Re: resources for system level security?



For Linux, a good starting point is a hardening guide by NSA:

http://people.redhat.com/sgrubb/files/hardening-rhel5.pdf

Although it covers RHEL specifically, many points apply to other
distributions too.

I'd then also look at checklist provided by SANS Institute:

http://www.sans.org/score/checklists/linuxchecklist.pdf

Guide to General Server Security from NIST is also worth mentioning:

http://csrc.nist.gov/publications/nistpubs/800-123/SP800-123.pdf

These are a good starting point, not an exhaustive material on the
subject matter.

There are some good books that cover this; search your library.

---Artis

2011/12/6 최봉환 <zilly1@xxxxxxxxx>:
Hi all,
I started to work of focusing on linux system level security. Mostof the servers are providing web services.
Although I have been working on application pen testing, I havelittle experience to handle with security issues of system or OSitself.
Could you recommend where I should start for it?
(useful books, web sites, or concepts/terminology I have tounderstand)
Any advice would be highly appreciated.


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • RE: [Full-Disclosure] Re: January 15 is Personal Firewall Day, he lp the cause
    ... supply of patches (Windows NT4/95/98) these systems should go offline ... Security is always a trade-off. ... This is how Linux and other ... Apache virtually owns the market with more than 60%. ...
    (Full-Disclosure)
  • SecurityFocus Linux Newsletter #39
    ... Subject: SecurityFocus Linux Newsletter #39 ... Need to keep track of the latest vulnerability information? ... vulnerabilities for both security product vendors and corporate security ... NEW PRODUCTS FOR LINUX PLATFORMS ...
    (Focus-Linux)
  • RE: Linux hacked
    ... Subject: Linux hacked ... After you boot up into the OS running from CD, ... >> First let me say I'm a security novice. ... >> been unsuccessful in getting root back. ...
    (Security-Basics)
  • Re: Community responsibility and abuse (2): the case of top-
    ... Without ANY evidence of ANY security problems you try ... PLEASE PROVIDE EVIDENCE OF ANY ... evidence that Linux is anywhere near as insecure as windows. ... Still no "spacific evidence that Linux is anywhere near as insecure as ...
    (alt.linux)
  • Re: testing laptop based on bsd anyone
    ... "A new linux distribution for Wardrivers" ... I wasn't speaking about the relative strengths of security measures within ... As attacks through web applications continue to rise, ... vulnerability management needs. ...
    (Pen-Test)