[PLUG] [off topic security]

Aaron Burt aaron at bavariati.org
Tue Oct 23 17:01:19 UTC 2007


On Mon, Oct 22, 2007 at 09:47:46PM -0700, Ronald Chmara wrote:
> On Oct 21, 2007, at 2:02 PM, drew wymore wrote:
> > So Pluggers what do you do?
> 
> Aw, geez... it really depends on the box, but, well, here some of the  
> requirements for the *really* secure (and yet, publicly networked)  
> boxen I've worked on in the last few years.
<snip impressive list of security measures>

Wow.  They *really* can't get your Lucky Charms.  Are you at liberty to
give some indication as to what was being protected, and from what sort
of attacker?  I especially like the filesystem logging.  I need to
practice the use of snapshot/replay on Linux.  It's not just for backups.

> For machines that *aren't* quite that delicate...
> Minimize installed binaries, accounts and services.
> Keep binaries up to date.
> Custom iptables + SELinux.
> no ssh root access, apf/bfd instead.
> Nagios for service monitoring.
> Perimeter/VPN firewall boxen as needed.

Excellent list.  Restricted SSH keys and sudo work very well, as does
Nagios, if you have a formal system to rotate on-call shifts between
admins.

Ever interfaced Nagios to your IDS?  Or does that just lead to lots of
false alarms?




More information about the PLUG mailing list