What security software do you use, what do you recommend and what role are IT managers, upper management and end users playing in your deployment of such software?
Specifically do you use port randomization, brute force detection and prevention systems, strong passwords, strong encryption, intrusion detection and source code/binary integrity verification systems?
Have you deployed mod_security at your organization? If so, what rules do you use?
Do you employ the spamhaus and other blocklists?
Are wireless technologies such as Wi-Fi, RFID, bluetooth, Satcom, packet radio, microwave links, used by your organization? If so, how did you secure them?
Please be as specific as your security measures and respective NDAs allow you to be.
Admittedly, I don't know very much about Linux security. So far I just try to use strong passwords for my stuff and my box is connected via wire to our router. On our router I set up WPA and a password that is well in excess of 30 characters including upper/lowercase, numbers, and special keys.
I have heard that Linux can be a super stable and secure platform if you configure it properly, and I would like to learn more so I can ensure I have top-notch security on my box (within reason, of course).
If you can recommend any good reference materials for newbies to Linux Security, I'd appreciate it.
P.S. I already know super basic stuff such as "don't run everything as root" and "don't give away your passwords"
come on Linux_0, i'm being serious here. I know i could remove any ethernet cables, and remove the power cables and put the computer inside of a steel safe and put that in a hermetically sealed military bunker capable of withstanding multiple direct nuclear attacks, but then I wouldn't get to use my computer, would I?
Keeping that in mind, if you have any other useful advice about Linux security, i'd be glad to hear it. Thanks, ijack for the link!
I'm trying to find the URL for it but I read a superb article a while back that was advising the best move you could make in IT security was to stop thinking that you could put a firewall around your environment and instead look at all externally facing modules on your system and to look at securing each item individually. The argument was that firewalls and other separation measures gave a false sense of security, security is something that is designed in from scratch not bolted on top of an existing system.
BTW - Where would you clasify running WINE as a possible attack vector given that it now support an alarming amount of nasty ware?