[PLUG] [off topic security]
Aaron Burt
aaron at bavariati.org
Tue Oct 23 17:01:19 UTC 2007
On Mon, Oct 22, 2007 at 09:47:46PM -0700, Ronald Chmara wrote:
> On Oct 21, 2007, at 2:02 PM, drew wymore wrote:
> > So Pluggers what do you do?
>
> Aw, geez... it really depends on the box, but, well, here some of the
> requirements for the *really* secure (and yet, publicly networked)
> boxen I've worked on in the last few years.
<snip impressive list of security measures>
Wow. They *really* can't get your Lucky Charms. Are you at liberty to
give some indication as to what was being protected, and from what sort
of attacker? I especially like the filesystem logging. I need to
practice the use of snapshot/replay on Linux. It's not just for backups.
> For machines that *aren't* quite that delicate...
> Minimize installed binaries, accounts and services.
> Keep binaries up to date.
> Custom iptables + SELinux.
> no ssh root access, apf/bfd instead.
> Nagios for service monitoring.
> Perimeter/VPN firewall boxen as needed.
Excellent list. Restricted SSH keys and sudo work very well, as does
Nagios, if you have a formal system to rotate on-call shifts between
admins.
Ever interfaced Nagios to your IDS? Or does that just lead to lots of
false alarms?
More information about the PLUG
mailing list