Re: Unix Security Standards, books, tools...

From: Craig Van Tassle (
Date: 12/01/01

Date: Fri, 30 Nov 2001 18:28:45 -0600
From: Craig Van Tassle <>

On Wed, Nov 28, 2001 at 06:08:37PM -0800, tony toni wrote:
> Folks,
> I recently was assigned the project of developing security standards for our
> Unix environment. We have about 400 unix box's (HP-UX, Sun Solaris, AIX,
> etc)and the admins do their *own thing* with these boxes.
Well that is what some sys-admins do.. what kind of security do they have setup?Do all the unix boxes have individual firewalls. Do you use Kerbos of S/key authentactions? (sorry about my spelling). What about the routers between all the Unix boxes are they locked down or a nice wide open door?
> This is not a project I exactly like...I am buried with 20 other
> projects...and I am not Unix guru. For each Unix *flavor*, I need to develop
> Unix security standards that will cover areas like configuration settings,
> defaults, permissions, admin. account, password file, shells, trusts, root,
> patch's, logging, etc.
> These are my questions:
> (1) Does anyone know where I can quickly get my hands on some high quality,
> concise security standards/templates/checklists? for each Unix *flavor*?
there are many web-pages with this informations on locking down unix. search google for some ideas. check out this web site.. i find it pretty food

Also check out and they have a lot of informaion on computer security informaing and good links to other sources.
> (2) What about good books/sites on Unix Security?
Maximum Security: a hacker's guide to protecing your internet site and network
Practical UNIX & internet secuity.
Essential System Administration.
Firewall and Internet Security: Repelling the Whily Hacker
Building Internet firewalls
Hacking exposed.
They are all good books availiable at almost any local book store.
I know Borders has a section about computer security. Look there they have a lot of good informaion
> (3) What about user friendly software tool(s) that I can periodically use
> to audit the Unix boxes for compliance to the new security standards I
> developed?
If you want user friendly tools. I dont know of many for unix.. i would recomend using something like snort for IDS, and setup scripts to watch for wierd activity.
And rembemer the basic rule of secuity. What is not needed is not installed

> Thanks
> Tony
> IT Security Manager
> Major Telecommunications Company
> _________________________________________________________________
> Get your FREE download of MSN Explorer at

Relevant Pages

  • Re: sudo without password
    ... UNIX will catch up sometime. ... And that is the most common security exploit even under Windows. ... the Internet for small periods of time. ...
  • Re: compile+link Fujitsu Linux
    ... the Unix and Windows worlds. ... I wasn't trying to change your way of doing things, I was answering Charles' question. ... Security that depends on user ignorance is so 1980s. ... libraries was 'more secure'. ...
  • Re: compile+link Fujitsu Linux
    ... I wasn't trying to change your way of doing things, I was answering Charles' question. ... Charles was unfamiliar with Fujitsu on Unix. ... libraries was 'more secure'. ... YOU introduced application security, not I. ...
  • Re: RWW Security was compromised.
    ... Windows server security as my previous experience is Unix. ... > One of our clients RWW was compromised over the weekend. ...
  • Re: What protects Unices from Virus like attacks ??
    ... >> what protects all Unix machines from such similar problems. ... > If a vulnerability is found for Unixen, ... I met security engineers that were aghast at some of the ... Many MS customers don't know what to do ...