Re: building an FAQ for Security-Basics

[Martin Brecher <listuser () mb-itconsulting com>]

vh wrote:
[snip]

A chapter about organizing your security related data, like using 
Password Safe for password lists, etc, would be one topic I would like 
to learn more about (i.e. read about some well-educated solutions/ideas).

> Just suggestions:
>
> 1) What to do just after plain install?
>    (Where to look and what to fix, for example to look through
>    inetd.conf and cut things like finger and others)

Yes, that's a good idea. Maybe the FAQ could be splitted into the "Where 
to start" stuff, with stuff like the above, and a "What to do next" 
part, with info on IDS, Forensics, etc.
This way we would have a part which would even help home users and a 
part for the security/admin folks. (Someone please find better names for 
the parts ;-) )

> 2) Encrypting
>    (PGP, SSH...)
>
> 3) RTFM
>    (Guides to read, and also mail lists like this one)

Also, I suggest including links to some "Secureing 
(OS|Distribution|Program) X" guides/scripts/worksheets.

Here are some I quickly found in my bookmarks:

Securing Debian
        http://www.debian.org/doc/manuals/securing-debian-howto/index.en.html

Slackware System Hardening
        http://www.c2i2.com/~dentonj/system-hardening

FreeBSD Handbook, Chapter "Security"
        http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/security.html

harden_suse script for SuSE Linux
        http://www.suse.de/~marc/harden_suse.html

Linux Security Quick Reference Guide
        http://www.linuxsecurity.com/docs/



Greetings,
Martin Brecher

--
"History has shown us, that strength may be useless,
when faced with terrorism." -- Jean-Luc Picard


---------------------------------------------------------------------------
----------------------------------------------------------------------------