuid

  Configure Apache
configure for php safe mode
configure /internal web directory w/ access from private network only
configure /external web directory w/ password authentication

  Configure SSH
respond on alternate port
only allow me to logon

  Configure Fireall:
only allow access to ssh from my domains




--
Glenn Valenta        Phone# 303-388-8500          Engineering
http://www.hd.net              http://www.coloradostudios.com
           2400 N. Ulster St. Denver, Co.   80238
gvalenta@hd.net     (direct) 303-542-5532  (Fax) 303-388-9600

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Securing Fedora Core 4, K. Jusupov
Next by Date:  Re: Securing Fedora Core 4, Michael Hallager
Previous by Thread:  Re: Securing Fedora Core 4, Michael Hallager
Next by Thread:  Re: Securing Fedora Core 4, Michael Hallager
Indexes:  [Date] [Thread] [Top] [All Lists]