[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ossig] When is secure, secure enough?

To: ossig@mncc.com.my
Subject: Re: [ossig] When is secure, secure enough?
From: Christopher DeMarco <cxd204@yahoo.com>
Date: Mon, 20 Jan 2003 19:58:59 -0800 (PST)
In-reply-to: <20030121032307.22609.qmail@email.com>
Reply-to: ossig@mncc.com.my
Sender: owner-ossig@mncc.com.my

--- Mukhsein Johari <mukhsein@email.com> wrote:

> When is it secure enough?
When it's turned off and locked in a windowless room, preferably with no drop
ceilings.  

Seriously though:
 -  know your systems!  establish baselines of acceptable behavior BEFORE
problems occur so that you can tell when the unusual happens (this will also
help for performance tuning)
 -  know your users!  establish baselines of workload, patterns of usage,
patterns of access, etc. does joe only login remotely during weekends - if you
see him during the week it could mean trouble
 -  know your fellow sysadmins!  establish ways to control and LOG who does
what when - if you don't KNOW about a change made during the last shift, you
can't back out of it!  if possible implement sudo to help guide responsible use
of root
 -  never discount physical security - anybody out there care to start a count
of the number of a) systems rooms left UNLOCKED b) visitors (service techs!)
allowed to roam freely about the building 
 -  install Tripwire (www.tripwire.org) on a KNOWN GOOD SYSTEM (reinstall if
possible) to watch for any files changing "on their own"
 -  scan yourself with SAINT to see what an attacker would see
 -  think about running an IDS like snort either on your systems or from a
dedicated host to keep an eye on who's watching YOU
 -  read your logs!  consider logging to a dedicated host, and if you're
ultra-paranoid write your logs to a write-once medium (such as CDR)
 -  finally - and most importantly! - WRITE a security policy which will become
Official Company Policy and be incorporated into the company handbook (ask your
HR daemon) outlining what is acceptable use and what consequences await
transgressors.  also write a disaster recovery / incident response checklist so
everybody knows what to do in the event of an emergency.  see the guidelines at

http://www.cert.org/csirts/Creating-A-CSIRT.html
and related

hope this helps



=====
~ You are in a maze of twisty passages, all alike.

Christopher DeMarco
+6013 389 5658

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

------------------------------------------------------------
To unsubscribe: send mail to ossig-request@mncc.com.my
with "unsubscribe ossig" in the body of the message

References:
- [ossig] When is secure, secure enough?
  - From: "Mukhsein Johari" <mukhsein@email.com>

Prev by Date: RE: [ossig] When is secure, secure enough?
Next by Date: RE: [ossig] When is secure, secure enough?
Previous by thread: [ossig] When is secure, secure enough?
Next by thread: Re: [ossig] When is secure, secure enough?
Index(es):
- Date
- Thread