Security Basics mailing list archives
Re: security advice
From: Brad Arlt <arlt () cpsc ucalgary ca>
Date: Mon, 26 Jan 2004 15:17:54 -0700
On Sun, Jan 25, 2004 at 11:40:22PM -0000, coder wrote:
installed patches and updates changed passwords to "strong passwords" installed AV software on all clients & server
These are all good. You might add a group policy to handle auto-updating so your XP workstations stay current with their updates. Figure out, write down, and get approved your server update plan. One schedule for regular updating, and a provision for "we gotta update and reboot it right *now*". Also configure your AV software to automatically update itself - some companies like McAffee seem to issue updates once a week. Others like Sophos issue smaller updates as soon as they think there be dragons. Figure out when you AV vendor updates stuff, and sync your update schedule to it. And sync your server more often than that. I like once a week for workstations, daily for servers (or every hour if you have the bandwidth and paranoia). For all, update on reboot to handle those machine that have been off for a while. Disable services that are not in use. Uninstall services and software that is disabled. You can't hack what isn't running, and you can't forget to patch what isn't installed. Nor can you misconfigure a package that isn't installed.
I am also planning on setting up the NAT thing in the server and installing a proxy then disabling all ports except the proxys (is this a good idea?)
Honestly, all your services should be on your server, so I don't know why you need a proxy. For VPNs and NAT, do this on your firewall (which you didn't mention). The same goes for your proxy softwares. You might also consider some form of interusion detection software on the firewall - but don't install it if you can't understand it. Lastly allow only the services you require through the firewall. ----------------------------------------------------------------------- __o Bradley Arlt Security Team Lead _ \<_ arlt () cpsc ucalgary ca University Of Calgary (_)/(_) Joyously Canadian Computer Science --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- security advice coder (Jan 26)
- Re: security advice Brad Arlt (Jan 27)
- Re: security advice Meritt James (Jan 28)
- <Possible follow-ups>
- RE: security advice Thomas F. Szabo (Jan 27)
- Re: security advice Alvin Oga (Jan 28)
- RE: security advice Mike (Jan 27)
- Re: security advice Byron Sonne (Jan 28)
- RE: security advice Jimmy Sansi (Jan 28)
- RE: security advice Jean-Paul Baillon (Jan 28)
- RE: security advice Mike (Jan 28)