[CLUE-Tech] October talk.
Todd Williams
hp205ctl at hotpop.com
Wed Sep 25 22:21:51 MDT 2002
Kevin Cullis wrote:
> David,
>
> Might I make a suggestion? When I was talking with some security
> experts regarding networking and computers, I asked them one simple
> question: If I, as a "simple" Linux user, could do three or four things
> that would keep me mostly out of hot water, what would they be? Of
> course they stated: keep almost up to date with patches and turn off
> unnecessary services.
That is a whole 'nother talk right there. Sounds like a good one though.
> So, if you could come from that angle it might help those that have bad
> habits become better and those with good habits to know they're doing
> good. Finally, it would provide a basis for getting good Linux habits
> started in new people to Linux, much like Lynn told me the very first
> time I met him that I didn't need to do a CNT-ALT-DELETE anytime Linux
> had a "problem." Was that really 4 years ago Lynn next month? :-) My,
> how Linux time flies.
There is a lot of good information available on good security practices,
but most of it is geared towards the experienced unix admins. Here is
an example (SANS/FBI Top 20 vulnerabilities):
http://www.sans.org/top20.htm
Since I am researching security documents for beginners anyway, I will
volunteer to do a presentation on security, with a focus on what should
be done on a "standard" linux system.
So - what should be included in such a presentation?
ipchains/iptables config?
How to determine what services are running, and how to turn off
non-essential ones?
How to configure logging?
How to read a log?
"Extra" security tools not in most standard distros?
How to use the tools that are included?
Todd Williams
More information about the clue-tech
mailing list