Re: Securing of systems....

["J. Oquendo" <intrusion () ENGINEER COM>]

You might wanna look at these two articles one is from myself the next is from Lance Spitzner and both offer excellent 
pointers. Theres not going to be a definitive document that I think anyone would be able to point out since it'd be 
hard to determine what services you'll be running since you did not mention any. e.g.: LDAP, IPSec, etc...

http://www.antioffline.com/slewbie | mirror @ 
http://packetstorm.securify.com/papers/unix/Secure.Linux.for.Newbies.v1.1.txt
http://www.enteract.com/~lspitz/linux.html

For starters you should find thorough information as well as links and next time you post try to be more thorough on 
exactly what services you intend to run e.g.: SSH, SSL, FTP.



------Original Message------
From: Snehal Dasari <pavehawk () NAPALM NET>
To: VULN-DEV () SECURITYFOCUS COM
Sent: July 31, 2000 9:39:20 AM GMT
Subject: Securing of systems....


Hi,

I'm not exactly sure if this is the right group to post to, so my apologies
if it is.

I was recently contacted by a ISP to build up some linux servers to act as
their game servers.  And that's sort of my problem.

Basically, these are going to be high profile machines (as far as gaming
machines go) and I'd like to secure them as best as possible.  I play with
linux on a personal scale, but have never deployed linux in a commercial
environment.

The question I'm asking is this:

Is there any document on the net that pertains to securing a linux box used
for commercial purposes?  I've had a look and I cannot see a document of any
use.  There are program specific (ipchains-HOWTO) but they give you the
indepth of it all..I'm sort of looking for a document that covers it at a
higher level.

These servers will be running multiple game servers from each unit.

Regards,
Snehal Dasari

______________________________________________
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup