Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Linux
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Securing Fedora Core 4

from [Michael Hallager] Network Security [Permanent Link]
Subject: Re: Securing Fedora Core 4
Date: Fri, 23 Sep 2005 18:13:33 +1200 


I Concur!
It's nice to see someone with a sense of sanity to security. Also
remember that these tools will need to be maintained. The logs reviewed
often.


Ok. I read a few replies and thought I might give some pointers. Note: This is 
NOT by any standards a exaustive list, merely a 'getting started guide'.

1. Start with the latest stable distribution of your chosen flavor of Linux.
- Use this to do a clean install.
- Do not install all of the packages and certainly do not install X-Windows 
(Aka KDE Gnome or any other skin for X)

2. Download the latest stable releases as source of your www accessible 
daemons. (DNS, HTTP, SSH etc) Install these as source. If you do not know how 
to compile these correctly it is better you learn first or at least make sure 
that you are getting the latest version !!!
** Do not trust the Linux vendor to provide you the latest stable versions by 
default **
While I am on this subject make sure that OpenSSL and Zlib lib's are up to 
date. These software have a reputation and lots of stuff relies on them.

Only run what you need to run and use sensible settings.
- Only allowing unpriv users to SSH is a good idea.
- Running seperate authoritive and caching NS is a good idea.
- Installing IP tables is a good idea.
Running all sorts of crap is not a good idea.

Now on the subject of mindset, here are some good pointers:
1. Running games or IRC servers is like a magnet for trouble.
2. Hosting hate sites or anything attractive to troubled people is a bad idea.
3. Sex sites are also dumb. 

And consider - is my server phsically secure? Do I trust my employees (If 
applicable). Do not talk about your systems or security measures with people 
unless they need to know AND you really trust them.

KEEP YOUIR MACHINE UP TO DATE. Check at least once a day for updates.

What I have advised you here is 9/10.

Take the rest one step at a time, and remember 1. your security is only as 
good as the weakest link 2. threats some from many places. be aware.

Have fun.

Michael Hallager
networkStuff ltd
www.networkstuff.co.nz | p.09.839.1000 | m.029.638.7883
Australia, New Zealand, Ireland, South Africa, Israel & Samoa.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Securing Fedora Core 4, Glenn Valenta (HDNet)
Next by Date:  Re: Securing Fedora Core 4, Syn Ack
Previous by Thread:  Re: Securing Fedora Core 4, Glenn Valenta (HDNet)
Next by Thread:  Re: Securing Fedora Core 4, Nick Crawford
Indexes:  [Date] [Thread] [Top] [All Lists]