Sign in with
Sign up | Sign in
Your question

security software and best security practices?

Last response: in Linux/Free BSD
Share
August 23, 2008 1:54:21 AM

In the wake of the Redhat, Fedora compromise http://linux.slashdot.org/article.pl?sid=08/08/22/1341247 [ slashdot.org ], http://www.us-cert.gov/cas/techalerts/TA08-137A.html the Debian, Ubuntu SSL issues [ us-cert.gov ], the MBTA case http://hardware.slashdot.org/article.pl?sid=08/08/22/1835247 [ slashdot.org ], the massive TJMAXX credit card compromise case and various other high-profile security issues what is the slashdot community doing to improve security?

Ubuntu was compromised a few months ago as well.

What security software do you use, what do you recommend and what role are IT managers, upper management and end users playing in your deployment of such software?

Specifically do you use port randomization, brute force detection and prevention systems, strong passwords, strong encryption, intrusion detection and source code/binary integrity verification systems?

Have you deployed mod_security at your organization? If so, what rules do you use?

Do you employ the spamhaus and other blocklists?

Are wireless technologies such as Wi-Fi, RFID, bluetooth, Satcom, packet radio, microwave links, used by your organization? If so, how did you secure them?

Please be as specific as your security measures and respective NDAs allow you to be.

Semper Fi, carry on!
Related resources
August 23, 2008 4:35:45 AM

Admittedly, I don't know very much about Linux security. So far I just try to use strong passwords for my stuff and my box is connected via wire to our router. On our router I set up WPA and a password that is well in excess of 30 characters including upper/lowercase, numbers, and special keys.

I have heard that Linux can be a super stable and secure platform if you configure it properly, and I would like to learn more so I can ensure I have top-notch security on my box (within reason, of course).

If you can recommend any good reference materials for newbies to Linux Security, I'd appreciate it.

Thanks!

P.S. I already know super basic stuff such as "don't run everything as root" and "don't give away your passwords" ;) 
a b 8 Security
August 24, 2008 9:50:27 AM

Here's a good starting point.
August 24, 2008 1:01:32 PM

unlink("$self->filename");
a b 8 Security
August 24, 2008 4:32:28 PM

Shouldn't that be
sudo shutdown -h 2
?
August 25, 2008 1:34:23 AM

come on Linux_0, i'm being serious here. I know i could remove any ethernet cables, and remove the power cables and put the computer inside of a steel safe and put that in a hermetically sealed military bunker capable of withstanding multiple direct nuclear attacks, but then I wouldn't get to use my computer, would I? ;) 

Keeping that in mind, if you have any other useful advice about Linux security, i'd be glad to hear it. Thanks, ijack for the link!

-Zorak
August 25, 2008 3:59:00 AM


As Sir Winston Churchill said
Quote:

In time of war, when truth is so precious, it must be attended by a bodyguard of lies.


The original post was somewhat deceptive, it actually contained the answer to your question.

You should be using }--------------

0. port randomization

1. brute force detection and prevention systems

2. strong passwords

3. strong encryption

4. intrusion detection systems

5. source code/binary integrity verification systems

6. mod_security

7. the major blocklists including the ones from spamhaus

8. You should not use any wireless technologies

9. SELinux or Mandatory Access Control should be enabled in enforcing mode with appropriate policies

10. You should also use multi-factor authentication

11. heavy compartmentalization

12. physical security

13. choot / jail

14. #include <additional_security.h>
August 25, 2008 10:56:57 AM

Or run windows and classify everything on your hdd as OpenSource ;) 

August 26, 2008 8:32:59 AM

I'm trying to find the URL for it but I read a superb article a while back that was advising the best move you could make in IT security was to stop thinking that you could put a firewall around your environment and instead look at all externally facing modules on your system and to look at securing each item individually. The argument was that firewalls and other separation measures gave a false sense of security, security is something that is designed in from scratch not bolted on top of an existing system.

BTW - Where would you clasify running WINE as a possible attack vector given that it now support an alarming amount of nasty ware?
!