Re: Secure host newbie

• Previous message: Justin_Andrusk_at_Progressive.com: "Re: Secure host newbie"
• Maybe in reply to: xilopublic1_at_ca.inter.net: "Secure host newbie"
• Next in thread: Tiago Quadra: "Re: Secure host newbie"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 30 Mar 2004 15:17:55 -0500
To: Matt Taylor <mtaylor@clippercitynetworks.com>

> There are many, many security issues for each of the services that you
> are going to be using. First of all, you need to consider whether or
> not you are going to use the default kernel for 7.3, which some consider
> to be rather buggy. If the underlying OS is buggy, then all your
> security work would be for naught anyway. I would strongly suggest
> using a new version of RH that comes with a more robust kernel.

Unfortunately I have no choice upon the version of Redhat that will be
installed, though I can freely recompile the kernel with a newer one.

Though I have never done this, I don't know if it works well this way
and I'll have to read a lot on the subject before proceeding.

If the redhat distribution is at fault, I'll have to ask my host
provider to install a newer version of it. Though, I think they would
charge me for that! ;)

> Without knowing more about each of the processes you are running it's
> hard to recommend anything to you. What Apache version are you running?
> Are you going to use Sendmail? Lots to be concerned about.

Right now the host is not yet functionnal, and appart from Apache
(latest version), I haven't stopped my choice on any particular software
to use. I'm open to suggestion for all the services mentionned.

> Your email did not mention anything about a firewall? If you are going
> to hang this poor box out 'sans' firewall, then keeping it secure is
> going to be a hard task.

No, there will be a firewall, that's the first thing that will be
installed. It should be a very thorough firewall since I'll be reading
a lot on many security mailing lists and reading some documents that
describe intrusion techniques, etc...

> I suggest getting a good book on RedHat security from Amazon. Even if
> you are on a tight budget, it's money well spent.

Ok, I'll certainly give that a shot!

Thanks a lot,
   Simon

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

• Previous message: Justin_Andrusk_at_Progressive.com: "Re: Secure host newbie"
• Maybe in reply to: xilopublic1_at_ca.inter.net: "Secure host newbie"
• Next in thread: Tiago Quadra: "Re: Secure host newbie"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]