-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
For nitty gritty secure OS/Application configuration, I'd suggest
taking a look at the NSA's Security Configuration Guides,
(http://www.nsa.gov/snac/index.cfm?MenuID=scg10.3.1), and DISA STIGS
(http://csrc.nist.gov/pcig/cig.html). There are of course other
guides available which I would suggest reading as well. I would also
suggest reading the ones for other OS', such as Solaris, Linux shares
a lot with the other Unicies and it will give you an over all feel for
the direction the guides are taking.
- -Nick
Michael Hallager wrote:
Hello.
I suggest that rather then going in 'boots and all' that you take
some time to study and carefully consider the following:
1. What are the threats? (Threats aren't just network, they could
be physical as well) 2. What are the appropriate methodolgies for
hardening against these threats? 3. And importantly - what is
SECURITY? SECURITY is more a mindset and manner of operation then
it is installaing a whole lot of software (which it appears
doubtful to me that you understand the scope and opperation of the
software that you list)
Having a perception of security, if devoid of reality (which you
can only properly evaluate after careful consideration of points 1,
2 and 3 and a lot of experience) could be more dangerous then just
leaving your system alone.
Kind regards,
Michael Hallager
I am trying develop a method to secure my servers. I'll list the
steps I am going to take. Can you please review and make any
additional suggestions. Thank you.
Install & configure Tripwire
http://sourceforge.net/projects/tripwire/ Install & configure
Snort http://www.snort.org/ Install & configure Bastille
http://www.bastille-linux.org/ Install & configure LIDS
http://www.lids.org/ Install & configure modsecurity
http://www.modsecurity.org/ Install & configure chkrootkit
http://www.chkrootkit.org/ install dansguardian
http://www.dansguardian.org install squid
http://www.squid-cache.org/ Install & configure DCC
http://www.dcc-servers.net Install & configure Pyzor
http://pyzor.sourceforge.net Install & configure Razor
http://razor.sourceforge.net install & configure Clamav
http://www.clamav.net Install & configure MailScanner
http://www.sng.ecs.soton.ac.uk/mailscanner/ Install & configure
Ntop http://www.ntop.org/ Install & configure Spamassassin
http://spamassassin.apache.org/ install root access email command
create a seprate /tmp partition and mount noexec, nosuid
Configure Apache configure for php safe mode configure /internal
web directory w/ access from private network only configure
/external web directory w/ password authentication
Configure SSH respond on alternate port only allow me to logon
Configure Fireall: only allow access to ssh from my domains
- --
Nicholas Crawford <nick(at)null(dot)net> / neoaeon@EFnet IRC
4096/1024 Diffie-Hellman/DSS PGP key ID: 0x5DEB8672 fingerprint:
7CD5 22D2 AD89 C419 749B 6AF1 8825 174F 5DEB 8672
Keys via key server or http://www.angelfire.com/linux/neoaeon/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDN9zCiCUXT13rhnIRA7VoAJ4ufc5u3NyiqPHTscBs3xAVCA6K3gCgha0k
aKeuAJmI+wGjMA0r/CRYj3o=
=36kD
-----END PGP SIGNATURE-----
