Re: Re: Linux hardening
chiraeep.chhaya_at_gmail.com
Date: 09/15/05
- Previous message: Maik Holtkamp: "Re: scanning for windows spywear with linux"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 15 Sep 2005 19:40:42 -0000 To: focus-linux@securityfocus.com('binary' encoding is not supported, stored as-is) All,
In addition to your wonderful suggestions, I would like to point out one more item that must be performed when hardening a Linux, or any other, system - and that is specifically hardening the TCP/IP stack.
Although this step may sound unwanted or marginal, it can save you a lot of headaches sifting through useless looking NIDS signatures!!
Some good suggestions are provided at http://www.cromwell-intl.com/security/security-stack-hardening.html
http://www.securityfocus.com/infocus/1729
Another suggestion - and I do not wish to start a religious war on this one, given the varying and normally limited amounts of time admins usually have - is to use a honeypot, perhaps even a virtual one with VMs.
Just my 2pence
-CBC
- Previous message: Maik Holtkamp: "Re: scanning for windows spywear with linux"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
