security software and best security practices?

In the wake of the Redhat, Fedora compromise http://linux.slashdot.org/article.pl?sid=08/08/22/1341247 [ slashdot.org ], http://www.us-cert.gov/cas/techalerts/TA08-137A.html the Debian, Ubuntu SSL issues [ us-cert.gov ], the MBTA case http://hardware.slashdot.org/article.pl?sid=08/08/22/1835247 [ slashdot.org ], the massive TJMAXX credit card compromise case and various other high-profile security issues what is the slashdot community doing to improve security?

Ubuntu was compromised a few months ago as well.

What security software do you use, what do you recommend and what role are IT managers, upper management and end users playing in your deployment of such software?

Specifically do you use port randomization, brute force detection and prevention systems, strong passwords, strong encryption, intrusion detection and source code/binary integrity verification systems?

Have you deployed mod_security at your organization? If so, what rules do you use?

Do you employ the spamhaus and other blocklists?

Are wireless technologies such as Wi-Fi, RFID, bluetooth, Satcom, packet radio, microwave links, used by your organization? If so, how did you secure them?

Please be as specific as your security measures and respective NDAs allow you to be.

Semper Fi, carry on!
10 answers Last reply
More about security software security practices
  1. The CentOS http://centos.org/ project has just addressed the Redhat/Fedora compromise http://lists.centos.org/pipermail/centos-announce/2008-August/015195.html.

    They expressed their confidence "that there is no possibility of this compromise having been passed onto the CentOS userbase"."
  2. The Fedora https://fedoraproject.org/wiki/Main_Page project has released new keys and has posted an announcement of what happened.
  3. Admittedly, I don't know very much about Linux security. So far I just try to use strong passwords for my stuff and my box is connected via wire to our router. On our router I set up WPA and a password that is well in excess of 30 characters including upper/lowercase, numbers, and special keys.

    I have heard that Linux can be a super stable and secure platform if you configure it properly, and I would like to learn more so I can ensure I have top-notch security on my box (within reason, of course).

    If you can recommend any good reference materials for newbies to Linux Security, I'd appreciate it.

    Thanks!

    P.S. I already know super basic stuff such as "don't run everything as root" and "don't give away your passwords" ;)
  4. Here's a good starting point.
  5. unlink("$self->filename");
  6. Shouldn't that be
    sudo shutdown -h 2
    ?
  7. come on Linux_0, i'm being serious here. I know i could remove any ethernet cables, and remove the power cables and put the computer inside of a steel safe and put that in a hermetically sealed military bunker capable of withstanding multiple direct nuclear attacks, but then I wouldn't get to use my computer, would I? ;)

    Keeping that in mind, if you have any other useful advice about Linux security, i'd be glad to hear it. Thanks, ijack for the link!

    -Zorak
  8. As Sir Winston Churchill said
    Quote:

    In time of war, when truth is so precious, it must be attended by a bodyguard of lies.


    The original post was somewhat deceptive, it actually contained the answer to your question.

    You should be using }--------------

    0. port randomization

    1. brute force detection and prevention systems

    2. strong passwords

    3. strong encryption

    4. intrusion detection systems

    5. source code/binary integrity verification systems

    6. mod_security

    7. the major blocklists including the ones from spamhaus

    8. You should not use any wireless technologies

    9. SELinux or Mandatory Access Control should be enabled in enforcing mode with appropriate policies

    10. You should also use multi-factor authentication

    11. heavy compartmentalization

    12. physical security

    13. choot / jail

    14. #include <additional_security.h>
  9. Or run windows and classify everything on your hdd as OpenSource ;)
  10. I'm trying to find the URL for it but I read a superb article a while back that was advising the best move you could make in IT security was to stop thinking that you could put a firewall around your environment and instead look at all externally facing modules on your system and to look at securing each item individually. The argument was that firewalls and other separation measures gave a false sense of security, security is something that is designed in from scratch not bolted on top of an existing system.

    BTW - Where would you clasify running WINE as a possible attack vector given that it now support an alarming amount of nasty ware?
Ask a new question

Read More

Security Software Security