19 Jun 2001 New Jersey Infragard 2 Physical Security Physical access to machines Switches instead of hubs 19 Jun 2001 New Jersey Infragard 3 Principle of least privilege Fewest accounts necessary Fewest open ports necessary Fewest running applications 19 Jun 2001 New Jersey Infragard 4 Root Account Used as little as possible Master key to a building Apps use other accounts, if possible People use su, sudo http://www.ists.dartmouth.edu/IRIA/knowle dge_base/linuxinfo/sudo.v80.htm 19 Jun 2001 New Jersey Infragard 5 Passwords >=7 characters Mixed case, letters and symbols Not names or words Keep private Dont leave them out in the open Change once a month to 6 months Passphrases http://www.ists.dartmouth.edu/IRIA/knowledge_b ase/linuxinfo/essential_host_security.htm 19 Jun 2001 New Jersey Infragard 6 Open ports Close all unneeded applications netstat anp or lsof to see whats open Ntsysv, linuxconf to shut down Firewalls as a special case for a network Disable, or at least limit, file sharing http://www.ists.dartmouth.edu/IRIA/knowle dge_base/linuxinfo/essential_host_security. htm 19 Jun 2001 New Jersey Infragard 7 Plaintext network connections Email, telnet, web traffic Sniffers http://www.ists.dartmouth.edu/IRIA/knowle dge_base/linuxinfo/ssh-intro.htm
19 Jun 2001 New Jersey Infragard 8 Encrypted network connections Ssh Terminal session File copying Other TCP connections http://www.ists.dartmouth.edu/IRIA/knowledge_b ase/linuxinfo/ssh-techniques.v0.81.htm IPSec All packets traveling between systems or networks http://www.freeswan.org https web servers http://httpd.apache.org/related_projects.html 19 Jun 2001 New Jersey Infragard 9 Package updates Available from Linux distribution vendor Sign up for announcements list Use automated update tools: up2date, red carpet http://www.ists.dartmouth.edu/IRIA/knowle dge_base/linuxinfo/essential_host_security. htm
19 Jun 2001 New Jersey Infragard 10 Intrusion Detection System Snort Reports on attack packets based on a regularly updated signature file Install inside the firewall http://www.snort.org
19 Jun 2001 New Jersey Infragard 11 Advanced techniques Audited OS: OpenBSD http://www.openbsd.org Stack overflow protected OS: Immunix http://www.immunix.org Chroot applications, capabilities Virtual machines: VMWare and UML http://www.vmware.com, http://www.user-mode- linux.sourceforge.net TCFS http://tcfs.dia.unisa.it 19 Jun 2001 New Jersey Infragard 12 Resources Distribution security announcements list ISTS Knowledgebase http://www.ists.dartmouth.edu/IRIA/knowledge_b ase/index.htm Worm characterizations and removal tools Linux and network security papers covering many of todays topics Ssh key installer ftp://ftp.stearns.org Sans training http://www.sans.org Bastille Linux http://www.bastille-linux.org